IATF 16949 Certification – IATF Certification Rules 6

1. IATF Audit
Assessment of client readiness (stage 1) by the audit team and demonstration of practical application of the QMS (stage 2), We will review your management system documentation according to IATF 16949 and audit its practical application and effectiveness.

2. Issuing the Certificate
An IATF Certification demonstrates conformity and functional capability. Certificates are listed in the Certipedia online certificate database.

3. Surveillance Audits
Annual audit to review process optimization and compliance with the standard.

4. Re-Certification
IATF Certificates are renewed within a period of three years, and the continual improvement process is documented accordingly.

5. Letter of Conformance LoC (optional)
A new production site that does not yet have internal or external performance data for a period of twelve months. An existing production site that has been identified as being on the bid list of a customer requiring IATF 16949 certification.

6. Transfer Audit
A transfer audit is conducted when an IATF 16949 certified client decides to change certification bodies.

The cost of IATF 16949 certification is determined by various factors. Factors such as the size of your organization, the scope of your quality management system, and the presence of an existing certified management system for combined certification can influence the duration and cost of the audit. Additionally, IATF 16949 can serve as a solid foundation for meaningful combined certifications, such as ISO 9001 and ISO 14001.
Due to these variables, the cost of IATF 16949 certification cannot be provided as a fixed amount. We are pleased to offer you a customized quote based on the specific needs of your organization.

Have you been IATF certified for more than two years? Then start planning your re-certification now for a smooth transition. IATF 16949 certification is valid for three years, requiring re-certification thereafter. To ensure compliance with re-certification requirements, please take note of the following deadline: Schedule the re-certification audit so that it occurs no more than three years after the previous audit. The permissible window is -3 months to +0 days. The new IATF certification must be issued before the current certificate expires.

What does this mean in practice? Here is an example:

• 09/15/2021: Last audit date of the previous re-audit or certification audit.
• 12/22/2024: The IATF 16949 certificate is valid until this date.
• 09/15/2024: The re-certification audit must be completed by this date. However, you can carry out the audit up to 3 months earlier.
• 12/22/2024: The new certificate must be issued no later than 12/22/2024 with a new validity period of 3 years.

Download here an audit check list

Check List for download >

• Vehicles eligible for IATF certification are those classified as “Homologated Vehicles,” which are designed for use on public roads.
• The category of “Automotive Products” includes now all “Replacement Parts and Materials.”
• One single Certification Body (CB) is responsible for conducting IATF audits at a manufacturing site or any associated standalone remote location.
• The CB tasked with IATF 16949 auditing a Standalone Remote Location must also audit at least one manufacturing site that this Remote Location supports.

• EMS and the main site shall fall under the same legal entity and share one Quality Management System (QMS).
• The EMS shall be located no more than 10 miles (16 km) or a 60-minute drive from the main site.
• An EMS can only get support from the main site and/or provides support only to the main site. This is exclusively bi-directional.
• There must be a common management for both the main site and the EMS.

• The Certification Body (CB) is prohibited from offering consulting services related to Quality Management Systems (QMS) to any clients they have certified.
• This limitation specifically pertains to QMS-related services, including but not limited to IATF audits for suppliers and customized Internal Auditor training courses, pre-audits etc.

• Manufacturing sites will have two IATF surveillance audits within each 3-year audit cycle.
• Surveillance audits shall occur within a window of -3/+3 months from the due date, which is based on the last day of the initial, transfer, or recertification audit.
• Failure to conduct an IATF surveillance audit within the specified timeframe will result in the withdrawal of the certificate within 7 days.
• The IATF recertification audit timing remains unchanged, with a window of -3/+0 months from the due date. Adequate planning is essential to ensure non-conformities are addressed and the report is approved before the existing certificate expires.

• In teams with multiple auditors, each auditor must conduct at least one full audit day (8 hrs).
• Pre-audits have been eliminated.
• When there are changes to the certification scope —such as locations, functions, processes, and products— additional audit time is required to assess the impact of these changes.
• Additional audit time has to be allocated according to Table 5.2 q) in order to review actions taken in response to poor performance with IATF OEM Customers.
• If additional audit time cannot be added to the regular audit, a Special Audit shall be scheduled within 60 days following the regular IATF audit.
• Total IATF audit duration is calculated by adding the “Additional Audit Time “ to the standard Audit Days (as per Table 5.2).
• “Additional Audit Time” includes:
• Time for audit planning.
• Time to address performance issues with IATF OEM Customers.
• Time to verify minor non-conformities from the previous audit (0.5 to 1 hour per minor NC).
• Time to verify major non-conformities during a Special Audit (1 to 3 hours per major NC).
• 20% time for translation, if needed.
• Time to audit significant changes such as scope adjustments, relocations, etc.
• One Audit Day is equivalent to 8 hours, which includes time allocated for shift audits.
• The maximum Audit Duration shall not exceed 10 hours per calendar day.
• Both Audit Days and Additional Audit Time must be recorded in the IATF Database

• When calculating the minimum required audit days as per Table 5.2:
• For a Corporate Audit Scheme we may apply a reduction of 15 %
• The total reduction from all combined factors shall not exceed 30%.

• Post Initial/Transfer Audit, any Standalone Remote Location will only have further Surveillance Audits, there will be no 3-year audit cycle and therefore also no Recertification Audit.
• For design-related functions, an annual audit is required within a -3/+3-month interval from the due date.
• For all other functions, an IATF 16949 audit must be conducted at least once every 24 months, also within a -3/+3-month interval from the due date.
• If a surveillance audit is not performed within the specified timeframe, an Initial IATF Audit shall be conducted

• IATF Observers (not witness auditors) are permitted to observe the entire IATF audit.
• An exception is made for any segments of the IATF audits that involve confidential client data.

• Allocate a minimum 0.5 day for the IATF 16949 audit planning process. This time also needs to be entered into the IATF DB.
• Confirm the dates for Surveillance, Recertification, or Transfer Audits at least 90 days prior to the IATF audit. If this isn’t possible, the IATF audit should be postponed which may then result in the loss of the certificate.

• Clients are required to submit all necessary audit planning information no later than 30 days prior to the scheduled IATF audit.
• If the information is not provided on-time, the Certification Body (CB) shall consider rescheduling the audit to ensure the audit plan can be delivered to the client at least 14 days before the audit.
• Clients must disclose all details of any Quality Management System (QMS) related consulting services received since the last IATF audit.
• In cases where the Management Review is not available for audit planning due to confidentiality issues, an additional min. 2 hours shall be allocated for on-site Information Verification prior to the Opening Meeting. This time must be entered as Audit Planning Time in the IATF database.

• A Major Non-Conformity (NC) shall be issued if effective actions are not taken in a timely manner to resolve performance issues reported by customers.

• Clients are required to submit initial responses to major NCs, which shall include immediate corrections, identification of root causes, and a corrective action plan within 15 calendar days.
• Subsequent responses that detail the implemented corrective actions and verification of their effectiveness must be provided within 60 calendar days.

• • Clients are expected to deliver initial responses to minor NCs within 60 calendar days. These must cover containment actions, corrections, and corrective actions, along with the verification of their effectiveness.

• • If responses to Non-Conformities (NCs) are not received within the specified timeframes, as mentioned above, the CB shall withdraw the IATF 16949 certificate.

• If a certified site moves to a new location that is not IATF 16949 certified, an Initial IATF Audit is required.
• For the relocation of a standalone Remote Location, either a Special IATF Audit is necessary or additional time shall be added to the Regular IATF Audit.

• During an on-site IATF 16949 audit, remote audits are permissible for auditing employees who normally work remotely.
• A Remote Audit may be conducted for a Remote Location (RL) that does not handle products or materials (as detailed in Annex 2), but this is limited to only one of the two consecutive surveillance audits.
• Remote Audits must not be used in situations where an on-site audit is mandated, as specified in Clauses 5.11 or 8.0.

• In the event of a suspension resulting from a performance complaint, the client is required to submit a response through the IATF CMS within 20 days of receiving the suspension notification.