Data description for IT

The IATF audits have different types of data structures. The used data structure is a mix of data structure design and efficient structure to be used in the application and requirements during the development. Fields are only generated if they receive a value, by default a missing field is an undefined field.

Data types

data types


data types



has values 0 and 1 (used for yes/no questions) as string “1”


has true and false (used for selects and business logic)


not limited string value (checked with business logic where possible, example Auditor Id)


int have only positive values


double have only positive values

different option types

every type is described in the data definition


exported as text string “2019-11-06T00:00:00.000Z”


int in milliseconds

file data

All files are saved as base64 encoded string. Files are limited to jpeg image files and pdf files for security reasons

Supported Tags for formatted fields

  • b/strong, i/em, del, a, h1, br, del, ul and ol with li, p

  • other tags will be also evaluated in the digital version but not in print

  • If you are importing data you need to skip or remove “<!--block-->" which will be added by the used editor

Export Format

All data can be exported as json or xml file. We recommend the use of json due to it’s lesser overhead a simpler rule set.


The json file is loaded as object into CARA.


All xml exports of a report or nc management will be contained withing <CaraReport> tag. To comply with xml requirements on export all elements in the data structure starting with a number receive an Xz insert before the number (example index 1 becomes Xz1 and 4.1 becomes Xz4.1). All fields are encoded to be xml compatible. On import all xml tags defined as arrays are cast to array all other elements are created as objects. The Xz compatibility tag prefix will be removed. All values are decoded and cast into date, int, double types.

CARA does not check the provided files for CARA non conform data fields. Those fields will be loaded but not used. For internal data exchange and management purpose additional id fields etc. can be added (in xml additional array fields should be avoided).

CARA works with the implemented business logic for printing and displaying data. Data fields which are entered and later hidden due to business logic will almost always keep their data (e.g. Organisation information page → Dedicated to automotive)


All reports keep the same data structure. Fields are shown based on business logic. Most of the application structure is replicated in the data structure. Please check the sites of the different report types, to identify the data structure blocks not part of the specific report type. Not required data won’t be used/shown, while still kept in the data structure. The data structure versioning will comply with the major release versioning of the audit tool because only major releases will have changes on the data structure. If minor version is attached some corrections on the description were made.

You will find attached the description for the report data structure. All data fields are always contained within the page they are belonging to or connected to the base data object like Processes. The description for a field contains the text within the application or additional information if the field is not part of the application.

All reports get a unique id and a created and changed value.

Due to the business logic which depends on previous fields and not so much on the chosen audit type and to avoid a complex business logic column in the data description we recommend checking the applied logic using CARA and the defined help descriptions.

CARA is downward compatible. If is required to transform/move any data fields this functionality will be implemented into CARA so existing reports will work with the new formatted data. This will also happen for loaded reports (generated by IT). If they are based on previous data formats that data will be moved by CARA when the report is opened for edit.


A data import using data completely created by an external system (i.e. ERP) is not allowed. The import of master data from external system is allowed for audit data, organization information, processes, extended manufacturing sites, providing and receiving support sites


Data types for CARA reports

Providing the DataType and the uuid field is the minimum requirement for CARA to accept a report. Due to the nature of the dynamic object structure bad formatted fields may cause problems on printing or opening of a report.

You can always use the developer console of the browser to check for any errors. You will quickly find the field responsible for the error in the stack trace.

Data type

Report Type

Data type

Report Type


Stage 1 readiness review


Audit report


Remote support function audit report


Special audit report


NC management report when exported on it’s own. In general the Nc management is connected to the report it belongs to


Adhoc Nc report

JSON Schema files

Audit Report JSON Schema

NC Management JSON Schema

Example files for different report types

Functionality on import

On import the data is not checked against the business logic. The only transformation is handled on xml data integrating into arrays where required and removing the Xz on tags starting with a number. At the moment checks are connected to the page in which that content will be entered. This is due to avoid to many calculations within the browser on each change of any data.

How to export/import

For now the CARA tool uses the manual process of creating an export within the application and saving it in defaults download folder or using save as. The import is a file choosing process for a file to import. The system checks against already existing reports in the local browser database with a unique id and warns the user if the report he is importing is going to be overwritten.

Recommendation for identifying fields: The easiest way to creating the right file is to enter all fields in CARA which are going to be filled by using a report import and than to save that file. This will provide you with the right structure and you can check that structured. Cara creates required empty arrays and objects which will be part of the export those do not have to be part of the import. CARA will add all required fields on its own on loading the report.

If you have problems with a specific structure create a new report and complete only these fields so you can focus on an specific example. CARA won’t add empty fields apart from container structures.

Data Description Release Information









  • Audit report

    • Conclusion

      • PreviousAuditNonconformitiesObject

        • added ProcessAuditLead; for merge of audit reports

  • added Complaint; for preformance complaint data attachment



This update added a lot of fields due to business rules and inheritance functionality capabilities. Most noticable are new mandatory NcObservedProcess and the PreviouslyAudited for the process audited history.

  • Audit reports

    • IsRemoteSupportLocation

    • InternalNotes

    • ReportPdf (base64 encoded reporrts)

    • OrganizationInfromation

      • HasChangesSinceLastAudit

    • Process

      • ProcessObject

        • ProcessEntryState

      • PreviouslyAudited

        • 1 (Stage2)

        • 3 (Surveillance 1)

        • 4 (Surveillance 2)

        • 5 (Surveillance 3)

        • 6 (Surveillance 4)

        • 7 (Surveillance 5)

      • Activities (inheritance field)

      • ProcessPerformance

        • History (array of HistoryObjects)

          • AuditType

          • CurrentTarget

          • Achieved

          • Results

          • TrendLastAudit

    • ExtendenManufacturingSite

      • Comments

    • CustomerInformation

      • CustomerPerformance

        • Id

      • CustomerRequirementsAudited

        • LinkedCustomerPerformanceId

    • Conclusion

      • PreviousAuditNonconformities

        • NcObservedProcess

        • StatementOfNonconformity

        • ObjectiveEvidence

        • SystemicEvidenceOfImplementation

        • ActionTakenVerifyImplementation

  • Nc managamenet

    • Signature

      • AuditorId

    • State as enum(AuditorNcEntry,OrganizationNcEntry, CbNcEntry, NcCompleted)

    • ReportPdf


  • Correction of field value due to typo

    • auditTypeOptions Stage 2 / Letter of conformance = 20 is 2



  • Only correction of data field name typos in the document

    • ManufacturingProcesses

      • NoOperationalShifts0 was and is NoOperationalShifts, reamined for Stage1 was migrated NoOperationalShiftsX per Shift in audit report

      • AuditTypeShiftObject (fields are based on audit type id and on 2 is the letter of conformance)

        • NoOperationalShifts2 = NoOperationalShifts3

        • NoOperationalShifts3 = NoOperationalShifts4

        • NoOperationalShifts4 = NoOperationalShifts5

        • NoOperationalShifts5 = NoOperationalShifts6

        • NoOperationalShifts6 = NoOperationalShifts7



  • Nc Management data description

    • password (internal)

    • encActivatedByOrganisation (internal)

    • fileSizeAttachments (internal + check in meta information)

    • IsAdhocNcMangement (only adhoc)

    • Organization

      • EvidenceOfImplementationFiles

      • RootCauseAnalysisImpactOtherProcesses

    • CbPreviousAnswers

  • Audit data description

    • fileSizeAttachments (internal + check in meta information)

    • AuditorNotes

    • AuditData

      • LastPerformedAuditCycle

      • AuditDateWaiver

      • ReportIssueData (only adhoc)

      • ReasonForAdhoxNc (only adhoc)

    • Address

      • Street 3

    • OrganizationInformation

      • CertificateScopeLanguage

      • CertificateScopeNative (migrated to CertificateScopeOther)

      • CertificateScopeOther

        • CertificateScope

        • Language

      • CorporateSchemeReferenceNumber

    • Process

      • ProcessNotAudited

      • ProcessAuditRemotely

    • ProvidingSupportSites

      • CbCertificateNo

    • ReceivingSupportSites

      • CbCertificateNo

    • ManufacturingProcesses

      • ShiftProcess

        • NoOperationalShiftsx (Shifts now per process)

        • ShiftTimes (collect shift times)

    • CustomerInformation

      • CustomerRequirementsAuditedObject

        • DateCSRDocument (type changed to string from date)

    • Conclusion

      • HasPreviousAuditNonconformities

      • PreviousAuditNonconformitiesObject

        • Id (internal use random)

        • SpecialAuditConducted

        • CreatedBy (internal use ADP)



  • New remote audit report fields



  • Fixed wrong position of CustomerRequirementsAudited



  • Fixed typos on Activities (no option addded)



  • Added missing data description for already existing Stage 1 results section fields (marked blue)



  • Nc Management data description

    • Removed OfiPoitiveAspects data block

    • Added AuditTeam (for business logic use)

    • Added MinorDate60, MajorDate20, MajorDate60 (for business logic use)

  • Audit data description

    • Added OfiPositiveAspects data block (moved from Nc management, CARA will automatically move that data block to the report when a report is loaded)

    • Added AddressNative to organisation information and all sites of type adress

    • Added CertificateScopeNative

    • Added Id field to addresses

    • Moved NextScheduledAuditType and DateNextScheduledAudit from AuditData to Results section (will be moved by Cara automatically when report is loaded)

    • Changed LanguageByManagementPersonnel, LanguageBySupportingPersonnel, LanguageByManufacturingPersonnel to array of string (converted by CARA)

    • Changed AuditTeamRecommendation to array of boolean (converted by CARA)



  • added encode/decode for xml files for compatibility

  • fixed mixing NCs on merging

  • added auto calculation and NC sync on audit merging



  • Patches on

    • Nc Management report

    • Audit data merge

    • Remote support function audit report

    • printing



  • Changes are marked in red for better recognition

  • Changes in Cara report audit data structure

    • LanguagesBy changed to array for multiple languages

    • AuditMergeDataObject added for Processes

  • Changes in Nc management data structure

    • Added Clause and Process to Ofi and PA

    • Added Id and CreatedBy based on application auditor id for data merging

    • Added RootCauseResult, RootCauseResultFiles



  • Changed in CaraReportAuditData OrganizationInformation fields

    • Management Supporting, Manufacturing personnel to array of string

  • Changed NcManagement

    • Process Ids and Names are imported from report to the NcManagement

    • NcAction

      • Nonconformity observed in process was changed to reference field to a process id, to connect it exactly to a report process. Deleting a process in the report will result in deleting the reference



Audit report description:

Removed OpportunitiesImprovement and replaced by


Removed PositiveAspects and replaced by NumberPositiveAspects



Added missing fields in audit data and organization information