Risk Mitigation for Counterfeit Electronic Parts

IEC Electronics Analysis and Testing Laboratory once again received ISO/IEC 17025:2005 accreditation.
The scope of the ISO/IEC 17025:2005 accreditation includes several SAE AS6171 test methods for suspect/counterfeit electrical, electronic and electromechanical (EEE) parts. According to the company, IEC is the first and only electronic manufacturing services (EMS) provider with an on-site testing laboratory to receive this accreditation with the addition of SAE AS6171 test methods. The ISO/IEC 17025:2005 accreditation is the internationally accepted specification of general requirements for the competence of testing and calibration laboratories. The SAE AS6171 test methods were developed specifically for laboratories for the detection and avoidance of suspect/counterfeit parts. The company also asserts that, currently, SAE AS6171 is the only standard that provides uniform requirements, practices, and test methods, making it more stringent than other counterfeit avoidance protocols.

What is SAE AS6171?
This SAE Aerospace Standard standardizes inspection and test procedures, workmanship criteria, and minimum training and certification requirements to detect suspect/counterfeit electrical, electronic, and electromechanical (EEE) parts. The requirements of this document apply once a decision is made to use parts with unknown chain of custody that do not have pedigree back to the original component manufacturer, or have been acquired from a broker or independent distributor, or when there are other known risk elements that result in the user to have concerns about potential counterfeit parts. The tests specified by this standard may also detect occurrences of malicious tampering, although the current version of this standard is not designed specifically for this purpose. This standard ensures consistency across the supply chain for test techniques and requirements based on assessed risk associated with the application, component, supplier, and other relevant risk factors. The requirements of this document supplement the requirements of a higher level quality standard (e.g., AS9100, AS9003, AS9120, ISO 9001) and other quality management system documents. They are not intended to stand alone, supersede, or cancel requirements found in other quality management system documents, or requirements imposed by contracting authorities.

This standard should be utilized when parts are not available from sources with known traceability to the original component manufacturer (OCM), original equipment manufacturer (OEM) for electromechanical parts, or authorized manufacturer. The requirements of this document specify testing based on acceptable levels of risk for a program or customer, to identify anomalies or performance issues that may indicate suspect counterfeit and counterfeit activity. No amount of testing can confirm an item as authentic; this would require that there be a known, unbroken chain of custody to the OCM/OEM or authorized manufacturer. This standard does not apply to parts obtained directly from a trustworthy authorized supplier with traceability to the OCM/OEM or authorized manufacturer.
Why SAE AS6171?
Counterfeit electronic components have caused many challenges in the electronics industry, especially when dealing with parts supply chain obsolescence management. One method of addressing the problem has been the creation of industry standards to try and deal with it. Mark Northrup, vice president of technology for IEC Electronics Corp., emphasizes, “There are so many counterfeit avoidance documents now that it is getting hard to keep track of all of them.”

SAE, through their G19 committee, has recently released the new SAE AS6171, the bookshelf of counterfeit avoidance standards. A general overview of all of SAE G19 committee standards, and related documents, always helps those unfamiliar to make sense of it all. It all begins with an end customer, the government or private entity, placing requirements on their subcontractor to have a counterfeit risk mitigation testing plan in place. The SAE G19 committee has completed their group of counterfeit avoidance standards that take this requirement from the original contractor through the company purchasing the electronics components from the open market. OEMs that are concerned with, or are required to mitigate the risk of suspect counterfeit electronics components, can adopt and become certified to SAE AS5553, which will guide them on methods to avoid and detect suspect counterfeit electronics components. A sister standard, SAE AS6081 (QTSL), was created for independent distributors to comply with an SAE AS5553 compliant manufacturer’s requirements, thus creating complementary standards. The SAE AS6171, which is now published, provides the detailed risk evaluation instructions, as well as more detailed instructions on how to test suspect counterfeit electronic components. The ISO/IEC 17025 standard is used for accrediting test facilities, such as those performing the tests prescribed in SAE AS6171. An accreditation confirms that the test laboratory and their staff have the proper equipment and training to be able to perform specific tests. SAE AS6081 (Revision A, which the SAE G19 committee is working on finalizing) points to the now released SAE AS6171 for the required product verification tests, referred to as ‘slash sheets’, as opposed to the current procedures within SAE AS6081, which points to an embedded lot sampling plan. For example, an independent distributor will now partner with a testing laboratory that is 17025 accredited to perform the various tests required by AS6081-A.

Lori LeRoy, principal at Global IC Trading Group Inc., which is a QTSL approved company and is compliant to the existing AS6081 requirements, shared her thoughts on the pending new release of AS6081:

“Until the final release, I can only speculate on the requirements of the published document. However, the section of AS6081-A that addresses verification of product will either require testing per AS6171, or provide the organization more flexibility for which standard they use to conduct the required inspection/testing steps. If AS6171 is required, ISO 17025 accreditation will also be required. This will force independent distributors that have already made the investment in equipment and training to either obtain ISO 17025 accreditation for EACH required test, or to partner with a test facility with 17025 accreditation, such as IEC, to perform the required tests on their behalf. Currently Global IC Trading is ISO 9001, AS9120, ANSI /ESD S20.20, CCAP Certified and a DLA QTSL. I concur with Mark Northrup that all the various standards, certifications and accreditations can be confusing. It is also very costly and time consuming, and as a small business one challenge we face is balancing the costs associated with certifications and accreditations along with the requirements of customers and government contractors. We need to ensure there is a return on investment and a correlation with increased revenue.”

The October 2016 ‘Source of Electronic Parts’ DFAR 252.246.7008 states:

“Contractor-approved supplier” means a supplier that does not have a contractual agreement with the original component manufacturer for a transaction, but has been identified as trustworthy by a contractor or subcontractor.

The term ‘trusted supplier’ was introduced in 2012 NDAA, Section 818 on April 10, 2012 and the industry was optimistic that a clear definition and requirement flow down would be established to become a ‘trusted supplier’. Six years later there is still no clear definition of trusted supplier or ‘trustworthy,’ and no clear pathway to become a trusted supplier. Today there are so many more standards, certifications and accreditations to consider, making it more challenging to understand what is actually necessary. The goal for all of us is to reduce the risk of counterfeit product entering the supply chain. Certifications, accreditations and a solid education in counterfeit prevention will reduce this risk, but will not eliminate it. Another suspect counterfeit electronic component standard that has been added to the mix is the SAE AS6496, which was created for authorized distribution, and primarily utilized for the return of product from their customers. The SAE’s G19 committee has been working very hard to create all of these needed documents.
ISO/IEC 17025
ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests and/or calibrations, including sampling. It covers testing and calibration performed using standard methods, non-standard methods, and laboratory-developed methods. It is applicable to all organizations performing tests and/or calibrations. These include, for example, first-, second- and third-party laboratories, and laboratories where testing and/or calibration forms part of inspection and product certification. ISO/IEC 17025:2005 is applicable to all laboratories regardless of the number of personnel or the extent of the scope of testing and/or calibration activities. When a laboratory does not undertake one or more of the activities covered by ISO/IEC 17025:2005, such as sampling and the design/development of new methods, the requirements of those clauses do not apply. ISO/IEC 17025:2005 is for use by laboratories in developing their management system for quality, administrative and technical operations. Laboratory customers, regulatory authorities and accreditation bodies may also use it in confirming or recognizing the competence of laboratories. ISO/IEC 17025:2005 is not intended to be used as the basis for certification of laboratories. Compliance with regulatory and safety requirements on the operation of laboratories is not covered by ISO/IEC 17025:2005. Looking forward, there is a joint effort between SAE sub-committee G-19 Counterfeit Electronic Parts Committee and the accreditation bodies (ANAB, A2LA) to develop a standard, AS6810 “Requirements for Accreditation of Test Laboratories Performing Detection of Suspect/Counterfeit EEE Parts in Accordance with AS6171 General Requirements and the Associated Test Methods.” Within this standard there is clear definition as to the expectations of the end users and laboratories that seek accreditation to conduct the AS6171 tests. The standard will emphasize the technical competence of the laboratory personnel as well any reporting requirements. This standard will be used in conjunction with ISO 17025 when laboratories seek accreditation with the AS6171 test methods within their scope of accreditation. It is anticipated that this standard will be in active in 2019.

Customer Solutions
IEC Electronics is an EMS provider that employs a team of experts who help to minimize the supply chain risk for its customers by developing custom risk mitigation test plans, performing in-house testing, and seamlessly integrating the testing into its manufacturing environment. IEC Electronics Analysis and Testing Laboratory (IATL) on-site laboratories use these advanced methodologies as requested by customers to perform sophisticated manufacturing process development and state of the art testing for components, printed circuit board assemblies, cables, and system assemblies. IEC electronics is the only EMS that has an on-site ISO 17025 AS6171 Accredited and is a DLA QTSL approved testing lab that offers the full spectrum of DPA testing per military standards. Whether it is conducting failure analysis, material evaluations, or exhaustive tests like destructive or nondestructive physical analysis IEC can provide customers a suspect counterfeit test mitigation methodology solution.

ANAB
Upon determining its scope of accreditation as its next critical step, IEC Electronics contacted ANAB’s Roger Muse for the ISO/IEC 17025 path to the SAE AS6171 accreditation.The ANSI-ASQ National Accreditation Board is one of the largest accreditation bodies in the United States. ANAB is a nonprofit, non-government accreditation body which plays an important role in ensuring the safety and quality of goods and services and in protecting the environment. ANAB accredits certification bodies, calibration and testing labs, forensic science service providers, inspection bodies, reference material producers, and proficiency test providers. ANAB conducts audits to make sure clients follow international standards and are competent to do their work. The work that it does helps facilitate international trade and eliminates the expense of redundant audits and tests.

The G19 Committee designated ANAB as one of the accreditation bodies required for registered testing laboratories (RTL) for the SAE AS6171 accreditation. ANAB has a 97% customer retention rate and is highly regarded in the accreditation community. After undergoing an accreditation assessment, IEC Electronics Analysis and Testing Laboratory recognized ANAB assessor Steve Dale for his skills and knowledge as well ashis ability to engage in a courteous and meaningful manner.

How Best to Mitigate Suspect Counterfeit Electronics
One of the challenges facing the electronics industry has been how best to mitigate suspect counterfeit electronic components from entering supply chain product reliability. “Routinely, IEC Electronics Analysis and Testing Laboratory is asked by customers about suspect counterfeit electronics components risk mitigation testing methodologies,” said Northrup. The common testing methods discussed are IDEA, CCAP, QTSL (SAE AS 6081), SAE AS6171, and DLA per military standards (e.g., 202, 750, 883, and 1580). The company also mentioned many customers are confused about interpreting accreditation, certification, and suitability terminologies associated with each of these testing methods. “Each time the customer asks, we discuss testing per each one these methods requested, differences between each, and we avoid answering which one is the best. The recent evolution of the SAE AS6171 from the G19 Committee Members is another path for customers to select. Now when a customer contacts us we always convey that no amount of testing yields ‘zero risk.’”

DFARS 252.246.7008 Guidance Document
The recent DoD issued DFARS 252.246.7008 communicates new guidance on how parts can be procured regarding liability and safe harbor for government contractors and their supply chain. The three categories defined are:

Category 1: Original Equipment Manufacturer which is the preferred supplier

Category 2: Contractor Approved Supplier (CAS)

Category 3: Appropriate Inspection Test & Authentication (IT&A)

But DFAR 252.246.7008 falls short by not specifying which of the testing methods via IDEA, CCAP, QTSL (SAE AS 6081), SAE AS6171, or DLA per military standards (e.g., 202, 750, 883, and 1580) is preferred.

ANAB

(414) 501-5455

IEC Electronics Analysis and Testing Laboratory (IATL)

Albuquerque, NM

www.iec-electronics.com