IATF 16949 Update


The new ISO/TS 16949 revision is now IATF 16949 and was released in October 2016. The transition guidelines were revised in October 2016 resulting in this update. It is a stand-alone certificate, but is considered a “supplement” to ISO9001. The updated Rules 5th Edition will be released in November 2016.


  • All organizations seeking initial certification can be audited to ISO/TS 16949:2009 until 1 October 2017. However, the ISO/TS 16949:2009 certificate will only be valid until September 14, 2018.
  • After 1 October 2017, an organization can ONLY be audited and certified to IATF 16949 standard.


After 1 October 2017, all audits must be to the new IATF 16949:2016 revision of the standard.

TRANSITIONING TO IATF 16949 from ISO/TS 16949:2009

  • The earliest possible date for transition is January 1, 2017. This is dependent on auditor availability.
  • There is now only one allowed option for transition: within the standard cycle. The previously communicated special transition audit has been withdrawn.
  • Transition during a transfer audit is not allowed. A company can, if they wish, do an initial audit.
    • If the organization has a valid ISO/TS 16949:2009 certificate, then the intent of the Transition Strategy would prohibit any new certification body from accepting the certified organization as a new client. If the organization has cancelled its contract with the existing certification body and is no longer certified to ISO/TS 16949:2009, then the organization would be allowed to transfer to a new IATF-recognized certification body.
    • DEKRA is required to request a waiver from the IATF for all such transfer audits.
  • The organization is required to conduct a management review at a minimum to ISO/TS plus a supplemental mgmt review in compliance with the IATF requirements.
  • A complete internal full system audit to the IATF requirements is required prior to the transition audit. This can be a full system audit to ISO/TS with a supplemental system audit for the IATF requirements.
  • Pre-audits and gap assessments cannot be performed by the organizations certification body.
  • All sites in a corporate scheme must perform a documentation review.
  • Separate audits to ISO9001:2015 and IATF are not permitted as IATF is a supplement to and used in conjunction with ISO9001:2015.
  • All reductions allowed in the current Rules apply to the transition audits (reduction for exclusion of product design, for example).
  • If a special audit is required for an organization with ISO/TS certification, the audit will be done to ISO/TS even if it is after October 1, 2018.


  • Timing of the audits: No difference from current guidelines. For example, a 12 month surveillance must still be done -3 months / + 1 month)
  • Failure to conduct a transition audit: Stage 2 audit required. Stage 1 is ONLY required if the transition audit is within 18 months of the last audit to the old TS.
  • Time on site for transition audit: Same as recertification days no matter what part of the cycle they are in.
  • Transition audit requirements: Full systems audit equivalent to a recertification audit.
    • Off site documentation review is required. Must include at a minimum: review of the QMS documentation and evidence of conformity to IATF 16949.
    • If the company does not provide the information for the off-site review, DEKRA must add 0.5 days to the audit plan prior to the start of the audit.
    • After the transition audit, DEKRA will issue a new certificate good for 3 years which starts a new cycle.
  • Remote locations and site extensions:
    • All supporting functions (remote locations) must be included in the transition plan and the details must be added to the audit report.
    • In exceptional circumstances a remote support location may not have completed the transition before the site audit.
      • If so, when we audit the manufacturing site, we must audit and retain evidence of the gap analysis including a detailed action plan to fulfill the applicable requirements. This evidence becomes part of the audit report.
      • If we cannot get the gap analysis and associated detailed action plan, the audit is failed and requires a full initial audit.
  • Audit reporting for transition audit:
    • The audit report must include:
      • List of all remote support locations with a list of which version that location was audited to, and a list of the completion dates at each location
      • If the list shows the remote was audited to TS, it must show the scheduled or planned date for the transition.
      • Example:


  • Auditor requirements:
    • Can use any TS auditor for TS audits.
    • Can only use IATF certified auditors for IATF audits. This means the auditor has taken the IATF test and IATF Rules test and passed them. Required to be done by June 30, 2017. There is no information at this time on when the test will be available to take.


  • Timing requirements are the same as the current requirements, but DEKRA is allowed to make certification decisions after the expiration date of the existing ISO/TS certificate within a maximum of 120 days, but the ISO/TS certificate will have expired and the new IATF certificate cannot be issued until the NC’s are cleared.


  • Currently certified to VDA 6.1 and ISO9001:

    • ISO9001:2015: No more than 50% reduction in the initial stage 2 audit days.
    • ISO9001:2008: 100% of initial stage 2 audit days required.
  • Currently certified to ISO9001:2008: Must use 100% of the initial stage 2 audit days.
  • Currently certified to ISO9001:2015:
    • The initial stage 2 audit days for an upgrade can be reduced by not more than 30% of the initial stage 2 audit days. Must be the same registrar as the existing 9001:2015 registrar.
    • If the company transfers registrars, DEKRA must perform at least 1 surveillance audit to the 9001:2015 standard before the upgrade audit to IATF16949.
    • If they expand the scope, no discount. Must use 100% of initial stage 2 audit days


  • No discount in audit days allowed. Must be audited to initial stage 2 audit days.


  • If an organization fails to transition on time and has its certificate withdrawn, it will be audited to initial (certification) days
    • If the registrar is the same as the one that withdrew the certificate, and if the initial stage 2 is scheduled within 12 months of the missed transition audit, no stage 1 is required.
    • If not, they are required to have a stage 1 audit as well.

IATF 16949 2016 Transition Overview October 2016 Update
IATF 16949 2016 Transition Overview October 2016 Update
154.9 KiB