Launch your next mission - Part 5: Counterfeit Parts

09 December 2019

Whenever I am meeting a new client for the first time and I ask “what are you doing about counterfeit prevention?” I often get the answer “we don’t do electronic parts so that doesn’t apply to us”.

82% of all known counterfeit events are electronics so the rest is made up of material or mechanical parts. Just because you may not use electronic parts within your process doesn’t mean that counterfeit prevention should be ignored.

There are three key definitions surrounding counterfeit parts:

Suspect Part - A part in which there is an indication that it may have been misrepresented by the supplier or manufacturer and may meet the definition of fraudulent part or counterfeit part provided below.

Fraudulent Part - Any suspect part misrepresented to the customer as meeting the customer’s requirements.

Counterfeit Part - A fraudulent part that has been confirmed to be a copy, imitation, or substitute that has been represented, identified, or marked as genuine, and/or altered by a source without legal right with intent to mislead, deceive, or defraud.

So why do we have counterfeit parts?

The easy and quick answer is money, there is a lot of money in counterfeit parts which is one of the main drivers. From one electronic part alone it was estimated that the manufacturing costs were around 2 cents and they were selling for $35 each. Based on the volume in the industry they estimated the gross profit each month to be $2,000,000.

This is not the only driver; there are many factors that can influence counterfeit parts into the supply chain such as:

Complex products
Complex processes
Small quantity purchases
Long duration product lifecycles
Ever changing Supply Chain

Many OCMs go out of business prior to the end of the product life cycle, if you still need those parts then you need to look at other sources of supply.

Unfortunately, there are also just unscrupulous people in the world who do not think there is anything wrong with faking documentation.

Where are the problems?

The aerospace industry is a complex sector with counterfeit parts entering through the supply chain and the more complex the specific chain is for given parts the greater the risk of counterfeit parts entry.

Due to the size and complexity of the supply chain, organizations need to be aware of where their main risks are when it comes to evaluating their own products.

Below is an overview of the aerospace supply chain, as an organization you should not only identify where you are in this chain but probably more importantly where your suppliers are.

84% of Primes and their sub-contractors have identified that known counterfeit parts were obtained from brokers and 42% identified sources from Independent distributors. These are where most of the counterfeit parts enter the industry but why is that?

Where you are in the supply chain will dictate your focus over suppliers. If you are at the top you will focus on supplier management and will often visit those suppliers, have a long relationship with them, monitor them very closely etc.

If you are at the bottom you tend to just focus on meeting customer demands and not necessarily the supply chain management.
Organizations who are at the bottom of the supply chain need to apply more attention and focus onto their own supply chain management in order to mitigate the risks of counterfeit items entering the sector.

Needs of the Industry

Every member of an organization has their role to play in the prevention of counterfeit parts, many organizations will just focus on delivering training to goods receiving personnel but these personnel are one of the last chances you have of identifying counterfeit parts.

Top Management need to ensure their Quality Management System promotes the acquisition of acceptable parts for integration into the product.

CONTRACTS/SALES

Sales/Contract Teams are responsible and accountable for the safety, technical integrity, performance, and mission success of the program or project, while also meeting programmatic (cost and schedule) commitments. Sales/Contract Teams must ensure customer requirements are flowed and executed throughout the functions.

Contract Definition - Ensure lifecycle planning and counterfeit avoidance plan are negotiated with the customer; ensure common understanding of customer counterfeit requirements. Ensure all customer requirements are flowed to the affected functions. For Government programs, understand the customer's strategy on obsolescence management including funding, notifications, lead times.
Cost and Schedule Planning - Budget appropriately to accommodate potential end of life/bridge buys and redesign; Allow for Schedule variation due to market conditions (e.g., material/components availability, lead time); Allocate budget for increased inspection and testing requirements as risk assessment deems necessary
Integrated PMP Requirements and Plans - Develop and Implement Integrated parts management requirements and plans
Integrated Counterfeit Control Plan - Integrate Counterfeit Control Plan with Program Plan
Flow of Counterfeit Avoidance requirements - Assure applicable counterfeit avoidance requirements are contractually flowed down to suppliers

ENGINEERING

Engineering has the role of specifying parts in the design process that are obtainable from integrity based sources. Where the engineering role is typically associated with developing a design that meets the customer’s needs, there are typically points where options exist.

Consideration should be given to options that include parts that can be obtained from OCM’s, OCM authorized distributors, and other authorized sources.

Parts, Material Plan - Avoid single sources, determine product availability, drive common part usage
Trade Studies - open architecture – Focus on common verses custom; Design to product family not specific one time application; Consider redesign/refresh verses reuse
Design for Obsolescence - Look at component lifecycle relative to program/product lifecycle; Look for alternate parts

Inspection/Test Criteria - Plan for Inspection and Test to validate product to engineering specifications; establish criteria for inspection and testing; establish minimum levels and acceptance requirements. Perform application specific risk assessment and determine commensurate inspection and test plan.

DMSMS (Diminishing Manufacturing Sources and Material Shortages) Planning - Monitor source of supply - materials and manufacturers; Refresh DMSMS plan throughout Program lifecycle
Monitor Bill of Material for part and material lifecycles and GIDEP alerts for Counterfeit Parts
Refresh Parts/ Material Plan - Based on DMSMS Planning /BOM review, determine need for bridge buy (redesign or mod) / lifetime buys/ end of life buys; Determine aftermarket supply.

PURCHASING AND SUPPLIER MANAGEMENT

Supplier Management and/or Procurement typically has the role of buying the specified parts at the best price that meets production schedules. Due consideration should be given to obtaining these parts from sources that help mitigate the risks associated with part integrity. To ensure that this process is successful, source selection criteria should be established.

Make/Buy Strategy - Target multiple authorized sources of supply (internal and external)
Request for Quote (RFQ), Request for Proposal (RFP), Request for Information (RFI) - Include counterfeit contract requirements upfront
Source Selection - Establish preference for Procurement is OCM/Authorized/Franchised Distributors; Aftermarket Manufacturers; Independent (Non-franchised, unauthorized) distributors. Establish requirements for preferred independent (non-franchised/unauthorized) distributors
Purchase Contract Controls - Flowdown contract clauses/requirements for counterfeit parts - e.g. definition, warranty, disclosure, flow through, mitigation, handling
Supplier Performance - Monitor GIDEPS, schedule/delivery/quality (non-conformances)/cost; insight into business elements (e.g. D&B rating)
Supplier Base Management - Establish an Approved Supplier List (ASL), Approved vendor List (AVL) or Preferred Supplier List with supplier rating. Use supplier performance to aid in contract award decisions
Lifetime Buys - Coordinate with Engineering and customers to proactively support end of life buys

SUPPLIER QUALITY

Supplier Quality has the role to ensure supply chain compliance and conformance of purchased products and services throughout the product life cycle. This implies early involvement in programs to establish effective quality requirements and oversight plans as well as early engagement with suppliers to ensure a thorough understanding of requirements and capabilities.

Make/Buy Strategy - Communicate supplier capability; Perform supplier capability assessment; Understand internal mfg. capability, risk and core competencies
Q Clauses, Contract Clauses, Requirement Doc - Develop contract clauses for counterfeit requirements (Ref AS5553 Appendices for clause language)
Program Quality Plan - Incorporate Counterfeit Parts Control Plan; Integrate with Parts Material Plan
Supplier Assessment/Approvals - Develop Counterfeit parts approval requirements and maintenance surveillance; Perform onsite supplier assessments
Control Conditional/Limited Approvals - Establish criteria (duration, scope, business unit, PN, PO)
Risk Mitigation Plans - Establish necessary Inspection and testing; Establish source inspection requirements
Product verification (supplier responsible for test/inspection; source inspection, supplier delegated, receiving inspection) - Execute appropriate levels of inspection and testing to determine authenticity and conformance. Ensure use of approved test labs if required.
Perform Surveillance - Establish risk based surveillance plan that is continually updated based on supplier performance
Supplier Performance Metrics - Establish supplier/distributor metrics; process health metrics to allow for continuous improvement of counterfeit risk mitigation

RECEIVING INSPECTION

Inspection & Test (Receiving, in-process production, final product acceptance, etc.) – Inspection & Test typically has the role of verifying that the received parts meet the specified requirements for Form, Fit & Function.

Inspection & Test activities come in various flavours, each with different levels of depth and rigor in verifying that the parts meet the organization’s needs.

Receiving Inspections Test Protocols and Planning - Add additional tests commensurate with and inspection into RI plans by commodity/part number/supplier commensurate with counterfeit risk. Incorporate Risk Mitigation Plan actions accordingly.
Product Validation and Disposition - Execute appropriate levels of inspection and testing per specific RI Plan to validate conformance. Ensure use of approved test labs if required.
See below Reporting Incidents – Ensure the reporting of suspect counterfeit parts across all appropriate business units /functions (include Legal/Contracts) and notify customer/GIDEP/regulatory agencies as required.

Inventory Control & Segregation - Coordinate with Parts Control to ensure suspect counterfeit parts are bonded; ensure adequate inspection prior to acceptance of parts returned to stock; Avoid comingling of parts procured from independent distributors; Ensure segregation and traceability by supplier lot # and date code.

PRODUCTION PLANNING & INSPECTION

Proper production planning that ensures adequate inspection and testing of supplier parts at the appropriate points in the production process.

AS9100 and AS9120 Counterfeit Parts

Within the standard there are many clauses which refer to counterfeit parts in one way or another with the most prominent being:

8.1 Operational Planning and Control
8.1.4 Prevention of Counterfeit Parts
8.3.3 Design and Development Inputs
8.4.2 Type and Extent of Control
8.4.3 Information for External Providers
8.5.5 Post-Delivery Activities
8.5.6 Control of Changes
8.7 Control of Nonconforming Outputs

When asking organizations what they are doing about counterfeit part prevention they immediately answer with “we have trained our goods receiving department”, this is not sufficient or adequate. Clause 8.1.4 for example sets out some very clear guidelines on what types of controls you should be putting in place.

8.1 Operational Planning and Control

Standard requirements:

“The organization shall plan, implement, and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in clause 6, by: a. determining the requirements for the products and services;

NOTE: Determination of requirements for the products and services should include consideration of:
− recycling or final disposal of the product at the end of its life.”

The clause is all about planning what controls you need to put in place from a high level thought process. Think about your products and services and what you may need to do. The specific emphasis in this clause is the recycling and final disposal of the product at the end of its life.

One of the issues with this not being carefully considered is parts that have been deemed to be at the end of their life and are removed from an aircraft could enter the supply chain again as a spare. Parts are removed from aircraft according to manufacturers instructions, the components may be working just fine but they have only been designed to operate for a defined number of operating hours or time. These parts are removed and replaced. If these are not disposed of correctly they could re-enter the supply chain as they appear operable.

This specific note may not directly impact all organizations but its good to be aware of it.

8.1.4 Prevention of Counterfeit Parts

Standard requirements:

“The organization shall plan, implement, and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect counterfeit part use and their inclusion in product(s) delivered to the customer.

NOTE: Counterfeit part prevention processes should consider:
− training of appropriate persons in the awareness and prevention of counterfeit parts;
− application of a parts obsolescence monitoring program;
− controls for acquiring externally provided product from original or authorized manufacturers, authorized distributors, or other approved sources;
− requirements for assuring traceability of parts and components to their original or authorized manufacturers;
− verification and test methodologies to detect counterfeit parts;
− monitoring of counterfeit parts reporting from external sources;
− quarantine and reporting of suspect or detected counterfeit parts.”

This is the main clause for prevention of counterfeit parts and many organizations just jump straight to the part about training of appropriate persons and think that covers them. Organizations need to have thought about each element of these notes and see which apply to them, in most cases they will all apply to you.

Training of appropriate persons should not just be your goods receiving team as highlighted before, it is good to have a basic understanding across all departments of the business but with additional training in areas such as engineering, design, production, purchasing and obviously quality.

Other personnel such as your internal auditors are also forgotten about, your internal auditors need to be trained in counterfeit avoidance to enable them to audit the business effectively.

Elements of training should include:

Prevention
Mitigation
Detection
Disposition
Reporting

I won’t go into parts obsolescence in too much detail as the last part of this series will cover this in more detail. However, a major part of counterfeit avoidance is monitoring parts that are becoming or have become obsolete. Each organization should have a system in place and be aware of this risk.

The other areas I will cover in more detail later in the article. When you are planning your management system you need to think about all of the notes in this clause, identify what you need to do appropriate to your business and monitor your performance against this.

8.3.3 Design and Development Inputs

Standard Requirements:

“The organization shall determine the requirements essential for the specific types of products and services to be designed and developed. The organization shall consider:
f. when applicable, the potential consequences of obsolescence (e.g., materials, processes, components, equipment, products).”

Obviously your organization may not design but please do not skip this clause in terms of understanding it. If you manufacture then you should be aware of potential consequences of obsolescence. Many of you have received designs with components or materials that are no longer available, what do you do?

You should never search the internet or contact a supplier and seek alternatives; you should always refer the issue back to the design authority who will need to make those determinations. If something is obsolete, but the onus back on your customers and design authority to come back to you with a suitable alternative.

If you are a design authority then you need to have a system in place for obsolescence management as per 8.1.4. I will be going into more detail of this requirement in the next article in the series.

8.5.5 Post-Delivery Activities

Standard Requirements:

“The organization shall meet requirements for post-delivery activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the organization shall consider:
i. product/customer support (e.g., queries, training, warranties, maintenance, replacement parts, resources, obsolescence).
When problems are detected after delivery, the organization shall take appropriate action including investigation and reporting.”

I wont go into detail about obsolescence but the important element of this clause when looking at counterfeit parts is supplying replacement parts from the correct sources (will detail more in the following sections) and also what to do if parts are found to be counterfeit after shipment.

If you have shipped parts onto a customer and at some point down the line they are suspected to be counterfeit then you need to take appropriate action and inform the authorities and your customers of the issue.

A lot of counterfeit parts are only detected once in use for a period of time, parts start failing at unusual rates which can be the first trigger that something is not right. If this happens then you need to be able to determine where in the world all of those parts are and the potential risk of failures.

8.7 Control of Nonconforming Outputs

Standard Requirements:

“Counterfeit, or suspect counterfeit, parts shall be controlled to prevent reentry into the supply chain."

This one might sound obvious but I have caught some organizations putting material back into the supply chain when they deemed it to be counterfeit. You should never put anything back into the supply chain when it is deemed counterfeit or suspect counterfeit.

You should have a system for reporting these issues which I will cover in more detail later in the article.

Risk Hierarchy

When you look at the purchasing elements of the management system this is where most of the risk lies, organizations need to adequately assess the risk depending on a number of factors not just how long they have known a particular supplier which is the most common answer.

The risk should be taken from a three pronged approach where you consider the application of the product, the source of supply and the supplier assessment. The risk level should determine what controls you should then have in place to mitigate the risk of counterfeit which is generally then down to supply management including goods receiving.

The below model identifies the three pillars of identify the risks in blue, the controls you would then put in place are in green and these depend on the resulting risks of the blue areas.

I have expanded the blue elements out into more detail on possible factors which may determine the risk ratings, you could easily score each of the factors and give a resulting risk rating. You can then use this risk rating to determine what actions you need to put in place such as 100% sample inspection, testing, decapsulation, destructive tests….

As an example, if the product you are manufacturing is a non-critical application you could give a score of 1, if the source of supply is an authorised distributor then you could give a 2, if that supplier is AS9120 certified you could give a score of 3. Add those together and the resulting risk is 6 which you may deem as low risk and therefore perform some basic checks on the traceability of the part (ensure the paperwork is all in place back to the source).

If you have other applications that are life dependant, purchasing from unknown sources and they are an organization who has only been in business for two years then you might score a 22 overall and these would be in the high bracket so we may want to perform some deeper inspections and tests as well as have traceability documentation.

The above is just an example from information I have pulled from various sources, you can adjust the scale to suit your business.

Raw Material Verification

One of my other articles covered this in greater detail but raw material verification is one of the key processes needed to mitigate the risk of counterfeit parts/material. The standard asks for raw material testing when the risk of counterfeit parts or non-conformances is high. You need to perform a risk assessment beforehand to determine when you would need to perform these tests.

Verification methods are highlighted below, the documentation and packaging should be performed at a minimum with NDT and DT being performed when the risk is high.

Documentation and Packaging:

Lot and/or date codes on the packaging do not match the lot and/or date codes on the parts.
Review of logos, trademarks and other identifying marks to ensure they match manufacturers’ marks as applicable.
Changes to or irregularities in the documentation and/or paper trail.
Part number marked on the materiel does not match the part number on the Purchase Order and the certifications.
Materials are inconsistent with the description on the supplied documentation.
Serial number issues or duplication of UII (Unique Item Identifier).

NDT and DT:

Visual, Weight, Optical and Infrared
Liquid Penetrant Inspection
Magnetic Particle Inspection
Ultrasonic Inspection
Eddy Current Inspection
Radiological Inspection
Thermography Inspection
Acoustic Emission
Holography/Shearography
Heat Flow Microcalorimetry
Functional test
Destructive: deformation, mettallurgical, exposure, analytical, functional

For additional information please read my article relating to raw material verification and supplier risk.

Electronic Components Verification

I will be writing another article on this in more detail as it can become complex but the important thing to remember here is probably the source of supply and traceability. You should always endeavour to acquire components and parts directly from the Original Equipment or Component Manufacturers but this is not always possible. This is especially an issue when items are coming to the end of life which I will also cover in more detail within my obsolescence article.

At minimum you need to ensure you have the traceability documentation back to the OEM/OCM with no links in the chain missing. You may buy from unauthorised distributors but you should still have the paperwork that shows the original source and chain of custody.

Minimum requirements for electronic component inspection (when not buying from the OEM/OCM or their authorised distributor:

Documentation and packaging
External visual inspection
- General
- Detailed
Remarking & resurfacing (destructive)
Radiological (X-ray) inspection
Lead finish evaluation (XRF of EDS/EDX)
Delid/dacapsulation internal analysis (destructive)

Additional Tests as required:

Scanning electron microscope
Quantitative surface analysis
Thermal testing
Electrical testing
Burn-in
Hermeticity (fine and gross leak)
Scanning acoustical microscopy

There is a specific standard: AS6081 which can be implemented for this process and is highly recommended for organizations who are not the OEM/OCM or authorised distributor. It will give your customers confidence in your management system controls for detecting counterfeit parts. More detail of this standard can be found here - AS6081.

Counterfeit Reporting

Suppliers should have a process in place on how and where to report suspected or confirmed counterfeit parts or materials. This process should include who to contact and what (if any) organizations to report the information to. All appropriate personnel should be aware of the proper reporting process for suspected Counterfeit or Unapproved Parts within their own company as well as required by customers and local authorities.

Reporting in accordance to contract requirements, federal or local laws and regulations of unapproved/counterfeit parts and materials to the appropriate authorities/agencies is the responsibility of all suppliers in the supply chain and benefits the entire aviation, space and defence industry.

In addition to reporting to the Buyer and/or government authority/agencies, reporting to the Government Industry Data Exchange Program GIDEP is also recommended and considered an industry best practice. Gathering and submitting information relating to the unapproved/counterfeit parts or materials in industry accessible, centralised databases allows companies to research parts and suppliers/distributors before purchasing from them. Other reporting programs include ERAI, CAA, EASA and the FAA.

The counterfeit parts risk has impacted all levels of the supply chain. OEMs, distributors, customers, and suppliers need to work together to be more aware of the problem and deal with counterfeits and counterfeiters. Reporting suspect unapproved/counterfeit parts has multiple purposes. It:
- Helps to limit the proliferation and use of counterfeit parts across the supply chain by alerting others of suspect counterfeit parts, methods of counterfeiting, inspection and testing used for verification etc.
- Helps other players in the supply chain adequately assess risk and improve quality and reliability
- Seeks to reduce the resources need to maintain awareness of counterfeit issues by establishing a cooperative effort to exchange technical information.

Keep an eye out for my final blog in this 6 part series on Obsolescence.

Download a copy of our handy Counterfeit Parts Checklist.

If you would like to get information on what Aerospace training NQA has to offer please click here.