IATF 16949 Certification

• CARA stands for Common Audit Report Application
• It is developed and provided by IATF/ VDA.
• Starting January 2021, all IATF-recognized certification bodies and their sponsored auditors are required to use only the CARA application for audit reporting. The general structure and content of the application is however still based on the previously provided Excel-based templates.
• Supporting documents are available in the CARA user manual and dedicated CARA wiki. The wiki will be updated on a regularly basis including a FAQ area and How-to articles.

• The main purpose of CARA is to create, edit, save, and share common audit documents in a standardized manner.
• It is a browser-based solution – no installation of additional software is required on personal computers other than the requirements published by IATF (see CARA wiki).
• After the initial access to CARA, no continuous online connection is required.
• Audit data handling with standardized state-of-the-art technology
• User interface supports most common languages.
• Easy and user-friendly data entry
• Offers nonconformity management application as collaboration between auditors and clients
• The nonconformity management application allows the client to respond to open nonconformities within CARA.
• Also, no additional installation is needed for using the nonconformity management just like with CARA.

• A common audit report reduces variation and complexity and therefore lowers efforts and costs in the IATF 16949 certification scheme.
• It is easier for stakeholders (incl. OEMs, suppliers, certification bodies and auditors) to understand and analyze the information an audit report contains.
• OEMs who sample audit reports are able to navigate to the areas they are interested in more easily and will find a common information structure.
• Suppliers being certified by several certification bodies can exchange information more easily (e.g. nonconformity management) and will be able to provide other involved Certification Bodies more quickly with the needed information.
• CARA will increase the efficiency of the IATF audit process.
• Simplification in terms of IATF audit documentation

• In general, technical customer support is globally covered by IATF/VDA. But of course, as your reliable partner, we will support you with regard to questions with CARA, too.
• The new nonconformity management will standardize the communication with the customer and hence supports the overall clarification process.

• The audit process itself is not affected.
• CARA will introduce a technical base and hence process to collaborate on nonconformities between the customer and the auditor – which works in the following way (CARA for customers):
  • The auditor captures all relevant data in CARA, exports that data set and provides it via email to the customer
  • The customer then downloads these data, imports them into their own CARA application, updates the information and exports it to provide it back to the auditor via email
  • The collaboration in such a way will continue until the auditor accepts the corrective measures taken
• All information within the CARA reports is stored in a predefined data structure.
• The application has a built-in import and export function utilizing this standardized file format (XML/JSON).
• To guarantee a seamless data exchange to any external interface, the information that is being imported/exported must be in the same format.
• The description of the data structure can be downloaded here: CARA Data Description (XML/JSON)

• CARA is a browser-based application.
• The application is not linked to any server / central database nor does it require an internet connection to work.
• All audit data created and imported are solely stored in the browser’s internal database of the individual user.
• The user shall be careful to not empty the browser cache as any exported and unsaved data will be lost.
• Data security is generally ensured by IATF/VDA.

A user account or login data are not needed.
First you need to save the JSON-file, which you have received from your auditor (and which contains your nonconformities), on your computer.
Copy the following link into your browser and open the NC CARA Tool: https://nc-cara.iatfglobaloversight.org/#!/ncAppStart
Then upload the previously saved JSON-file into the NC CARA tool by clicking on the icon

• There is no actual link between the audit report and the NC CARA Tool.
• The audit report will be sent to you by your auditor as a PDF-file, like in the past.
• The nonconformity (NC) report will be sent to you by your auditor, as a JSON-file. This JSON-file needs to be uploaded into the NC CARA Tool.
• You do not need to do anything with the audit report.

• Your audit report and your NC report will be only available for you and your auditor – as in the past.
• IATF cannot access your data.
• Your data is only stored on your local device.

The audit report will be a PDF-file and cannot be changed by the client.

• Basically you will only change the data format in which you do your NC Management. You will receive your NC-Report as a JSON-file by email from your auditor.
• You then need to import this JSON-file into your NC CARA Tool.
• In the NC CARA Tool, you need to upload the JSON-file and then fill in the NC report as usual.
• PDF-files or JPG-files may be added as supporting documents for evidence. This may either be done directly in the NC-report, or you may send those files separately by email to your auditor as in the past.
• You then need to save the JSON-file and send it back to the auditor by email including any further evidences if needed.

• There are no data saved anywhere in the web. You only use the NC CARA Tool to fill in data – everything is saved locally on your computer.
• You only exchange data via email with your auditor – as before.
• As from April 2021, IATF plans to use encryption for JSON-files.

• This NC CARA Tool is a mandatory requirement from IATF globally – so we must use it.
• Nobody will be able to see or use your JSON-file as you exchange it only between yourself and your auditor.
• Your report and/or non-conformities are not visible in the internet for other people unless YOU decide to share them with other people.
• The report will be the same as it is now – a PDF-file.

IATF wanted to distinguish themselves from the „commodity“ standards, therefore the report is more detailed than before.

• Basically everything remains the same as before.
• Once you have uploaded the JSON-file into the NC CARA Tool and updated all the information needed and also attached all the evidences, then you just need to send it back to your auditor by email.
• You may only attach PDF- oder JPEG-files in the NC CARA Tool to your NC-report. If you wish to submit other files too, please send them by email to your auditor.

As of 1st January 2021 CARA is mandatory to use.