Chapter 7: How Sector-Specific Standards Extend the Base Requirements

If you operate a plant that supplies the automotive, aerospace, or medical device industries, the base requirements of ISO 9001 Clause 10.2 are a starting point, not an endpoint. Your customers or their own customers have mandated additional standards, and those standards layer specific demands on top of ISO 9001.

IATF 16949 (automotive) imposes the most visible change: the mandatory 8D format for corrective actions. 8D (Eight Disciplines) originated in the automotive industry and is now non-negotiable for OEM suppliers.

The eight steps are:

1. Form a team.
2. Describe the problem.
3. Implement interim containment action.
4. Identify root cause.
5. Verify the permanent corrective action.
6. Implement permanent corrective action.
7. Prevent recurrence.
8. Recognize the team and lessons learned.

IATF 16949 also mandates specific timelines. An OEM SCAR (Supplier Corrective Action Request) from Ford, GM, Stellantis, or Toyota typically requires an 8D submission within 10–15 calendar days, not weeks. If your plant hasn't internalized the 8D discipline and timeline discipline required by IATF 16949, you'll lose automotive contracts.

Additionally, IATF references customer-specific requirements (CSRs) that vary by OEM. Ford's CSR might require a control plan update and process FMEA validation; GM's might require statistical proof of process centering. You must maintain a current, accessible register of all CSRs that apply to your plant.

AS9100 Rev D (aerospace and defense) demands even tighter rigor. When a nonconformance occurs:

• You must conduct containment and escape point analysis—not just fix the cause, but determine at what point in your process the defect should have been caught and why it wasn't.
• You must assess regulatory notification obligations. Did this nonconformance affect a product destined for military or commercial aircraft? Does FAA, Transport Canada, or your customer's regulatory affairs team need to be notified?
• Your corrective action must address not just the immediate cause, but systemic opportunities within design, manufacturing, and quality processes.
• Effectiveness review must include independent verification in many cases—a second-party confirmation that the fix truly works.

We dive deeper into sector-specific requirements at our AS9100 service page.

ISO 13485:2016 (medical devices) incorporates similar rigor, with the added layer of traceability and batch/lot segregation. A nonconformance in a device component can trigger full traceability of all affected units (where they went, to which facilities or customers), quarantine and rework/scrap decisions for in-process inventory, and customer notification and regulatory agency notification when required (Health Canada's Therapeutic Products Directorate or the U.S. FDA).

For medical device plants, a nonconformance is never just an internal quality matter. You're operating within a regulated framework. Learn more at our ISO 13485 service page.

Pro Tip: If your plant serves multiple sectors (you supply both automotive and aerospace customers, for example), your nonconformance process must be compliant with the *most stringent* standard. That usually means IATF 16949 timelines and 8D rigor, plus AS9100 escape analysis and regulatory notification protocols. A single nonconformance response must satisfy all applicable standards simultaneously.