ISO: Certification Contract Review and Contract Rules

1. Apply for consultation and provide materials

The department responsible for the contract shall receive consultation from organizations that require certification consultation, introduce and promote relevant matters, and provide necessary promotional materials such as proposal invitations/review letters, questionnaires, and instructions required for quotation. In addition, it is also possible to negotiate with the organization and have direct access.

2. Acceptance of Proposal Invitation Letter and Contract Review

The department responsible for the contract should record the acceptance of the proposal invitation/review letter and the inquiry letter in the proposal invitation/review letter receiving ledger, and during this process, grasp the following matters. In addition to the following content, there are additional matters that need to be mastered for each operating system, according to the content of the operating system certification rules.

(1) The name, location, legal status, current production status, and engineering of the legal person are general information for the applicant The name of the legal person needs to be confirmed on the business license.

(2) Scope of certification application: The location of the certification object's business premises

(3) Number of employees (regular/non regular (including contract workers, part-time workers, temporary workers, etc.)/employees in the social field)

(4) This includes important aspects of the organization's processes and operations, as well as related legal obligations, and the general characteristics of the applying organization.

(5) The general information of the applicant organization related to the activities, human and technical resources, skills, and relationship with a certain legal entity associated with the scope of certification application.

(6) All external program related information utilized by the organization regarding compliance with requirements.

(7) The system and specifications required for registration or the technology for other applicable documents

(8) If the certification applicant wants to obtain group certification, the operational status of the relevant business field regarding the following matters (whether samples are allowed or not) will be determined

① Whether they belong to the same legal entity

② Is it centrally managed under the same management system

③ Whether to perform substantially the same task

④ Is the highest operator consistent

⑤ Is the same program used for the system that becomes the authentication object

(9) Have you undergone certification review by other certification authorities before applying for certification? (Before applying for certification, be aware of any issues related to the rejection or cancellation of certification review by other certification authorities.)

(10) Information on consulting services utilizing building systems

3. Contract review projects and benchmarks

3.1 Review of certification scope association

(1) Qualification review of applicable specifications and exclusion clauses

(2) Review the qualification of the certification target organization

(3) Review the scope of activities

(4) Review the scope of the business field

1) The business field of the audit object must include all certification objects and activities within the scope of certification applied by the certification applicant.

2) Based on the same certification objects and activities, operating multiple group business units under the same system and applying for certification scope, the audit object business units can be selected as SAMPLING. However, for specific and exceptional matters, the audit rules of the group business units and the certification operation rules of each management system will be followed.

(5) The situation in the construction industry is that the review of the scope of certification in the construction field will refer to the guidelines for the scope of certification in the construction field.

(6) The information of the certification scope inspection process will be used as input data to meet the qualification requirements related to the composition of the audit team and the certification decision. The contract reviewer determines the qualification requirements for the audit team and certification decision-making process based on technical analysis data.

3.2. Review of other matters

Review and consider other following matters

1) Whether the certification object product or service is provided from a region

2) Are there any other products or services within the review area of the application that do not belong to the certification object

3) Processes or products are carried out under outsourcing contracts

4) Is there any other work to be carried out besides the authentication target region, and what are the details

5) Does the applying organization have the ability to provide certification services for specific requirements of the applying organization, such as the language used, in addition to the scope and business field of the certification application

6) If the variety and activities of the audited object affect the operating status of the production line based on factors such as specific days, specific times, or specific seasons, the main activity situation may be affected or changed. In order to allow the audit team to observe the production and main activities of the audited object variety to the maximum extent, the audit date, audit time, and audit season should be considered for review.

4. Send proposal documents

(1) According to the contract review results, if the audit can be conducted, the personnel and schedule required for the audit will be recorded in the proposal invitation/review form, and the quotation for the certification audit fee will be filled in the certification proposal form and sent to the applying enterprise together with the two contract forms. Before sending, it is necessary to confirm whether the name of the organization's business premises has been recorded in the contract. If the group business field can be handled by a contract, the contract should clearly record all relevant group business field names.

(2) If the contract review result is a condition that cannot be reviewed, it will be reported together with this matter.

(3) In the case of organizations proposing certification for the first time registration in the Quality Foundation, the following matters shall be notified to the certification application organization when the proposal is sent. In the case of only applying for pre audit, necessary content may be notified as appropriate.

1) Information provided to the certification application organization

Certification audit benchmark

• Applicable certification audit days

The cost required for certification review

Possible time for certification review (validity period of proposal)

• Information on the certification review process and the rights and obligations of the certification organization

Detailed instructions/techniques for the initial and ongoing certification/initial certification and certification recognition processes, including application, initial review, supervisory review, and re certification review, as well as maintenance, reduction, expansion, suspension, cancellation, update, etc.

• Information on procedures for handling complaints and raising objections

Possible additional information requirements for certification applications

2) When applying for certification from the Quality Foundation, the certification application organization needs to fulfill the following tasks

• Always comply with regulations related to certification systems

• According to the requirements of the certification audit standards, after establishing a system and documentation appropriately, execute and maintain it according to the documented procedures and methods. If certification is desired, it is necessary to supplement and submit status records that comply with legal requirements, other relevant regulatory requirements, and required documents designated by the certification authority after the establishment of the relevant business structure.

• Prior to the execution of the audit, there should be at least one thorough internal audit and operational review of the requirements for the applicable specifications, and these issues should be able to be submitted to the quality consortium. In addition, the internal audit and business review cycle should be at least once a year, and the internal audit results must confirm that there are no significant non conformities

• In order to verify registration and maintain certification qualifications through all audits, it is allowed to investigate and confirm the actual entry and exit of all places where the required system is established, and to allow access to relevant records and interviews between the staff of the audited enterprise and relevant personnel.

• Only when the system of the certification applicant has been properly established and documented based on the audit criteria, and in accordance with the prescribed procedures and methods, can the certification certificate be issued to the certification applicant under appropriate execution and maintenance.

• To comply with the certification standards of the certification system and the certification certificate, certification mark application, and promotion guidelines formulated by the quality foundation. Especially the registered system is only used to indicate compliance with specific specifications or other benchmarks, and cannot be used to indicate recognition of products or services obtained from KFQ.

• If the suspension or cancellation of certification is confirmed, all advertisements or promotions that reference the certification facts cannot continue, and if a request is made to return the certification documents, they should be returned.

• The certification registration matters cannot be used in a way that damages the reputation of the quality foundation, nor can they be stated to make the quality foundation appear misunderstood or identified as lacking authority.

• If it is a relevant situation, assistance should be provided to participate in the audit team (e.g. certified auditors or trained auditors). Especially, the participation of certified auditors shall not be refused.

5. Receive the contract

The department responsible for the contract shall receive two copies of the contract signed or stamped by the representative of the applicant from the application organization that decides to sign the contract, in order to accept the certification application.

6. Contract signing

(1) After confirming the received contract, the department responsible for the contract obtains approval and records it in the contract registration ledger

(2) The responsible contract department will send the two approved contract documents to the basic review planning department, providing information on the confirmed items of the contract and the basic review plan.

(3) The department responsible for the contract shall send one original copy of the approved contract to the applying organization, which shall accept it and sign the contract

(4) The contract should include the conditions for cancellation of certification and the organization that receives the notice of cancellation of certification, as well as the content that all promotional materials mentioning/referencing the certification status must be discontinued and binding.

IATF: Certification Contract Review and Contract Rules

1. IATF certification qualification

(1) All organizations that manufacture, design, and develop (where applicable) "automotive vehicles" and "automotive products" are eligible for IATF 16949 certification.

1) Automobile vehicles "should be understood as vehicles that are allowed to operate on public roads for the purpose of access.

*Automobiles, trucks, buses, heavy-duty trucks, motorcycles, RVs (such as campers), and certain special vehicles (such as police cars, ambulances, fire trucks, taxis, school buses) have IATF certification qualifications, even if they are not manufactured by OEM.

2) The definition of "automotive product" is as follows:

① Parts (including parts with embedded software) and processing materials manufactured according to the specifications of automotive customers and integrated into the car during the manufacturing process

② Parts manufactured according to OEM specifications, purchased or approved by OEM, and integrated into automotive vehicles after manufacturing and before or after delivery to end customers

*The "integration" of the above ① and ② refers to the parts and materials that are filled, attached, connected, or placed inside or on the vehicle. (For example, engine oil, antifreeze, brake fluid, engine coolant, sealing strips, battery electrolyte, carpets, traction devices, front grille, stickers/badges, tire inflators, etc.)

③ Replacement parts and materials for automobiles and vehicles (including remanufactured parts)

*Remanufactured parts refer to the remanufacturing of components or assemblies to meet the original specifications

*The replacement parts include service parts and after-sales parts. Service parts refer to replacement parts manufactured according to OEM specifications, purchased or approved by OEM for use in service parts. After sales parts refer to replacement parts that are not purchased or approved by OEM. After sales products without equivalent parts released by OEM will not qualify for IATF 16949 certification. For customers who purchase and sell replacement parts to open market retailers such as auto repair shops, body stores, auto parts retail stores, etc. (They should be listed as customers in the CARA report)

If the products provided by the organization meet the definition of replacement parts, the certificate scope statement should include the words after-sales, service, and/or remanufacturing. (For example, manufacturing oil filters for service and aftermarket, manufacturing filters for aftermarket, designing and manufacturing oil filters for production and service)

(2) Manufacturing "should be understood as a process that includes at least one value-added activity, which further transforms the input materials and/or parts of the process into semi-finished or complete states of automotive products. Manufacturing processes can use various types of manufacturing techniques to manufacture or manufacture automotive products (such as casting, molding, extrusion, welding, machining, heat treatment, coating, painting, assembly, etc.). For example, organizations that only provide sorting, matching, testing, inspection, packaging, and warehousing services are not eligible for IATF 16949 certification

※ Matching refers to the process of combining multiple parts or items required for a specific task or assembly into a set (kit).

(3) 'Automotive customer' should be understood as any organization in the automotive supply chain that purchases automotive products.

Remote Support Location (RSL) should be understood as an organizational location that provides one or more support functions from the RSL to the organization's manufacturing site. An independent remote support facility (SA-RSL) should be understood as an organizational facility that does not engage in automobile manufacturing but provides support to one or more manufacturing sites. The support function may be located at another manufacturing site or an independent remote support location. The support functions performed at remote or independent remote support locations should be included in the IATF 16949 certification scope of the manufacturing site they support.

In special circumstances where the manufacturing activities of an organization are conducted at the customer's location, it will be considered as an independent remote support site for the organization's manufacturing site, and this function will be identified as "service" on the IATF 16949 certificate of the manufacturing site.

(4) Certification application is required in the following situations:

1) Never obtained IATF 16949 certification or currently transferring to KFQ's manufacturing site

2) Manufacturing sites where the IATF 16949 certificate has expired, been cancelled or revoked, or where the compliance certificate has expired

3) Relocation requiring initial audit (transfer of manufacturing and/or all support activities from the original location to a new location)

① The situation where relocation leads to becoming a new manufacturing site or an independent remote support location

② The situation where independent remote support sites become manufacturing sites

③ Expanding the manufacturing site to become a manufacturing site or an independent remote support location

If the manufacturing site, expanded manufacturing site, or independent remote support site is relocated to an IATF certified manufacturing site, one independent remote support site will be relocated to another independent remote support site; Relocating from one expanded manufacturing site to another; Alternatively, due to relocation, sites that have not been certified by IATF 16949 may become expanded manufacturing sites, which is not applicable.

(5) During contract review, KFQ should verify the IATF 16949 certification structure of the applying organization and, if necessary, consult with the applying organization to re select the applicable certification structure. Any reduction in auditor days related to the certification structure.

-The classification of authentication structures is as follows:

-Single manufacturing site

-A single site with an expanded manufacturing site

-Group Plan

If the customer has multiple locations within the certification scope, each location should sign a legal contract with KFQ. Before the legal contract between KFQ and the client covers it, the venue cannot be included in the group's plan.             

2. Preliminary review and transfer review of contracts

(1) The department responsible for the new contract receives the following information from the applying organization through a proposal invitation letter and a management system inquiry letter to determine the validity of the certification and establish a quotation.

1) The name, address (on-site address based on objective evidence such as business license), and legal status (business license, etc.) of the location of the applying organization covered by the certification scope (manufacturing site, extended manufacturing site, independent remote support site, and indirect support site)

2) Unique Site Identification Code (USI) for sites that have obtained or previously obtained IATF 16949 certification.

3) (Independent) remote support location and support functions, as well as the location where support is received and the support functions provided. (If applicable, remote support function audit report from other certification bodies)

During the certification period specified in the contract, each independent remote support facility shall be audited and certified by only one IATF accredited certification body. If the independent remote support site has already been audited by another certification body, an audit report from the existing certification body must be obtained, unless it is transferred to KFQ for independent remote support site audit.

4) Apply for the scope of the organization's quality management system, including outsourcing processes and their process overview (such as manuals, process relationship diagrams).

5) Meet the required certification structure and have evidence to prove its applicability requirements.

The defined manufacturing process and the types of products manufactured at each manufacturing site, including manufacturing operations distributed between sites.

6) A written statement of product design or non product design responsibility, including the following statements:

-The product design related processes in the customer quality management system

-Sign contracts with all customers, requiring or not requiring the execution of designs

7) The scope of certification required for each manufacturing site

8) The names of all individual consultants and consulting firms who have provided or have provided quality management system related consultations in the past 24 months.

9) All current automotive customer lists for each manufacturing site, including extended manufacturing sites, as well as all relevant IATF OEM supplier codes

10) In the case of applying for a certificate of conformity, evidence should be provided to prove that the manufacturing site is on the valid bidding list of customers who require IATF 16949 certification.

11) The number of permanent, part-time, contract, and temporary workers, as well as the average daily number of workers

12) The language used for the review and the number of employees who do not speak these languages.

13) Any relocation that has occurred since the last IATF 16949 audit

14) The information regarding current or previous certifications of IATF 16949 is as follows:

-Any existing or previous compliance certificates from the past three (3) years.

-All audit reports for any failed first stage preparation assessment and/or second stage certification audit conducted within the past six (6) months, regardless of the certification body that conducted the previous audit. (Certification registration history rejected during the certification application and review process)

-The name of the previous certification body, the audit report of the previous (3) year audit cycle, evidence that all non conformities have been closed, and the status of the certificate. If the client's certificate is revoked, the new contract management department should contact IAOB through the quality assurance management department to obtain information on the reason for revocation

-If it is China, the certification resume of the applying client should be viewed on the CNCA website.

-In the case of CB transfer, first confirm the transfer eligibility from IATF DB

15) Any performance complaints received by the applicant organization through the IATF complaint management system in the past 12 months, as well as the status of the performance complaints.

(2) If the previous certification has been revoked due to ineffective implementation of corrective measures, IATF OEM performance complaints, IATF OEM special status, and non conformities released during supervision/re certification audits, a special audit should be conducted before the initial review. However, after revoking certification for more than 3 years, no special audit is required. The competent department of the new contract should review the information provided before conducting a special audit to understand the issues that led to the revocation of certification.

(3) The audit date for transferring the audit should be determined with the client at least 90 calendar days before the expiration date of the previous audit cycle, so the application information reception date should be adjusted appropriately taking this into consideration.

(4) The applicant organization's failure to disclose information regarding existing or previous IATF 16949 certifications, compliance letters, certification attempts, or intentional distortion of information provided during the application process will be considered a violation of legal contracts and the application will not be accepted. During the certification review process, if the certification body has not yet made a decision, the certification decision should be to revoke the customer's IATF 16949 certification or a negative decision.

5) The application reviewer should review the application information, auditor day calculation, and quotation draft to confirm:

1) Identify all fairness risks that hinder the certification body from signing legal contracts with clients

2) The required certification scope meets the qualification requirements

3) Correctly determine product design responsibility

① Including the responsibility of the application organization or client for outsourcing design or

② Customer Responsibility

If the applying organization or client outsources their product design process, they shall be deemed responsible for the product design and shall not apply for a reduction in non design responsibility audit days.

4) Does the required authentication structure meet the requirements

5) Confirm whether the information of the applying organization and its quality management system is sufficient to understand its certification overview, calculate the number of audit days, and continue the certification process adequately

6) Confirm that any known differences in understanding between the certification body and the applying organization have been resolved

7) Understand other factors and conditions that affect certification activities (such as language, safety requirements, movement time between manufacturing sites and extended manufacturing sites, etc.).

3. Contract review in accordance with the certification letter

(1) The certificate of conformity is a quality management system implemented by the customer that meets the requirements of IATF 16949, but is applicable to manufacturing sites that cannot obtain IATF 16949 certification due to the following reasons.

1) On site production of non automotive products that can demonstrate their presence on the valid bidding list of automotive customers requiring IATF 16949 certification, or

2) Produce automotive products, but have not yet met 12 months of internal or external performance data related to automobiles.

(2) The competent department of the new contract shall require the applying organization to provide information on the purpose of the application (1) or (2) to determine its validity and conduct a contract review.

4. Contract review

Contract reviewers should receive the following information from existing clients based on their current customer information status and contract review documents, and conduct regular and special contract reviews.

(1) Any significant changes in organizational structure or background (legal status, ownership status, etc.) since the last audit

*Contract reviewers should take appropriate actions based on changes communicated by the client, including special audits. These changes should be maintained as part of the certification records in the contract review document.

(2) Changes in certification information (relocation of manufacturing processes and support functions, closure or relocation of certification addresses, changes in certification structure, changes in certification scope, outsourcing, customer complaints requiring notification to certification agencies)

(3) The number of permanent, part-time, contract workers, temporary employees, and the average number of daily workers

(4) The language used for the review and the number of employees who do not speak these languages.

(5) The names of all individual consultants and consulting firms who have provided or have provided quality management system related consultations since the last audit

(6) Scorecard, if the customer's customer is IATF OEM. In this case, changes in audit duration based on quality and delivery performance follow the Auditor Day Calculation Guidelines/IATF 16949.

(7) The relationship between independent remote support locations and the support functions received and provided between locations. (If applicable, remote support function audit report from other certification bodies)