Counterfeit parts prevention - Audit Nonconformance - AS9100 8.2.2

[Kirby]

I hope this is the correct way to submit this question for discussion.
In our first AS9100 surveillance audit we were given a minor NC written against 8.2.2 c. / d. regarding counterfeit parts prevention. Auditor's comment:

"The Organization's Management Confirms that an accepted Customer Purchase Order includes a Requirement for the Organization to "establish and maintain a Counterfeit Parts Prevention and Control Plan using Industry Standard AS6174 as guidance", but that the Organization lacks awareness as to requirements included in SAE AS6174.”

Our management team has determined that our response should be to submit a Counterfeit Parts Prevention and Control Plan using Industry Standard AS6174 as guidance and perhaps, as a supporting action, revise some verbiage in our Customer Related Processes to speak to our RFQ / contract review.

I initially agreed but as I re-read the comment I'm beginning to believe that the lack of a counterfeit control plan is just a result of weak contract review and that the proper response would be to put our emphasis on the Customer Related Processes (where we address customer requirements). Of course we need a control plan but is this really a part of our corrective action for this finding?

 

[Al Rosen]

Do you have a Counterfeit Parts Plan according to 8.1.4?

 

[Kirby]

We reference counterfeit parts in our Control of Nonconforming Outputs procedure and we had conducted counterfeit detection training that, as it turns out, is aligned with AS6174 (to be honest we didn't realize it at the time, the training was "benchmarked" from another customer) but we do not have procedure / work instruction that addresses all of the requirements / guidance of AS6174 as our customer requires.

 

[Golfman25]

Is "guidance" a requirement?

 

[Al Rosen]

Is "guidance" a requirement?

The customer requirement was a plan. I would expect a documented plan.

 

[Cari Spears]

Hi, Kirby -

We received a nonconformance from a customer auditor because we did not have a documented counterfeit part procedure. Then we had another customer audit a few months later, and he wrote a nonconformance because we only referenced AS6174, not AS5553 also, lol. We don't make parts, we make tooling and ground support equipment, so our procedure wouldn't fit most organizations, but maybe it will give you some ideas.

 

[Kirby]

Thanks to everyone for your observations and input.

- Al Rosen - Yes, we do understand that a control plan is in order, at the risk of really showing my ignorance, is "Control Plan" a specific document type as used in this context? Years ago I worked in an automotive system and we were required to develop process control plans for customer approval, as I recall there was a specific format defined by SAE (or some other group, maybe it was the organization's or customers' format?).

- Golfman25 - This particular customer states "...using Industry Standard AS6174 as guidance ... " for development of a control plan. I'm not trying to manipulate words, but I think that may afford some latitude in the content of the documented plan, as opposed to "...in accordance with..." which would require strict adherence?

- Cari Spears - Thanks for the example. We may use it as a baseline for our document, at least it may shed some light on the question that I asked Al Rosen, this is your "Control Plan" written as a procedure?. I must tell you, it's a small world, our company includes your company in our customer base!

The original post was directed more towards the proper response (CA) for the finding. It seems like you folks are indicating that the response should include the Counterfeit Control Plan, I'll plan to do that, but shouldn't the root cause be more like "Ineffective customer requirements review" (I think this is supported by the auditor citing 8.2.2 rather than 8.1.4? I realize that the RC that I mentioned above may be just restating the finding but I'm not sure what to add unless I try to attribute it to our AS9100 QMS being relatively new so we're still learning and improving, and then CA would include training to 8.2?

Once again, your input is sincerely appreciated, I'll never cease to be amazed (and grateful) for the giving and sharing of the Quality community.

 

[Al Rosen]

Hi, Kirby -

We received a nonconformance from a customer auditor because we did not have a documented counterfeit part procedure. Then we had another customer audit a few months later, and he wrote a nonconformance because we only referenced AS6174, not AS5553 also, lol. We don't make parts, we make tooling and ground support equipment, so our procedure wouldn't fit most organizations, but maybe it will give you some ideas.

Cari, If you don't purchase EEE parts AS5553 is not applicable.

 

[Cari Spears]

Oh, I know - that's why I didn't list it in the reference documents when I first wrote it for the other customer's finding. I argued "gently" that it wasn't applicable, but he insisted, and just adding it to the referenced documents made him happy . (Which just goes to show that there wasn't any kind of risk - I didn't make any changes to the actual process.)

 

[Cari Spears]

Kirby -

We do not create a specific plan for each product. The procedure is what we do for all work. Again - we make tooling and ground support equipment. If you are producing fly away parts or working at a repair station or something, your requirements will be a lot different.

Your customer requirement says "Counterfeit Parts Prevention and Control Plan" - does that mean a general company plan to prevent counterfeit parts and control them if you find them? Or does it mean a control plan per job or part number or whatever? What does your company make?

And I do agree with you that you should direct your main root cause on reviewing customer requirements. Creating your plan for counterfeit parts and acquiring and becoming familiar with AS6174 is just part of the immediate correction. I'd review all customer requirements for any others that aren't currently being met, then change your contract review process - or whatever your process is called - to include a review to ensure those requirements haven't changed since the last contract.