In today’s Federal Register, the DoD is proposing a few rules, but two in particular jumped out at me as something I should make sure my network knows are out there. We will cover the DFARS proposed rule on Counterfeit Detection today and the potential new FPRA checklist tomorrow.
Purchasing System in the Crosshairs
The first proposed rule addresses the detection and avoidance of counterfeit electronic parts. I am all for avoiding a counterfeit part (who wants a knock-off transistor in their “Walkman” anyway?). The question is whether we need to mandate this issue.
There is the additional onus on the contractor placed by Section 818 of the NDAA of 2012. Contractors are already responsible for quality assurance standards for manufacturing products to be sold to the government. It stands to reason if a part would go through enough scrutiny to pass quality assurance, it should be up to the performance standards. Now, the additional layer of responsibility is being placed to determine where/when/how the parts and components were manufactured.
Let’s take a look back here. A couple years ago prime contractors were asked to hold the hand of a subcontractors by requiring certain clauses to flowdown the tiers. After the knee-jerk reaction of including everything, there is a little more common sense being applied. Now, though, it is more like passing the buck instead of a cooperative agreement. Many times the lower-tier subcontractors haven’t needed to be compliant – now they are all of a sudden and they don’t know how to handle it. The prime’s are requiring “certification” of compliance with the clauses flowed down and the subcontractors sign off without a full understanding in some cases.
The writing is on the wall for this same reaction to this proposed rule. The manufacturer will be going to its suppliers to ask for certifications – a simple task – but the counterfeit pieces of a component could be deep in the supply chain. How far down the path does a contractor need to go?
It is important to take a look at the definitions of parts in this proposed rule.
Counterfeit part – an unauthorized copy or substitute part that… has been misrepresented to be from a legally authorized source.
Electronic part – integrated circuit, a discrete electronic component, or a circuit assembly.
The list goes on for definitions, but I wanted to call attention to “misrepresented to be from a legally authorized source.” If I go to a store and ask for an iPhone5 and the store normally sells iPhone5s, I can be reasonably assured the product I get is not counterfeit. But this may not be enough, the proposed rule goes on:
(b) System criteria. A contractor’s counterfeit electronic part avoidance and detection system must address, at a minimum, the following areas:
(1) The training of personnel.
(2) The inspection and testing of electronic parts, including criteria for acceptance and rejection.
(3) Processes to abolish counterfeit parts proliferation.
(4) Mechanisms to enable traceability of parts to suppliers.
(5) Use and qualification of trusted suppliers.
(6) The reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts.
(7) Methodologies to identify suspect counterfeit parts and to rapidly determine if a suspect counterfeit part is, in fact, counterfeit.
(8) The design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts.
(9) The flow down of counterfeit avoidance and detection requirements to subcontractors.
Ouch! Did you catch all that? Quality Assurance isn’t enough under this rule, but now we must establish a process “to abolish counterfeit parts proliferation.” I know this is only meant to be a tone-at-the-top statement of policy, but it seems the abolition of counterfeit parts would better be served by an entity with more power to actually do something about those parts.
Also, numbers 7 & 8 seem a little vague. I am not a big fan of things like “rapidly” instead of a timeframe. I also wouldn’t relish the idea of an entire system (as part of my purchasing system) “to detect and avoid” not just “counterfeit electronic parts” but also the “suspect counterfeit parts.” I think #9 was just thrown in for good measure.
I know the only way the government is going to find these parts is through manufacturer oversight, but it just seems like the wrong way to ask for this kind of reporting. Especially considering the implications…
The purchasing system… “the rule proposes to modify the clause at DFARS 252.244-7001, Contractor Purchasing System Administration, to add system criteria for the contractor’s purchasing system…”
What this means is there is an additional requirement in the Contractor Purchasing System Administration, Section (c). The re-definition of what it means to have an “Acceptable purchasing system” would include the detection and reporting of counterfeit electronic parts. The requirements listed are related to policies and procedures, organizational structure, and quality part selections. The one related to part selection is the one that expands the quality assurance function to also include counterfeit detection.
I am not sure whether this rule will actually become final, but I am sure the discussion on the FR comments page will be a good one with plenty of responses. It does seem to me though that there is a simple justification for not making this final and it goes back to my auditing days. Auditors are not responsible for finding fraud – that is really the purpose of fraud is to get away with it. Contractors should not be responsible for finding counterfeits – that is really the purpose of counterfeiting is to make it believable.
PS – I arrived at the end of this post and realized I didn’t even get into whether we should be so concerned over the electronics, it seems there could be something a bit bigger to try to track down. :-)