New Requirements

Though the new standard looks completely different from Rev 2009, it should be reassuring to know that
156 of the 189 clauses in the Rev 2016 standard are almost identical to the Rev 2009 standard (though in a
difference place). Of the remaining clauses, 20 are new requirements, while an additional 13 clauses have
expansions of previous requirements. The following are new requirements:

1. Understanding the needs and expectations of interested parties (4.2) this is a new requirement
from ISO 9001:2015 requiring and organization to understand relevant interested parties and their
requirements.

2. Corporate responsibility (5.1.1.1) requires the organization to implement corporate responsibility

policies, including anti-bribery policy, and employee code of conduct, and an ethics escalation policy.

3. Process owners (5.1.1.3) requires the organization to identify process owners who are responsible
for managing the organizations processes.

4. Actions to address risk and opportunities (6.1, 6.1.1, 6.1.2) new requirement from ISO 9001:2015
requiring the organization to and determine the risks and opportunities that need to be addressed.

5. Risk analysis (6.1.2.1) requires the organization to include in risk analysis lessons learned from
product recalls, product audits, field returns and repairs, complaints, scrap, and rework.

6. Second party auditor competency (7.2.4) - requires the second party auditors (those auditing external
providers) to have competence in Rev 2016 requirements, core tools, and risk based thinking.

7. Design and development of products and services - supplemental (8.3.1.1) requires the
organization to apply to product and manufacturing process design and development and shall focus on error
prevention rather than detection

8. Development of products with embedded software (8.3.2.3) requires the organization to use a
process for quality assurance for their products with internally developed embedded software.

9. Control of externally provided products and services - supplemental (8.4.1.1) requires the
organization to include all products and services that affect customer requirements such as sub-assembly,
sequencing, sorting, rework, and calibration services in the scope of their definition of externally provided
products, processes, and services.

10. Automotive product-related software or automotive products with embedded software (8.4.2.3.1)
requires the organization to require their suppliers of automotive product-related software, or automotive
products with embedded software, to implement and maintain a process for software quality assurance for
their products.

11. Second party audits (8.4.2.4.1) - requires the organization to include a second-party audit process in
their supplier management approach.

12. Information for external providers - supplemental (8.4.3.1) requires the organization to pass down
all applicable statutory and regulatory requirements and special product and process characteristics to their
suppliers and require the suppliers to cascade all applicable requirements down the supply chain to the point
of manufacture.

13. Verification after shutdown (8.5.1.4) requires the organization to define and implement the
necessary actions to ensure product compliance with requirements after a planned or unplanned production
shutdown period.
14. Temporary change of process controls (8.5.6.1.1) requires the organization to document the process
that manages the use of any alternate including temporary manufacturing process control methods. This
should be captured in the appropriate Process FMEA and Control Plans.

15. Release of products and services - supplemental (8.6.1) requires the organization to verify that
planned arrangement to verify the product and service requirements have been met are encompassed in the
control plan.

16. Control of nonconforming product - customer-specified process (8.7.1.2) requires the organization
to comply with applicable customer-specified controls for nonconforming product(s). This requires that
OEM Controlled Shipping requirements are to be followed.

17. Control of repaired product (8.7.1.5) requires the organization to utilize a risk analysis (FMEA)
methodology to assess risks in the repair process prior to a decision to repair the product. The organization is
required to have a documented process for repair confirmation.

18. Management review - supplemental (9.3.1.1) requires the organizations to review issues related to
cost of poor quality, process effectiveness and efficiency, assessments of manufacturing feasibility made for
changes to existing operations and for new facilities or new product, customer satisfaction and scorecards,
warranty performance and potential field failures identified through risk analysis.

19. Management review outputs- supplemental (9.3.3.1) requires the organization to document and
implement an action plan when customer performance targets are not met.

20. Warranty management systems (10.2.5) requires the organization to have a warranty management
process whenever a warranty is provided. The warranty management process is required to have a part
analysis to determine root cause of failure.

Expanded Requirements

Though the new standard looks completely different from Rev 2009, it should be reassuring to know that
156 of the 189 clauses in the Rev 2016 standard are almost identical to the Rev 2009 standard (though in a
difference place). Of the remaining clauses, 13 clauses have expansions of previous requirements. The
following are clauses with expansion of existing requirements:

1. Product Safety (4.4.1.2) requires the organization to have documented processes for the
management of product-safety related products and manufacturing processes. Expansion of Rev 2009 clause
6.1.4.

2. Contingency Plans (6.1.2.3) enhanced requirement by comprehending either best practice or already
implemented requirements in the automotive industry. Expansion of Rev 2009 clause 6.3.2.

3. Plant, facility, and equipment planning (7.1.3.1) requires the organization to use a
multidisciplinary approach, including risk identification and risk mitigation methods, for developing and
improving plant, facility and equipment plans. Expansion of Rev 2009 clause 6.3.1.

4. Organizational knowledge (7.1.6) new requirement from ISO 9001:2015 requires the organization
to determine the knowledge necessary for the operation of its processes and to achieve conformity of
products and services. Expansion of Rev 2009 clauses 6.2.2, 6.2.2.1, and 8.1.2.

5. Internal auditor competency (7.2.3) requires the auditors to have competence in Rev 2016
requirements, core tools, and risk based thinking. Expansion of Rev 2009 clause 8.2.2.5.
6. Awareness - supplemental (7.3.1) requires the organization ensure all personnel are aware of their
impact on quality output and additionally, customer requirements and the risks involved for the customer
with non-conforming product. Expansion of Rev 2009 clause 6.2.2.4.

7. Engineering specifications (7.5.3.2.2) requires the organization to have a documented process

describing the review, distribution, and implementation of all customer engineering standards/specifications
and related revisions based on customer-required schedules. Expansion of Rev 2009 clause 4.2.3.1.

8. Determining the requirements for products and services - supplemental (8.2.2.1) requires the
organization to include recycling, environmental impact, and characteristics identified as a result of the
organization's knowledge of the product and manufacturing processes. Expansion of Rev 2009 clause 7.2.1.

9. Design and development planning - supplemental (8.3.2.1) requires the organization to ensure that
the design and development planning includes all affected stakeholders within the organization and, as
appropriate, the supply chain. Expansion of Rev 2009 clause 7.3.1.1.

10. Type and extent of control (external suppliers)- supplemental (8.4.2.1) requires the organization to
include the criteria and actions to escalate or reduce the types and extent of controls and development
activities based on supplier performance and assessment of product, material, or service risks. Expansion of
Rev 2009 clause 7.4.1.

11. Total productive maintenance (8.5.1.5) requires the organization to develop, implement, and
maintain a documented total productive maintenance system. Expansion of Rev 2009 clause 7.5.1.4.

12. Preservation - supplemental (8.5.4.1) requires the organization to include identification, handling,
contamination control, packaging, storage, transmission or transportation, and protection. Expansion of Rev
2009 clause 7.5.5.

13. Control of changes - supplemental (8.5.6.1) requires the organization to have a documented process
to control and react to changes that impact product realization. The effects of any change, including those
changes caused by the organization, the customer, or any supplier, shall be assessed. Expansion of Rev 2009
clause 7.1.4.