VDA 6.8 Supply Chain Process Audit
VDA 6.8 is a process-based audit standard developed by the German Automotive Industry (VDA) to assess indirect service providers whose activities influence product quality, safety, or delivery performance.
Unlike production-focused audits, VDA 6.8 targets services such as logistics, IT, engineering, testing, and maintenance, using a risk-based, maturity-oriented approach aligned with OEM expectations.
This guide breaks down what VDA 6.8 is, why it matters, and how audits are structured, in a clear, practical, and audit-ready format.
๐ฏ What Is VDA 6.8?
VDA 6.8 is an audit standard for service processes in the automotive supply chain.
It focuses on:
- process stability
- risk management
- service performance
- data and information security
- continuous improvement
VDA 6.8 ensures that non-production activities do not create hidden quality risks for OEMs and Tier 1 suppliers.
โ Applies to external and internal service providers
โ Used mainly by German OEMs (VW, BMW, Daimler, etc.)
โ Not a certification standard โ audit & evaluation only
๐งฉ Who Must Comply with VDA 6.8?
VDA 6.8 applies to organizations providing indirect services with potential impact on the final product.
Typical examples include:
- ๐ Logistics & transport providers
- ๐ป IT infrastructure & software development
- ๐ง Engineering & design services
- ๐งช Testing, validation, and calibration laboratories
- ๐ง Maintenance & technical services
- ๐ฆ Packaging, labeling, warehousing
- ๐ Technical training providers
๐ Key criterion:
If the service can affect quality, safety, compliance, delivery, or OEM data, VDA 6.8 applies.
๐๏ธ The Core Structure of VDA 6.8
Similar to other VDA standards, VDA 6.8 follows a process-oriented audit structure, focused on maturity and risk control.
๐๏ธ 1. Organization & Management Responsibility
This pillar evaluates leadership, structure, and governance.
Auditors expect:
- a clear organizational setup
- defined responsibilities
- measurable objectives
- management involvement
โ Typical evidence:
- organization chart
- job descriptions
- quality policy
- management review records
- risk assessments
โ Common gaps:
- unclear process ownership
- objectives without KPIs
- management review done โonly on paperโ
๐ฅ 2. Resource & Competence Management
Service quality depends heavily on people and know-how.
Auditors verify:
- employee competence
- training and qualification
- availability of key resources
- workload and capacity planning
โ Expected tools:
- competence matrix
- training plan & records
- qualification approvals
- performance evaluations
โ Frequent issues:
- โon-the-jobโ training without validation
- no requalification after changes
- subcontracted work without competence control
โ๏ธ 3. Service Process Management (Core of VDA 6.8)
This is the most critical section of the audit.
Auditors assess whether:
- service processes are defined and standardized
- risks are identified before execution
- changes are controlled
- performance is measured
โ Expected elements:
- process flowcharts
- risk analysis (FMEA, risk matrix)
- service KPIs
- SLAs and service specifications
- documentation and traceability
โ Typical nonconformities:
- undocumented processes
- no risk evaluation for services
- dependence on individual knowledge
- missing traceability of service execution
๐ 4. Change Management & Complaint Handling
Uncontrolled changes are one of the biggest risks in service processes.
VDA 6.8 requires:
- formal change management
- impact and risk analysis
- customer notification and approval
- structured complaint handling
โ Examples of critical changes:
- IT system updates
- tool or software changes
- relocation or outsourcing
- key personnel replacement
โ Accepted methods:
- PDCA
- 8D
- 5 Why
- Ishikawa analysis
๐ค 5. Supplier & Subcontractor Management
If a service provider uses subcontractors, responsibility remains 100% internal.
Auditors check:
- supplier selection criteria
- monitoring and evaluation
- audit of subcontractors (if critical)
- contractual and NDA compliance
โ Evidence:
- supplier scorecards
- audit reports
- performance reviews
- confidentiality agreements
๐ 6. Information Management & Data Security
This section is mandatory for IT, software, engineering, and labs.
Auditors expect:
- protection of OEM data
- controlled access to information
- backup and recovery plans
- employee awareness
โ Typical evidence:
- IT security policies
- role-based access control
- backup logs
- recovery tests
- awareness training
๐ Strong alignment with ISO 27001
๐ 7. Performance Monitoring & Continuous Improvement
A mature VDA 6.8 supplier:
- measures service performance
- analyzes deviations
- improves processes continuously
โ Typical KPIs:
- on-time delivery of services
- incident rate
- customer complaints
- system availability
- response time
Improvement must be systematic, not reactive.
๐งฎ How Is a VDA 6.8 Audit Evaluated?
The VDA 6.8 audit uses a standardized questionnaire and scoring system.
Scoring interpretation:
- โ โฅ 90% โ very robust service provider
- โ ๏ธ 80โ89% โ acceptable, improvement actions required
- โ < 80% โ high risk, not acceptable
๐ Why VDA 6.8 Matters
Implementing VDA 6.8 helps organizations:
- control indirect quality risks
- gain OEM confidence
- improve service stability
- prevent data and compliance incidents
- differentiate from competitors
๐งพ Final Thoughts
VDA 6.8 recognizes a critical reality of modern automotive operations:
services can be just as risky as production processes.
By applying structured audits, risk-based thinking, and performance monitoring, VDA 6.8 ensures that indirect service providers actively support quality โ instead of undermining it.