AS5553B Counterfeit Prevention - Traceability requirements

[ARC05]

Hi all, been having some robust discussion with an auditor (who is representing a potential new customer) who has assessed our Counterfeit Prevention processes against AS5553 - Counterfeit Electrical, Electronic, and Electromechanical (EEE) Parts; Avoidance, Detection, Mitigation, and Disposition.

Specific topic in debate here is clause 3.1.7 where the standard requires the Organization to "maintain traceability back to the source during procurement and receiving process".

There isn't a definition for 'source', only 'Authorized Source' (OCM, Franchised Distributors, Authorized Distributors, Aftermarket Manufacturers (who have IP rights); or suppliers, approved by the Organization, that obtain parts exclusively from an OCM, an OCM-authorized supplier, or an Aftermarket Manufacturer.)

Of course the objective of a CP program is to ensure the use of genuine parts, so OCM is always preferred. My argument however is that in certain cases the standard allows for purchases from an 'other than Authorized Source' (subject to a risk mitigation plan), and in which case full traceability back to manufacturer may not be possible. In 3.1.7 I read 'source' as being our direct supplier. Do you think the standard actually expects traceability back to the place of manufacture for every purchase?

I should also point out we make wiring harnesses and electro-mechanical assemblies for Aerospace and for non-Aerospace industries.
Cheers

 

[Al Rosen]

The objective is to be able to trace the material back to the manufacturer. Purchasing from a Franchised Distributor will provide this. When you can't purchase through authorized distributors, extensive testing and inspection is required to mitigate risk. This is for every purchase.

 

[ARC05]

Thanks Al Rosen, I get that the objective is to trace back to manufacturer. I'm just wondering why the wording in standard is vague in that it says 'traceability back to the source', when they could have used a term like 'manufacturer' or 'place of manufacture'. Is it not leaving the door open for those occasions where you can't buy from an Authorized Source and therefore may not have traceability beyond the supplier/distributor.

Also couldn't agree more that testing, inspection (plus more) must be considered if you do take said path, these are covered in 3.1.3 c and d.

 

[outdoorsNW]

Be aware some aerospace customers may require traceability back to the manufacturer even when you buy from an authorized distributor. Our non-aerospace customers are usually much less demanding. We don't do much medical work, so I am not sure what common practice for medical is.

Non-authorized distributors are more likely to send counterfeit parts than non-authorized distributors. I know most are honest companies, but the greater number of transactions typical with non-authorized distributors stock increases the risk of an honest company buying counterfeit parts.

Electronics parts brokers are high risk. Some customers require special permission to buy parts from a broker. Some brokers are extremely high risk and my company refuses to do business with certain brokers because of past problems.

In one or two cases we made customers sign special agreements that made the customer responsible for counterfeit parts when the customer insisted we use questionable sources.

 

[ARC05]

All good points. But... I still argue that AS5553B doesn't appear to require full traceability back to the manufacturer, for every purchase. It just says 'source'.
And that's my gripe with the auditor in this case. He found one COC that didn't have OCM manufacturer reference and raised a NC against clause 3.1.7. It was a part used for a customer who hasn't mandated compliance to AS5553, and we had already flagged it for incoming inspection as part of our risk mitigation actions.
Is it OK for our procedures to require the Receiver to verify that COC traces to manufacturer - only for parts used in product for Customers who have 'traceability to manufacturer' as a requirement, or have mandated AS5553 compliance?

 

[Ralba]

Is it OK for our procedures to require the Receiver to verify that COC traces to manufacturer - only for parts used in product for Customers who have 'traceability to manufacturer' as a requirement, or have mandated AS5553 compliance?

Apologies for reviving an old thread, but this last part was something that I was asked within my company and I am currently familiarizing myself with AS9100/AS5553 as I am new to AeroSpace. Is it acceptable to only apply Counterfeit measures to the customers requiring it?

It seems to me that, as part of the AS supply chain, anything coming into your company is going to considered a risk by the chain. So all receiving into an inventory that is shared part of said supply chain would need to meet the requirements of AS9100/AS5553. Is that correct?

 

[outdoorsNW]

If your company is AS9100, 8.1.4 requires you to have counterfeit controls for all customers. You may be able to have tighter controls for customers with specific requirements and a lower level of controls for customers with no specific requirement.

 

[Ralba]

If your company is AS9100, 8.1.4 requires you to have counterfeit controls for all customers. You may be able to have tighter controls for customers with specific requirements and a lower level of controls for customers with no specific requirement.

To clarify, the company I work in is not currently AS9100, but is seeking to obtain it. We have a customer that is interested in working with us, but requires AS9100 and AS5553 from its suppliers. None of our other customers require it. Some in other departments have wondered if it was necessary for us to have the same receiving inspection controls for all product entering into our company or if it only needed to be done with components that would be used for the AS9100 requiring customer.

Reading the standard, I cannot see how the counterfeit requirements could be applied to all of our customers, as we receive a number of consigned components (customer provided). It is my understanding that the goal of the counterfeit rules is to prevent the components from entering into the supply chain at all and would make each part of the supply chain responsible for the detection and tracking of the components. We could not apply the traceability and detection requirements to parts received from other customers or to vendors they require us to use simply because we got a new AS9100 customer.

Logically, it seems that we would need a separate ASL and Receiving Inspection process for the AS9100 customer, but a part of me suspects I have been looking at this too long and am over thinking it now.

 

[outdoorsNW]

AS5553 is for electronics. The electronics firm I work for has had counterfeit parts arrive from customers. We either make sure the contract makes the customer responsible for the parts they provide (preferred) or perform a counterfeit inspection on high risk customer provided parts. We perform counterfeit checks on parts purchased from customer required suppliers if we consider the supplier to be a high risk supplier.

If you intend to grow your aerospace business, you will need good controls. But in the short term, you can probably get by with strong controls for just the customer that requires it. Don't forget you will need some way to make sure inventory does not get mixed. One way is to assign different part numbers to the controlled parts and make sure the customer BOMs only refer to the controlled part number.

 

[Ralba]

Thank you for your insight. Our system already kits and orders for single customers regularly, so I believe it will be feasible in our system to do this for now. After reading your reply, I realized that I am probably thinking about this backwards. Maybe I should be making the consigned kits from customers that are not Aerospace an exception that is clearly separated and labeled. After all, how would we even show we have controls that work to an auditor if we don't apply AS9100/AS5553 standards to all of our current turnkey orders?

I suppose that means we will need to apply a sampling plan to our current inventory to check to see if we have counterfeits already in house?