Doc No:- F/MR/17

Rev No. 00
Rev Date:- 27.07.2021
SIS EXTRACT AND REVIEW MATRIX Reviwed on:- 27.7.2021
IATF 16949 SANCTIONED INTERPRETATION Documents Document Review Status
S NO SANCTIONED INTERPRETATION (OLD)
REFERENCE [NEW Updation are highlighted in BLUE and omited are crossed and Has bold black ] Affected ( Yes / No )

customer requirements
3.1 all requirements specified by the customer (e.g., technical, commercial, product and manufacturing process-related Where the organization is a vehicle manufacturer, vehicle manufacturer subsidiary, or joint venture with a vehicle
CSR Matrix and CSR
1 Terms and definitions for requirements, general terms and conditions, customer-specific requirements, etc.) manufacturer, the relevant customer is specified by the vehicle manufacturer, their subsidiaries, or joint ventures. Yes
Procedure
the automotive industry

The organization shall have documented processes for the management of product-safety related products and manufacturing The organization shall have documented processes for the management of product-safety related products and manufacturing processes, which
processes, which shall include but not be limited to the following, where applicable: shall include but not be limited to the following, where applicable:
a) – m) (…) a) – m) (…)
4.4.1.2 NOTE: Special approval is an additional approval by the function (typically the customer) that is NOTE: Special approval of safety related requirements or documents may be required by the customer or the organization’s internal
2 Product Safety Procedure Yes
Product safety responsible to approve such documents with safety-related content. processes.

The organization shall: a) – b) (…) The organization shall: a) – b) (…)

c) prepare contingency plans for continuity of supply in the event of any of the following, key equipment failures (also see c) prepare contingency plans for continuity of supply in the event of any of the following, but not limited to3: key equipment failures (also see
Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; fireutility Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; fire; pandemics3; utility
interruptions; ; labour shortages; or infrastructure disruptions; interruptions; cyber-attacks on information technology systems1; labour shortages; or infrastructure disruptions;
d) include, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the d) include, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the extent and
extent and duration of any situation impacting customer operations; duration of any situation impacting customer operations;
e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate); e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate);
f) conduct contingency plan reviews (at a minimum annually) using a multidisciplinary team including top management, and for cybersecurity:3 testing may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of
update as required; dependencies and prioritization of vulnerabilities. The testing is appropriate to the risk of associated customer disruption;
g) document the contingency plans and retain documented information describing any revision(s), including the person(s) who Note: cybersecurity testing may be managed internally by the organization or subcontracted as appropriate2
authorized the change(s);. f) conduct contingency plan reviews (at a minimum annually) using a multidisciplinary team including top management, and update as
The contingency plans shall include provisions to validate that the manufactured product continues to meet customer required;
3 6.1.2.3
specifications after the re-start of production following an emergency in which production was stopped and if the regular g) document the contingency plans and retain documented information describing any revision(s), including the person(s) who authorized the Contigency Plan Yes
Contingency plans
shutdown processes were not followed. change(s);.
h) include in contingency plans the development and implementation of appropriate employee training and awareness.3
The contingency plans shall include provisions to validate that the manufactured product continues to meet customer specifications after the re-
start of production following an emergency in which production was stopped and if the regular shutdown processes were not followed.

The organization shall have a documented process(es) to verify that internal auditors are competent, The organization shall have a documented process(es) to verify that internal auditors are competent, taking into account any requirements
taking into account any customer-specific requirements. For additional guidance on auditor defined by the organization and/or1 customer-specific requirements. For additional guidance on auditor competencies, refer to ISO 19011.
competencies, refer to ISO '19011. The organization shall maintain a list of qualified internal auditors. The organization shall maintain a list of qualified internal auditors.
Quality management system auditors, manufacturing process auditors, and product auditors shall all be Quality management system
able to demonstrate the following minimum competencies: auditors, manufacturing process auditors, and product auditors 1 shall all1 be able to demonstrate the following minimum competencies:
a) understanding of the automotive process approach for auditing, including risk-based thinking; a) understanding of the automotive process approach for auditing, including risk-based thinking;
b) understanding of applicable customer-specific requirements; b) understanding of applicable customer-specific requirements;
c) understanding of applicable ISo 9001 and IATF 16949 requirements related to the scope of the c) understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit;
audit; d) understanding of applicable core tool requirements related to the scope of the audit;
d) understanding of applicable core tool requirements related to the scope of the audit; e) understanding how to plan, conduct, report, and close out audit findings.
e) understanding how to plan, conduct, report, and close out audit findings. Additionally, At a minimum,1 manufacturing process auditors shall demonstrate technical understanding of the relevant manufacturing
Additionally, manufacturing process auditors shall demonstrate technical understanding of the relevant process(es) to be audited, including process risk analysis (such as PFMEA) and control plan.
manufacturing process(es) to be audited, including process risk analysis (such as pFMtA) and control At a minimum,1 product auditors shall demonstrate competence in understanding product requirements and use of relevant measuring and test
7.2.3
plan. Product auditors shall demonstrate competence in understanding product requirements and use of equipment to verify product conformity. Internal Auditor
4 Internal auditor Yes
relevant measuring and test equipment to verify product conformity. Where training is provided If the organization’s personnel provide the training 1 to achieve competency, documented information shall b Competency Matrix
competency
where training is provided to achieve competency, documented information shall be retained to e retained to demonstrate the trainer’s competency with the above requirements.
demonstrate the trainer's competency with the above requirements. f) executing a minimum number of audits per year, as defined by the organization; and
Maintenance of and improvement in internal auditor competence shall be demonstrated through: g) maintaining knowledge of relevant requirements based on internal changes (e.g., process
f) executing a minimum number of audits per year, as defined by the organization; and technology, product technology) and external changes (e.g., lso 9001, IATF 16949, core tools,
g) maintaining knowledge of relevant requirements based on internal changes (e.g., process and customer specific requirements).
technology, product technology) and external changes (e.g., lso 9001, IATF 16949, core tools,
and customer specific requirements).

The quality manual shall include, at a minimum, the following: The quality manual shall include, at a minimum, the following:
a) the scope of the quality management system, including details of and .iustification for any a) the scope of the quality management system, including details of and justification for any exclusions;
exclusions; b) documented processes established for the quality management system, or reference to them;
b) documented processes established for the quality management system, or reference to them; c) the organization’s processes and their sequence and interactions (inputs and outputs), including type and extent of control of any outsourced
7.5.1.1 c) the organization's processes and their sequence and interactions (inputs and outputs), including processes;
5 Quality management type and extent of control of any outsourced processes; d) a document Quality Manual. Yes
system documentation d) a document (i.e., matrix) indicating where within the organization's quality management system (i.e., matrix for example, a table, a list, or a matrix) indicating where within the organization’s quality management system their custom
their customer-specific requirements are addressed. er-specific requirements are addressed.

The organization shall use a multidisciplinary approach to establish, document, and implement its The organization shall use a multidisciplinary approach to establish, document, and implement its process(es) to identify special characteristics,
procesa(es) to identify special characteristics, including those determined by the customer and the risk including those determined by the customer and the risk analysis performed by the organization, and shall include the following:
analysis performed by the organization, and shall include the following: a) documentation of
a) documentation of all special characteristics in the drawings (as required), risk analysis (such as all special characteristics in the product and/or manufacturing documents drawings (as required), relevant risk analysis (such as Proces
FMEA), control plans, and standard work/operator instructions; special characteristics are s FMEA), control plans, and standard work/
identified with specific markings and are cascaded through each of these documents; operator instructions; special characteristics are identified with specific markings and are cascaded through each of these documents; d
8.3.3.3 b) development of control and monitoring strategies for special characteristics of products and ocumented in the manufacturing documents which show the creation of, or the controls required, for these special characteristics; Special Charactestics
6 production processes; Yes
Special characteristics Identification Format
c) customer-specified approvals, when required;
d) compliance with customerspecifled definitions and symbols or the organization's equivalent
symbols or notations, as defined in a symbol conversion table. The symbol conversion table shall
be submitted to the customer, if required.

# Classified as Public Page 1 of 4

 Doc No:- F/MR/17
Rev No. 00
Rev Date:- 27.07.2021
SIS EXTRACT AND REVIEW MATRIX Reviwed on:- 27.7.2021
The organization shall have a documented process to identify outsourced processes and to select the types and extent of controls The organization shall have a documented process to identify outsourced processes and to select the types and extent of controls used to verify
used to verify conformity of externally provided products, processes, and services to internal (organizational) and external conformity of externally provided products, processes, and services to internal (organizational) and external customer requirements.
customer requirements. The process shall include the criteria and actions to escalate or reduce the types and extent of controls and development activities based on
The process shall include the criteria and actions to escalate or reduce the types and extent of controls and development activities supplier performance and assessment of product, material, or service risks.
8.4.2.1 based on supplier performance and assessment of product, material, or service risks. Where characteristics or components “pass through” the organization’s quality management system without validation or Process Quality
7 Type and extent of control controls, the organization shall ensure that the appropriate controls are in place at the point of manufacture. Yes
Procedure
- supplemental

The organization shall require their suppliers of automotive products and services to develop, implement, The organization shall require their suppliers of automotive products and services to develop, implement, and improve a quality management
and improve a quality management system certified to ISO 9001, unless otheMise authorized by the system (QMS) with the ultimate objective of 1 eligible organizations2 becoming certified to this Automotive QMS Standard.
customer [e.9., item a) below], with the ultimate objective of becoming certified to this Automotive QMS Using a risk-based model, the organization shall define a minimum acceptable level of QMS development and a target QMS
Standard. Unless otherwise specified by the customer, the following sequence should be applied to development level for each supplier.
achieve this requirement: certified to ISO 9001, unless otherwise Unless otherwise 1 authorized by the customer [e.g., item a) below], a QMS certified to ISO 9001 is
a) compliance to ISO 9001 through second-party audits; the initial minimum acceptable level of development. Based on current performance and the potential risk to the customer, the objectiv
b) certification to ISO 9001 through third-party audits; unless otherwise specified by the customer, suppliers to the organization e is to move suppliers through the following QMS development progression: with the ultimate objective of becoming certified to this Au
shall demonstrate conformity to ISO 9001 by maintaining a third-party certification issued by a certification body bearing tomotive QMS Standard. Unless otherwise specified by the customer, the following sequence should be applied to achieve this requirem
the accreditation mark of a recognized IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) ent:
member and where the accreditation body’s main scope includes management system certification to ISO/IEC 17021; a) compliance to ISO 9001 through second-party audits; 1
c) certification to ISO 9001 with compliance to other customer-defined QMS requirements (such as Minimum Automotive b) certification to ISO 9001 through third-party audits; unless otherwise specified by the customer, suppliers to the organization shall
Quality Management System Requirements for Sub-Tier Suppliers [MAQMSR] or equivalent) through second-party audits; demonstrate conformity to ISO 9001 by maintaining a third-party certification issued by a certification body bearing the accreditation
8.4.2.3
d) certification to ISO 9001 with compliance to IATF 16949 through second-party audits; mark of a recognized IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) member and where the
Supplier quality
8 e) certification to 16949 through third-party audits (valid third-party certification of the supplier to accreditation body’s main scope includes management system certification to ISO/IEC 17021; Supplier Audit Procedure Yes
management system
IATF '16949 by an IATF-recognized certification body). c) certification to ISO 9001 with compliance to other customer-defined QMS requirements (such as Minimum Automotive Quality
development
NOTE: The minimum acceptable level of QMS development may be compliance to ISO 9001 through second-party audits, if Management System Requirements for Sub-Tier Suppliers [MAQMSR] or equivalent) through second-party audits;
authorized by the customer. d) certification to ISO 9001 with compliance to IATF 16949 through second-party audits;
e) certification to IATF 16949 through third-party audits (valid third-party certification of the supplier to IATF 16949 by an IATF-recognized
certification body).
NOTE: The minimum acceptable level of QMS development may be compliance to ISO 9001 through second-party audits, if authorized by the
customer.

The organization shall obtain a customer concession or deviation permit prior to further processing whenever the product or The organization shall obtain a customer concession or deviation permit prior to further processing whenever the product or manufacturing
manufacturing process is different from that which is currently approved. process is different from that which is currently approved.
The organization shall obtain customer authorization prior to further processing for “use as is” and The organization shall obtain customer authorization prior to further processing for “use as is” and
8.7.1.1 rework for repair (see 8.7.1.5) dispositions of nonconforming product. If sub- components are reused in the manufacturing process rework for repair (see 8.7.1.5) dispositions of nonconforming product. If sub- components are reused in the manufacturing process, that sub-
9 Customer authorization , that sub-component reuse shall be clearly communicated to the customer in the concession or deviation permit. component reuse shall be clearly communicated to the customer in the concession or deviation permit. Rework Procedure Yes
for concession

External/commercial/independent laboratory facilities used for inspection, test, or calibration services by the organization shall have
External/commercial/independent
a defined laboratory scope that includes
laboratory
thefacilities
capabilityused
to perform
for inspection,
the required
test,inspection,
or calibration
test, or
services
calibration,
by theand
organization
either:— shall
the laboratory
have a defined
shall be
laboratory
accredited
scope
to ISO/IEC
that includes
17025theand
capability
includetothe
perform
relevant
the required
inspection,
inspection,
test, or test,
calib

7.1.5.3.2. Calibration and testing

10 Yes
External laboratory procedure

NOTE: Such evidence may be demonstrated by customer assessment, for example, or by customer-approved second-
party assessment that the laboratory meets the intent of ISO/IEC 17025 or national equivalent. The second-
party assessment may be performed by the organization assessing the laboratory using a customer-approved method of assessment.
Calibration services may be performed by the equipment manufacturer when a qualified laboratory is not available for a given pi
ece of equipment. In such cases, the organization shall ensure that the requirements listed in Section 7.1.5.3.1 have been met.
Use of calibration services, other than by qualified (or customer accepted) laboratories, may be subject to government regulatory confir
mation, if required.3, 4
Note: integrated self-calibration of measurement equipment, including use of proprietary software, does not meet the requirements of
calibration.4

The organization shall identify, document, and maintain a list of the process controls, including inspection, measuring, test, and The organization shall identify, document, and maintain a list of the process controls, including inspection, measuring, test, and error-proofing
error-proofing devices., that includes the primary process control and the approved back- devices., that includes the primary process control and the approved back- List of Testing
8.5.6.1.1
up or alternate methods. The list of process controls shall include the primary process controls and the approved back- up or alternate methods. The list of process controls shall include the primary process controls and the approved back- Instruments, Poke Yoke
11 Temporary change of Yes
up or alternate methods, if back-up or alternate methods exist. up or alternate methods, if back-up or alternate methods exist. and other process
process controls
inspection equipments\

# Classified as Public Page 2 of 4

 Doc No:- F/MR/17
Rev No. 00
Rev Date:- 27.07.2021
SIS EXTRACT AND REVIEW MATRIX Reviwed on:- 27.7.2021
Top management shall review the Top management shall review the
product realization processes effectiveness and efficiency of the quality management system and support processes to evaluate and product realization processes effectiveness and efficiency of the quality management system and support processes to evaluate and improv
improve their effectiveness and efficiency the organization’s quality management system. The results of the process review activi e their effectiveness and efficiency the organization’s quality management system. The results of the process review activities shall be inclu
5.1.1.2 ties shall be included as input to the management review (see Section 9.3.2.1.). ded as input to the management review (see Section 9.3.2.1.).
12 Process effectiveness and Detailed Change:- MRM Agenda Yes
efficiency Clarified that not every process requires an efficiency measure. The organization needs to determine which processes require efficiency
measures within their quality management system. Additionally, the organization’s problem-solving processes need to have an effectiveness
review conducted by the organization’s management.

Input to management review shall include: Input to management review shall include:
a) cost of poor quality (cost of internal and external nonconformance); a) cost of poor quality (cost of internal and external nonconformance);
b) measures of process effectiveness; b) measures of process effectiveness;
c) measures of process efficiency. c) measures of process efficiency for product realization processes, as applicable;
d) product conformance; d) product conformance;
e) assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product (see e) assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product (see Section 7.1.3.1);
Section 7.1.3.1); f) customer satisfaction (see ISO 9001, Section 9.1.2);
9.3.2.1 f) customer satisfaction (see ISO 9001, Section 9.1.2); g) review of performance against maintenance objectives;
13 Management review inputs g) review of performance against maintenance objectives; h) warranty performance (where applicable); MRM Agenda Yes
– supplemental h) warranty performance (where applicable); i) review of customer scorecards (where applicable);
i) review of customer scorecards (where applicable); j) identification of potential field failures identified through risk analysis (such as FMEA);
j) identification of potential field failures identified through risk analysis (such as FMEA); k) actual field failures and their impact on safety or the environment.
k) actual field failures and their impact on safety or the environment.

The organization shall audit all quality management system processes over each a three- The organization shall audit all quality management system processes over each a three-
year audit cycle calendar period, according to an annual programme, using the process approach to verify compliance with this Au year audit cycle calendar period, according to an annual programme, using the process approach to verify compliance with this Automotive Q
tomotive QMS Standard. Integrated with these audits, the organization shall sample customer- MS Standard. Integrated with these audits, the organization shall sample customer-
specific quality management system requirements for effective implementation. specific quality management system requirements for effective implementation.
9.2.2.2 The complete audit cycle remains three years in length. The quality management system audit frequency for individual processes,
14 Quality management audited within the three-year audit cycle, shall be based upon internal and external performance and risk. Organizations shall maintain QMS Audit Procedure Yes
system audit justification for the assigned audit frequency of their processes. All processes are required to be sampled throughout the three-year
audit cycle and audited to all applicable requirements in the IATF 16949 standard, including ISO 9001 base requirements, and any
customer-specific requirements.

embedded software
Embedded software is a specialized programme stored in an automotive component (typically computer chip or other non-volatile
memory storage) specified by the customer, or as part of the system design, to control its function(s). To be relevant in the scope of
IATF 16949 certification, the part that is controlled by embedded software must be developed for an automotive application (i.e.,
3.1 passenger cars, light commercial vehicles, heavy trucks, buses, and motorcycles; see Rules for achieving and maintaining IATF
15 Terms and definitions for Recognition, 5th Edition, Section 1.0 Eligibility for Certification to IATF 16949, for what is eligible for “Automotive”). Quality Manual. Yes
the automotive industry NOTE: Software to control any aspect of the manufacturing process (e.g., machine to manufacture a component or material) is not
included in the definition of embedded software.

Input to management review shall include: Input to management review shall include:
a) cost of poor quality (cost of internal and external nonconformance); a) cost of poor quality (cost of internal and external nonconformance);
b) measures of process effectiveness; b) measures of process effectiveness;
c) measures of process efficiency for product realization processes, as applicable; c) measures of process efficiency for product realization processes, as applicable;
d) product conformance; d) product conformance;
e) assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product (see e) assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product (see Section
Section 7.1.3.1); 7.1.3.1);
f) customer satisfaction (see ISO 9001, Section 9.1.2); f) customer satisfaction (see ISO 9001, Section 9.1.2);
9.3.2.1 g) review of performance against maintenance objectives; g) review of performance against maintenance objectives;
16 Management review inputs h) warranty performance (where applicable); h) warranty performance (where applicable); MRM Agenda Yes
– supplemental i) review of customer scorecards (where applicable); i) review of customer scorecards (where applicable);
j) identification of potential field failures identified through risk analysis (such as FMEA); j) identification of potential field failures identified through risk analysis (such as FMEA);
k) actual field failures and their impact on safety or the environment; k) actual field failures and their impact on safety or the environment;
l) summary results of measurements at specified stages during the design and development of products and processes, as applicable .

6.1.2.3 SAME AS POINT NO 3 SAME AS POINT NO 3

17 Already adressed in Point No 3
Contingency plans
18 The organization shall use a multidisciplinary approach including risk identification and risk mitigation methods for developing The organization shall use a multidisciplinary approach including risk identification and risk mitigation methods for developing and improving
and improving plant, facility, and equipment plans. In designing plant layouts, the organization shall: plant, facility, and equipment plans. In designing plant layouts, the organization shall:
a) optimize material flow, material handling, and value-added use of floor space including control of nonconforming product ; and a) optimize material flow, material handling, and value-added use of floor space including control of nonconforming product ; and
b) facilitate synchronous material flow, as applicable; b) facilitate synchronous material flow, as applicable; and Contegency plan and
7.1.3.1 c) implement cyber protection of equipment and systems supporting manufacturing. Spare part list to change
Plant, facility, and Rationale for change: Yes
with considerration of the
equipment planning Cybersecurity is not limited to the support functions and office areas using computers. Manufacturing also uses computerized controls and Cyber attack
equipment which would be at risk to cyber-attack. This addition drives the implementation of necessary protections to ensure continued
operation and production to meet customer requirements.

The organization shall have a documented process and criteria to evaluate supplier performance in order to ensure The organization shall have a documented process and criteria to evaluate supplier performance in order to ensure conformity
conformity of externally provided products, processes, and services to internal and external customer requirements. of externally provided products, processes, and services to internal and external customer requirements.
At a minimum, the following supplier performance indicators shall be monitored: At a minimum, the following supplier performance indicators shall be monitored:
a) delivered product conformity to requirements; a) delivered product conformity to requirements;
b) customer disruptions at the receiving plant, including yard holds and stop ships; b) customer disruptions at the receiving plant, including yard holds and stop ships;
c) delivery schedule performance; c) delivery schedule performance;
8.4.2.4 d) number of occurrences of premium freight. d) number of occurrences of premium freight. Supplier Evlauation
19 Yes
Supplier monitoring If provided by the customer, … in their supplier performance monitoring: If provided by the customer, … in their supplier performance monitoring: Procedure
e) … f) e) … f)

# Classified as Public Page 3 of 4

 Doc No:- F/MR/17
Rev No. 00
Rev Date:- 27.07.2021
SIS EXTRACT AND REVIEW MATRIX Reviwed on:- 27.7.2021
The organization shall have a documented process(es) for problem solving, including: The organization shall have a documented process(es) for problem solving, which prevent(s) recurrence, including:
a) defined approaches for various types and scale of problems (e.g., new product development, current manufacturing a) defined approaches for various types and scale of problems (e.g., new product development, current manufacturing issues, field
issues, field failures, audit findings); failures, audit findings);
b) containment, interim actions, and related activities necessary for control of nonconforming outputs (see ISO 9001, b) containment, interim actions, and related activities necessary for control of nonconforming outputs (see ISO 9001, Section 8.7);
Section 8.7); c) root cause analysis, methodology used, analysis, and results;
c) root cause analysis, methodology used, analysis, and results; d) implementation of systemic corrective actions, including consideration of the impact on similar processes and products;
d) implementation of systemic corrective actions, including consideration of the impact on similar processes and products; e) verification of the effectiveness of implemented corrective actions; Customer , Internal and
10.2.3 e) verification of the effectiveness of implemented corrective actions; f) reviewing and, where necessary, updating the appropriate documented information (e.g., PFMEA, control plan).
20 Breakdown Analysis Yes
Problem Solving f) reviewing and, where necessary, updating the appropriate documented information (e.g., PFMEA, control plan). Where the customer has specific prescribed processes, tools, or systems for problem solving, the organization shall use those processes, tools, or Procedure
Where the customer has specific prescribed processes, tools, or systems for problem solving, the organization shall use those systems unless otherwise approved by the customer.
processes, tools, or systems unless otherwise approved by the customer.

The organization shall include in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns The organization shall include in its risk analysis, at a minimum,:
6.1.2.1 and repairs, complaints, scrap, and rework, a) lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework,
21 The organization shall retain documented information as evidence of the results of risk analysis. b) cyber-attack threats to information technology systems. Risk Analysis Yes
Risk Analysis
The organization shall retain documented information as evidence of the results of risk analysis.

The organization shall establish and maintain a documented process(es) for identifying training needs including awareness (see The organization shall establish and maintain a documented process(es) for identifying training needs including awareness (see Section 7.3.1)
Section 7.3.1) and achieving competence of all personnel performing activities affecting conformity to product and process and achieving competence of all personnel performing activities affecting conformity to product and process requirements. Personnel
requirements. Personnel performing specific assigned tasks shall be qualified, as required, with particular attention to the performing specific assigned tasks shall be qualified, as required, with particular attention to the satisfaction of customer requirements.
7.2.1 satisfaction of customer requirements. To reduce or eliminate risks to the organization, the training and awareness shall also include information about prevention relevant for Training procedure for
22 Competence – the organization’s working environments and employees’ responsibilities, such as recognizing the symptoms of pending equipment Yes
All Employees
supplemental failure and/or attempted cyber-attacks.

# Classified as Public Page 4 of 4