
Getting IATF 16949 certified is not a single audit. It is a two-stage process, run by an IATF-recognised third-party certification body, and each stage checks something different. Knowing what each stage actually looks for helps a supplier prepare for the right thing at the right time, rather than treating the whole process as one exam.
A certification body will not run Stage 1 until the quality management system has been operating long enough to generate real performance data, typically at least twelve months. Certifying a system on paper before it has actually run is not what the standard is checking for.
Stage 1 is a high-level, on-site review of the quality management system's documentation, checking it is complete and addresses IATF 16949's requirements, including customer-specific requirements. It typically takes one to two days per site, and its purpose is to confirm the organisation is genuinely ready for the deeper audit that follows, not to award certification itself.
Stage 2 is where the auditor spends real time on the factory floor, observing the process across shifts, not just reading about it. This is where the Core Tools get audited in use: control plans, FMEAs, operator actions, and whether what happens on the line matches what the documentation says should happen. Stage 2 must be completed within 90 days of Stage 1.
Findings are presented at a closing meeting. Minor nonconformities give an organisation 60 calendar days to submit correction, root cause analysis and evidence of corrective action. Major nonconformities allow only 20 calendar days, and require the auditor to verify the fix on site before certification can be granted. This is why the pattern behind nonconformities, not just the count, matters so much to how certification bodies assess a site.
Certification is valid for three years, subject to annual surveillance audits that confirm the system is still operating the way it did on the day it was certified.
Two audit stages, a strict 90-day window, and two different nonconformity clocks running at once is a lot for an internal team to hold in their heads under pressure, especially across a supply chain where not everyone was in the room for the original training.
We build the video training that keeps a whole team, not just the person who did the original course, prepared for what each audit stage actually checks. The Quality Partner training portal we built productised Paul Hardiman's thirty years of IATF auditing expertise, the "Auditor of Auditors" recognised by the IATF, into 500+ video lessons covering exactly this kind of practical audit preparation. Our production runs on a BSI ISO 9001 certified process (FS 763439).
See how we approach video production for standards bodies, explore our work, or book a video strategy call to scope certification-readiness training for your team.