On July 21, 2021, IATF revised Sanctioned Interpretations to IATF 16949:2016 standard, including:

  • revision to SI No. 10, effective August 2021,
  • revision to SI No. 3, effective Nov 2021, and
  • issuance of SI No. 21-21, effective Nov 2021.

They constitute revisions to associated clauses in IATF 16949:2016 standard. The associated clauses after this and former revisions are as below in Italic. The changes as compared to the clauses in original standard (Ver 2016) are highlighted in blue.

No. 10 _ External laboratory

External/commercial/independent laboratory facilities used for inspection, test, or calibration services by the organization shall have a defined laboratory scope that includes the capability to perform the required inspection, test, or calibration, and either:
— the laboratory shall be accredited to ISO/IEC 17025 or its national equivalent (e.g., CNAS-CL01 in China) by an accreditation body (Signatory) of the ILAC MRA (International Laboratory Accreditation Forum Mutual Recognition Arrangement – www.ilac.org) and include the relevant inspection, test, or calibration service in the scope of the accreditation (certificate); the certificate of calibration or test report shall include the mark of a national accreditation body; or
where a non-accredited laboratory is utilized (e.g. for example, but not limited to: for specialist or integrated equipment, or for parameters with no international traceable standard reference, or original equipment manufacturers), the organization is responsible to ensure that there is evidence that the laboratory has been evaluated and meets the requirements of Section of IATF 16949.

Note: integrated self-calibration of measurement equipment, including use of proprietary software, does not meet the requirements of calibration.

No. 3 _ Contingency plans

The organization shall:
a) – b) …
c) prepare contingency plans for continuity of supply in the event of any of the following, but not limited to: key equipment failures (also see Section; interruption from externally provided products, processes, and services; recurring natural disasters; fire; pandemics; utility interruptions; cyber-attacks on information technology systems; labour shortages; or infrastructure disruptions;
d) …
e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate);
for cybersecurity: testing may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of dependencies and prioritization of vulnerabilities. The testing is appropriate to the risk of associated customer disruption;
Note: cybersecurity testing may be managed internally by the organization or subcontracted as appropriate;
f) …
g) …;
h) include in contingency plans the development and implementation of appropriate employee training and awareness.

No. 21 _ Risk Analysis

The organization shall include in its risk analysis, at a minimum:
a) lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework,
b) cyber-attack threats to information technology systems.

No. 22 _ 7.2.1 Competence – supplemental

The organization shall establish and maintain a documented process(es) for identifying training needs including awareness (see Section 7.3.1) and achieving competence of all personnel performing activities affecting conformity to product and process requirements. Personnel performing specific assigned tasks shall be qualified, as required, with particular attention to the satisfaction of customer requirements.

To reduce or eliminate risks to the organization, the training and awareness shall also include information about prevention relevant for the organization’s working environments and employees’ responsibilities, such as recognizing the symptoms of pending equipment failure and/or attempted cyber-attacks.

在2021年7月21日,國際汽車工作組 (IATF) 修訂了 IATF 16949:2016 標準的第10項認可解釋 (2021年8月生效) 和第3項認可解釋 (2021年11月生效),并发布了第21和第22項認可解釋(2021年11月生效)。主要是澄清了:

  • 增加針對大流行病的應急策劃要求,強調員工知識對有效的應急策劃的重要性;
  • 使用沒有獲得認可的外部實驗室的條件
  • 組織需要在風險分析中考慮潛在的網絡攻擊
  • 員工培訓和意識應包括有關工作環境和員工責任的風險預防的信息,例如認知潛在設備故障的症状網絡攻擊

詳情參考上述英文版標準條文 (未見官方的中文版本)。
這些認可解釋構成對 IATF 16949:2016 標準中相關條款的修訂,並在生效後作為審核依據。


About DQS  / 關於DQS

DQS is the 1st Certification Body approved by IATF for ISO/TS 16949 certification service, which is replaced by IATF 16949 certification at present.
Meanwhile, DQS Academy provides professional IATF 16949:2016 Internal Auditor and Core Tools Training Courses and Online Skill Test for Internal Auditors.

DQS是全球第一個得到IATF認可向客戶提供ISO/TS 16949(目前已被替代爲IATF 16949) 認證服務的機構。
同時,DQS 學堂 提供專業的IATF 16949:2016內審員和核心工具培訓,以及內審員線上技能測試。  


Copyright 版權聲明

The copyright of description approach in this news is reserved by DQS HK. Any republication with or without modification shall indicate the source.
此新聞的描述方式的版權歸DQS HK所有。如果轉載或基於此修改發佈,請註明來源