View
1.741
Download
0
Category
Tags:
Preview:
Citation preview
Fraudulent/Counterfeit
Electronic Parts Risk Mitigation
through Standardized
Certification of Distributors
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 1
Phil Zulueta
SAE International G-19 Committee Chairman
and
Bob Bodemuller
Project Mission Assurance Manager
Ball Aerospace & Technologies Corp.
Outline
• Distributor Paradigm Shift
• Recent assessment of GIDEP data
• SAE AS6081, a management systems industry
standard
• Prevention and Detection methods
• Independent 3rd party accredited certification to
AS6081
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 2
• Counterfeit Electronic Parts are
forcing a shift in the way
distributors do business
• Past – Success-driven services
included just-in-time deliveries,
consignment agreements, tape and
reeling, inspection, kitting,
assembly, test and burn-in services
• Now – Success-driven services
include inspection for counterfeits,
non-destructive and destructive
component verification tests
Distributor Paradigm Shift
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 3
Penalties - H.R. 1540, National Defense Authorization
Act for Fiscal Year 2012DECEMBER 12, 2011
SEC. 818. DETECTION AND AVOIDANCE OF COUNTERFEIT ELECTRONIC PARTS
TRAFFICKING IN COUNTERFEIT GOODS OR SERVICES
• Individual - fined ≤ $2,000,000 or imprisoned ≤ 10 years, or both
• Other than an individual - fined ≤ $5,000,000
• Second offense: Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both
• Other than an individual - fined ≤ $15,000,000
CAUSE SERIOUS BODILY INJURY FROM CONDUCT IN COUNTERFEIT TRAFFICKING
• Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both
• Other than an individual - fined ≤ $15,000,000
CAUSE DEATH FROM CONDUCT IN COUNTERFEIT TRAFFICKING
• Individual - fined ≤ $5,000,000 or imprisoned for any term of years or for life, or both
• Other than an individual - fined ≤ $15,000,000
CONSPIRE IN COUNTERFEIT MILITARY GOODS OR SERVICES
• Individual - fined ≤ $5,000,000, imprisoned ≤ 20 years, or both
• Other than an individual - fined ≤ $15,000,000;
• Second offense: Individual - fined ≤ $15,000,000, imprisoned ≤ 30 years, or both
• Other than an individual - fined ≤ $30,000,000
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 4
• OEM’s increasingly depend on their relationship with
distributors
• OEMs benefit from Distributor value-added services (often at
lower cost) because OEMs are not always knowledgeable
about addressing counterfeit electronic parts issues
• The task of educating the OEM is now becoming the
responsibility of the distributor. This means the distributor
should be the expert on the issue or face the consequences of
lost opportunities
Distributor Paradigm Shift
4 Tier Counterfeit Avoidance Inspection Process
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 5
“Observations from
Counterfeit Cases
Reported Through The
Government–Industry
Data Exchange Program
(GIDEP)”
September 2011
Henry Livingston, BAE
Systems Electronic
Systems
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 6
• BAE Systems reviewed all GIDEP Alerts and Problem Advisories
on unlimited distribution that document counterfeiting incidents
over the past decade - 369 reports
• BAE Systems offers the following facts and observations from the
GIDEP reports:– Electronic components are the most frequent targets for counterfeiting
(99%)
– Counterfeit parts find their way into the supply chain through
Independent Distributors and “Brokers”
– Despite the inspection and testing protocol applied by Independent
Distributors and “Brokers”, counterfeit products continue to escape
detection, i.e., the testing and inspection approach applied by the
supplier did not include important methods described in AS5553 and
were not applying methods to counter newer and more advanced
counterfeiting techniques
Observations from Counterfeit Cases Reported Through The
Government–Industry Data Exchange Program (GIDEP)
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 7
• Conclusions:– The most effective approach to avoiding counterfeit electronic
components is to purchase electronic components, where possible,
directly from the Original Component Manufacturer (OCM), its
authorized distributors, or through suppliers that furnish electronic
components acquired from the OCM or its authorized distributors
– When purchases from sources of supply other than the OCM and its
authorized distribution chain are necessary, due diligence must be
performed to avoid counterfeits, including an assessment of supply
chain traceability information associated with the product, risk
mitigation associated with the end use application of the product, and
inspections and tests specifically designed to detect and intercept
counterfeits
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 8
Observations from Counterfeit Cases Reported Through The
Government–Industry Data Exchange Program (GIDEP)
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 9
• An independent review of this same data by a U.S. Agency
confirms the above conclusions and added, “Every one of our
past-detected instances of counterfeit electronic parts would
have been detected at Receiving Inspection had a robust visual
inspection been performed.”
Observations from Counterfeit Cases Reported Through The
Government–Industry Data Exchange Program (GIDEP)
AS6081 - Fraudulent/Counterfeit Electronic Parts: Avoidance,
Detection, Mitigation, and Disposition – Distributors
a new management systems industry standard
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 10
• For use by distributors to establish and
maintain a Fraudulent/Counterfeit
Electronic Parts Avoidance Program in
conformance with the requirements of
AS6081 and may be used to meet some
of the requirements of AS5553
• Sets forth practices and requirements for distributors of Electrical,
Electronic, and Electromechanical (EEE) parts purchased and sold from the
Open Market, including purchased excess and returns
• Does not apply to Authorized (Franchised) Distributors and Aftermarket
Manufacturers when supplying parts obtained directly from the
manufacturers for whom they are authorized
The Organization
“Organization” refers to distributors that supply electronic parts
from any source other than directly from Original Component
Manufacturers (OCMs) or Authorized (Franchised) Distributors.
This includes, but is not limited to, Independent Distributors,
Brokers, Service Providers, Third-Party Logistics (3PL) Providers,
and Authorized (Franchised) Distributors when sourcing parts
from outside the authorized channel
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 11
4. Requirements
4.1 Quality Management System 4.1.1 Fraudulent/Counterfeit Mitigation Policy
4.2 Fraudulent/Counterfeit Electronic Parts Control Plan4.2.1 Customer Related Contract Review, Agreement, and Execution
4.2.2 Purchasing
4.2.3 Purchase Order Requirements
4.2.4 Supply Chain Traceability
4.2.5 Preservation of Product
4.2.6 Verification of Purchased Product
4.2.7 Control of Nonconforming Product
4.2.8 Material Control
4.2.9 Reporting
4.2.10 Personnel Training
4.2.11 Internal Audit
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 12
Counterfeit Prevention through Full Disclosure and
Open Communication in Establishing Contracts
• Agreement on clear contract language before an order is placed is key to
minimize disputes and the risk of fraudulent/counterfeit parts trade
• The Organization shall disclose in writing at the time of each individual
quotation, the source of supply, whether the Organization is or is not
authorized (franchised) for the item(s) being quoted and is or is not
providing full manufacturer’s warranty on the quoted material
• The Organization shall issue a revised written quotation to the Customer, if
at any time the source of supply changes (i.e., at the time of initial quote,
parts were being procured from an authorized source, but said parts
subsequently became unavailable and as a result, the Organization had to
procure the material from an alternate source).
• In the event customer commitments cannot be satisfied, the Organization
shall notify the Customer in writing and mutually agree to any contract
modifications
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 13
Counterfeit Prevention through Diligent Supplier
Approval and Source Selection Procedures
• Assess supply sources to determine risk of receiving
fraudulent/counterfeit parts. Procedures may include surveys,
audits, review of product alerts, review of Supplier quality data,
past performance, etc.
• Maintain a register of approved Suppliers to include the supplier
approval and source selection criteria and furnish to the Customer
upon request
• Include a process for assessment, corrective action or removal of
approved Suppliers
• Procure directly from OCMs (first priority) or Authorized Suppliers
(second priority) when the parts are available from those sources
and can meet Customer delivery requirements
Zulueta & Bodemuller - CMSE 2012 148 Feb 2012
Zulueta & Bodemuller - CMSE 2012 15
• When the Organization has quoted parts to the Customer as having
been sourced from Authorized Distribution, Organization shall
require Suppliers to disclose at the time of each individual
quotation, objective evidence that the Supplier is authorized
(franchised) for the item(s) being quoted and is or is not providing
full manufacturer’s warranty on the quoted material.
• Require Suppliers to issue a revised written quotation, if at any time
the source of supply changes (i.e., at the time of initial quote, parts
were being procured from an authorized source, but said parts
subsequently became unavailable and as a result, the Supplier had
to procure the material from an alternate source)
8 Feb 2012
Counterfeit Prevention through Diligent Supplier
Approval and Source Selection Procedures
• The Organization shall communicate and document contract provisions that establish purchasing controls for fraudulent/counterfeit part avoidance. Requirements to manage risk shall be determined prior to entering into a contractual agreement. Examples of contractual requirements and clauses are provided in the Appendices.
• The purchase contract shall include flow-through requirements, as specified by the Customer and requirements to manage risk determined above
• The purchase contract shall define the product as quoted and require the Supplier to meet the requirements exactly. Changes relative to the source of supply or traceability shall be approved by the Customer and made in advance of the Supplier shipping parts.
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 16
Purchase Order Requirements
Counterfeit Prevention through
Required Supply Chain Traceability
• Retain records providing supply chain traceability wherever such
traceability exists
• Records shall provide traceability to the OCM or Aftermarket
Manufacturer that identifies the name and location of all supply
chain intermediaries for all procurement lots, and the date of all
intermediate purchases, from the part manufacturer to the direct
source of the product for the seller
• Provide records with each shipment and, unless otherwise
specified by Customer contractual agreement, retain for a
minimum of five (5) years or in accordance with Customer
statutory and regulatory requirements
Zulueta & Bodemuller - CMSE 2012 178 Feb 2012
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 18
Counterfeit Prevention through
Required Supply Chain Traceability
• If traceability is incomplete or unavailable, obtain Customer
approval before shipment
• Traceability requirement applies to new purchases of material,
material in inventory, and material transferred from other
businesses within the Organization
• If the Organization (acting as Supplier) is not the original
manufacturer of the Goods or Services, the Organization shall also
provide with the delivery of each consignment, copies of the
original manufacturer’s certificate of conformity/compliance
together with the test results, etc. where applicable
Counterfeit Detection through
Verification of Purchased Product
• When the Customer has contractually specified AS6081 and
unless otherwise specified by the Customer, conduct Table 1,
Level A minimum inspection and testing for both active and
passive parts or assemblies that contain active elements
• Verification of Purchased Product shall be in accordance with
documented Customer or contract requirements
Zulueta & Bodemuller - CMSE 2012 198 Feb 2012
Table 1 – Lot Sampling Plan
Zulueta & Bodemuller - CMSE 2012 208 Feb 2012
Test/Inspection Minimum Sample Size Level
Lot Size 200 or greater
Devices
Lot Size 1-199 Devices
(See note 1)
Minimum Required Tests Level A
Documentation and Packaging A1
Documentation and Packaging Inspection (4.2.6.2.1) (non-destructive) All devices All devices
External Visual Inspection A2
a. General (4.2.6.2.2.1) (non-destructive) All devices All devices
a. Detailed (4.2.6.2.2.2) (non-destructive) 122 devices 122 or all devices,
whichever is less
Remarking & Resurfacing See note 2 See note 2 A3
Scanning Electron Microscope (4.2.6.2.3 A) (destructive) 3 devices 3 devices
Quantitative Surface Analysis (4.2.6.2.3 B) (non-destructive) 5 devices 5 devices
Solvent Test for Remarking (4.2.6.2.3 C) (destructive) 3 devices 3 devices
Solvent Test for Resurfacing (4.2.6.2.3 D) (destructive) 3 devices 3 devices
Radiological (X-Ray) Inspection A4
X-Ray Inspection (4.2.6.2.4) (non-destructive) 45 devices 45 devices or all
devices, whichever is
less
Lead Finish Evaluation (XRF or EDS/EDX See note 3 See note 3 A5
XRF (non-destructive)or EDS/EDX (destructive) (4.2.6.2.5) (Appendix D.1) 3 devices 3 devices
Delid/Decapsulation Physical Analysis (destructive) See note 4 See note 4 A6
Delid/Decapsulation (4.2.6.2.6) (destructive) 3 devices 3 devices
Why Certification?
• Purpose of Certification is to provide confidence to all parties
that a management system fulfills specified requirements
• The value of certification is the degree of public confidence
and trust that is established by an impartial and competent
assessment by a third-party
• Parties that have an interest in certification include, but are not
limited to:a) the clients of the certification bodies,
b) the customers of the organizations whose management systems are
certified,
c) governmental authorities,
d) non-governmental organizations, and
e) consumers and other members of the public
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 21
Third-party Certification Audit
• Audit carried out by an auditing organization independent of the
client and the user, for the purpose of certifying the client's
management system
• Includes initial, surveillance, re-certification audits, and can also
include special audits
• Are typically conducted by audit teams of those bodies providing
certification of conformity to the requirements of management
system standards
• Combined audit - when a client is audited against the requirements
of two or more management systems standards together
• Integrated audit - when a client has integrated the application of
requirements of two or more management systems standards into a
single management system and is being audited against more than
one standard
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 22
ANSI-ASQ National
Accreditation Board (ANAB)
ANAB assesses and accredits
certification bodies (CBs) that
demonstrate competence to
audit and certify
organizations conforming with
management systems
standards
ACLASS, one of two brands of
the ANSI-ASQ National
Accreditation Board, provides
accreditation for ISO/IEC
17025 testing and calibration
laboratories
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 23
Conclusions
8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 26
• Distributors are responding to the fraudulent/counterfeit electronic
parts issues, but vary considerably in their approaches and methods
• Recent assessment of GIDEP data confirms that counterfeits
continue to escape detection
• SAE AS6081 has been created for distributors to provide uniform
requirements, practices with a balance of updated prevention and
detection methods
• Independent 3rd party accredited certification to AS6081 will be
required to provide confidence that the distributor’s management
system fulfills specified requirements
• No one practice, combination of practices, standard or certification
to that standard's requirements will prevent fraudulent/counterfeit
parts from the entering the supply chain, but AS6081 provides a
vehicle for specific elements of the supply chain to work together to
minimize that risk
Recommended