Quality Advice by Robin Dudash

IQPS President and Instructor Robin Dudash (CQM/OE, CSQE, CRE, CQE, CQA, CCT, ANAB-LA, IATF-LA, MBA) is one of the most qualified quality professionals in the world. In Quality Advice by Robin Dudash, Robin shares her QA industry knowledge on a variety of relevant topics. Robin provides training for the quality professional and private consultation for companies through Innovative Quality Products and Services. She is an instructor of the Internal Auditor Training Course, as well as the Certified Software Quality Engineer Exam Prep Course. In addition, Robin offers Root Cause Analysis Training, ISO 9001 Training and ISO Software Consulting to businesses interested in improving their internal management systems. Check out her blog entries and help inform other industry professionals by sharing online!

My Thoughts on the New IATF 16949 (Formerly TS 16949) Qualifications

I just finished taking (and passing!) the IATF 16949 qualification test given by the IAOB. Lead Auditor qualification for this new specification is required prior to doing any upgrade audits.

Companies are required to upgrade to the new IATF 16949 (formerly TS 16949) by September 15, 2018.

This date aligns with the ISO 9001:2015 end date but does not provide as much time to upgrade since IATF 16949 was published several months later. You may know by now that IATF 16949 does not include the ISO 9001:2015 standard clauses but just references them. Therefore, to perform an audit or implement an IATF 16949 system, you need both documents as well as Rules 5th Edition.

In addition to adopting the high-level structure in ISO 9001:2015, IATF 16949 incorporates a number of new requirements. These new requirements include:

  • Monitoring of safety-related parts and accessories
  • Ensuring the traceability of products consistent with applicable regulations and standards
  • Requirements for products with embedded software
  • Implementation of a warranty management process
  • Clarified requirements for sub-tier supplier management and development
  • Requirements concerning corporate responsibility

Most of these requirements affect only tier 1 suppliers that ship finished parts directly to the OEMs. In addition, I would postulate that most of these requirements were already inherent in the previous specification, such as the transfer of requirements for product safety throughout the supply chain, traceability of products consistent with regulations and standards, and analysis of warranty data.

However, I would like to point out the following nuances of the new IATF 16949 that may raise a few eye brows in your organization:

  1. Corporate responsibility (, which requires definition and implementation of polices for anti-bribery, employee code of conduct, and ethics escalation (‘whistle-blowing’) policy. Many smaller, family-owned companies do not have or need these types of policies.
  2. Contingency plans ( e) that must be periodically tested for effectiveness. A requirement for service continuity for ISO 20000 and some financial institutions for business continuity plans.
  3. Plant, facility and equipment planning ( assessments of manufacturing feasibility and evaluation of capacity planning shall be inputs into management reviews. This requirement may or may not be part of your existing management review depending on the metrics your organization has chosen.
  4. Employee motivation and empowerment (7.3.2) shall maintain a documented process. While this was a prior requirement, the words ‘documented process(es)’ are now added.
  5. Quality management system documentation ( can be more than one document, but a list shall identify the documents that comprise the quality manual. While there is much hype that ISO 9001:2015 no longer requires a quality manual, IATF 16949 does require a quality manual whose structure and format is at the discretion of your organization.
  6. Control of reworked product ( requires the utilization of a risk analysis (FMEA) methodology to assess risks in the rework process prior to a decision to rework. Most discussions that I have researched only address the definition of repaired versus reworked product. While much could be read into this statement, I have decided to incorporate the consideration of risk to the customer when product is dispositioned. Of course, this was always inherent in the disposition process, but it is now explicitly stated.

Given all 58 pages of the IATF 16949 specification, these nuances could be easily overlooked so I wanted to bring these to your attention. Good luck in your new IATF 16949 implementation!

IATF 16949 Onsite Training (Formerly TS 16949 Onsite Training)

Internal Auditor Training Insights from the ISO 9001:2015 Update

What a wild ride it’s been updating the IQPS Internal Auditor Training Course to ISO 9001:2015! I wanted to take some time to contemplate the various opinions out there as we all learn about ISO 9001:2015 together. I have been listening to clients and experts, reading a few books and attending training classes to absorb all the information I possibly could—considering my heavy business travel schedule. All of these classes that tell you about interested parties and risk assessments are great until you have to sit down and define a management system on paper.

  • Where do you start?
  • Do you even need a quality manual?
  • What do you do with the procedures?

Well, I’ve just finished my first ISO 9001:2015 manual and have decided on my approach. First, if your current quality policy manual repeats the standard, throw it away! I can’t tell you how many quality manuals I have read that are just a repeat of the standard. Everybody already knows the standard. My quality manuals have always combined some policy but primarily documented procedures.

Since I already audit ISO 27001 for information security, ISO 14001 for environmental systems and OHSAS 18001 (soon to be ISO 45001) for health and safety systems, all of these systems have one theme in common: identifying and putting controls in place to mitigate risk. These risks include losing information, spilling a drum of oil or avoiding an injury. Now ISO 9001:2015 expects us to mitigate business risks such as losing a sole supplier.

When I looked at all three risk standards, I decided that ISO 27001 was the best fit. After all, ISO 27001:2013 was the first standard to be converted to the Annex SL format. When I first read context of the organization in ISO 9001:2015 and attended my second training class the light came on. They were really talking about the scope document in ISO 27001, which is where the quality manual went!

When I read about contractors in ISO 9001:2015, I see relationships on how ISO 14001 requires you to treat contractors, i.e., those working on your behalf. I also see similarities in statements about communications in ISO 14001 for internal and external communication processes. So for those of you who have organizations certified to ISO 14001 standard, I would incorporate some of this language into your scope document.

For those of you just looking for an ISO 9001:2015 update, I have separated this discussion out from my Internal Auditor Training Course into its own course, called ISO 9001: 2015. I think having audited ISO 27001, 14001 and OHSAS 18001 has given me some brilliant insights and I look forward to sharing them with you!

Corrective Action

One of the keys to continual improvement is permanent corrective action. I have seen various levels of corrective action responses, but very few that follow through and permanently resolve the problem. Hence, the organization continues to operate in fire-fighting mode – chasing a problem that returns again and again. There are several reasons why problems reoccur, and
most of them I am sure you know already:

  • Allowing interim actions to temporarily fix the root cause
  • There is more than one root cause
  • No verification that the action was taken
  • No controls in place to prevent the problem from happening again

Read More »

Simplifiers vs. Complexifiers

I recently told a client that when I started working for US Steel at age 19, my boss would enlighten me with jewels of wisdom I have found to be true to this day! One of these principles are, “There are two kinds of people in this world: Simplifiers and Complexifiers. We are going to be Simplifiers!”

I regularly come across quite a few quality management systems that have become complexified through our efforts to please ‘the auditor.’ As recently as 10 years ago, it was the norm for everything to be written down. Every document, including decimal equivalents, had to be controlled… and everything, including pallets, had to be on the approved vendor list.

Read More »

Home   |  Services   |  Consulting   |  Training   |  Auditing   |  Design   |  Events   |  Courses   |  Clients   |  Information   |  Case Studies
Course Login   |  FAQs   |  Testimonials   |  Instructors   |  Contact   |  Brochures   |  Articles   |  Press Releases   |  Links & Resources
CSQE   |  CQM/OE   |  CQI/CQT   |  CQE   |  CQA   |  Internal Audit   |  ISO 9001:2008   |  Root Cause Analysis   |  TS-16949

©2015 Innovative Quality Products and Systems  |  All rights reserved.  |  Developed By Cassidy Advertising & Belstar Media

P.O. Box 7  |  Lyndora, PA 16045  |  Toll Free 800.540.9758  |  Phone 724.321.5385  |  Fax 724.789.7424  |  |  Sitemap