fraudulent-counterfeit electronic parts risk mitigation through standardized certification of...

Fraudulent/Counterfeit

Electronic Parts Risk Mitigation

through Standardized

Certification of Distributors

8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 1

Phil Zulueta

SAE International G-19 Committee Chairman

and

Bob Bodemuller

Project Mission Assurance Manager

Ball Aerospace & Technologies Corp.

Outline

• Distributor Paradigm Shift

• Recent assessment of GIDEP data

• SAE AS6081, a management systems industry

standard

• Prevention and Detection methods

• Independent 3rd party accredited certification to

AS6081


• Counterfeit Electronic Parts are

forcing a shift in the way

distributors do business

• Past – Success-driven services

included just-in-time deliveries,

consignment agreements, tape and

reeling, inspection, kitting,

assembly, test and burn-in services

• Now – Success-driven services

include inspection for counterfeits,

non-destructive and destructive

component verification tests

Distributor Paradigm Shift


Penalties - H.R. 1540, National Defense Authorization

Act for Fiscal Year 2012DECEMBER 12, 2011

SEC. 818. DETECTION AND AVOIDANCE OF COUNTERFEIT ELECTRONIC PARTS

TRAFFICKING IN COUNTERFEIT GOODS OR SERVICES

• Individual - fined ≤ $2,000,000 or imprisoned ≤ 10 years, or both

• Other than an individual - fined ≤ $5,000,000

• Second offense: Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both


CAUSE SERIOUS BODILY INJURY FROM CONDUCT IN COUNTERFEIT TRAFFICKING

• Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both


CAUSE DEATH FROM CONDUCT IN COUNTERFEIT TRAFFICKING

• Individual - fined ≤ $5,000,000 or imprisoned for any term of years or for life, or both


CONSPIRE IN COUNTERFEIT MILITARY GOODS OR SERVICES

• Individual - fined ≤ $5,000,000, imprisoned ≤ 20 years, or both

• Other than an individual - fined ≤ $15,000,000;

• Second offense: Individual - fined ≤ $15,000,000, imprisoned ≤ 30 years, or both



• OEM’s increasingly depend on their relationship with

distributors

• OEMs benefit from Distributor value-added services (often at

lower cost) because OEMs are not always knowledgeable

about addressing counterfeit electronic parts issues

• The task of educating the OEM is now becoming the

responsibility of the distributor. This means the distributor

should be the expert on the issue or face the consequences of

lost opportunities

Distributor Paradigm Shift

4 Tier Counterfeit Avoidance Inspection Process


“Observations from

Counterfeit Cases

Reported Through The

Government–Industry

Data Exchange Program

(GIDEP)”

September 2011

Henry Livingston, BAE

Systems Electronic

Systems


• BAE Systems reviewed all GIDEP Alerts and Problem Advisories

on unlimited distribution that document counterfeiting incidents

over the past decade - 369 reports

• BAE Systems offers the following facts and observations from the

GIDEP reports:– Electronic components are the most frequent targets for counterfeiting

(99%)

– Counterfeit parts find their way into the supply chain through

Independent Distributors and “Brokers”

– Despite the inspection and testing protocol applied by Independent

Distributors and “Brokers”, counterfeit products continue to escape

detection, i.e., the testing and inspection approach applied by the

supplier did not include important methods described in AS5553 and

were not applying methods to counter newer and more advanced

counterfeiting techniques

Observations from Counterfeit Cases Reported Through The

Government–Industry Data Exchange Program (GIDEP)


• Conclusions:– The most effective approach to avoiding counterfeit electronic

components is to purchase electronic components, where possible,

directly from the Original Component Manufacturer (OCM), its

authorized distributors, or through suppliers that furnish electronic

components acquired from the OCM or its authorized distributors

– When purchases from sources of supply other than the OCM and its

authorized distribution chain are necessary, due diligence must be

performed to avoid counterfeits, including an assessment of supply

chain traceability information associated with the product, risk

mitigation associated with the end use application of the product, and

inspections and tests specifically designed to detect and intercept

counterfeits





• An independent review of this same data by a U.S. Agency

confirms the above conclusions and added, “Every one of our

past-detected instances of counterfeit electronic parts would

have been detected at Receiving Inspection had a robust visual

inspection been performed.”



AS6081 - Fraudulent/Counterfeit Electronic Parts: Avoidance,

Detection, Mitigation, and Disposition – Distributors

a new management systems industry standard


• For use by distributors to establish and

maintain a Fraudulent/Counterfeit

Electronic Parts Avoidance Program in

conformance with the requirements of

AS6081 and may be used to meet some

of the requirements of AS5553

• Sets forth practices and requirements for distributors of Electrical,

Electronic, and Electromechanical (EEE) parts purchased and sold from the

Open Market, including purchased excess and returns

• Does not apply to Authorized (Franchised) Distributors and Aftermarket

Manufacturers when supplying parts obtained directly from the

manufacturers for whom they are authorized

The Organization

“Organization” refers to distributors that supply electronic parts

from any source other than directly from Original Component

Manufacturers (OCMs) or Authorized (Franchised) Distributors.

This includes, but is not limited to, Independent Distributors,

Brokers, Service Providers, Third-Party Logistics (3PL) Providers,

and Authorized (Franchised) Distributors when sourcing parts

from outside the authorized channel


4. Requirements

4.1 Quality Management System 4.1.1 Fraudulent/Counterfeit Mitigation Policy

4.2 Fraudulent/Counterfeit Electronic Parts Control Plan4.2.1 Customer Related Contract Review, Agreement, and Execution

4.2.2 Purchasing

4.2.3 Purchase Order Requirements

4.2.4 Supply Chain Traceability

4.2.5 Preservation of Product

4.2.6 Verification of Purchased Product

4.2.7 Control of Nonconforming Product

4.2.8 Material Control

4.2.9 Reporting

4.2.10 Personnel Training

4.2.11 Internal Audit


Counterfeit Prevention through Full Disclosure and

Open Communication in Establishing Contracts

• Agreement on clear contract language before an order is placed is key to

minimize disputes and the risk of fraudulent/counterfeit parts trade

• The Organization shall disclose in writing at the time of each individual

quotation, the source of supply, whether the Organization is or is not

authorized (franchised) for the item(s) being quoted and is or is not

providing full manufacturer’s warranty on the quoted material

• The Organization shall issue a revised written quotation to the Customer, if

at any time the source of supply changes (i.e., at the time of initial quote,

parts were being procured from an authorized source, but said parts

subsequently became unavailable and as a result, the Organization had to

procure the material from an alternate source).

• In the event customer commitments cannot be satisfied, the Organization

shall notify the Customer in writing and mutually agree to any contract

modifications


Counterfeit Prevention through Diligent Supplier

Approval and Source Selection Procedures

• Assess supply sources to determine risk of receiving

fraudulent/counterfeit parts. Procedures may include surveys,

audits, review of product alerts, review of Supplier quality data,

past performance, etc.

• Maintain a register of approved Suppliers to include the supplier

approval and source selection criteria and furnish to the Customer

upon request

• Include a process for assessment, corrective action or removal of

approved Suppliers

• Procure directly from OCMs (first priority) or Authorized Suppliers

(second priority) when the parts are available from those sources

and can meet Customer delivery requirements

Zulueta & Bodemuller - CMSE 2012 148 Feb 2012

Zulueta & Bodemuller - CMSE 2012 15

• When the Organization has quoted parts to the Customer as having

been sourced from Authorized Distribution, Organization shall

require Suppliers to disclose at the time of each individual

quotation, objective evidence that the Supplier is authorized

(franchised) for the item(s) being quoted and is or is not providing

full manufacturer’s warranty on the quoted material.

• Require Suppliers to issue a revised written quotation, if at any time

the source of supply changes (i.e., at the time of initial quote, parts

were being procured from an authorized source, but said parts

subsequently became unavailable and as a result, the Supplier had

to procure the material from an alternate source)

8 Feb 2012

Counterfeit Prevention through Diligent Supplier

Approval and Source Selection Procedures

• The Organization shall communicate and document contract provisions that establish purchasing controls for fraudulent/counterfeit part avoidance. Requirements to manage risk shall be determined prior to entering into a contractual agreement. Examples of contractual requirements and clauses are provided in the Appendices.

• The purchase contract shall include flow-through requirements, as specified by the Customer and requirements to manage risk determined above

• The purchase contract shall define the product as quoted and require the Supplier to meet the requirements exactly. Changes relative to the source of supply or traceability shall be approved by the Customer and made in advance of the Supplier shipping parts.


Purchase Order Requirements

Counterfeit Prevention through

Required Supply Chain Traceability

• Retain records providing supply chain traceability wherever such

traceability exists

• Records shall provide traceability to the OCM or Aftermarket

Manufacturer that identifies the name and location of all supply

chain intermediaries for all procurement lots, and the date of all

intermediate purchases, from the part manufacturer to the direct

source of the product for the seller

• Provide records with each shipment and, unless otherwise

specified by Customer contractual agreement, retain for a

minimum of five (5) years or in accordance with Customer

statutory and regulatory requirements



Counterfeit Prevention through

Required Supply Chain Traceability

• If traceability is incomplete or unavailable, obtain Customer

approval before shipment

• Traceability requirement applies to new purchases of material,

material in inventory, and material transferred from other

businesses within the Organization

• If the Organization (acting as Supplier) is not the original

manufacturer of the Goods or Services, the Organization shall also

provide with the delivery of each consignment, copies of the

original manufacturer’s certificate of conformity/compliance

together with the test results, etc. where applicable

Counterfeit Detection through

Verification of Purchased Product

• When the Customer has contractually specified AS6081 and

unless otherwise specified by the Customer, conduct Table 1,

Level A minimum inspection and testing for both active and

passive parts or assemblies that contain active elements

• Verification of Purchased Product shall be in accordance with

documented Customer or contract requirements


Table 1 – Lot Sampling Plan


Test/Inspection Minimum Sample Size Level

Lot Size 200 or greater

Devices

Lot Size 1-199 Devices

(See note 1)

Minimum Required Tests Level A

Documentation and Packaging A1

Documentation and Packaging Inspection (4.2.6.2.1) (non-destructive) All devices All devices

External Visual Inspection A2

a. General (4.2.6.2.2.1) (non-destructive) All devices All devices

a. Detailed (4.2.6.2.2.2) (non-destructive) 122 devices 122 or all devices,

whichever is less

Remarking & Resurfacing See note 2 See note 2 A3

Scanning Electron Microscope (4.2.6.2.3 A) (destructive) 3 devices 3 devices

Quantitative Surface Analysis (4.2.6.2.3 B) (non-destructive) 5 devices 5 devices

Solvent Test for Remarking (4.2.6.2.3 C) (destructive) 3 devices 3 devices

Solvent Test for Resurfacing (4.2.6.2.3 D) (destructive) 3 devices 3 devices

Radiological (X-Ray) Inspection A4

X-Ray Inspection (4.2.6.2.4) (non-destructive) 45 devices 45 devices or all

devices, whichever is

less

Lead Finish Evaluation (XRF or EDS/EDX See note 3 See note 3 A5

XRF (non-destructive)or EDS/EDX (destructive) (4.2.6.2.5) (Appendix D.1) 3 devices 3 devices

Delid/Decapsulation Physical Analysis (destructive) See note 4 See note 4 A6

Delid/Decapsulation (4.2.6.2.6) (destructive) 3 devices 3 devices

Why Certification?

• Purpose of Certification is to provide confidence to all parties

that a management system fulfills specified requirements

• The value of certification is the degree of public confidence

and trust that is established by an impartial and competent

assessment by a third-party

• Parties that have an interest in certification include, but are not

limited to:a) the clients of the certification bodies,

b) the customers of the organizations whose management systems are

certified,

c) governmental authorities,

d) non-governmental organizations, and

e) consumers and other members of the public


Third-party Certification Audit

• Audit carried out by an auditing organization independent of the

client and the user, for the purpose of certifying the client's

management system

• Includes initial, surveillance, re-certification audits, and can also

include special audits

• Are typically conducted by audit teams of those bodies providing

certification of conformity to the requirements of management

system standards

• Combined audit - when a client is audited against the requirements

of two or more management systems standards together

• Integrated audit - when a client has integrated the application of

requirements of two or more management systems standards into a

single management system and is being audited against more than

one standard


ANSI-ASQ National

Accreditation Board (ANAB)

ANAB assesses and accredits

certification bodies (CBs) that

demonstrate competence to

audit and certify

organizations conforming with

management systems

standards

ACLASS, one of two brands of

the ANSI-ASQ National

Accreditation Board, provides

accreditation for ISO/IEC

17025 testing and calibration

laboratories



Certification Scheme Work in Progress

Conclusions


• Distributors are responding to the fraudulent/counterfeit electronic

parts issues, but vary considerably in their approaches and methods

• Recent assessment of GIDEP data confirms that counterfeits

continue to escape detection

• SAE AS6081 has been created for distributors to provide uniform

requirements, practices with a balance of updated prevention and

detection methods

• Independent 3rd party accredited certification to AS6081 will be

required to provide confidence that the distributor’s management

system fulfills specified requirements

• No one practice, combination of practices, standard or certification

to that standard's requirements will prevent fraudulent/counterfeit

parts from the entering the supply chain, but AS6081 provides a

vehicle for specific elements of the supply chain to work together to

minimize that risk

Thank You!

Questions?

Phil ZuluetaSAE International G-19 Committee ChairmanT: 661-400-4294E: [email protected]

Bob Bodemuller

Ball Aerospace & Technologies Corp

T: 303-939-4606

E: [email protected]


fraudulent-counterfeit electronic parts risk mitigation through standardized certification of...

Documents

services individual

zulueta bodemuller cmse

counterfeit goods

counterfeit military

term of years

gidep reports

electronic parts areforcing

electronic components