Counterfeit Parts Prevention Guidance 1. Introduction .............................................................................................................. 2 2. Definitions ................................................................................................................ 2 1. Acronyms ................................................................................................................... 3 3. Risk Management .................................................................................................... 4 4. Customer and/or Regulatory Requirements/Flow Down .......................................... 6 5. Counterfeit Parts Control Plan.................................................................................. 7 6. Training .................................................................................................................... 8 7. Obsolescence .......................................................................................................... 9 1. Develop Parts/Material Plan ....................................................................................... 9 2. Conduct Design Trade Studies ..................................................................................10 3. 9. Engage in DMSMS (Diminishing Manufacturing Sources and Material Shortages) Planning ....................................................................................................................11 4. Plan for Part Availability throughout the Product Lifecycle .........................................12 8. Procurement......................................................................................................................12 1. Supplier Approval ......................................................................................................13 2. Source Selection .......................................................................................................15 3. PO Placement ...........................................................................................................16 Traceability ........................................................................................................................17 10. Part Authentication ............................................................................................................18 11. Determination of Suspect Counterfeit ................................................................................20 12. Handling of Suspect/Confirmed Counterfeit Parts..............................................................21 13. Reporting...........................................................................................................................22 14. Monitoring information and trends .....................................................................................24 15. Internal/External Audits .....................................................................................................24 16. Accreditation/Certification ..................................................................................................25 Appendix A Counterfeit Parts Reporting and Monitoring Agencies ........................................26 Appendix B Government Reporting Methods ........................................................................27 Appendix C Risk Based Inspection Chart ..............................................................................28 Appendix D Product Family Risks and Mitigation Strategies .................................................29 Appendix E Test Report Information .....................................................................................33 Appendix F Counterfeit Part Control Plan Template ..............................................................34 1. Introduction This guidance defines the best practices to prevent proliferation of counterfeit goods in the supply chain. The extent of your organization’s formal compliance to any industry standards and government regulations, above and beyond these practices, may depend on your organization’s customer contracts. Depending on your organization’s role and position within the supply chain, your risk of receiving counterfeit parts or assemblies with counterfeit parts will vary. The more supply chain intermediaries (e.g. sub-tiers, distributors, customers, services, etc.) incorporating parts into products or assemblies the greater your risk. Depending on individual contracts for products and services, your organization may have multiple roles in the supply chain, and each needs to be considered. This guidance is not intended to re-state industry and government regulations, but rather provide guidance and best practices. References will be made to existing standards when applicable. Links to additional information are provided throughout this document however the IAQG is not responsible if the information or links are revised or no longer available. It is the intent of the IAQG to update the guidance on a periodic basis. This guidance material is published in the Supply Chain Management Handbook SCMH and is for use at all levels of the supply chain at no cost subject to accepting the terms and conditions of the SCMH. 2. Definitions Counterfeit Part – an unauthorized copy, imitation, substitute, or modified material, part, or component which is knowingly misrepresented as a specified genuine part of an original or authorized manufacturer. This includes used parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance or material characteristics. Suspect Counterfeit Part – a material, part, or component for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the material, part, or component is authentic. Other terms often used in the counterfeit parts context are “Unapproved Parts”, “Unauthorized Product Substitution”, and “Nonconforming Material”. And by definition, while all counterfeit parts are unapproved, unauthorized and nonconforming; not all unapproved, unauthorized and nonconforming parts are counterfeit. Note: Further effort is necessary to determine if a suspect counterfeit part is actually counterfeit. Note: There are many definitions of counterfeit among all of the different standards, laws, and regulations. It is important to work with your customer to coordinate with their definition of counterfeit. And as this definition may be different than those identified in civil and criminal laws, any legal actions related to counterfeiting would need to follow the laws of the governing jurisdiction. 2.1. Acronyms ANAB ANSI National Accreditation Board ANSI American National Standards Institute BOM Bill of Materials CAAP Counterfeit Avoidance Accreditation Program CofC Certificate of Conformance DDPA De-Lid/De-Capsulation Physical Analysis DFARS Defense Federal Acquisition Regulation Supplement DMSMS Diminishing Manufacturing Sources and Material Shortages EASA European Union Aviation Safety Agency EEE Electrical, Electromechanical, Electronic ERAI Electronic Retailers Association International GIDEP Government - Industry Data Exchange Program FAA Federal Aviation Administration IAQG International Aerospace Quality Group 3. IECQ International Electrotechnical Commission Quality Assessment System for Electronic Components IECQ CAP IECQ Counterfeit Avoidance Program MRO Maintenance, Repair, Overhaul NAVSEA Naval Sea Systems Command OCM Original Component Manufacturer OEM Original Equipment Manufacturer QMS Quality Management System RFQ Request for Quote SCMH Supply Chain Management Handbook UKEA United Kingdom Electronic Alliance Risk Management Counterfeit goods pose a significant risk to the supply chain, potentially resulting in loss of materiel, mission, or life. Your risk of receiving counterfeit parts or assemblies with counterfeit parts will vary . The more supply chain intermediaries (e.g. sub-tiers, distributors, customers, services, etc.) incorporating parts the greater your risk. Consider, “what can go wrong?”, “how likely it is to happen?”, and “what are the consequences of it happening?” Figure 1 - Example of Risk in an Avionics Supply Chain Risk is dependent on both the sources of supply and the product application. There is risk associated with the procurement source. Buying directly from the original manufacturer obviously poses less risk than buying from non-authorized sources (grey market), where traceability to the original manufacturer may have been lost or ignored. Then there is the risk the parts themselves represent in the product. For example, an electronic part used in a personal computer may represent less risk than a similar part used on a satellite. A satellite, once launched, cannot be repaired or returned for a replacement. The more risk the part represents, the higher the level of controls required to ensure the part will function in its intended use and environment. Parts bought from the same source can present different risks based on the product application. Risk management weighs the likelihood that an event will occur against the consequence of the occurrence. Risk assessment and mitigation are collaborative efforts between sub-assembly manufacturer, design authority, and the manufacturer of the end product. If your organization is not the design authority, then pre-coordination with your customers (and the design authority) is crucial and may also be required in the customer’s contract. Contract Review is an important part of the risk assessment and mitigation processes. The customer requirements often indicate the level of risk by the counterfeit part requirements flowed down (e.g. 91XX, AS5553, AS6174, IEC/TS 32668 series, DFARS 252.246-7007 & -7008, and any unique customer requirements related to counterfeit controls). It is important that the correct functions within your organization review the contract language to confirm your organization’s ability to comply with the customer’s requirements. This handbook provides risk assessment and mitigation methods within each of the sections (i.e. Design, Procurement, Traceability, etc.). An example of a product family risk mitigation strategy is included in Appendix D. 4. Customer and/or Regulatory Requirements/Flow Down Customers frequently specify design and production process requirements that they want to see applied to the product. These requirements can include counterfeit avoidance measures and regulatory requirements that the customer wants to see in place at its sub tiers to lower its own risk of getting counterfeit material. It is important that your organization have a flow down process that receives the latest requirements from the customer and distributes them to the internal functions where compliance is to be demonstrated. When the customer is flowing down counterfeit avoidance requirements, it is important to: a. Ensure common understanding of customer counterfeit requirements. A protocol has to be established for reviewing the requirements with customer and where customer specialists and in-house specialists can discuss and agree on the interpretations of the flowed down requirements. b. Understand the customer's strategy on obsolescence management. c. Ensure all customer requirements are flowed down internally d. Ensure lifecycle (obsolescence management) planning and counterfeit avoidance planning are compliant with the customer requirements. The customer may want to review and approve these plans. During the design cycle the customer may also want to understand how product design tools are used to facilitate the planning effort. e. Ensure requirements are flowed down to all levels of the supply chain. f. Ensure sub-tiers understand and comply with the requirements. 5. Counterfeit Parts Control Plan Having a counterfeit parts control plan is considered an industry “best practice”. Since the prevention of counterfeit parts affects multiple functions within your organization, it is useful to have a single counterfeit parts control plan to document these cross functional processes. This Counterfeit Parts Control Plan documents the organization’s risk-based strategy used for identification, mitigation, disposition, detection, avoidance, and reporting of suspect and/or confirmed counterfeit goods. The control plan should include the processes addressing the topics laid forth in this handbook. Again, the extent of the processes depends on your organization’s position in the supply chain. The plan should include the following processes: Risk Assessment/Customer Requirements/Contract Review Customer Requirements/Flow Down Training Obsolescence Procurement Control of External Sources Traceability Material and Parts Control Verification of purchased/returned products Inspection/Test Investigation Handling of Suspect/Confirmed Counterfeit Reporting Monitoring counterfeit reporting, information, trends Internal/External Audits The plan should identify the roles and responsibilities as relates to each function. Key functions, again depending on your organization’s size and location within the supply chain, include: Contracts Engineering Materials Management & Logistics Quality Supplier Management & Procurement A formal requirement for a documented counterfeit parts control plan is in industry standards such as AS5553, AS6081, AS6496, and IEC TC 62268 series related to electronic parts. For materiel, AS 6174 requires a Materiel Authenticity Assurance Plan. A Control Plan Template is included in Appendix F of this handbook section. 6. Training A key strategic element of mitigating the risks posed by counterfeit parts and materials is through on-going training for all relevant personnel. This training will increase awareness of the potential of counterfeit parts helping prevent their introduction into the supply chain. Relevant personnel are any persons involved in any way with parts/material. This includes personnel with responsibility for management, design, contracts, procurement, inspection and testing, and any person who deals with the parts/materials. General awareness training is appropriate for all relevant employees. In addition, detailed training for specific functional roles and responsibilities is appropriate and may be required by your customer. Elements of training should include: General awareness training o Background information: Definition of counterfeit materials and parts The origins of counterfeit materials and parts and how they enter the supply chain Vulnerabilities to counterfeit parts (e.g. obsolete and hard-to-find parts) New laws and regulations Examples of counterfeit parts or materiel o Strategies to Eliminate Counterfeit Avoidance Procuring from Authorized Sources Detection Making Sure Counterfeits are Stopped prior to integration in higher level assembly Mitigation Minimizing Risk and Damage to the project Disposition Decide on Proper Action and Resolution through Disposition Additional Training should be considered for the following personnel: 7. Receiving/Incoming Inspection Purchasing Engineering Program/Project Management Stock management Assembly/MRO personnel Operators In-process Inspection Quality Assurance Inspection Internal Auditors Obsolescence Due to diminishing manufacturing source issues, many industries may have difficulty in continuing to obtain manufactured products designed years ago to support fielded and new systems. The challenge of avoiding counterfeit parts and materials occurs when customers are obliged to purchase out of production parts to support existing products. Choosing materials that are likely to become obsolete in the lifetime of the product’s production can cause procurement departments to seek out sources of supply that have higher inherent risks of providing counterfeit material. To lower these risks designers are encouraged to: 7.1. Develop Parts/Material Plan Avoid single sources when possible - Single sources expose the supply chain to many risks. Fire or natural disasters, war and civil uprisings can interrupt supply. In addition, the source can go out of business or change business or change ownership or move the production location to an unauthorized/illegal location. Any of these events can force procurement to look at inventories of material that may not be traceable back to the OCM/OEM, elevating the risk of obtaining counterfeit material. Determine product/component availability – Even multi sourced components embodied in the end product can quickly go out of production at all sources as new technology replaces them or other market factors force them out of the market. Some analysis of the likelihood of losing the supply of components needs to be conducted before committing the design to that component. Drive common part usage – Using common parts with broad industry demand provides a higher level of assurance that the parts will not become obsolete. In addition, if demand is broad it is likely that multiple sources will exist. 7.2. Conduct Design Trade Studies Develop and compare the cost and benefits of various design and part selection strategies to maximize product life. Some of these strategies include: Employ Open Architecture – Design with a preference for using commonly available parts versus custom. High degrees of customization lead to a reduced number of suppliers of parts and exposes the organization to obsolescence risk. It also increases the difficulty of finding suitable replacements in the event of obsolescence. Encourage Re-Use - By designing with parts already in use in other products, increased production volumes will help to sustain the part sources over the product production lifetime. However, it is necessary to review the remaining lifecycle of every component to ensure compatibility with the product production lifetime. Consider Redesign/Refresh – Planned product redesign or refresh cycles can allow parts with a more recent technology level with a longer expected production lifetime to be incorporated in a planned way. While exploring design considerations to minimize obsolescence impact, it is recommended that the customer be included in the discussion so that any customer concerns can be addressed. For example, any redesign may need to be coordinated with customers to ensure all qualification testing is performed. 3. Engage in DMSMS (Diminishing Manufacturing Sources and Material Shortages) Planning DMSMS can be due to exhaustion of strategic resources, or economic factors that decrease the profitability of certain materials. Using material from these sources will expose the organization to obsolescence risk. For products with long production lifetimes, obsolescence should be considered inevitable and included in routine planning for product design support. Monitor source of supply - materials and manufacturers. The organization and Engineering in particular have to be alert to DMSMS. This generally requires a concerted effort to monitor obsolescence notices and may include review of lifecycle predictions from third parties such as IHS. Design rules have to be updated to avoid incorporating materials from diminishing sources. Refresh DMSMS plan throughout Program lifecycle – Long after the design is in production DMSMS can become a problem. The DMSMS plan should be reviewed on a periodic basis with Procurement and Engineering. Engineering should be taking every opportunity (such as design changes undertaken to incorporate enhancements, address reliability concerns or reduce cost) to remove materials affected by DMSMS from the bill of material before they become a problem. Additional guidance may be found in: STD0016 - Standard for Preparing a DMSMS Management Plan SD-22 – Diminishing Manufacturing Sources and Material Shortages (DMSMS), Guidebook of Best Practices for Implementing a Robust DMSMS Management Program IEC 62402 – Obsolescence Management 7.4. Plan for Part Availability throughout the Product Lifecycle Based on DMSMS Planning / BOM review or obsolescence events, determine the need for bridge buy (to sustain until a redesign or design modification can be implemented) / lifetime buys / end of life buys – If DMSMS is not addressed early enough by design action, these actions may become the only options available to procurement. These special buys are likely to be more successful and expose the organization to less counterfeit risk if they are done early enough to use the authorized sources. Determine aftermarket supply – The aftermarket tends to have higher counterfeit risks because of the ‘Grey Market’ shops that offer parts with unapproved repairs or ‘new’ parts of suspect origin. Ideally the supply of new parts to the aftermarket should be through the same source as the authorized production source. Lifetime buys for sustainment should also be considered while parts are still available from authorized sources, If parts are coming from repair sources, they should be working to Engineering approved repair schemes and Engineering should be involved in the approval of these repair shops. If part obsolescence increases the counterfeit risk, it is important to coordinate with your customer to ensure the needs over the product lifecycle are met. 8. Procurement Procurement activities can help ensure that Counterfeit Product does not enter the Supply Chain. Procuring parts from trusted sources, proper flow down of requirements, and risk-based verification activities help lower the risk of counterfeit parts. As the Contract flows down through each level or ‘tier’ of the Supply Chain, it must be ensured that the links to the customer, legal, and regulatory ‘framework’ aren’t lost. The minimum standards and requirements to be met need to be clearly defined and flowed down. Before a part/product is procured, risk should be considered. The risk will determine the level of additional requirements; the greater the risk, the higher the level of inspection and testing. Procurement can be divided into three components - Supplier Approval, Source Selection, and Purchase Order Placement. Supplier Approval is the process of selecting suppliers to be on the approved supplier list. Source Selection is the process of selecting a supplier for specific order from the approved supplier list. Purchase Order Placement is the process for preparing and issuing the purchase order. For additional information on this topic, see Section 4 “Buy” in the IAQG SCMH. 1. Supplier Approval Supplier risk mitigation is accomplished via the supplier approval process and is the first line of defense against purchasing counterfeit parts. Historical data has shown that there is a higher risk of counterfeit parts when parts are procured from unauthorized or independent distributors. Procuring parts from original manufacturers and their authorized distributors provides a much higher likelihood of ensuring genuine products. Besides normal “due diligence” in the supplier approval process, there are additional sources you can use to review potential distributors. Examples are (see Appendix A Counterfeit Parts Reporting and Monitoring Agencies for more information): Anti-Counterfeiting Forum Electronic Retailers Association International (ERAI). FAA Unapproved parts list Government - Industry Data Exchange Program (GIDEP) These sources have information about entities that supplied counterfeit parts and materials to aviation, space and defense industry members. There are also commodity-based and OEM websites that identify counterfeiting events. When independent distributors or brokers are the only source of parts (i.e. product is no longer in production and no stock remains at the OCM/OEM or authorized/franchised distributors), extra measures must be performed to ensure the purchase of authentic and approved parts. The flow chart below illustrates the additional efforts needed if product is not available from a low risk supplier. YES Available from OCM, Authorized Aftermarket Manufacturer, or Franchised Distributor? Material Procurement Requirement Investigate use of alternate product and their availability from authorized suppliers Contact Design Authority NO YES Execute Design Activity Alternate Product found and available? YES NO Purchase from OEM or Franchised Distributor NO Redesign or procurement risk mitigation? Risk Assessment Customer Approval Required? YES Customer Approved? Redesign Risk Mitigation NO Procurement Risk Mitigation Product available from Unauthorized/ Independent Distributor or Broker YES Use Material Unauthorized/ Independent Distributor or Broker evaluation and selection Check external resources for history of suspect suppliers & parts (e.g., GIDEP) Does usage require customer approval? NO YES NO NO YES Customer Approved? OEM CofC and Parts traceable to OEM? YES Handling, Packaging & Storage history acceptable? YES NO NO Consider further due diligence for critical applications UNKNOWN Contact Customer for Direction Authenticity Verification Suspect Counterfeit discovered? YES Material quarantine / disposition Case reporting NO Purchase from Broker or Independent Distributor Use Material Figure 3 – Supplier Selection and Risk Mitigation Process The top green line illustrates the lowest risk approach of procuring product through the industry preferred source of the OEM or authorized/franchised distribution. This path is straight forward in that no special risk mitigation steps need to be taken. When the decision is to use an authorized supplier, the parts are processed through the receiving inspection processes and into inventory. However, in the case where an OEM or authorized/franchised supplier is NOT available (red line), for example due to part obsolescence, several decisions must be made which may include, contacting your customer for options, performing a risk assessment based on part usage and supply source, determining if the parts are traceable to the OEM, and last, but many times the most expensive step, verifying part authenticity. (See Section 10) Any relief from customer requirements must come from the proper authority. Needless to say, these processes can be expensive and take considerable time to complete, time that was not usually accounted for when developing program schedules. The total cost and time, including risk mitigation activities must be considered when selecting and approving sources. Maintaining a register of specific contractor approved suppliers, including scope of approval, for independent distribution that have counterfeit inspection and testing capabilities may help expedite the risk mitigation process. 8.2. Source Selection When selecting a distributor, broker, or supplier, the different risks associated with their selection should be recognized. As stated above, there is less risk when procuring from the Original Component Manufacturer (OCM, Authorized aftermarket manufacturer, etc.) or authorized/franchised distributor, than when procuring from an independent distributor or broker. Due to these differing risk factors, these risks must be evaluated and mitigated to ensure confidence that counterfeit parts are prevented and/or identified. Before you purchase from distributors, you need to understand the type of distributor they are. There are two types of distributors: “Authorized/Franchised” distributors are authorized by OCM/OEM (Original Component/Equipment Manufacturer) to market, store and ship their product(s) as part of a distribution agreement. AS6496 is an example of requirements for mitigating counterfeit products in the authorized distribution supply chain. “Unauthorized” or “Independent” distributors/“Brokers” refer to distributors that have no formal relationship with the OCM/OEM. AS6081 is an example of requirements for mitigating counterfeit products in the independent distribution supply chain. An “authorized reseller” is not the same as an authorized distributor and clarification is dependent on the OCM’s formal distribution agreement. Utilizing Unauthorized/Independent Distributors or Brokers may require additional verification activity to ensure the product provided is authentic. Some regulations (e.g. DFARS 252.246-7008) or industry standards (AS5553) require a formal risk mitigation plan (with defined testing and acceptance criteria) when procuring parts from “independent sources”, as defined in those standards. If the source selected is not already on the approved supplier list, the supplier approval process should also be performed. 8.3. PO Placement Specific requirements may be used to maximize the likelihood of being provided authentic material. Depending on the risk factors involved, the purchasing requirements will differ. The Request for Quote (RFQ) and the Purchase Order should define the product, documentation, traceability, and testing requirements, including where applicable, the use of approved sources for materials and/or processes. It should also include any other customer requirements that need to be flowed down through the supply chain. Additional resources on the Purchasing Process and the information to be flowed down may be obtained via AS6174, AS5553, ARP6328, AS6081, 91XX, IEC/TS 32668 series, DFARS 252.246-7007 or others as appropriate. 9. Traceability Traceability serves several functions in counterfeit part mitigation. The first function is to track a part from the manufacturer through intermediaries to minimize the opportunity of procuring or introducing a counterfeit part into the supply chain. The next function traceability serves is to be able to track and identify any suspect or confirmed counterfeit parts that are in-process or in service so that the parts can be recalled and replaced as necessary. It allows the organization to quickly quarantine parts in service, replace the affected parts, and return the products to service. This minimizes both field impact and production impact. There are trade-offs between the cost of providing the traceability and the cost avoidance if production or in-service product is affected. Hence the level of traceability needed may vary depending on application, supply chain environment, and the risk to the end user. Examples include very detailed part traceability (e.g. serial number), lot traceability where the part usage can be identified and limited to a particular production lot or batch of deliverable hardware, or some other method. Traceability requirements may be defined in documents such as, but not limited to, 9100, FAR 52.246-2, FAR 52.246-11, DFARS 252.246-7007, DFARS 252.246-7008, AS5553, AS6174, AS6081 and customer contracts. The Request for Quote (RFQ or equivalent) and the Purchase Order should define the traceability requirements as applicable. Aerospace fasteners, for example, require date and lot code because they can be traced back to the manufacturer. When purchasing parts from a distributor, knowledge of the required documentation is essential. A CofC (Certificate of Conformance) may include traceability information but can be easily counterfeited so reliance on this document alone is not foolproof. Unless full product traceability to the OCM/OEM is provided with the part, extra visual inspection as well as testing will provide an increased level of confidence that the parts will function as required. This will require a level of communication between the procurement and engineering organizations to assess the level of risk and develop an inspection and testing plan appropriate to the level of risk the part poses in the product. Upon receipt, traceability documentation should be evaluated in an effort to identify suspect material. The verification activities shall be appropriate to the product risk. Identity: Original manufacturer, part number, date code, lot number, serial number, batch number, etc. Pedigree: Origin, ownership history, storage, handling, physical condition, previous use, etc. Inspection and test results Customer contract or legislation may require that traceability records be maintained. This can be a short period (a few years), but could be as long as the life of the product, which could be many decades. 10. Part Authentication As stated earlier in the Risk Management section (section 3), the best method to avoid counterfeit parts is to purchase the parts directly from the original manufacturer. This is not always possible or practical. It is not just the parts that can be counterfeited. Counterfeiting can also occur in the documentation attesting to the authenticity of a part. Therefore, your organization should establish inspection and test criteria as applicable to detect possible counterfeits. Your organization’s quality manual will already address product verification activities to assure an externally provided product conforms to its specified requirements. The applicable quality requirement flow down and the level of purchased product controls, are determined in accordance with the effect the purchased product has on subsequent product realization and the end product. In other words, verification activities are performed based on customer requirements, source selection risk, component risk, and application criticality. Likewise, risk determines the most appropriate methods of inspection and test. Some examples of inspection activities are: review of data deliverables (certificates of conformity, test results, process control documentation, first article reports, etc.), independent laboratory tests, product and/or process audits/assessments, product inspection at a supplier's facility, inspection/verification of the product and accompanying documentation upon receipt, and formal delegation of product acceptance to the supplier. Some examples of test activities include: visual inspection, measurements, nondestructive and destructive testing (e.g. marking permanency, x-ray, destructive analysis, thermal cycling, etc.). In many cases, it is not possible to physically inspect every single part. And in many cases, due to the sophistication of counterfeiting techniques, a visual inspection may not be sufficient. Therefore, when appropriate, your organization should have a process to determine the inspection, testing and acceptance criteria related specifically to counterfeit detection. Note, depending on the risks, this will likely be above and beyond your normal purchased product verification defined in your QMS. Inspection and test should be performed as early in the process as possible. Inspectors and operators performing inspection at any stage should be familiar with known counterfeit techniques. Unfortunately, counterfeiters are constantly improving their counterfeiting techniques to avoid your detection. So, the detection methods should be reviewed and when needed, updated to keep up with the ever changing counterfeiters’ capabilities. Formal inspection and testing criteria should be considered for the following highrisk situations: Previous counterfeit reports related to the part, product, or supplier; Supplier doesn’t have a counterfeit parts control process; Parts procured from non-OCM/OEM or non-OCM/OEM Authorized Sources - the “Gray Market”; Cannot confirm the part as supplied is new or previously unused and that it has not been comingled in supplier’s new production or stock with used, refurbished, reclaimed, or returned parts; Customer Returns (to ensure returned items are the same authentic items which were originally delivered before accepting returned parts back into stores); Anytime a part loses traceability, e.g. excess parts return to inventory, etc., to ensure authenticity; When investigating potential counterfeit parts identified in-house. As previously stated, the organization holding the design authority (specifically the cognizant engineer from that organization) for the end item, is the only organization that can determine the level of application risk. If your organization is not the design authority, then pre-coordination with customers (and the design authority) is crucial and can be a contract requirement. If the Customer has not specified requirements for inspection and test methods, some industry standards (e.g. AS6081*) require a minimum level of testing be performed. * Example: AS6081 for EEE independent distributors, the Organization shall perform or cause to be performed documentation/traceability review, external visual inspection, 2-dimensional radiological inspection, lead/termination finish evaluation, and remarking and resurfacing tests. For active devices de-lid/decapsulation physical analysis (DDPA) shall also be performed. The Organization shall follow commercial counterfeit EEE part inspection and test methodology unless otherwise specified by the Customer. Examples include but are not limited to IDEA-STD-1010, CCAP-101, or applicable slash sheets of AS6171. Locations where the tests are performed should also be considered. For example, EEE part testing is performed by an IDEA-ICE-3000 certified inspector or approved test lab. If your organization is the design authority, it is important to identify any specific test labs required to perform the testing, when developing an inspection and test plan for your suppliers. Specific test methods to determine counterfeit parts are too numerous to mention in this handbook. Some excellent sources of information with photo examples of counterfeit techniques are: For Non-EEE Parts, see NAVSEA Memorandum 2013-0537. For fasteners, see Suspect/Counterfeit Bolt Headmark List For EEE, Parts see AS6171/2 or IDEA-STD-1010 Appendix C provides an example of increased testing appropriate to increased risk. Remember, the type and level of testing are based on risk determined in collaboration with the customer/end-user/design authority. 11. Determination of Suspect Counterfeit During the verification process, indicators that a part may be counterfeit may be identified. Per the definition, a Suspect Counterfeit Part is a part for which there is objective and credible evidence indicating that it is likely counterfeit. If there is an indication of suspect counterfeit part(s), the situation will require additional Inspection/Screening process is to analyze the results in order to prepare a disposition and final report. The interpretation of inspection results should be documented in accordance with the specific test/inspection method(s) used. Analysis may require a forensics approach. There could be distinct and subtle indications that suggest that an item is suspect counterfeit. Indications for counterfeiting and quality defects from the authentic manufacturer and other quality related issues (e.g., poor storage and handling) can often be confused, leading to false positive or false negative results. Care should be taken to resolve inconclusive findings and to distinguish between counterfeit indications and quality indications. The sum total of the observations from the complete test/inspection sequence is what establishes the overall conclusion. One indicator from the parts or packaging may be sufficient if it is conclusive enough. If there are enough indicators that lead to a conclusion with a reasonable level of confidence that the parts are more likely suspect counterfeit, you may want to consult with the authentic manufacturers. There are times when they are willing to provide pertinent information to the decision making. If the indicator(s) lead to a conclusion that the parts contain quality issues, then document the quality issues in the final report and relevant information that led you to believe the final determination is quality related rather than counterfeit related. If parts do not exhibit indicators that lead to a conclusion with a reasonable level of confidence that the parts are suspect/counterfeit, then the final determination that the parts passed required testing and that there was no evidence of counterfeiting based on the testing/inspection performed. (See Appendix E for test report additional information.) 12. Handling of Suspect/Confirmed Counterfeit Parts Your organization’s Quality Management System (QMS) typically addresses the control of nonconforming material, including the segregation and quarantine of parts and associated documentation until dispositioned. Additional areas to address include: Containment of any related parts or material, including product which may already have shipped to the customer. Notification from external sources potentially impacting your product. This may include reviewing GIDEP Reports and other industry sources related to suspect/counterfeit parts. Detailed reporting information on who to notify to ensure customer and regulatory requirements are met. Note, for additional information on this topic, see Section 3.3 “Control of NonConformities, Corrective and Preventive Actions” in the IAQG SCMH. Suspect counterfeit and counterfeit parts should be treated as nonconforming material and quarantined to prevent use or re-entry into the supply chain until such parts are inspected and/or tested, and relevant documentation researched and verified. Only parts confirmed as authentic and meeting customer requirements can be dispositioned for release and subsequent use. In the event the part/material is counterfeit, the part and all information relating to the purchase of the part, including points of contact, company name and address should be collected and retained in the event it is needed for use in an investigation. This may include investigations by law enforcement officials. Counterfeit parts not needed as evidence for an investigation should be completely destroyed/mutilated to keep the parts from re-entering the supply chain. 13. Reporting The counterfeit parts risk impacts all levels of the supply chain. By working together, OEMs, distributors, customers, and suppliers become more aware of the problems and more effectively deal with counterfeits and counterfeiters. Reporting suspect counterfeit parts helps limit the proliferation and use of counterfeit parts across the supply chain by: Alerting others of suspect counterfeit parts by part numbers and types and by lot or batch numbers if known Identifying sources of counterfeit parts Highlighting methods of counterfeiting Sharing Inspection and testing used for identification and verification. Helping other players in the supply chain adequately assess risk and improve quality and reliability Reducing the resources needed to maintain awareness of counterfeit issues by establishing a cooperative effort to exchange technical information Suppliers should have a process in place on how and where to report suspected or confirmed counterfeit parts or materials. This process should include who to contact and what (if any) organizations to report the information to. All appropriate personnel should be aware of the proper reporting process for suspect/counterfeit Parts. All counterfeit / suspect counterfeit parts should be reported internally within the organization. Ensure the reporting of suspect counterfeit parts across all appropriate business units and functions, including Legal/Contracts. Customers should be notified of the discovery of any suspect/counterfeit parts. This is especially important if the discovery affects product which has already shipped. Customer requirements may specify the reporting methods and timeframe. A best industry practice is to report suspect/counterfeit parts externally to the appropriate authorities/ law enforcement agencies. It is the responsibility of all suppliers in the supply chain and benefits the entire aviation, space and defense industry. There may be national or local laws which require this reporting (See Appendix B for examples. Another best practice for external reporting is reporting to centralized databases/reporting sources which gather information relating to suspect/counterfeit parts. These industry accessible, centralized databases allow companies to research parts and suppliers/distributors before purchasing from them. This may be required by your contract. Examples of centralized databases are (see Appendix A for more information): Anti-Counterfeiting Forum ERAI FAA Suspect Unapproved Parts GIDEP 14. Monitoring information and trends Recently, Quality Management Systems such as 91XX have included counterfeit prevention requirements and other Government level requirements and counterfeit law have been published. Suppliers need to have a method to monitor counterfeit activity relative to the types of products they procure to reduce the risk of inputting counterfeit material into the supply chain. These methods can include Ensuring positive, trusting relationships with your suppliers and distributors Searches on the internet Monitoring of information from reporting sources such as GIDEP, ERAI, Anti-Counterfeiting Forum. Membership/participation in societies, industry groups, and forums A monitoring strategy should be comprised of a constant review for sources who have provided suspect counterfeit parts and the techniques used. As counterfeiting methods become more sophisticated, becoming aware of and updating to the latest detection and avoidance techniques is necessary. In addition to your existing surveillance process, monitor the relevant marketplace for potentially counterfeit products. This includes monitoring online auction sites as well as brick-and-mortar locations where potential counterfeits are likely to be introduced into the supply chain. 15. Internal/External Audits Counterfeit avoidance is included in 91XX and is reviewed as part of QMS audits. Customers and regulatory authorities may also audit your counterfeit avoidance systems and practices. Auditing the Counterfeit Avoidance program allows an organization’s management to know how robust the program is and how wellprepared employees are to look out for and deal with suspect or proven counterfeit parts. Auditing can also demonstrate that the organization has a system adequate to the customer’s requirements. Any weaknesses identified need to be addressed in accordance with the organization’s policies and procedures. 16. Accreditation/Certification There are organizations recognized by customers which perform audits looking specifically at counterfeit avoidance systems and which issue formal accreditations/certifications. These include: Counterfeit Avoidance Accreditation Program (CAAP) administered by PRI IECQ Counterfeit Avoidance Program (IECQ CAP) National Quality Assurance, USA (NQA USA) Benefits of accreditation/certification may include: Strengthening Technical expertise A decrease of customer audits Demonstration of compliance with requirements Increased customer satisfaction More Industry Visibility Higher Quality – Lower Cost Process Efficiency Improvement More Opportunities Worldwide Appendix A Counterfeit Parts Reporting and Monitoring Agencies NOTE: Any website information provided was accurate at the time of publication but may have changed since that time. GIDEP (www.gidep.org) does not charge for their service although, an account is required and there are restrictions on GIDEP membership. Other limitations also apply for GIDEP reporting and accessibility. Prior to publishing a GIDEP Alert, the submitted data is thoroughly reviewed and the offending business is given an opportunity to rebut. This process may take more time but it assures its accuracy and the protection of its information. ERAI’s (www.erai.com) database is a subscription-based product. Anyone can pay the fee and have access to the data. Some advantages of ERAI are that it provides a database of aliases for a distributor’s name. This function is useful with counterfeit part reports that have been discovered against one company. IDEA (www.idofea.org) is a resource for distributors to find relevant quality information and to participate in advancing industry ethics, ensure customer satisfaction, establish standards and promote education. The purpose of IDEA is to promote the independent distribution industry through a media advocacy campaign, to improve the quality of products and services through a quality certification program, educational seminars, and conferences, and to promote the study, development, and implementation of techniques and methods designed to improve the business of independent distributors. The Anti-Counterfeiting Forum (www.anticounterfeitingforum.org.uk) helps to exchange, develop and disseminate best practice and intelligence to mitigate against the threat of counterfeits in the electronic and electrical supply chains by: Working closely with a number of Government and industry bodies and attending a number of relevant Government / industry forums Managing the Anti-Counterfeiting Forum website, organising annual counterfeit awareness seminars and providing presentations and talks at relevant industry events. Appendix B Government Reporting Methods Here some information on reporting – extracts from the IEC document §4.14: FAA Suspected counterfeit component issues can be e-mailed to the Aviation Safety Hotline office See webpage http://www.faa.gov/contact/safety_hotline/ EASA EASA issue Safety Information Bulletins (SIBs) on potential hazards which may include reporting of counterfeit or fraudulent components The European Aviation Safety Agency is located at Ottoplatz 1, D-50679 Koeln, Germany, tel +49 221 8999 000, info@easa.europa.eu and has a webpage http://easa.europa.eu/home.php . EASA controls Design Organisation Approvals (DOA), Production Organisations Approvals (POA) and Maintenance Organisations Approvals (MOA). EU counterfeit reporting Counterfeit reporting within the EU should be reported locally. The Europa webpage contains forms and details of how to process national and EU wide applications for IP action by customs authorities The Europa webpage for the EU Taxations and Customs Union entitled ‘How can right holders protect themselves from counterfeiting and piracy’ provides details and forms for reporting counterfeit activities, see webpage http://ec.europa.eu/taxation_customs/customs/customs_controls/counterfe it_piracy/right_holders/index_en.htm Appendix C Risk Based Inspection Chart Highest Level of Testing Burn-in Risk Factors: Thermal Cycle Testing Destructive Physical Analysis Population of Material Tested Level of Testing Hermeticity Testing Part classification Part type Application Obsolescence Interfaces 100% of ALL Material Tested Electrical Testing % of Parts Tested from each Date/Lot Code X-ray Fluorescence X-ray Marking Permanency Increase inspection/ testing as risk increases Small % of Population Tested External Visual Inspection Lowest Level of Testing Figure C1 – Risk Based Inspection The US Defense Logistics Agency publishes a list of commercial laboratories suitable for Testing Military Electronic Devices https://landandmaritimeapps.dla.mil/Offices/Sourcing_and_Qualification/labsuit.a spx. Appendix D Product Family Risks and Mitigation Strategies Product Applicability Risk Types Obsolescence Component Obsolescence Supplier Control Sub-Tier Supplier Control Contract Flowdown inconsistencies Supply Chain Traceability Variation in I&T lab capability Product and application risk Control of inventory (from Auth vs Grey market, scrap, surplus, returned product) Mitigation Strategies / Needs User Operator Platform Integrators Parts Mgmt Plans, DMS Plans, Last Time Buys/EOL Buys Contract flowdown, surveillance; reporting/notification; GIDEP/ERAI Disclosure requirements (whether source is auth/not auth and whether or not full mfr’s warranty is provided) Distributor audits/approvals, Source Selection Criteria Verification of Purchased Product Inspection and Testing Requirements Test Strategies according to the Risk Risk Assessment Product Applicability Risk Types System Integrators Component Obsolescence Supplier Control Sub-Tier Supplier Control Contract Flowdown inconsistencies Supply Chain Traceability Source Design Part – supply chain control Variation in I&T lab capability Product and application risk Control of inventory (from Auth .vs. Grey market, scrap, surplus, returned product) Mitigation Strategies / Needs Parts Mgmt Plans, DMS Plans, Last Time Buys/EOL/bridge Buys Contract flowdown, surveillance; reporting/notification; GIDEP/ERAI Disclosure requirements (whether source is auth/not auth and whether or not full mfr’s warranty is provided) Distributor audits/approvals, Source Selection Criteria; I&T Lab selection criteria Planning for adequate lead times Verification of Purchased Product Inspection and Testing Requirements Test Strategies according to the Risk Risk Assessment BOM/Alternate Parts ListingMultiple Replacement Parts for designs Inventory Control Method Product Applicability Risk Types Component Obsolescence Supplier Control Sub-Tier Supplier Control Contract Flowdown inconsistencies Supply Chain Traceability Variation in I&T lab capability Single source design Control of inventory (from Auth vs Grey market, scrap, surplus, returned product) Mitigation Strategies / Needs Sub-Systems Components (OCM) Authorized Distributors Component Obsolescence Supply Chain Traceability Supplier Control – Distributors Inventory Control – Warranty Returns Single source design Supply Chain Traceability Supplier Control – Distributors Lack of clear definition of Authorized and how to determine scope of authorization of a distributor Variation in I&T lab capability Parts Mgmt Plans, DMS Plans, Last Time Buys/EOL/bridge Buys Contract flowdown, surveillance; reporting/notification; GIDEP/ERAI Disclosure requirements (whether source is auth/not auth and whether or not full mfr’s warranty is provided) Distributor audits/approvals, Source Selection Criteria; I&T Lab selection criteria Planning for adequate lead times Verification of Purchased Product Inspection and Testing Requirements Test Strategies according to the Risk GIDEP/ERAI Risk Assessment System Redesign BOM/Alternate Parts ListingMultiple Replacement Parts for designs Inventory Control Method Distributor audits/approvals, Source Selection Criteria; I&T Lab selection criteria Inventory Control method – Verification of Returned Part(s); Control of Excess parts BOM/Alternate Parts ListingMultiple Replacement Parts for designs Distributor audits/approvals, Source Selection Criteria; I&T Lab selection criteria Supply Chain Inspection and Testing ERAI Reporting databases Inventory Control Customer Notification Product Applicability Risk Types NonAuthorized Distributors / Brokers Supply Chain Traceability Supplier Control – Distributors Lack of clear definition of Authorized and how to determine scope of authorization of a distributor Variation in I&T lab capability Mitigation Strategies / Needs Distributor audits/approvals, Source Selection Criteria; I&T Lab selection criteria Inspection and Testing ERAI Reporting databases Inventory Control Customer Notification Appendix E Test Report Information The Test Report generated should document how the Test/inspection Plan was implemented. The Report should document the criteria and the analysis and interpretation of results that yielded any test conclusions regarding the authenticity of the components under test. The Test Report should contain the following elements: Identifying information - Part name, part number, manufacturer, lot size, lot date code, report number, Test Laboratory Certification identification if used, customer name, date of analysis. Test document name - Testing Requirements, if additional testing is added during the process, identify the tests and/or test document. Results - Indicate if the parts are “acceptable” or “not acceptable” on the basis of counterfeit risk. When there is evidence that the parts being examined are suspected of having been counterfeited using methods that are not detectable by the Test Sequence in the SOW or PO, it shall be documented in the test report. The name, signature or stamp (electronic or ink) of the individual(s) who performed each specific Test Method, and the name, signature or stamp of the individual(s) authorized to accept and/or approve the test results. Appendix F Counterfeit Part Control Plan Template 1. Scope 1. Purpose Control Plan is Addendum to QMS Establishes baseline; customer requirements supersede these requirements. 2. Application 1. Applicable Documents 1. 9100 Quality Management Systems - Requirements for Aviation, Space, and Defense Organizations 2. Other Documents 2. Terms and Definitions 1. Authorized Distributor 2. Franchised Distributor 3. Independent Distributor 4. Counterfeit Part 5. Suspect Counterfeit Part 3. Requirements 1. Training 2. Customer Contract Review 3. Obsolescence Part Availability) 4. Procurement 5. 1. Supplier Approval 2. Source Selection 3. PO Placement Traceability 6. Verification of Purchased Product 7. Investigation 8. Handling of Suspect/Confirmed Counterfeit Product 9. Reporting 10. Monitoring counterfeit reporting, information, trends 11. Internal Auditing 12. Control of External Sources 5. Roles and Responsibilities (This may be a separate section or defined within each section in 4) 1. Contracts 2. Engineering 3. Materials Management & Logistics 4. Quality 5. Supplier Management & Procurement
0
You can add this document to your study collection(s)
Sign in Available only to authorized usersYou can add this document to your saved list
Sign in Available only to authorized users(For complaints, use another form )