Written by Matt Hartzell
Among the topics that most dominated the electronics news in 2012, counterfeit mitigation certainly ranked highly. The responses to these threats from counterfeit products have focused the direction of innovations along the wider, electronics supply chain. The key to the success rests with identifying who are trusted supply chain partners and how to best identify substandard parts.
Evolving quality standards
Understanding how quality is defined is central to achieving quality. Quality management systems (QMS) set up processes which define quality on an ongoing basis. The real strength of these continuous systems is their agility and inherent adaptability. For example, ISO 9001 , is considered a marker of a quality organization when they hold that certification. What ISO 9001 certifies though, is the internal business processes that demonstrate repeatability leading to consistency and standardized operations. These are business functions and are definitely characteristics of what quality means. So, by holding ISO 9001 certification, a company is providing means for the industry to recognize how that company is defining and seeking quality. Similarly, certification requirements of regular audits and demonstration of continuous improvements is also part and parcel of defining quality over time through consistency, agility to improve, and then to do so through a discourse that is recognized and agreed upon by the industry, namely through the certification processes. Finally, the iterative work that a company does in becoming accredited, step-by-step, to multiple certifications also acts as a means for the industry to understand how that company is defining quality for itself and within its business processes, from laboratories, to operations, to specialized markets, and so forth. Each additional certification tightens the QMS and further defines the company's continual goal of quality.
Understanding and then requiring industry recognized QMS standards is an essential part of a corporate quality strategy. Standards inform an enterprise’s understanding of what the industry recognizes as guidelines for approved processes and procedures, required technical knowledge and laboratory capabilities, which, in turn provide an objective means for evaluating supply chain partners.
Standards certification itself represents a company's commitment to continuous improvement as judged not only by internal metrics, but importantly by a third party, industry approved, auditing body. In this manner, we should understand that at any point, certification for or accreditation to a standard is recognition of a company having attained or surpassed the detailed set of standard requirements set forth by standards governing boards such as ISO or SAE, to name two of the best known. While industry standards are an essential and core set of procedures, they should be viewed as the starting point for evaluating supply chain partners. Again, this is one of those simple but often over looked, important points: just having once been certified in and/or accredited to a standard should really only be considered as a baseline for beginning the vetting of a supplier. Due diligence is essential and should be performed regardless of whether the supplier is a franchised or independent distributor. There is, of course, an array of important standards, affiliations, and registrations out there, and the list continues to grow with specialized requirements determined by specific industry requirements; such as for aerospace, aviation, defense, medical, or based on the type of distributor, etc.
Among the most common standards for today's semiconductor and electronics supply chain are the following:
Simply having a checklist based on these acronyms may not be enough for most manufacturers. Increasingly, governments and standards bodies are imposing duties and liabilities in specific situations for supply chain partners. For example, among the increased requirements and liabilities are those detailed in the US National Defense Authorization Act and in the latest revisions to the European Union (EU) Restrictions on Hazardous Substances (aka RoHS2) revisions pertaining to the more stringent and now mandatory Conformité Européenne (CE) product marking, product identification, traceability, and compliance demonstration through testing or assessment.
Ensuring compliance along the supply chain is not only important for meeting corporate QMS goals, it also has significant legal ramifications. Good corporate strategy today entails having vetted and determined a set of Trusted Partners for your approved vendor list (AVL) to turn to under all circumstances (normal through severe disruption). But to ensure that those who are trusted are capable of meeting the various legal and industry requirements, it is necessary to understand what the different certifications and standards entail and what they offer in terms of reporting, counterfeit mitigation capabilities, QMS, and essentially, traceability.
Drilling down: Counterfeit mitigation & traceability
Counterfeit mitigation (CM), while not a new concept, is taking a prominent role alongside QMS in light of increased counterfeiting and corresponding heightened standards. When understood as part of the corporate QMS strategic portfolio, CM similarly follows the requirement of demonstrable continuous improvement, in line with numerous industry standards and accreditation, such as the hallmark ISO 9001. CM can be understood as an essential subset to QMS, with the increased attention to embracing various global quality standards.
Interestingly, the expansion of environmental stewardship and electronic waste handling requirements, as underscored by Waste Electrical and Electronic Equipment (WEEE), Registration, Evaluation, Authorization and Restriction of Chemicals (REACH), and RoHS, are contributing additional dimensions to QMS, further supporting and outlining requirements that are also central to the CM tenet of traceability. In the case of WEEE, RoHS, and REACH, the issue of traceability is primarily one of chemical and material content coupled with the requirement of full life-cycle product planning.
Beyond these EU directives, the US NDAA legislation similarly focuses on traceability as central to ensuring best practices for CM. Traceability and CM are truly synchronous requirements. In order to best mitigate counterfeit product in the supply chain, regardless of the industry, a buyer must be confident that manufacturers’ markings are authentic and accurate. This requires a level of traceability back to the original manufacturer and/or the authorized distributor(s) as well as proof of the material and functional content of the goods. These are two aspects of traceability, one of the production lineage and one of the actual material of the purchased goods.
Within the semiconductor and electronics industry, because counterfeiting capabilities range from rudimentary to sophisticated levels, working with an accredited, technical laboratory that conducts the latest generation of testing protocols to the latest industry standards, such as ISO/IEC 17025, has moved from a 'nice to have' to a strategic practice. The ISO/IEC 17025 standard specifies general, cross-industry requirements for testing and calibration competency for technical, operational, and management systems. Those companies that have contextualized the laboratory specific ISO/IEC 17025 with the ISO 9000 series for quality management systems are particularly noteworthy because they have demonstrated both technical and procedural competencies. Therefore, the results coming from these labs are based on solid technical, hardware, operational, and knowledge competencies that are conducted by qualified professionals following recognized and standardized QMS protocols. Working with such accredited companies contributes significantly to anti-counterfeiting measures by ensuring that all points along the counterfeit mitigation and quality strategies are performed to the highest industry standards and are regularly audited.
The increases seen recently in the use of industry recognized laboratory testing have been due, in no small part, to the increased requirements of ensuring quality parts from a material content perspective, such as for RoHS, REACH, or WEEE and from a traceability perspective, such as for flow down reports and CM. The international aspect of the ISO/IEC 17025 accreditation is important in today's global market because it provides a recognized and established means for evaluating labs. Results from these labs are accepted in all countries that recognize the standard.
Important to the ongoing work in continuous quality improvements along the semiconductor supply chain, is the parallel, and often slow work in coming to agreements on defining quality electronic parts, or rather the reverse, defining what comprises the set of counterfeit, fraudulent, or suspect counterfeit electronic parts. This is important work because standardized definitions for how to classify part quality and status directly translates to the ability to set up operational requirements for purchasing and for QMS. In turn, the definitions for counterfeit, fraudulent, and suspect parts have direct legal ramifications pertaining to liability and punishment for those dealing in fraudulent and/or counterfeit parts.
In the case of the US NDAA legislation, Section 818, Detection and Avoidance of Counterfeit Electronic Parts (pp.1493 – 1501), the question of defining counterfeit and suspect counterfeit parts is directly addressed in the wording of the original law and the subsequent, required, amendments. Section 2320 defines counterfeit in subsection (f)(1.)(A) as "a spurious mark […]" and in (f)(1.)(B) as a "spurious designation […]" which is intended to deceive and infringe on US trademark law, aka, the Lanham Act. More problematic, these definitions must now include fraudulent parts as "counterfeit."
Defining the problem: Fraud v. counterfeit
Regarding the remarking of parts, the definition of counterfeit requires further refinement. The issue of remarking is central because of the high number of obsolete or end-of-life (EoL) parts needed to replace components in older systems; a target point for counterfeiters due to its high mix, high demand but low volume characteristics.
Remarking is a broad area within counterfeiting and requires careful dissection to render the best mitigation efforts successful and improve detection and removal of these illegal parts. Definitions aide in focused testing and proper classifications of parts. Remarking covers at least the following three types of counterfeit parts:
- Used, recycled or refurbished parts removed from old products and falsely presented as new;
- Product revisions, where the original component manufacturer (OCM) has authorized certain distributors and others to remark;
- Parts which may have been wholly fabricated or contain similar product and remarked illegally in a criminal facility to look like authentic parts.
As it stands, a critical definitional issue rests in the first case, above. Namely that if a part has been "cleaned up" and NOT remarked, it is fraudulent but not strictly counterfeit, by any pre-NDAA definition. Whereas, if it is both "cleaned up" and remarked, it is both fraudulent AND counterfeit. By definition, the second case represents remarked but not counterfeit, and the third represents what is typically understood as the "classic" counterfeit scenario. Another way to understand these distinctions is through the following diagram that represents the spheres and intercepts of the superset of suspect parts in which the subsets of fraudulent and counterfeit parts are embedded.
|| Venn diagram illustrating hierarchy of suspect, fraudulent, and counterfeit parts and intercept of fraud in supply chain and by vendor, respectively.
Navigating the supply chain with Trusted Partners
The point of these drilldown discussions into some of the more recent issues and challenges is to allow us to see that there are important, far-reaching changes in traceability which heighten the expectations of suppliers' QMS. Two concrete examples are that this fall the US NDAA came into full effect, and beginning in January 2013, RoHS2 (aka RoHS Recast) will similarly be in force. Together, if taken as representative of the global supply chain changes and corporate QMS goals, we note a few elements consistent across recent legislation:
- Focus on "flow down records," that is, traceability of purchasing flow along the supply chain
- Increased requirements for record retention of transactions and flow down information
- Improved tracking metrics and attention to processes, procedures and compliance
- Dedicated, industry-wide attention to improving counterfeit mitigation strategies and methods:
- Defining terms, protocol, reporting, and liabilities
- Focus on prevention through traceability and testing
- Increased focus on standards and accreditation requirements for distributors
- Focus on purchasing through the above record-keeping requirements and reporting; and
- Recognition of the need for multiple Trusted Partners as suppliers during normal business and disruption events
We can distill this list further by considering the actionable business requirements that are the hallmarks of the latest service offerings:
- Agreed use of terminology (that is, standards for how to classify parts as fraudulent, counterfeit, or merely suspect); and
- A focus on traceability (that is, knowing the history of interactions along the supply chain).
By looking at how to engage and adapt best-in-class QMS to meet the latest CM requirements, and considering the availability of sophisticated, dedicated laboratories for testing available today, the industry-wide goals of improving quality with special attention to counterfeit reduction are within reach. The key to the success rests with identifying who are trusted supply chain partners and how to objectively evaluate inclusion in this critical category.
At Smith & Associates our history and expertise is steeped in the understanding of solving real-world business challenges, pushing QMS standards to the next level, and keeping abreast of the latest legislative and regulatory requirements globally. As a result of this agility, we are able to provide a dynamic set of services that are rooted in industry-recognized certifications and accreditations while incorporating innovative yet standardized counterfeit mitigation processes, procedures and detection mechanisms through our sophisticated laboratories.
Becoming a trusted supply chain partner is a process and one that is squarely found at Smith's core. As we have matured in parallel with the industry, we have learned to identify the synergies across industry standards, regulations, mitigation strategies, and real-world business needs. The outcome has been the continuous evolution of our supply chain services that we provide to our clients but which are based on our own QMS strategies and goals for our internal operations. The challenges we face and turn into opportunities are based on understanding the wider supply chain changes and challenges.