Customer Specific Requirements (CSR) according to IATF

The organization implementing a quality management system according to IATF 16949 should be aware that in addition to meeting the requirements specified in the technical specification above, it must also meet the requirements of its customers regarding the quality management system.

Customer Specific Requirements are absolutely essential for the automotive industry. Why? Because a Quality Management System certified in accordance with the IATF standard does not exist without them.

Customer Specific Requirements – definition

It can be said simply that these are customer requirements that specify points of the IATF standard. But all customers? Not exactly. These are the requirements of those customers (OEM – Original Equipment Manufacturing) who are members of the IATF organization.

Currently, we have 12 of them (as of April 28, 2024). They issue their CSR’s that suppliers must consider in the quality management system.

Customer Specific Requirements in relation to Customer Requirements

When discussing CSR’s, we cannot mention Customer Requirements (CR – Customer Requirement). These concepts are often confused. The IATF standard defines that Customer Requirements include requirements:

• General Terms
• Technical
• Commercial
• Product
• Production process
• and Customer Specific Requirements

As can be easily observed, CSR’s are part of Customer Requirements that we as suppliers must meet when delivering parts to customers affiliated with the IATF organization.

It is also important to note which CSR’s should be enforced. Are those that are valid on the day the contract is signed? Or those that will be updated in the future. Why? Because later they will function throughout the entire production cycle until its completion (EoP – End of Production).

Such a document is published under the name “Customer Specific Requirements” and it is part of customer requirements – see the diagram below. Thus, manufacturer’s customers (OEMs) have an impact on its quality management system

They are issued by individual clients as additions specifying the requirements of IATF 16949, and their current versions are always available at www.iatfglobaloversight.org.

The CSRs are specified differently for each automotive industry customer

We can distinguish them in terms of specificity for:

• product/service
• project
• supplier

For this reason, it is essential that each owner of the business processes carried out in the organization has sufficient knowledge, supported by internal or external training, regarding specific customer requirements applicable to their areas.

Additionally, it is worth remembering that they know when we publish new updates of such requirements. The implementation of the above is possible through the portal www.iatfglobaloversight.org, which provides this opportunity by subscribing (see below).

In this manner, each time we publish new versions of Customer Specific Requirements, we will automatically send this information to their mailbox. This will enable them to verify the suitability of their application in the business processes for which they are responsible.”

What are the key requirements of the IATF standard related to CSR’s?

When discussing CSR topics, it is worth closely analyzing the IATF standard and identifying relevant requirements. The most important ones are outlined below:

Fig.1. Customer Specific Requirements in relation to the IATF standard

4.3.2. Customer Specific Requirements

This point states that the organization should assess CSRs and, after conducting the assessment, appropriately update its quality management system scope. The scope itself defines the boundaries of its application.

7.5.1.1. d) Quality Management System Documentation

This is an interesting point unique to the IATF standard. It is not present in ISO 9001. Here, we find a document referred to as the Quality Book. Subsection d) informs us that we should have information arranged in a specific manner (e.g., matrix) indicating where in our quality management system processes we have the relevant Customer Specific Requirements located.

7.2.3. Internal Auditor Competence

An interesting point. Why? Because Sanctioned interpretations (SI’s) have been published for this requirement. But why is that? Among other reasons, it is because there was previously information that all management system, production process and final product auditors.

Must demonstrate competence regarding CSR’s. SI’s have currently removed the last two entries. Only auditors of the quality management system need to be familiar with these requirements.

It is also not specified that all auditors must know all CSR requirements. It is perfectly acceptable, for example, that out of seven auditors, only two will have knowledge of VW customer CSR’s, while the remaining five have knowledge of Ford customer CSR’s.

The auditor coordinator should gather all this information in an appropriate competency matrix. It may have a more elaborate form and include a set of auditor competencies:

• system
• production process. Of course, considering the requirements of VDA 6.3 clients and the assessment of special processes from the CQI family
• EHS
• ISO 27001 or TISAX

The simplest rule to follow is: Wherever we go to conduct an audit, we should have the appropriate competencies.

9.2.2. Quality management system audit

The content of this requirement is related to competencies. If there is a requirement in point 7.2.3 that systemic auditors must have competencies in certain CSR’s, it is to assess them for their effective implementation.

On the other hand, it is very important for each of the business process owners, conducted in a given organization, to have appropriate knowledge, supported by internal or external training, regarding specific customer requirements in their area.

This will better prepare them to meet customer needs and more effectively manage their processes.

Why using actual Customer Specific Requirements is so crucial for sub-suppliers