counterfeit electronic parts; avoidance, detection, mitigation and disposition as5553 standards...
TRANSCRIPT
Counterfeit Electronic Parts; Avoidance, Detection, Mitigation and Disposition
AS5553 Standards Development Progress
Phil Zulueta
October 2008
How large is the problem?
2
• Industry-wide, global problem. “Since 1982, the global trade in illegitimate goods has increased from $5.5 billion to approximately $600 billion annually. Approximately 5%-7% of the world trade is in counterfeit goods.” Source: International Anti-Counterfeiting Coalition (IACC)
• “Counterfeiting and piracy cost the U.S. economy between $200-$250 billion per year, and has contributed to the loss of approximately 750,000 American jobs.” Source: FBI estimates.
• Current value of counterfeit components is between $1 and $10 billion annually. Most counterfeit cases are not documented – volume too large.
• “U.S. companies suffer $9 billion in trade losses due to international copyright piracy. Counterfeiting poses a threat to global health and safety. Counterfeiting poses a threat to global health and safety.” Source: IACC
• ERAI, Inc. receives ~200 suspect counterfeit part complaints/month and confirmed more than 2800 brokers selling counterfeit components.
October 2008
3October 2008
4
To: SAE G-19 ...
Texas Instruments just issued a GIDEP report re "multiple seizures of counterfeit TI military grade devices were made by United States Customs in 2006, 2007 and 2008 to date". See GIDEP Problem Advisory CE9-P-08-02. In addition the specific findings, this report is noteworthy because ...(1)it reflects continued and increasing incidents of counterfeit semiconductor products,(2)it is a rare report from an Original Component Manufacturer, and(3)it is intended to educate customers (e.g. aerospace and defense contractors) "as to the nature and scope of these counterfeit incidents".
Regards, Henry LivingstonBAE Systems
GIDEP Problem Advisory CE9-P-08-02
October 2008
• Develop and deploy anti-counterfeit education and training programs for internal and external stakeholders.
• Conduct ongoing monitoring of distribution streams of counterfeit products, such as internet brokers, direct sales, retail outlets, wholesalers and internet trade web sites.
• Create an internal anti-counterfeiting task force and include representatives from parts engineering, quality assurance, procurement, manufacturing, general council, etc.
• Benchmark other companies and suppliers, share best practices and pool information on anti-counterfeiting strategies.
Industry Best Practices - Awareness
5October 2008
Design• Proactively manage product lifecycle vs. component lifecycle.• Update design when products are hard-to-find or unavailable.
Supplier Checks• Know your suppliers. Conduct surveys of their inspection and testing
capabilities and audit their counterfeit prevention program. • Contact the original manufacturer for photo of the parts and/or labels for validation.
Purchasing• Buy direct from original manufacturers or their authorized distributors.• Require proof of traceability to the original component manufacturer.• Verify that manufacturers have guaranteed methods to destroy scrapped parts.• Buy adequate stock of last time buys.• Make your purchase contingent upon the outcome of evaluation and testing.• Outsource component procurement and work closely with them.
Industry Best Practices - Prevention
6October 2008
Inspection, Testing & Evaluation • Institute strong incoming quality assurance on all parts.• Visually inspect. Paperwork is no substitute for testing
and visual inspection.• Upgrade inspection training and procedures for
identifying counterfeit components.• Pay attention to labels; misspelling, omission (missing
sales order number, missing lot numbers), date codes on label match date code on part, inconsistent formatting, etc.
• Establish and maintain a package & die pedigree photo collection to help identify counterfeits.
• Verify the part markings with the manufacturer when buying from independent supplier.
• Implement NDE methods where applicable.• Electrically test devices from questionable sources.• DPA - De-construct sample parts. Maintain a reference
library of manufacturer’s data books on obsolete components.
Industry Best Practices - Detection
7October 2008
• Participate in reporting and cooperate in investigation programs for suspect devices and respond to such reports, e.g. Government Industry Data Exchange Program (GIDEP) and ERAI, Inc.
• Coordinate with U.S. and international organizations and trade alliances such as Alliance for Gray Market and Counterfeit Abatement (AGMA), the International Anti-Counterfeiting Coalition (IACC), U.S. Immigration and Customs Enforcement (ICE) on responding to counterfeiting issues and the U.S. Chamber of Commerce (Coalition Against counterfeiting and Piracy).
• Take legal action or cooperate with law enforcement against counterfeiting using civil and criminal remedies.
http://www.agmaglobal.org/
http://www.iacc.org/
http://www.ice.gov/
http://www.erai.com/home.aspx
http://www.gidep.org/
http://www.uschamber.com/ncf/initiatives/counterfeiting.htmhttp://www.thecacp.com/portal/counterfeiting/default
Industry Best Practices - Response Strategy
8October 2008
SAE G-19 Document Rationale
• Created in response to a significant and increasing volume of counterfeit electronic parts entering the aerospace supply chain, posing significant performance, reliability, and safety risks and,
• to provide uniform requirements, practices and methods to mitigate the risks of receiving and installing counterfeit electronic parts.
• Created to document standard requirements, practices and methods related to:– parts management,
– supplier management,
– procurement,
– inspection, test/evaluation, and
– response strategies when suspect or confirmed counterfeit parts are discovered.
October 2008 9
G-19 Committee Challenges
• Do we need another standard? How does G-19 effort compare or conflict with the GEIA G-12 effort (now complete)?
• Can we craft a document that will have widespread acceptance in all electronic industry segments: Defense, Aerospace, Civil, Commercial, other and the widely varying supply chain?
• How much should we disclose regarding methods to detect counterfeits?
• Can we agree on a Design, Procurement, Risk Mitigation Process Flow?
• Can we agree on an outline and content?
• Can we secure uniform government agency policies on:– cooperating with government investigators and enforcement agencies (DCIS, FBI, ICE, …?)– reporting findings to industry (e.g. GIDEP, ERAI, etc.)?– alerting/communicating findings to suppliers?– disposition of suspect/confirmed counterfeits and their financial implications?
10October 2008
G-19 Members & Liaisons
U.S. Government …• DCIS HQs, Economic Crimes• DOE, Office of Inspector General• DSCC• GIDEP• MDA• NASA • Office of Management & Budget, Office of
Federal Procurement Policy• U.S. Air Force/NRO (Aerospace Corp.) • U.S. Army - AMRDEC • U.S. Customs and Border Protection• U.S. DOT, Office of Inspector General/Office
of Investigations• U.S. Navy - NAVAIR• U.S. Navy - NSWC• U.S. Navy - NCIS• U.S. Nuclear Regulatory Commission
Industry …• American Electronic Resources• Analytical Solutions• Arcadia Components• Arrow Zeus Electronics• BAE Systems• Boeing• General Dynamics• Jabil Circuits• Lockheed Martin• Maxim Integrated Products• N.F. Smith & Associates• Northrop Grumman• Orbital Sciences• QP Semiconductor• Raytheon
11
Industry Associations …• Aerospace Industries Association (AIA)• Best Manufacturing Practices Center of Excellence (BMPCOE)• ERAI, Inc.• Government Electronics & Information Technology Association (GEIA)• Independent Distributors of Electronics Association (IDEA)
October 2008
Note: Technical experts participate on SAE Committees as individuals and not as official representatives of their companies or organizations.
12October 2008
TABLE OF CONTENTS
1. SCOPE .......................................................................................................................................................... 3 1.1 Purpose ......................................................................................................................................................... 3 1.2 Application ..................................................................................................................................................... 3 2. APPLICABLE DOCUMENTS ........................................................................................................................ 3 2.1 SAE Publications ........................................................................................................................................... 3 2.2 ANSI Publications ......................................................................................................................................... 4 2.3 U.S. Government Publications ...................................................................................................................... 4 2.4 Commercial Publications ............................................................................................................................... 4 3. TERMS AND DEFINITIONS ......................................................................................................................... 5 3.1 Suspect Part .................................................................................................................................................. 5 3.2 Counterfeit Part ............................................................................................................................................. 5 3.3 Related Definitions ........................................................................................................................................ 5 4. REQUIREMENTS ......................................................................................................................................... 8 4.1 Counterfeit Electronic Parts Control Plan ..................................................................................................... 8 4.1.1 Parts Availability ............................................................................................................................................ 8 4.1.2 Purchasing .................................................................................................................................................... 8 4.1.3 Purchasing Information ................................................................................................................................. 9 4.1.4 Verification of Purchased Product ................................................................................................................. 9 4.1.5 In Process Investigation ................................................................................................................................ 9 4.1.6 Material Control ............................................................................................................................................. 9 4.1.7 Reporting ....................................................................................................................................................... 9 APPENDIX A - PARTS AVAILABILITY ................................................................................................................................. 11 APPENDIX B - PURCHASING PROCESS ........................................................................................................................... 12 APPENDIX C - SUPPLY CHAIN TRACEABILITY ................................................................................................................ 17 APPENDIX D - PROCUREMENT CONTRACT REQUIREMENTS ...................................................................................... 18 APPENDIX E - PRODUCT ASSURANCE ............................................................................................................................ 21 APPENDIX F - MATERIAL CONTROL ................................................................................................................................ 26 APPENDIX G - REPORTING ................................................................................................................................................ 27 APPENDIX H - ACRONYMS AND ABBREVIATIONS .......................................................................................................... 32
Counterfeit Parts Risk Mitigation starts with a Control Plan and Product Life Cycle Design Management
4. REQUIREMENTS
4.1 Counterfeit Electronic Parts Control Plan
The organization shall develop and implement a counterfeit electronic parts control plan that documents its processes used for risk mitigation, disposition, and reporting of counterfeit parts.
4.1.1 Parts Availability
The processes shall maximize availability of authentic, originally designed and/or qualified parts throughout the product’s life cycle, including management of parts obsolescence. Information and guidance for ensuring parts availability is provided in Appendix A, Parts Availability.
October 2008 13
Secondly, with updated purchasing processes
4.1.2 Purchasing
The processes shall:
a. Assess potential sources of supply (electronic parts, assemblies, and equipment suppliers) to determine the risk of receiving counterfeit parts. Assessment actions may include surveys, audits, review of product alerts (e.g., GIDEP, ERAI), and review of supplier quality data to determine past performance.
b. Maintain a register of approved suppliers, including the scope of the approval, to minimize the risk of counterfeit parts supply. Information and guidelines for source assessment and approval/selection are provided in Appendix B, Purchasing Process.
c. Specify a preference to procure directly from OCMs or authorized suppliers who are on the approved supplier register.
d. Assure that approved/ongoing sources of supply are maintaining effective processes for mitigating the risks of supplying counterfeit electronic parts…
e. Assess and mitigate risks of procuring counterfeit parts from sources other than OCMs or authorized suppliers. This shall be accomplished for every application when it is necessary to procure from other than the OCM or authorized supplier.
f. Specify supply chain traceability to the OCM or after market manufacturer that identifies the name and location of all of the supply chain intermediaries from the part manufacturer to the direct source of the product for the seller. If this traceability is unavailable, a risk mitigation plan is required. Guidance and information regarding supply chain traceability are provided in Appendix C, Supply Chain Traceability.
g. Specify flow down of applicable requirements of this document to applicable contractors and their sub-contractors. In the event that one or more supply chain intermediaries do not have a counterfeit part control plan compliant to this document, a risk analysis shall be required for every application of the part.
October 2008 14
Appendix Figures
October 2008 15
Original Component Manufacturer or Certified
Manufacturer
Franchised Distributor
Original Equipment Manufacturer / Contract
Manufacturer
Independent Distributor with good quality, reputation, and
procedures
Independent Distributor with unknown quality reputation,
and procedures
Unknown Source
ERAI & GIDEP alerts issued on Vendor
Non-Critical Applications
Short Product Life Expectancy / Non-Critical
Applications
Product Accessible to Field Repair
Application Critical
Refurbished or Reclaimed Parts
ERAI & GIDEP Alert on Items
Field Work or Repair Impossible
(i.e. Satellites, etc.)
Mission Critical
Safety Critical
Life Dependent Applications
Lowest Risk
Highest Risk
Sou
rce
of S
uppl
y
Pro
duct
and
App
licat
ion
VE
RIF
Y P
ED
IGR
EE
FR
OM
SO
UR
CE
Confidence In Authenticity
Risk Stack Chart Procurement Risk Mitigation Flow Diagram
Reduce Risk with Strong Contract Clauses
4.1.3 Purchasing Information
Invoke contract/purchase order quality requirements to minimize the risk of being provided counterfeit parts. Examples of procurement quality requirements and clauses related to counterfeit parts prevention are provided in Appendix D, Procurement Contract Requirements.
D.3.2 Supply Chain Traceability
“The seller shall maintain a method of item traceability that ensures tracking of the supply chain back to the manufacturer of all Electrical, Electronic, and Electromechanical (EEE) parts included in assemblies and subassemblies being delivered per this order. This traceability method shall clearly identify the name and location of all of the supply chain intermediaries from the manufacturer to the direct source of the product for the seller, and shall include the manufacturer's batch identification for the item(s) such as date codes, lot codes, serializations, or other batch identifications.”
D.3.5 Product Impoundment and Financial Responsibility
“If suspect/counterfeit parts are furnished under this purchase agreement, such items shall be impounded. The seller shall promptly replace such items with items acceptable to the <BUYER> and the seller may be liable for all costs relating to impoundment, removal, and replacement. <BUYER> may turn such items over to US Governmental authorities (Office of Inspector General, Defense Criminal Investigative Service, Federal Bureau of investigation, etc.) for investigation and reserves the right to withhold payment for the suspect items pending the results of the investigation.”
October 2008 16
Compliance Verification
4.1.4 Verification of Purchased Product
The documented processes shall assure detection of counterfeit parts prior to formal product acceptance… Guidelines concerning the performance of risk-based product assurance are provided in Appendix E, Product Assurance.
October 2008 17
4.1.5 In Process Investigation
The documented processes shall address the detection, verification and control of in-process (post acceptance), and in-service suspect counterfeit parts.
4.1.6 Material Control
The documented processes shall specify methods for physical identification (e.g., tag, label, mark), segregation/quarantine, and control of suspect or confirmed counterfeit parts to preclude their use or installation. The documented processes shall ensure that counterfeit parts do not re-enter the supply chain. Guidelines for segregation and disposition of counterfeits are provided in Appendix F, Material Control.
4.1.7 Reporting
The documented processes shall assure that all occurrences of counterfeit parts are reported, as appropriate and applicable, to internal organizations, customers, government reporting organizations (e.g., GIDEP), industry supported reporting programs (e.g., ERAI), and criminal investigative authorities. Information and guidelines for reporting counterfeit parts are provided in Appendix G, Reporting.
October 2008 18
What is NASA doing?
19
Draft NASA Policy Directive (NPD 8730.2 Rev C) NASA Parts Policy (September 2008)Responsible Office: Office of Safety and Mission AssuranceSubject: NASA Parts Policy
•Applies to NASA Headquarters, NASA Centers, including Component Facilities, NASA programs and projects, and to the JPL and other NASA contractors and grantees as delineated in their contracts or grants for flight hardware, critical ground support equipment (GSE), and critical ground test systems•Specifies SAE AS5553, Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition as one of the applicable documents.•Specifies top-down responsibility from:
a. The Chief, Safety and Mission Assurance to b. Center Directors to c. NASA Center SMA Directors or other designee(s) to d. NASA Center Engineering Offices to e. Contracting Officers to f. Program, project, and Government Furnished Equipment (GFE) managers.
•Shall … (6) Develop, document, and implement a counterfeit EEE parts control plan for the avoidance, detection, mitigation, disposition, control, and reporting of counterfeit EEE parts (Requirement). Control plans may be project unique or apply to multiple Center projects. Guidelines concerning counterfeit parts control plan contents are provided in Attachment B. Detailed guidance and definitions are provided in AS5553.
October 2008
October 2008 20
What is NASA doing?
ATTACHMENT B: Counterfeit Parts Control Plan Contentsa. Parts Availability Process: Maximize availability of authentic, originally designed, and qualified parts throughout the product's life cycle, including, for example:
(1) Control of parts obsolescence.(2) Alternate/multiple sources…
b. Procurement Process:(1)Assess potential sources of supply to determine the risk of receiving non-authentic parts…(2)Mitigate risks of procuring counterfeit parts from sources other than OCMs or authorized suppliers…(5) Include applicable contract/purchase order quality requirements related to counterfeit parts prevention. Examples of quality requirements are provided in AS5553, including:…(6) Specify contractor flow down of applicable counterfeit parts prevention requirements to their subcontractors.
c. Product Assurance Process:Verify receipt of authentic conforming parts, commensurate with product risk… Product assurance actions include review of data deliverables, verification of purchase order quality clause compliance, visual inspection, measurements, nondestructive evaluation (e.g., x-ray, hermeticity, marking permanency) and destructive testing (e.g., destructive physical analysis, thermal cycling, construction analysis).d. Material Control and Disposition Process:
(1) Identify and quarantine suspect or confirmed counterfeit parts…e. Reporting Process:Report nonconforming, defective, and/or suspected counterfeit parts in accordance with…
21
• Based on IDEA’s 60-point inspection plan plus other industry best practices.
• Course length estimate four (4) hours and will include hands-on training with “confirmed” counterfeit parts.
• Available for inspectors, operators, auditors, suppliers and other interested individuals.
• Status - Completed with classes started in September.
New Course in Counterfeit Parts Visual Detection
October 2008
Status
• AS5553 balloting closed Tuesday, September 16.
• One additional month is allowed for SAE Aerospace Council Review and G-19 committee disposition of comments.
• Public Release estimated end of October.
22October 2008
• President Bush on Monday (October 13) signed into law a bill strengthening civil and criminal laws against counterfeiting and piracy, boosting resources for enforcement and prosecution, and changing coordination of IP enforcement issues within the Executive Branch. (IP-Watch)
• "By becoming law, the PRO-IP Act sends the message to [intellectual property] criminals everywhere that the U.S. will go the extra mile to protect American innovation," said U.S. Chamber of Commerce President Tom Donohue. (Wall Street Journal)
• Counterfeiting hurts businesses, innovators, workers, consumers, government, and our national security. In recent years, counterfeiting has grown rapidly. Counterfeiting costs America hundreds of billions of dollars a year and has harmful effects throughout the economy. Fake products can expose consumers to serious health and safety risks. Government loses out on tax revenues and is forced to divert law enforcement resources. Terrorist networks use counterfeit sales to finance their operations. (White House)
October 2008 23
Thank You!
24
Aerospace Standard AS5553
Incorporates recognized best practices in:• Component Management• Supplier Management• Procurement• Inspection• Test/Evaluation Methods• Response strategies when suspect or confirmed
counterfeit components are detected
October 2008