Proud member of MB Group – 40 years of engineering heritage
IATF 16949 Certified
PLENDE
What are IATF 16949 and ISO 9001? How are they implemented at MB Pneumatyka?
Business • 13 lipca 2026

What are IATF 16949 and ISO 9001? How are they implemented at MB Pneumatyka?

At MB Pneumatyka, we are currently undergoing a certification audit conducted by TÜV Rheinland, covering the requirements of ISO 9001 and IATF 16949. For many companies, such a moment means full mobilisation: reviewing documents, updating procedures and talking to the team. We are doing the same in our company. For years, however, I have believed that the more important question is not “Are we ready for the audit?”, but rather: “Does our system work just as well when the auditor is not there?”.

What are ISO 9001 and IATF 16949?

ISO 9001 is an international standard developed by the International Organization for Standardization (ISO), defining the requirements for a quality management system (QMS). The current version, ISO 9001:2015, is based on the process approach and the PDCA cycle (Plan-Do-Check-Act), with a strong focus on risk management and the context of the organisation.

The standard requires, among other things, the identification and control of processes, the definition of their inputs and outputs, the monitoring of key performance indicators (KPIs), and the management of resources, employee competence and documented information. Key areas also include leadership and commitment from top management, customer focus, planning based on risk and opportunity analysis, supplier control, product or service delivery, performance evaluation through internal audits and management reviews, and continual improvement.

The purpose of ISO 9001 is not to create documentation for the sake of documentation, but to ensure a consistent and repeatable way of operating that enables an organisation to meet customer and regulatory requirements while systematically improving process effectiveness.

IATF 16949 goes further, because it applies to the automotive industry, where an error in the process can have very specific consequences for safety, delivery performance and supply stability. It is a global quality management standard developed by the International Automotive Task Force (IATF) in cooperation with ISO, replacing the former ISO/TS 16949 standard.

It is based on the structure of ISO 9001, but extends it with a range of automotive-specific requirements, such as risk management throughout the entire product life cycle, new product development according to APQP (Advanced Product Quality Planning), production part approval through PPAP (Production Part Approval Process), potential failure analysis using FMEA in line with the AIAG & VDA approach, and process stability monitoring through SPC (Statistical Process Control).

The standard also places strong emphasis on supplier management, product traceability, preventing defects instead of detecting them, root cause analysis, for example using the 8D method, and the continual improvement of production and logistics processes. Change management is also an important element, requiring a formal assessment of the impact of every change on the product and process before it is implemented. In practice, this means that the organisation must have full control over what it produces, how it produces it and what risks are associated with it.

This sounds very technical. And it is technical. But after years of working with this standard, I have come to one conclusion: no method guarantees quality on its own.

FMEA does not guarantee quality. SPC does not guarantee quality. PPAP does not guarantee quality. A procedure itself, unfortunately, does not guarantee quality either. These tools are very helpful in managing an organisation, but it is people, decisions and work culture that determine whether the system truly works.

The biggest mistake companies make: treating the audit as a project

In many organisations, the same scenario repeats itself before an audit. A few weeks before the date, intense preparations begin. Procedures are updated. Instructions are printed. Employees remind themselves of the quality policy. Missing records are completed. Actions that should have been carried out earlier suddenly become urgent.

This is a warning sign. It means that the quality management system works only when an audit is approaching. But the customer receives our products every day, throughout the whole year. Not only when an auditor appears in the company.

How do you build an organisation that does not need to prepare for an audit?

My answer is simple: do not build the quality system as an addition to the company. The quality system should be the way the company is managed.

If it operates alongside everyday work, sooner or later it becomes bureaucracy. If it is part of daily management, it stops being a separate project and becomes the normal way the company works.

1. The process must belong to the process owner

In many organisations, the quality department is responsible for all processes. This is one of the most common mistakes. Production is responsible for production, purchasing for purchasing, logistics for logistics, and maintenance for machine availability.

The quality department should not manage all processes in the company. Its role is to supervise the effectiveness of the system, support the organisation, identify risks and ensure that processes are measurable, understandable and continuously improved. That is a major difference.

Every process owner should know the purpose of the process, who the customer of the process is, what the inputs and outputs are, which key performance indicators (KPIs) are monitored, what risks exist, which documents apply and what improvement actions are being carried out.

If the process manager cannot answer these questions, the system exists on paper but does not work in practice.

2. Documentation should describe reality

An experienced auditor will quickly notice the difference between the documentation and the actual flow of the process. If an operator performs work differently from what is described in the instruction, there are two possibilities. Either the work is being carried out contrary to the requirements, or the documentation is outdated.

Both situations are risky.

Procedures should not be written from behind a desk. First, you need to see the process, talk to people, understand the practice and only then describe it. Good documentation is not a decoration of the system. It is a tool that can actually be used.

3. Data is more important than assumptions

One of the most common questions during an audit is: “How do you know that the process is working correctly?”. You cannot answer this question with an opinion. You need data.

That is why an organisation should monitor, among other things, PPM (Parts Per Million, the number of defective parts per million produced), OEE (Overall Equipment Effectiveness) and FPY (First Pass Yield, the percentage of products passing through the process without rework), customer complaints, internal complaints, cost of poor quality, on-time delivery, effectiveness of corrective actions, process capability, audit results, training effectiveness and supplier risk levels.

If the data shows a problem, it must be seen before the customer sees it.

4. FMEA must live together with the process

FMEA (Failure Mode and Effects Analysis) is a method that, in practice, involves going through a process step by step and asking several very specific questions: what can go wrong, why it could happen, what the consequences for the customer would be, and how we can prevent it or detect it in time. The result is not the document itself, but a list of real actions: additional safeguards, process changes, new control points or modifications to work instructions.

In many companies, FMEA is created during project launch, then placed in a binder or folder and left untouched for several years. This contradicts the purpose of the method.

FMEA should change together with the process. It should be updated whenever there is a change in machine, tool, material, supplier, operator, measurement method, technology, SPC results or when a complaint occurs.

Every production problem should trigger one question: does our FMEA still describe the risk properly? If the answer is “no”, the document must be updated.

5. Internal audits should be demanding

I strongly value the principle that an internal audit should be more demanding than an audit conducted by the certification body. If an internal auditor is afraid to ask uncomfortable questions, the organisation stops learning.

A good audit does not look for someone to blame, but for weak points in the system. The goal is to remove them before they reach the customer. An organisation should not be afraid of nonconformities, but of risks that no one has discovered yet.

6. Every change activates the system

In a well-managed organisation, a process change should trigger an entire chain of actions: updating the PFMEA, updating the Control Plan, updating instructions, analysing risk, assessing the impact on the customer, qualifying the process, training employees, validating the process and evaluating the effectiveness of implementation.

If any of these steps is skipped, risk appears very quickly. In the automotive industry, changes are never only technical. They are also changes in responsibility, documentation, control and communication.

7. An employee does not need to know the standard. They need to understand the process

An operator does not need to know the clause numbers of the standard. They should know why they perform a specific control, what risk it eliminates, what to do when a nonconformity is detected, where the current instruction is located and when the process must be stopped.

This is true quality awareness. It is not about memorising the requirements of the standard, but about understanding the purpose of one’s work and its impact on the customer, product safety and process stability.

8. The best proof that the system works is everyday decisions

Did we stop production despite deadline pressure? Did we inform the customer about a risk? Did we update the documentation immediately after a change? Did we look for the root cause instead of looking for someone to blame? Did we return to the FMEA after a complaint? Did we check the effectiveness of corrective actions?

These are the moments when you can see whether the quality system truly exists or whether it is only a certificate hanging on the wall in the president’s office.

9. Management builds the culture of quality

The standards say a lot about leadership. And rightly so. No organisation will have a stronger quality culture than its top management.

If management is interested only in costs and deadlines, employees will quickly understand that quality is an add-on. If management asks about risks, complaints and preventive actions, these priorities start to apply across the entire organisation.

The culture of quality starts at the top. Then it moves down to leaders, foremen, operators, supporting departments and suppliers.

The certificate is not the goal

The greatest value of ISO 9001 and IATF 16949 is not the possibility of showing a certificate to the customer, but the ordering of the way the company is managed.

A well-implemented system means decisions are made faster, problems are detected earlier, risks are identified before they become costs, employees know what is expected of them, and the customer receives a stable and repeatable product.

This is exactly why quality management systems exist.

A few words from our perspective

We treat the current TÜV Rheinland audit primarily as an opportunity to speak with an independent expert and compare our processes with the requirements and good practices of the automotive industry.

About the Author

Paweł Andersz
CEO

Paweł

Paweł Andersz

CEO

CEO of MB Pneumatyka. A leader with over ten years of experience in the automotive industry. He holds an engineering degree from the University of Zielona Góra and an Executive MBA in project management. At MB Pneumatyka, he started as a production coordinator. Later, as Innovation Management Manager, he redesigned all company procedures to achieve IATF certification. In his private life, he rides motorcycles and tinkers with engine building. He is a great fan of the Theory of Constraints in process and financial management.

Stay in touch

Sign up to our newsletter

Your monthly source of news