How to build a supplier scorecard that actually satisfies IATF 16949

Share with

How to Build a Supplier Scorecard That Actually Satisfies IATF 16949 | EvaluationsHub
Supplier performance managementAutomotive12 min read

How to build a supplier scorecard that actually satisfies IATF 16949

Most procurement and quality teams already run some version of a supplier scorecard. The problem is that IATF 16949 does not judge that scorecard in isolation anymore. Get it wrong and an OEM can flag you before you flag yourself.

Since 2020, the International Automotive Task Force has run a program called the Supplier Performance Initiative, and it changes what a scorecard is for. If GM, Ford, Stellantis or another participating OEM rates one of your sites poorly on their own scorecard, that status can be reported straight into the IATF KPI Hub, a database your certification body has access to. Your internal spreadsheet and your actual IATF certificate are now connected in a way a lot of quality managers do not appreciate until it happens to them.

This guide covers what a scorecard needs to do to hold up under IATF 16949, how the major OEM scorecards actually work, which metrics carry real weight, and a practical process for building one that catches problems before an OEM reports them for you.

Automotive supplier scorecard categories and typical weighting Composite supplier score Quality PPM, first-pass yield, CAPA closure rate 40% Delivery On-time-in-full, lead time reliability 30% Cost Cost variance, cost of poor quality 20% Compliance IATF/CSR status, PPAP on-time rate 10%

A typical weighting split for an automotive supplier scorecard. Exact weights should shift by supplier segment and part criticality.

Why your scorecard and your IATF certificate are now linked

IATF 16949 has always required organizations to monitor customer satisfaction, but for years that requirement was interpreted loosely. Then, starting as a pilot with GM and Ford in 2019 and formally launched in March 2020, the IATF's Supplier Performance Initiative (SPI) gave the scheme teeth. Participating OEMs now report suppliers rated "Red" on their own scorecards directly into the IATF KPI Hub, a database certification bodies use when planning and scoping audits.

The logic behind it is straightforward, and quality consultancy simpleQuE lays it out well: if a supplier is consistently missing OEM expectations on delivery and quality, continued IATF certification of that supplier calls the credibility of the entire certification scheme into question. That is now the certification body's problem too, not just yours.

This means your internal scorecard cannot exist in a bubble. If your own numbers say "green" while your top three OEMs all say "red," you have a data problem, not a performance problem, and it is one an auditor will eventually surface.

What IATF 16949 actually asks you to track

IATF 16949 builds on ISO 9001's customer satisfaction clause (9.1.2), but layers on something automotive-specific: Customer-Specific Requirements, or CSRs. Every major OEM publishes its own CSR document plus a scorecard quick-reference guide through the IATF Global Oversight website, and these are updated regularly. GM, Stellantis, Ford and Geely all updated their CSR and scorecard guidance multiple times through 2025 alone.

In practice, this means an internal auditor preparing for your IATF audit needs to check your scorecard against whatever the OEM CSR currently requires, not against a static internal template built two certification cycles ago. That is a maintenance job most teams underestimate.

The OEM scorecards running in parallel to yours

It helps to actually look at how an OEM scorecard behaves. Stellantis publishes a detailed quarterly-updated guide for its own Bidlist scoring system. Each manufacturing supplier site starts every month with 100 points in each of two areas, quality and warranty, and points are deducted for specific disruptive events such as a withdrawn IATF certificate or a critical quality event. Crucially, if either the quality or the warranty score turns red, the supplier's overall Bidlist score is red. There is no averaging your way out of a single bad area.

GM runs a comparable system through SupplyPower, with its own "Sourceability" levels tied to production history and quality records, and Ford and Geely publish their own equivalents. None of these systems care what your internal scorecard says. They pull from OEM-side transaction and complaint data, independently of you.

How an OEM red flag can reach the IATF KPI Hub, and how a reconciled internal scorecard prevents it Supplier performance deliveries, defects, PPAP OEM scorecard Stellantis, GM, Ford, Geely IATF KPI Hub visible to your CB if red Internal scorecard reconciled with OEM CSRs CAPA / 8D triggered before OEM sees a drop

A reconciled internal scorecard catches a quality or delivery drop early, so corrective action closes it before the OEM's own scorecard turns red.

The metrics that actually carry weight

Strip away the acronyms and an automotive supplier scorecard comes down to a handful of numbers that OEMs, auditors and your own quality team all care about.

Parts per million (PPM) defect rate

A PPM rate below 500 is the commonly cited threshold for automotive and precision manufacturing suppliers, tighter than the roughly 1,000 PPM ceiling used in less regulated sectors such as food and beverage. Some OEMs set stricter internal targets. Champlain Cable's published supplier quality manual, for example, uses a 0 to 5 rating scale where an overall score below 2.25 automatically triggers a written corrective action plan from the supplier, a good illustration of how tightly PPM and quality scoring feed directly into corrective action.

On-time-in-full delivery (OTIF / OTD)

Automotive OEMs typically expect on-time delivery of 98% or higher, measured against the confirmed delivery date rather than the date you originally requested. One useful red flag pattern to watch for: a supplier with excellent OTD numbers but a rising rate of expedite requests. That combination usually means the supplier is quietly padding lead times to protect the metric rather than actually improving.

PPAP approval rate and cycle time

How often does a supplier's Production Part Approval Process package get approved on the first submission, and how long does it take? A supplier that repeatedly resubmits PPAP packages is telling you something about their internal process discipline well before it shows up as a defect on your line.

CAPA / 8D closure time

Speed and quality of root cause response. A supplier that closes an 8D in two weeks with verified containment and a documented root cause is a fundamentally different risk than one that takes three months and reuses the same generic "operator error" root cause every time.

MetricAutomotive benchmarkTypical scorecard weight
PPM defect rate< 500 (tighter for critical parts)15–20%
On-time-in-full delivery≥ 98%20–25%
PPAP first-time approvalTracked as a rate, target > 90%5–10%
CAPA / 8D closure timeTracked in days, trend over snapshot10–15%
IATF / CSR compliance statusCertified, no open major nonconformities10%

Reference ranges only. Weight by supplier segment, part criticality and your OEM's own CSR where one exists.

Building the scorecard: a six-step approach

  1. Segment suppliers first. A sole-source IATF-certified Tier 1 supplying safety-critical parts should not be scored on the same template as a commodity fastener supplier. Segmentation drives which metrics matter and how tightly to weight them.
  2. Pick five to seven metrics, not twenty. The useful test for any candidate metric is simple: does it answer the question "should we give this supplier more business?" If a number cannot influence that decision, it is vanity measurement and it should not be on the scorecard.
  3. Pull hard metrics from source systems. PPM, OTD and lead time should come from ERP and quality system transaction data, not from a self-reported form the supplier fills in. Self-reported numbers and the official audited score can diverge enough to trigger their own penalty under some OEM rules, so building on live data avoids that gap entirely.
  4. Overlay your OEM's CSR requirements. If Stellantis, GM or Ford already scores your supplier on quality and warranty, your internal scorecard's red threshold should trip before theirs does, not after. Build the reconciliation check in, do not treat it as a side project.
  5. Track trend, not just snapshot. A supplier moving from a score of 4.2 to 3.8 to 3.5 over three consecutive quarters needs intervention now, even though the latest number might still look technically fine on its own. The trajectory is the signal, not the single data point.
  6. Close the loop with a formal CAPA, not a color chip. A red status that just sits on a dashboard achieves nothing. It needs to trigger an actual corrective action workflow with an owner, a root cause investigation, and a verification step before the supplier is allowed back to green.

Do not turn the scorecard into a weapon

There is a real risk in over-engineering this. Veteran quality managers on industry forums have flagged for years that scorecards used purely to punish suppliers, rather than to build a shared improvement plan, tend to backfire: suppliers game the metric instead of fixing the underlying problem, and the relationship sours in ways that eventually cost the buyer more than the original defect did.

The IATF's own SPI guidance is explicit that continued certification of a genuinely poor performer damages the whole certification scheme's credibility, not just the individual supplier relationship. That is the framing worth keeping in mind: the goal of a scorecard is defensible, evidence-based accountability, not a scoreboard for its own sake. Paraphrased from IATF Supplier Performance Initiative guidance, via simpleQuE quality consulting

In practice, the fix is procedural. Pair every red or declining trend with a required improvement plan and a re-evaluation date, not just a penalty. Suppliers that see a scorecard drop trigger genuine support, engineering time, a joint root cause session, tend to recover faster and stay more transparent about problems going forward than suppliers who only see the scorecard when it is used against them.

Closing the loop: from scorecard flag to closed CAPA

Consider a simplified example. Axleworth Components, a fictional Tier 1 automotive supplier certified to IATF 16949, sees its PPM rate spike after a tooling wear issue on a stamped bracket. Under a reconciled scorecard, that spike trips an internal red flag the same week it happens, well before the parts reach the OEM's own quarterly Bidlist update. The buyer's quality team opens an 8D, Axleworth's engineering team identifies the worn tooling as root cause within days, containment ships correct parts, and a permanent corrective action (revised tooling maintenance interval) closes within three weeks. By the time the OEM's own scorecard cycle runs, the defect never shows up as a sustained trend, because it was caught and closed on the buyer's own timeline.

That is the actual point of connecting a scorecard to a CAPA workflow: not compliance theater, but genuinely catching a problem before someone else's system catches it for you. Platforms built for supplier performance management, including EvaluationsHub, combine weighted multi-stakeholder scorecards with a built-in CAPA workflow so a red flag can trigger a corrective action with one click rather than a separate email chain and a spreadsheet nobody updates.

A checklist before you go live

  • Metrics are pulled from ERP or quality system data, not self-reported by the supplier
  • Weights differ by supplier segment and part criticality, not a single template for everyone
  • Your red threshold is calibrated to trip before or in line with your OEM's CSR scorecard, not after
  • Scorecard trend, not just the latest snapshot, is visible to whoever makes sourcing decisions
  • A red or declining score automatically opens a CAPA or 8D, with an owner and a re-evaluation date
  • The scorecard process includes a supplier-facing improvement conversation, not just an internal report
  • Someone owns keeping the scorecard template current against OEM CSR updates, which change multiple times a year

Frequently asked questions

What is the IATF Supplier Performance Initiative?

A program run by the International Automotive Task Force, piloted with GM and Ford in 2019 and formally launched in March 2020, under which participating OEMs report suppliers rated "Red" on their own scorecards into the IATF KPI Hub, a database visible to IATF certification bodies.

What PPM defect rate is acceptable for an automotive supplier?

Below 500 defective parts per million is the commonly used threshold in automotive and precision manufacturing, though critical safety parts and specific OEM CSRs can set a tighter target.

How often should an automotive supplier scorecard be updated?

Monthly is standard practice, aligned with how most OEM scorecards, including Stellantis Bidlist scoring, refresh on a monthly cycle.

What happens if a supplier scores red on an OEM scorecard?

Depending on the OEM, a red status can trigger new business holds, mandatory corrective action plans, and under the IATF Supplier Performance Initiative, reporting into the IATF KPI Hub, which certification bodies review when planning audits.

See how EvaluationsHub handles automotive supplier scorecards

Weighted, multi-stakeholder scorecards, one-click CAPA triggers, and RFx and portal tools built for IATF 16949 supply chains.

Book a demo
Sources referenced
  • IATF Supplier Performance Initiative overview, simpleQuE quality consulting: simpleque.com
  • OEM scorecard quick reference guides (Stellantis, GM, Ford, Geely), IATF Global Oversight: iatfglobaloversight.org
  • IATF 16949 certification and audit practice notes, DQS: dqsglobal.com
  • AIAG Core Tools and supplier performance management training overview: aiag.org
  • Champlain Cable Supplier Quality Manual QCP-0010: champcable.com
  • Supplier scorecard KPI benchmarking guidance, Procurement Toolkit: procuretoolkit.com

Our recent Blogs

Gain valuable perspectives on B2B customer feedback and supplier
performance through our blogs, where industry leaders share experiences and
practical advice for improving your business interactions.

View All