IATF 16949 is ISO 9001 with sharp teeth. Tier-2 and tier-3 automotive suppliers carry the same clauses an OEM does. Controlled documents, traceable units, attributed dispositions. But a fraction of the staff. This guide explains the four clauses that drive most audit findings on SMB automotive lines, and what a digital-first answer looks like. Without committing to a $400k MES rollout.
IATF 16949 inherits every ISO 9001 clause verbatim and then layers automotive-specific requirements on top. The headline additions: error-proofing (poka-yoke), full per-unit traceability including manufacturing dates and shifts, control plans linked to work instructions, mandatory FMEA review on changes, and supplier development to flow these expectations down your own sub-tier. Where ISO 9001 says "controlled documents", IATF says "controlled documents that match the current control plan, in use on the floor, with the specific revision recorded on every unit's build record". The bar is the same idea, set considerably higher.
IATF retention requirements are longer than most SMB suppliers realise. Production part approval records, tooling records, and product / service requirement reviews must be kept for the life of the part plus one year. Often 15+ years for active platforms. Work-instruction revision history, build records per unit, and non-conformance dispositions fall into the same long tail. Paper-binder systems theoretically work but practically degrade, one warehouse flood, one office move, one filing-cabinet retirement, and the proof is gone.
IATF clause 8.5.1.1 requires control plans for every part. And clause 8.5.1.2 requires standardised work / work instructions to implement them. The audit failure mode is almost always the same: the control plan calls out a critical characteristic (e.g. caliper bore diameter, 28.50 ± 0.05 mm, 100% inspection by gage R&R), the work instruction at the station doesn't mention it, and the build record has no entry for that measurement. Three documents that should be one. Three places to drift. Ignite Lean keeps the WI as the operator-facing surface, scan-required gates as the enforcement, and build records as the proof, all on the same row.
IATF clause 8.5.2.1 demands traceability that holds up to a recall. The OEM calls Friday afternoon and asks "which units got rotors from lot R-26049-2?". And your answer needs to be a list, not "we'll get back to you Monday". Per-unit traceability means every shipped serial carries the full upstream tree (sub-assemblies and their lots, parent serials, the operator at each station, the WI revision in effect that day). Most SMB suppliers fake this with spreadsheets that fall apart at the first sub-assembly merge. The whole genealogy needs to fall out of the build flow, not get reconstructed later.
BC-260517-0023BC-260517-0023CA-26051-0019R-260517-091 · lot R-26049-2 P-260517-204 · lot P-26049-7 IATF 16949 clause 10.2.4 expects error-proofing controls "where appropriate". And on every critical characteristic, an OEM auditor will tell you it's appropriate. The classic SMB implementation is a sign at the station that says "RIGHT-HAND ONLY" with no enforcement. The IATF-grade implementation is a scan-required gate at the build step: operator must scan the expected part number, kiosk validates, mismatch halts the build and logs the attempt. Ignite Lean ships this as a per-task toggle in the engineering workbench. No separate poka-yoke system, no extra hardware beyond a $40 USB barcode reader.
Engineering changes a torque value Tuesday morning. By Friday, 40% of operators have heard about it (toolbox talk), 30% have seen the updated binder, 30% are still building to the old spec. Come the next audit, the auditor samples 20 units and finds mixed records. That's a non-conformance, sometimes a major. IATF clause 6.3 expects change management that prevents this scenario by architecture. Database-backed WIs close the gap: engineering publishes, the next badge-in at the station renders the new version, the build record captures the revision in use. No more "did everyone get the new spec?"
IATF audits typically run 3–5 days for an SMB supplier, with one auditor + one or two technical experts. Day one is the document review. Control plans, FMEAs, work instructions, training records. Day two is the floor walk. The walk is where most non-conformances come from, because that's where the paper-vs-reality gap shows up. With Ignite Lean, the floor walk becomes the auditor watching operators build to the current revision, scan-validated, with the build record updating in real time on the supervisor's screen. Exactly the system you documented in the day-one paperwork.
Free during early access — 1 manager seat included, unlimited operators.
Get early access