As counterfeit avoidance and detection continue to be a major issue within electronics manufacturing, various agencies and organizations have created programs and requirements for making sure counterfeit parts do not get into or through the supply chain.
As counterfeit avoidance and detection continue to be a major issue within electronics manufacturing, various agencies and organizations have created programs and requirements for making sure counterfeit parts do not get into or through the supply chain.
Recently, the US Defense Department released final rules to the Defense Acquisition Regulations System (DFARS). This release added a Contractor Counterfeit Electronic Part Detection and Avoidance System section.
In addition, SAE Aerospace has released a document related to Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition – Authorized/Franchised Distribution. These documents are similar in requirements. However, there are some gaps between the two, so when implementing an anti-counterfeiting policy, requirements of both of these documents should be considered. ECIA members should pay particular attention to the detection and avoidance requirements placed on contractors (that are subject to the Cost Accounting Standards (CAS) because DoD clearly states: ‘The final rule flows down the requirements to all subcontractors of prime CAS-covered contractors, at all tiers, without regard to whether the subcontractor itself is subject to CAS or is a commercial item’. The rule stipulates the 12 minimum risk-based policies and procedures that contractors must have in place to detect and avoid counterfeit electronic parts.
SAE Aerospace announced on August 20, 2014 the adoption of AS6496, a standard for ‘Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation and Disposition – Authorized/Franchised Distribution’. The standard identifies the requirements for mitigating counterfeit products in the Authorized Distribution supply chain by the Authorized/Franchised Distributor. A properly implemented AS6496 program directly addresses most of the DFARS 12 elements.
DFARS policies
The rule stipulates the minimum risk-based policies and procedures that contractors must have in place to detect and avoid counterfeit electronic parts, summarized as:
1. The training of personnel.
2. The inspection and testing of electronic parts, including criteria for acceptance and rejection.
3. Processes to abolish counterfeit parts proliferation.
4. Processes for maintaining electronic part traceability.
5. Use of suppliers that are the original manufacturer, sources with express written authority of the original manufacturer or currently design activity, including an authorized aftermarket manufacturer or supplier that obtain parts exclusively from one or more of these sources.
6. The reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts.
7. Methodologies to identify suspect counterfeit electronic parts and to rapidly determine if a suspect counterfeit electronic part is, in fact, counterfeit.
8. Design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts.
9. Flow down of counterfeit detection and avoidance requirements.
10. Process for keeping continually informed of current counterfeiting information and trends.
11. Process for screening the Government-Industry Data Exchange Program (GIDEP) reports and other credible sources of counterfeiting information.
12. Control of obsolete electronic parts.
Training
AS6496 requires the organization to add the subject of counterfeit awareness including detection and mitigation to the training plans of employees needing this training. This is easily addressed in a proper implemented ISO9001/AS9100/AS9120 system.
Inspection and testing
The DFARS states the inspection and testing of electronic parts, includes criteria for acceptance and rejection. Tests and inspections shall be performed in accordance with accepted Government- and industry-recognized techniques. Selection of tests and inspections shall be based on minimizing risk to the Government. Determination of risk shall be based on the assessed probability of receiving a counterfeit electronic part; the probability that the inspection or test selected will detect a counterfeit electronic part; and the potential negative consequences of a counterfeit electronic part being installed (e.g., human safety, mission success) where such consequences are made known to the Contractor.
Authorized distributors of commercial and industrial parts minimize the amount of handling of incoming parts from manufacturers, and provide the customer the parts as the manufacturer has sent them. Suppliers to authorized distributors are normally dock-to-stock and are inspected for count, kind, and condition. The probability of receiving a counterfeit electronic part is minimal, thus, it can be justified that incoming parts from manufacturers and AS6496 authorized distributors are not subject to further inspection and testing. We can be confident in the authenticity of the parts. Another source of incoming parts are those that have been returned from a customer. This, of course, is the highest risk and should be a focal point for avoiding counterfeits.
Parts traceability
The second DFARS rule is the processes for maintaining electronic part traceability (e.g., item unique identification) that enable tracking of the supply chain back to the original manufacturer, whether the electronic parts are supplied as discrete electronic parts or are contained in assemblies. This traceability process shall include certification and traceability documentation developed by manufacturers in accordance with Government and industry standards; clear identification of the name and location of supply chain intermediaries from the manufacturer to the direct source of the product for the seller; and, where available, the manufacturer’s batch identification for the electronic part(s), such as date codes, lot codes, or serial numbers. If IUID marking is selected as a traceability mechanism, its usage shall comply with the item marking requirements of 252.211-7003, Item Unique Identification and Valuation.
According to AS6496, the organization shall have a system for controlling its inventory. The inventory control system shall provide for traceability of customer returned parts. Records shall be maintained in accordance with the organization’s retention policy. Furthermore, the documented processes shall require the retention of records providing chain traceability. The records shall provide traceability to the manufacturer or the manufacturer’s authorized distributor, including the certificate of conformance if provided with the parts.
For commercial and industrial devices, manufacturer’s documentation (certification/pack list) shall be maintained on file by the organization for the period noted. Such documents are not required to be delivered with product. When requested by the customer or imposed upon the customer due to special circumstances such as, but not limited to, regulatory audits or traceability audits, the organization shall provide manufacturer’s certification of conformance or pack list on commercial and industrial parts in a reasonable amount of time.
Traceability in authorized distribution is obtained through an effective quality management system and effective anti-counterfeit program compliant with AS6496. Traceability information can come in various forms which include lot codes, date codes, serial numbers, or purchasing and receiving records. Concerning the question of whether supply chain traceability records are required with each ordered Commercial and Industrial Part (i.e. COTS), it was recently agreed by a committee of prime contractors and government agencies that this was not necessary for authorized distribution when performing sales with the defense industry and DoD.
Suppliers
Use of suppliers that are the original manufacturer, or sources with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer or suppliers that obtain parts exclusively from one or more of these sources. When parts are not available from any of these sources, use of suppliers that meet applicable counterfeit detection and avoidance system criteria.
This element is directly supported by AS6496. Authorized distributors are expected to have distribution agreements with their manufacturers. Purchase restriction also speaks directly to the first half of the element. To ensure the customer will know when these transactions will occur, the disclosure of non-authorization clause protects the customer.
Reporting
The DFARS states this as reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts. Reporting is required to the contracting officer and to the Government-Industry Data Exchange Program (GIDEP) when the Contractor becomes aware of, or has reason to suspect that, any electronic part or end item, component, part, or assembly containing electronic parts purchased by the DoD, or purchased by a contractor for delivery to, or on behalf of, the DoD, contains counterfeit electronic parts or suspect counterfeit electronic parts. Counterfeit electronic parts and suspect counterfeit electronic parts shall not be returned to the seller or otherwise returned to the supply chain until such time that the parts are determined to be authentic.
Under AS6496 guidelines, the organization’s counterfeit electronics control plan shall include a process to evaluate and minimize the risk associated with potential counterfeit product infiltrating into their inventory. Disposition of parts deemed suspect, fraudulent or counterfeit confirmed counterfeit parts shall not be returned to the customer and may be retained for investigative or training purposes. The organization shall quarantine the parts for 5 years, or longer, if required by legal requirements. Suspect, fraudulent or confirmed counterfeit parts shall not be reintroduced into the supply chain, restocked nor returned to the manufacturer in a stock rotation.
The documented processes shall assure that all occurrences of counterfeit parts are reported, as appropriate, to internal organizations, affected customers, authority having jurisdiction, and government reporting organizations (e.g., GIDEP). External reporting shall include the manufacturer’s response if provided. Section 3.10 of AS6496 does not require reporting specifically to GIDEP or the contracting officer. Inclusion of GIDEP reporting will need to be addressed in the Counterfeit Control Plan. For our purposes, the contracting officer is the buyer placing the order with the distributor.
Identify counterfeits
The DFARS states this as methodologies to identify suspect counterfeit parts and to rapidly determine if a suspect counterfeit part is, in fact, counterfeit.
According to AS6496, the customer return process shall provide for verification that parts returned by the customer to the organization were purchased directly from the organization and not through another source. Verification shall require validation of the returned parts against the organization’s traceability records, including the date/lot code of Parts returned when available. If the date/lot codes do not match the shipped product, the organization shall disposition the Parts based upon the organization’s determination of whether the parts are suspect.
Parts returned to an organization from a customer shall be inspected for any evidence of alteration, mishandling, improper packaging or repackaging. The organization shall disposition the parts based upon the organization’s determination of whether the parts are suspect.
When receiving parts, the organization shall verify that the shipment was shipped by the intended supplier. Suspect parts may be returned to the manufacturer for analysis and disposition to confirm their status as counterfeit or not counterfeit. Incoming parts from manufacturers and authorized distributors are normally dock-to-stock and only inspected for count, kind and condition. Reading the DFARS as a whole it could be justified that incoming parts from manufacturers and authorized distributors are very low risk and not subject to further inspection and testing. This is easily documented in your AS6496 plan. This is the same message as in element 2. Another source of incoming parts are the parts that have been returned from a customer. This of course is the highest risk and should be a focal point for avoiding counterfeits.
Detecting counterfeit parts
The DFARS states design, operation and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts. The contractor may elect to use current government- or industry-recognized standards to meet this requirement.
AS6496 says the organization shall develop and implement a Counterfeit Electronic Parts Control Plan that documents its processes, used for risk mitigation, disposition, and reporting of suspected and confirmed counterfeit parts. The control plan shall be applied to all purchases or customer returns of electronic parts and shall include the minimum processes described.
An authorized distribution system compliant with AS6496 is the best system to avoid counterfeit parts. This is accomplished by implementing the plan developed from the Counterfeit Electronic Parts Control Plan.
Flow down
The DFARS states flow down of counterfeit detection and avoidance requirements, include applicable system criteria provided herein, to subcontractors at all levels in the supply chain that are responsible for buying or selling electronic parts or assemblies containing electronic parts, or for performing authentication testing.
According to SAE, an organization purchasing parts from authorized distributors shall confirm that these distributors have a Counterfeit Electronic Part Control Plan that adheres to this standard or has a plan compliant to AS6496 through their quality management system. Distributors can communicate the flow down requirements of this DFARS through a distribution agreement, purchase order, or supplier quality requirements/specifications.
In terms of staying informed, the DFARS process is for keeping continually informed of current counterfeiting information and trends, including detection and avoidance techniques contained in appropriate industry standards, and using such information and techniques for continuously upgrading internal processes.This is not addressed in the AS6496 standard, but easily fixed in the implementation of a counterfeit control plan. While this particular DFARS rule is not specifically addresses in AS6496, ‘the desire for contractors to keep abreast of counterfeiting information and trends to maintain supply chain integrity’, can be achieved through the combined training (3.7) and reporting (3.10) activities called out in AS6496. Staying informed may include industry publications, committee participation, GIDEP reviews, seminar/webinar attendance, etc.
GIDEP, as described by the DFARS, is a process for screening GIDEP reports and other credible sources of counterfeiting information to avoid the purchase or use of counterfeit electronic parts. It is not addressed in the AS6496 standard, but easily fixed by adding such processes in the implementation of a counterfeit control plan.
Obsolete electronic parts
The final DFAR policy is the control of obsolete electronic parts in order to maximize the availability and use of authentic, originally designed, and qualified electronic parts throughout the product’s life cycle. An obsolete electronic part means an electronic part that is no longer in production by the original manufacturer or an aftermarket manufacturer that has been provided express written authorization from the current design authority or original manufacturer. This particular DFARS rule requires contractors to control obsolete electronic parts. The rule noted that detailed guidance requiring mechanisms for controlling obsolete parts was outside the scope of the DFARS. However, the supply chain is still expected to have systems in place to control obsolete parts.
In accordance with DFARS Part Traceability and AS6496 Commercial and Industrial Part Documentation, authorized distributors will continue to maintain traceability of any parts they inventory regardless of obsolescence status. To comply with the DFARS, the authorized distributor should be able to present their process related to product change notification and obsolete parts.
by Electronic Components Industry Association (ECIA)