Corporate responsibility (IATF only)
Plain-language summary
The company must define and live corporate responsibility policies — at minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation ('whistle-blower') policy.
What the clause is really asking
Automotive supply chains demand integrity infrastructure: rules against bribery, defined conduct standards, and a safe route for employees to report wrongdoing without fear. Defined AND implemented — a signed PDF on a server is only half the requirement.
What auditors look for
Auditors verify the policies exist and then test implementation on the floor: do employees know the code of conduct exists? Can they say how to raise an ethics concern anonymously? Has the escalation route ever been used or tested?
Typical evidence
Anti-bribery policy; code of conduct; whistle-blower procedure; induction/training records; communication evidence; escalation channel records.
How to comply — recommendations
Keep all three short and in plain language, put them into induction, refresh awareness annually, and provide a genuinely anonymous channel (external hotline or sealed-box-plus-owner works for an SME). Record that the channel is tested.
Common nonconformities
Policies exist but the shop floor has never heard of them; no anonymous escalation route; induction skips the code of conduct.
Related clauses
Builds on ISO 9001 5.1.1
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of ISO 9001 / IATF 16949 for the authoritative text.