Corona Virus and IATF 16949
Updated: Feb 10
The concept of risks and opportunities in IATF16949 standard has been brought into the forefront of process control. Organization is expected to deploy preventive actions, mitigating any associated risks, and link several risks to contingency plans. It appears to be very certain that the global epidemic of Corona Virus be a MUST question by auditor when it comes to how does an organisation prepare its contingency plan when supplies from China are being held at airport and seaport. How did you prepare a contingency plan for this matter?
How Is This Issue Affect the IATF 16949 Certified Company?
Following the outbreak of coronavirus, some manufacturer is facing a huge backlog at the airport and seaport for direct supply from China, hence making the delivery time to your site longer. In IATF 16949 Clause 184.108.40.206 (c) clearly stated that contingency plan is needed shall there be any interruption for continuity of supply in the event of interruption from externally provided product.
Is My Company Affected?
If your answer to one of the following question is Yes, you will probably need a contingency plan associated to the corona virus issue.
Is your company is an IATF 16949 certified organization?
Is your piece part and/or raw material is being purchased from China or any affected country?
Is China the country of origin of your purchased material?
Do you have any remote functions that are currently residing at the affected country?
Do you have customers that are currently located in China and currently making a regular shipment to this country?
Do you have any sub-contractor in China where your product is to be fully/partially produced?
Do you have any external provider that currently residing in China and their service/supplies are having an intimate contact with your end product?
Is any of your employee ever went to China recently (regardless of personal or business matter)?
Why is Contingency Plan Needed For Corona Virus Issue?
There are multiple requirements related to risks starting from clause 4.4.1. In this clause it is clearly stated that the organisation is required to determine the processes needed to address risks and transferred as a responsibility of top management, as per the 5.1.2 requirement. Clause 4.2, stated that organization to determine the needs and expectations of interested parties and take into account the risks related to internal and external identified issued.
Clause 220.127.116.11 in IATF requirement requires all identified risk to be considered during development and establishment of the contingency plan.
How can you implement the requirements with regard to the recent outbreak?
Below is the model in order to comply to the requirements.
A simple explanation on how to understand the above diagram is as per the following:-
The potential effect on customers (external, internal) to be determined.
The severity of the effect need to be assessed. We recommend all clients to use a numeric scale (for example: 1 – negligible effect, 10 – effect related to safety and/or regulatory requirements)
Based on the history (or general experience, if historical data are missing) assign a probability of occurrence based on historical data. If this is not applicable general experience is still acceptable. Similar to previous point, it is also recommended to use a numeric scale. (for example: 1 – impossible, 10 – for sure it will be happening)
Calculate a level, by multiplying severity by occurrence
Risk classification need to be assigned. It can be either high risk level, average risk level, low risk level)
Decide for each defined class whether it is necessary to act or not.
What do we have to do?
The plan for that particular risk has to be documented once is defined in the IATF 16949 contingency plan. Also not to forget preventive actions, follow up its implementation, and measure the effectiveness according tothe PDCA cycle.
Last but not least is to update the risk level (keep a history card that enable you to track previous risk levels and the reason for changes).