How to Gather, Communicate and Implement CSRs (Customer Specific Requirements)
IATF 16949® and Customer Specific Requirements (CSRs)
Part 3 of our automotive series explains how to gather, communicate and implement customer-specific requirements (CSRs). For IATF 16949® registered companies, there is a keen awareness that CSRs play an important role in the quality management system (QMS). CSRs are defined as “interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standard” (Section 3.1 Terms and Definitions – page 11 of the IATF 16949® standard). Typically, your customer will issue a CSR or supplier manual (sometimes called a SQAM or Supplier Quality Assurance Manual) that follows the format of IATF 16949® with your customer’s additional requirements or clarification. CSRs are implemented at every tier level within the automotive supply chain.
The IATF 16949® standard identifies a few areas where customer-specific requirements (CSRs) must be incorporated into the company’s quality system. For instance, section 4.3 tells us that CSRs must be evaluated and included in the scope of the QMS. Furthermore, section 188.8.131.52 states that the organization must integrate the CSRs into the internal audit process and sample those CSRs during the internal audit. To tie all of this together, IATF® Rules 5th edition section 5.8j requires your certification body auditor to review the process your organization uses to gather, communicate, and implement CSRs at every audit.
The first step, when dealing with customer-specific requirements (CSRs), is determining which customer(s) has CSR documents and how does the organization obtains those CSRs. With bigger customers, the CSRs may be linked on a supplier portal or the customer’s website. For smaller customers, you may need to contact your customer’s supplier quality professional and ask the question. Requirements may also be found in supplier quality manuals, contractual stipulations, notations on product specifications, and specified publications on the IATF® website. Another potential source for information is www.customerspecifics.com which tries to stay current on many of the CSRs through joint collaboration of the users on the site. Remember, IATF 16949® requires you to implement these CSRs, so that would indicate you would need to know two things: Does my customer have a CSR document and, if so, do I have the most current revision of the CSR document? To ensure the most recent revision, the organization should have a process in place to review the current revision of each CSR at a certain frequency, updating the quality system with the newest revision of the CSR. Keep in mind, if you have any new customers since your last 3rd party audit, one of the questions your auditor will ask is how you obtained and implemented any new CSRs.
Whenever you have new or revised customer-specific requirements (CSRs), the organization will need to have a process in place to ensure this new or revised CSR is communicated throughout the organization. This communication process may be done:
- during the management review or other organizational meetings,
- through procedural and/or work instruction updates,
- by updating and releasing the updated CSR matrix in the quality manual,
- or by some other means.
Note that whatever method is used, ensure there is evidence to support the communication event. Also, keep in mind, just updating a document control list with the new revision may not be enough (ask the question, “Did I communicate this change to all the required people within the organization, and do I have evidence to support that communication.”).
Once the customer-specific requirements (CSRs) are gathered and communicated, the critical last step is making sure the quality system is updated with the new or modified requirements of the CSR. This may include any procedural or process updates, CSR matrix updates, and training of the new requirements with the affected employees. After the new or modified CSR requirements are put into place, a review of the effectiveness of the implementation may be required to ensure everything is working as intended.
To help ensure effective implementation of the CSR process, be sure to use the most current CSR document(s) and CSR matrix during the internal audit of the organization’s processes. Ensure the processes include any CSR requirements or expectations. Keeping the review process based will help the organization determine if the integration of CSR requirements is effective.
Internal Audits and CSRs
CSRs are a critical component of an IATF 16949® quality system. Your organization’s 3rd party auditor will be reviewing CSR gathering, communicating, and implementation at every audit. The auditor will also be reviewing how you introduce new CSRs and any modified/revised CSRs. Furthermore, customer audits will focus on CSR requirements. It is to the organization’s advantage to have a strong process for ensuring the effective gathering, communication, and implementation of the customers’ CSR documents and expectations.
Certification Readiness Audits
If you’re not sure your system is up-to-speed, simpleQuE offers certification readiness audits that are performed prior to a surveillance, recertification or initial Certification Body (CB) audit to be sure that your quality management system and team are ready. In addition, 2nd party internal audits can be conducted by our experts to be sure your system is maintained to these standards and CSRs, such as VDA audits and CQI audits. All of simpleQuE’s IATF® 16949 internal audits include a sampling of CSR requirements. Contact our IATF 16949® consultants for information about our services and on-site customized training classes for Root Cause Analysis and Problem Solving, Process Ownership, Core Tools and more.
Knowledge. Expertise. Experience.
Outsource Your Internal Audits
IATF 16949® 4-Part Series
This is the third of a four-part series of IATF 16949® articles written by simpleQuE consultant and auditor, Bob Dornhecker.* With over 30 years of combined experience in auditing, manufacturing, and certification, Bob has an extensive quality background. Additionally, he has taught and facilitated many quality-related training classes for clients and has provided support to companies securing their own ISO/Quality Management Systems certifications. He also conducts ISO 9001 and IATF 16949® 2nd and 3rd party audits.
In case you missed the other articles in this series:
- Where Does it Say THAT?! – Frequently Overlooked IATF 16949® Requirements
- Using Automotive Manufacturing Process Audits to Focus on Value and Maximize Improvements
- Top IATF 16949® Audit Findings and How to Address Them in the QMS
SimpleQuE is not associated with the IATF®, IAOB, ANAB®, IAQG®, and is not a certification body. SimpleQuE is an independent consulting, training, and second-party auditing service provider that assists a company on a path for the company to obtain and maintain certification through accredited certification bodies.
Learn More About The simpleQuE Advantage