For companies contemplating a transition from QS-9000 to ISO/TS 16949: 2002 (TS2), now is the time to act and gather as much information about this technical specification (TS) as possible. Don't wait for the December 2006 deadline to become familiar with some of the key differences between the QS-9000 standard and TS2. Following the provided guidelines will help the transition run smoothly.
First, there is the technical specification and its rules. More than a copy of the technical specification is needed to prepare for an upgrade audit. In the QS-9000 Third Edition, appendices A through J address items including audit days required, rules for registrars and the format for a control plan. The appendices provide useful information for both registrars and registered organizations.
ISO/TS 16949: 2002 rules, however, are contained in a separate document-"Rules for Achieving IATF (International Automotive Task Force) Recognition" (The Rules)-making the technical specification thinner than its predecessor. The reason for this change is that while the rules may be revised, the technical specification and its requirements remain the same. In fact, a new edition of The Rules (Rules 2nd Edition), due out later this year, contains significant changes.
Organizations seeking TS2 registration should obtain a copy of The Rules because the information provided has a significant impact on the entire registration scheme for any organization looking to implement a TS2 program. The Rules include all requirements for registrars to comply with including audit processes, the audit team, explanation of a consultant's role, audit day calculation tables, audit day requirements and the timeline for registrars to complete all activities in the TS2 registration process, including a mandatory Readiness Review.
If both the registrar and the audited organization thoroughly understand The Rules, the registration process can be a smooth one.
Another fundamental difference between QS and TS2 is the manner in which audits are to be conducted. Auditors familiar with the 1994 version of ISO 9001/2 and QS-9000 understand the primary emphasis of the audit is completion of all boxes contained in each element of the checklist. Enter TS2 and the automotive process approach.
The technical specification cannot be audited using a generic checklist. A generic checklist following the order of clauses disobeys the intent of standards based on ISO 9001: 2000, particularly where ISO/TS 16949: 2002 is concerned. The IATF recently decided to do away with the checklist originally published for auditing the technical specification. The reason for retiring the checklist is the tendency for auditors to rely on a checklist to guide them through the audit process, something technically not possible if auditing using the process approach. Auditors must examine each organization by looking at its quality management system processes and its interactions.
Auditors, whether internal or external, must consider:
• What is the process?
• Who owns the process?
• What goals and objectives did top management define for process performance?
• What resources (people, equipment, methods, etc.), infrastructure and communications were provided, by top management, for process operation?
• What criteria for success were defined for this process?
• What are the inputs?
• Does the process operate according to plans established by top management?
• What is the intended output of the process?
• Is the process adhering to the level of performance compared to the established goals and objectives?
• Are personnel operating the process competent, based on the required level of competence defined by the organization?
• How does this process interact with other processes defined by the organization?
• Are appropriate actions taken based on the results of process measurement-corrective or preventive?
Organizations can dramatically improve the effectiveness of internal audit activities by applying this auditing approach. Set aside the checklist and concentrate on collecting as much information about the process as possible. Once the information is collected, analyze it to determine if objective evidence can be related to compliance with standard requirements, and those of the customer, where appropriate. Audit information is also required to be reviewed by the top management as an input to the management review and to make pertinent decisions about the improvement of the organization's processes.
Auditors are required to be better equipped than ever when performing audits using the automotive process approach. Not only are they required to thoroughly understand the technical specification itself, there are an abundance of other documents auditors must be familiar and conversant with. Among the things auditors are required to know are: The Rules, applicable customer-specific requirements, and the correct application of the automotive core tools-Production Part Approval Process, Advance Product Quality Planning and Control Plan, Failure Modes and Effects Analysis, Statistical Process Control and Measurement Systems Analysis.
Another difference is the approach to supplier development requirements. The IATF and the International Automotive Oversight Bureau (IAOB) defined and clarified requirements for supplier development for TS2.
The TS2 requirement for supplier quality management system development states that an organization's suppliers must be third-party registered to ISO 9001: 2000, at a minimum. In some cases, however, it is impossible to find suppliers already registered to this standard. Clarification to the requirement provides latitude to organizations struggling with requirements.
The rules for applicability for ISO/TS 16949: 2002 are the guidelines for supplier development. Only suppliers who provide manufacturing value need to be considered for supplier development. Some organizations may elect to require registration from other suppliers, however.
It may not be possible for all suppliers to be third-party registered at the time of the organization's upgrade. Therefore, the following stipulations regarding supplier development have been developed:
• Records must be available for all applicable suppliers, complete with registration status.
• Suppliers who are third-party registered to QS-9000 will be acceptable until Dec. 14, 2006, unless otherwise directed by the customer.
• Those not yet registered must have an action plan for third-party registration, provided by the supplier.
• The plan must provide milestones for the supplier's registration process (for example, it must be audited on the registration audit and subsequent surveillance audits).
• The supplier's registration process must be completed within the three-year cycle of the organization's registration to ISO/TS 16949: 2002.
• Suppliers currently registered to ISO 9001: 2000 must have a plan for developing compliance to ISO/TS 16949: 2002 requirements.
There is no specific deadline for all suppliers to become registered-unless mandated by the customer-which makes the TS2 requirements somewhat less onerous than those of QS-9000. Supplier development requirements are applied in conjunction with the organization's registration program, with a maximum development period of three years.
If an organization is preparing for an upgrade or registration audit to TS2, it might be helpful to take a look at some things to expect that can affect the time it takes to become registered, the transition process and associated costs.
The first step in a company's registration journey is to select a Certification Body (CB) recognized by the IATF to perform audits to the TS2 requirements. Once a CB has been selected, they will most likely issue a proposal for the TS2 registration program. When determining the duration of the audit, the site where manufacturing value is added and all support sites, or remote locations (for example, design centers, corporate offices) must be considered as part of the registration process. All organization locations must be included for the correct determination of audit days. The tables for calculating the required number of days can be found in Annex 3 of The Rules.
Next, all organizations are required to have a Readiness Review. This mandatory review will help the auditor determine the correct registration scope and whether an organization should proceed with the audit. The Readiness Review for TS2 registrations is a pivotal point in the registration process. According to The Rules, a thorough review of the organization's documentation is required to be conducted a maximum of 90 days before the upgrade or registration audit occurs.
The review determines if the scope of registration is appropriate for the organization seeking registration, and it ensures that the organization is fully prepared for an on-site audit.
Typically, the lead auditor assigned to the operation will perform the Readiness Review as an off-site activity. When the organization chooses to retain sensitive documents at the facility, The Rules allow for on-site review limited to one day and confined to an office or boardroom where the auditor can review all required documents.
Readiness review documentation includes:
• Quality manual (for each site to be audited)
• Internal audit and management review planning and results from the previous 12 months
• List of qualified internal auditors
• List of customer-specific requirements
• Customer complaint status
• Operational performance trends for the previous 12 months, minimum
If the information gathered for the readiness review is not sufficient to determine readiness, conducting a preliminary assessment, or pre-audit may be useful to the auditor in determining whether the upgrade or registration audit should proceed. The purpose of the pre-audit is to confirm if an organization is ready for the registration audit by assessing additional information gathered from a live audit setting. Although the pre-audit is optional, introducing a company to TS2's process auditing approach can be beneficial.
Once the organization has been deemed ready for the on-site audit, the audit planning can begin. When scheduling the audit dates for upgrade or registration, all sites and remote locations of the organization must be audited within 90 days of the completion of the Readiness Review. This is important considering that, in some cases, hundreds or even thousands of miles may separate locations. Scheduling may require different auditors with a variety of language skills over the course of the registration process.
The good news is that the IATF has determined that there are enough CBs recognized globally, with a sufficient number of auditors to conduct all of the TS2 upgrade audits required for the OEMs and Tier One automotive customers. In fact, there are more TS2-qualified CB auditors than there were for QS-9000.
There is no need to wait any longer to begin the road to upgrading to TS2, if an organization is eligible. The sooner the better, as there could be a potential burden on the audit resources available should a great number of organizations choose to wait until the last minute. Q
• The Rules include all requirements for registrars to comply with including audit processes, the audit team, explanation of a consultant's role, audit day calculation tables, audit day requirements and the timeline for registrars to complete all activities in the TS2 registration process, including a mandatory Readiness Review.
• Because of the process approach, TS2 cannot be audited using a generic checklist.
• The TS2 requirement for supplier quality management system development states that an organization's suppliers must be third-party registered to ISO 9001: 2000, at a minimum. Only suppliers who provide manufacturing value need to be considered for supplier development.
• The mandatory Readiness Review will help the auditor determine the correct registration scope and whether an organization should proceed with the audit.