Fraudulent-Counterfeit Electronic Parts Risk Mitigation Through Standardized Certification of Distributors

2,341 views

Published on

This presentation provides a view into the drafting of SAE AS6081, currently in between ballot phases.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,341
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Fraudulent-Counterfeit Electronic Parts Risk Mitigation Through Standardized Certification of Distributors

  1. 1. Fraudulent/Counterfeit Electronic Parts Risk Mitigation through Standardized Certification of Distributors Phil Zulueta SAE International G-19 Committee Chairman and Bob Bodemuller Project Mission Assurance Manager Ball Aerospace & Technologies Corp.8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 1
  2. 2. Outline• Distributor Paradigm Shift• Recent assessment of GIDEP data• SAE AS6081, a management systems industry standard• Prevention and Detection methods• Independent 3rd party accredited certification to AS60818 Feb 2012 Zulueta & Bodemuller - CMSE 2012 2
  3. 3. Distributor Paradigm Shift• Counterfeit Electronic Parts are forcing a shift in the way distributors do business• Past – Success-driven services included just-in-time deliveries, consignment agreements, tape and reeling, inspection, kitting, assembly, test and burn-in services• Now – Success-driven services include inspection for counterfeits, non-destructive and destructive component verification tests8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 3
  4. 4. Penalties - H.R. 1540, National Defense Authorization Act for Fiscal Year 2012DECEMBER 12, 2011SEC. 818. DETECTION AND AVOIDANCE OF COUNTERFEIT ELECTRONIC PARTSTRAFFICKING IN COUNTERFEIT GOODS OR SERVICES• Individual - fined ≤ $2,000,000 or imprisoned ≤ 10 years, or both• Other than an individual - fined ≤ $5,000,000• Second offense: Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both• Other than an individual - fined ≤ $15,000,000CAUSE SERIOUS BODILY INJURY FROM CONDUCT IN COUNTERFEIT TRAFFICKING• Individual - fined ≤ $5,000,000 or imprisoned ≤ 20 years, or both• Other than an individual - fined ≤ $15,000,000CAUSE DEATH FROM CONDUCT IN COUNTERFEIT TRAFFICKING• Individual - fined ≤ $5,000,000 or imprisoned for any term of years or for life, or both• Other than an individual - fined ≤ $15,000,000CONSPIRE IN COUNTERFEIT MILITARY GOODS OR SERVICES• Individual - fined ≤ $5,000,000, imprisoned ≤ 20 years, or both• Other than an individual - fined ≤ $15,000,000;• Second offense: Individual - fined ≤ $15,000,000, imprisoned ≤ 30 years, or both• Other than an individual - fined ≤ $30,000,0008 Feb 2012 Zulueta & Bodemuller - CMSE 2012 4
  5. 5. Distributor Paradigm Shift• OEM’s increasingly depend on their relationship with distributors• OEMs benefit from Distributor value-added services (often at lower cost) because OEMs are not always knowledgeable about addressing counterfeit electronic parts issues• The task of educating the OEM is now becoming the responsibility of the distributor. This means the distributor should be the expert on the issue or face the consequences of lost opportunities 4 Tier Counterfeit Avoidance Inspection Process8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 5
  6. 6. “Observations from Counterfeit Cases Reported Through The Government–Industry Data Exchange Program (GIDEP)” September 2011 Henry Livingston, BAE Systems Electronic Systems8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 6
  7. 7. Observations from Counterfeit Cases Reported Through The Government–Industry Data Exchange Program (GIDEP) • BAE Systems reviewed all GIDEP Alerts and Problem Advisories on unlimited distribution that document counterfeiting incidents over the past decade - 369 reports • BAE Systems offers the following facts and observations from the GIDEP reports: – Electronic components are the most frequent targets for counterfeiting (99%) – Counterfeit parts find their way into the supply chain through Independent Distributors and “Brokers” – Despite the inspection and testing protocol applied by Independent Distributors and “Brokers”, counterfeit products continue to escape detection, i.e., the testing and inspection approach applied by the supplier did not include important methods described in AS5553 and were not applying methods to counter newer and more advanced counterfeiting techniques 8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 7
  8. 8. Observations from Counterfeit Cases Reported Through The Government–Industry Data Exchange Program (GIDEP) • Conclusions: – The most effective approach to avoiding counterfeit electronic components is to purchase electronic components, where possible, directly from the Original Component Manufacturer (OCM), its authorized distributors, or through suppliers that furnish electronic components acquired from the OCM or its authorized distributors – When purchases from sources of supply other than the OCM and its authorized distribution chain are necessary, due diligence must be performed to avoid counterfeits, including an assessment of supply chain traceability information associated with the product, risk mitigation associated with the end use application of the product, and inspections and tests specifically designed to detect and intercept counterfeits 8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 8
  9. 9. Observations from Counterfeit Cases Reported Through The Government–Industry Data Exchange Program (GIDEP) • An independent review of this same data by a U.S. Agency confirms the above conclusions and added, “Every one of our past-detected instances of counterfeit electronic parts would have been detected at Receiving Inspection had a robust visual inspection been performed.” 8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 9
  10. 10. AS6081 - Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition – Distributors a new management systems industry standard • For use by distributors to establish and maintain a Fraudulent/Counterfeit Electronic Parts Avoidance Program in conformance with the requirements of AS6081 and may be used to meet some of the requirements of AS5553 • Sets forth practices and requirements for distributors of Electrical, Electronic, and Electromechanical (EEE) parts purchased and sold from the Open Market, including purchased excess and returns • Does not apply to Authorized (Franchised) Distributors and Aftermarket Manufacturers when supplying parts obtained directly from the manufacturers for whom they are authorized 8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 10
  11. 11. The Organization“Organization” refers to distributors that supply electronic partsfrom any source other than directly from Original ComponentManufacturers (OCMs) or Authorized (Franchised) Distributors.This includes, but is not limited to, Independent Distributors,Brokers, Service Providers, Third-Party Logistics (3PL) Providers,and Authorized (Franchised) Distributors when sourcing partsfrom outside the authorized channel8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 11
  12. 12. 4. Requirements4.1 Quality Management System 4.1.1 Fraudulent/Counterfeit Mitigation Policy4.2 Fraudulent/Counterfeit Electronic Parts Control Plan 4.2.1 Customer Related Contract Review, Agreement, and Execution 4.2.2 Purchasing 4.2.3 Purchase Order Requirements 4.2.4 Supply Chain Traceability 4.2.5 Preservation of Product 4.2.6 Verification of Purchased Product 4.2.7 Control of Nonconforming Product 4.2.8 Material Control 4.2.9 Reporting 4.2.10 Personnel Training 4.2.11 Internal Audit8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 12
  13. 13. Counterfeit Prevention through Full Disclosure and Open Communication in Establishing Contracts• Agreement on clear contract language before an order is placed is key to minimize disputes and the risk of fraudulent/counterfeit parts trade• The Organization shall disclose in writing at the time of each individual quotation, the source of supply, whether the Organization is or is not authorized (franchised) for the item(s) being quoted and is or is not providing full manufacturer’s warranty on the quoted material• The Organization shall issue a revised written quotation to the Customer, if at any time the source of supply changes (i.e., at the time of initial quote, parts were being procured from an authorized source, but said parts subsequently became unavailable and as a result, the Organization had to procure the material from an alternate source).• In the event customer commitments cannot be satisfied, the Organization shall notify the Customer in writing and mutually agree to any contract modifications8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 13
  14. 14. Counterfeit Prevention through Diligent Supplier Approval and Source Selection Procedures• Assess supply sources to determine risk of receiving fraudulent/counterfeit parts. Procedures may include surveys, audits, review of product alerts, review of Supplier quality data, past performance, etc.• Maintain a register of approved Suppliers to include the supplier approval and source selection criteria and furnish to the Customer upon request• Include a process for assessment, corrective action or removal of approved Suppliers• Procure directly from OCMs (first priority) or Authorized Suppliers (second priority) when the parts are available from those sources and can meet Customer delivery requirements8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 14
  15. 15. Counterfeit Prevention through Diligent Supplier Approval and Source Selection Procedures• When the Organization has quoted parts to the Customer as having been sourced from Authorized Distribution, Organization shall require Suppliers to disclose at the time of each individual quotation, objective evidence that the Supplier is authorized (franchised) for the item(s) being quoted and is or is not providing full manufacturer’s warranty on the quoted material.• Require Suppliers to issue a revised written quotation, if at any time the source of supply changes (i.e., at the time of initial quote, parts were being procured from an authorized source, but said parts subsequently became unavailable and as a result, the Supplier had to procure the material from an alternate source)8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 15
  16. 16. Purchase Order Requirements• The Organization shall communicate and document contract provisions that establish purchasing controls for fraudulent/counterfeit part avoidance. Requirements to manage risk shall be determined prior to entering into a contractual agreement. Examples of contractual requirements and clauses are provided in the Appendices.• The purchase contract shall include flow-through requirements, as specified by the Customer and requirements to manage risk determined above• The purchase contract shall define the product as quoted and require the Supplier to meet the requirements exactly. Changes relative to the source of supply or traceability shall be approved by the Customer and made in advance of the Supplier shipping parts.8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 16
  17. 17. Counterfeit Prevention through Required Supply Chain Traceability• Retain records providing supply chain traceability wherever such traceability exists• Records shall provide traceability to the OCM or Aftermarket Manufacturer that identifies the name and location of all supply chain intermediaries for all procurement lots, and the date of all intermediate purchases, from the part manufacturer to the direct source of the product for the seller• Provide records with each shipment and, unless otherwise specified by Customer contractual agreement, retain for a minimum of five (5) years or in accordance with Customer statutory and regulatory requirements8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 17
  18. 18. Counterfeit Prevention through Required Supply Chain Traceability• If traceability is incomplete or unavailable, obtain Customer approval before shipment• Traceability requirement applies to new purchases of material, material in inventory, and material transferred from other businesses within the Organization• If the Organization (acting as Supplier) is not the original manufacturer of the Goods or Services, the Organization shall also provide with the delivery of each consignment, copies of the original manufacturer’s certificate of conformity/compliance together with the test results, etc. where applicable8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 18
  19. 19. Counterfeit Detection through Verification of Purchased Product• When the Customer has contractually specified AS6081 and unless otherwise specified by the Customer, conduct Table 1, Level A minimum inspection and testing for both active and passive parts or assemblies that contain active elements• Verification of Purchased Product shall be in accordance with documented Customer or contract requirements8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 19
  20. 20. Table 1 – Lot Sampling Plan Test/Inspection Minimum Sample Size Level Lot Size 200 or greater Lot Size 1-199 Devices Devices (See note 1)Minimum Required Tests Level ADocumentation and Packaging A1Documentation and Packaging Inspection (4.2.6.2.1) (non-destructive) All devices All devicesExternal Visual Inspection A2a. General (4.2.6.2.2.1) (non-destructive) All devices All devicesa. Detailed (4.2.6.2.2.2) (non-destructive) 122 devices 122 or all devices, whichever is lessRemarking & Resurfacing See note 2 See note 2 A3Scanning Electron Microscope (4.2.6.2.3 A) (destructive) 3 devices 3 devicesQuantitative Surface Analysis (4.2.6.2.3 B) (non-destructive) 5 devices 5 devicesSolvent Test for Remarking (4.2.6.2.3 C) (destructive) 3 devices 3 devicesSolvent Test for Resurfacing (4.2.6.2.3 D) (destructive) 3 devices 3 devicesRadiological (X-Ray) Inspection A4X-Ray Inspection (4.2.6.2.4) (non-destructive) 45 devices 45 devices or all devices, whichever is lessLead Finish Evaluation (XRF or EDS/EDX See note 3 See note 3 A5XRF (non-destructive)or EDS/EDX (destructive) (4.2.6.2.5) (Appendix D.1) 3 devices 3 devicesDelid/Decapsulation Physical Analysis (destructive) See note 4 See note 4 A6Delid/Decapsulation (4.2.6.2.6) (destructive) 3 devices 3 devices 8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 20
  21. 21. Why Certification?• Purpose of Certification is to provide confidence to all parties that a management system fulfills specified requirements• The value of certification is the degree of public confidence and trust that is established by an impartial and competent assessment by a third-party• Parties that have an interest in certification include, but are not limited to: a) the clients of the certification bodies, b) the customers of the organizations whose management systems are certified, c) governmental authorities, d) non-governmental organizations, and e) consumers and other members of the public8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 21
  22. 22. Third-party Certification Audit• Audit carried out by an auditing organization independent of the client and the user, for the purpose of certifying the clients management system• Includes initial, surveillance, re-certification audits, and can also include special audits• Are typically conducted by audit teams of those bodies providing certification of conformity to the requirements of management system standards• Combined audit - when a client is audited against the requirements of two or more management systems standards together• Integrated audit - when a client has integrated the application of requirements of two or more management systems standards into a single management system and is being audited against more than one standard8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 22
  23. 23. ANSI-ASQ National Accreditation Board (ANAB)ANAB assesses and accreditscertification bodies (CBs) thatdemonstrate competence toaudit and certifyorganizations conforming withmanagement systemsstandardsACLASS, one of two brands ofthe ANSI-ASQ NationalAccreditation Board, providesaccreditation for ISO/IEC17025 testing and calibrationlaboratories8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 23
  24. 24. Certification Scheme Work in Progress8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 24
  25. 25. Certification Scheme Work in Progress8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 25
  26. 26. Conclusions• Distributors are responding to the fraudulent/counterfeit electronic parts issues, but vary considerably in their approaches and methods• Recent assessment of GIDEP data confirms that counterfeits continue to escape detection• SAE AS6081 has been created for distributors to provide uniform requirements, practices with a balance of updated prevention and detection methods• Independent 3rd party accredited certification to AS6081 will be required to provide confidence that the distributor’s management system fulfills specified requirements• No one practice, combination of practices, standard or certification to that standards requirements will prevent fraudulent/counterfeit parts from the entering the supply chain, but AS6081 provides a vehicle for specific elements of the supply chain to work together to minimize that risk8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 26
  27. 27. Thank You!Questions?Phil ZuluetaSAE International G-19 Committee ChairmanT: 661-400-4294E: phillipzulueta@gmail.comBob BodemullerBall Aerospace & Technologies CorpT: 303-939-4606E: rbodemul@ball.com8 Feb 2012 Zulueta & Bodemuller - CMSE 2012 27

×