What is APQP and why is it important?

Advanced Product Quality Planning (APQP) is a structured framework used in manufacturing to ensure products meet customer requirements. It defines five phases from planning through production validation, with key outputs including Process Flow Diagrams, PFMEAs, Control Plans, and Inspection Plans. QualityEngineer.ai automates APQP document creation with AI, generating interconnected documents where each feeds context into the next.

What are the 18 elements of a PPAP submission?

The 18 PPAP elements are: 1) Design Records, 2) Engineering Change Documents, 3) Customer Engineering Approval, 4) Design FMEA, 5) Process Flow Diagram, 6) Process FMEA, 7) Control Plan, 8) Measurement System Analysis, 9) Dimensional Results, 10) Material/Performance Test Results, 11) Initial Process Studies, 12) Qualified Laboratory Documentation, 13) Appearance Approval Report, 14) Sample Production Parts, 15) Master Sample, 16) Checking Aids, 17) Customer-Specific Requirements, and 18) Part Submission Warrant. QualityEngineer.ai tracks all 18 elements with AI-powered gap analysis.

What is a Control Plan in manufacturing?

A Control Plan is a living document that describes the methods and controls needed to ensure product quality at each step of the manufacturing process. It specifies what characteristics to measure, how to measure them, sample sizes, frequencies, and reaction plans when measurements fall out of specification. Control Plans are a required output of the APQP process and a key element of PPAP submissions.

What is PFMEA and how does it relate to Control Plans?

Process Failure Mode and Effects Analysis (PFMEA) identifies potential failure modes in a manufacturing process, their causes, and their effects. Each failure mode is scored for severity, occurrence, and detection to calculate a Risk Priority Number (RPN). The PFMEA directly feeds the Control Plan: high-risk failure modes identified in the PFMEA require corresponding controls, inspection methods, and reaction plans in the Control Plan.

What quality standards does QualityEngineer.ai support?

QualityEngineer.ai supports major manufacturing quality standards including IATF 16949 (automotive), ISO 9001 (general quality management), AS9100 (aerospace), ISO 13485 (medical devices), and VDA 6.3 process audits. The platform covers automotive PPAP, FMEA, APQP, MSA, and SPC workflows, and is designed to help quality engineers meet audit requirements across these frameworks.

Counterfeit Parts Prevention: How AS5553, AS9100 Clause 8.1.4, and DFARS Fit Together

A defense prime sends you a flowdown for a board assembly. Buried in the purchase order is a line that reads "Contractor shall maintain a counterfeit electronic part detection and avoidance system in accordance with DFARS 252.246-7007 and procure electronic parts in accordance with DFARS 252.246-7008." Your AS9100D certificate is current, your supplier list is approved, and your buyer has been sourcing the same microcontroller from the same broker for three years because it is forty percent cheaper than the franchised distributor. The question that decides whether this contract becomes a finding is simple: can your team prove that every electronic part in that assembly came from a source the standard recognizes, and can you produce the documented system that controls it?

Counterfeit parts prevention is one of the few quality requirements where the gap between "we have a procedure" and "we have a system" is visible from across the room. An auditor does not need to read your whole QMS. They pull one purchase order for an electronic part, ask where it came from, and follow the traceability back to an original component manufacturer or an authorized distributor. If the trail ends at an independent broker with no test evidence, the system has failed regardless of how the procedure is worded.

This guide walks through the standards that govern counterfeit prevention, what an avoidance system actually has to contain, the authorized distributor rule that anchors the whole thing, GIDEP reporting obligations, and the AS6171 test methods that back up a suspect-part call.

The Standards Stack: AS5553, AS9100, and DFARS

Counterfeit prevention is governed by three layers that reference each other, and most suppliers only learn how they connect after a finding.

AS9100D Clause 8.1.4 is the QMS-level requirement. It says the organization shall plan, implement, and control processes for the prevention of counterfeit or suspect counterfeit parts and their inclusion in product delivered to the customer. The clause lists considerations the organization has to address: training of personnel, application of obsolescence monitoring, controls for acquiring parts from original or authorized sources, requirements for assuring traceability of parts to those sources, verification and test methodologies to detect counterfeit parts, monitoring of counterfeit parts information from external sources, and quarantine and reporting of suspect or detected counterfeit parts. If you are AS9100 certified, you already own this requirement whether or not a customer flows down anything more specific.

SAE AS5553 is the detailed implementation standard for electrical, electronic, and electromechanical (EEE) parts. Its full title is "Counterfeit Electrical, Electronic, and Electromechanical (EEE) Parts; Avoidance, Detection, Mitigation, and Disposition." It has moved through several revisions since the 2009 original; the current revision is Rev D. AS5553 turns the high-level AS9100D 8.1.4 considerations into a structured set of risk-based requirements and gives you a counterfeit electronic parts control plan template to build against. Where 8.1.4 says "verification and test methodologies," AS5553 tells you how to think about which methods to apply at which risk level.

DFARS 252.246-7007 and 252.246-7008 are the contractual layer for U.S. Department of Defense work. The 7007 clause requires covered contractors to establish and maintain an acceptable counterfeit electronic part detection and avoidance system. The 7008 clause governs sources of electronic parts and pushes procurement toward original manufacturers and authorized suppliers. These clauses apply to contractors subject to the Cost Accounting Standards, but the system criteria they define have become the de facto baseline that primes flow down to everyone in the supply chain.

The relationship is layered, not redundant. AS9100D 8.1.4 makes counterfeit prevention part of your certified QMS. AS5553 gives you the EEE-specific method. DFARS makes a specific system mandatory and reportable for defense work. A supplier who treats these as three separate binders ends up with three procedures that contradict each other. A supplier who treats them as one system with three audiences passes all three audits with one set of records.

What a Counterfeit Avoidance System Actually Contains

DFARS 252.246-7007 defines twelve system criteria, and they map almost one-to-one onto the AS9100D 8.1.4 considerations. An acceptable counterfeit electronic part detection and avoidance system addresses each of these:

System element	What it means in practice
Training	Buyers, receiving inspectors, and engineers are trained to recognize counterfeit risk and the procedure that controls it.
Inspection and testing	Risk-based inspection and test on incoming electronic parts, scaled to the source and the criticality.
Traceability	Documented traceability of parts back to the original component manufacturer (OCM) or original equipment manufacturer (OEM).
Trusted suppliers	A process to identify and use OCMs, OEMs, and authorized or franchised distributors, and to qualify any other source.
Suspect part control	Methodologies to identify suspect counterfeit parts and to quarantine them so they cannot reach product.
Reporting	Reporting and quarantining of suspect or confirmed counterfeit parts, including GIDEP reporting.
Failure response	A process for responding to and dispositioning counterfeit parts found in inventory or in delivered product.
Flowdown	Counterfeit prevention requirements flowed down to subcontractors and suppliers.
Staying informed	A process for keeping continually informed of current counterfeiting information and trends.
Screening GIDEP	A process for screening GIDEP reports and other credible sources for counterfeit information.
Control of obsolete parts	Design, operation, and maintenance of systems to detect and avoid counterfeit and obsolete parts.
Use of trusted sources	Procurement that prioritizes original and authorized sources before open-market sources.

The criteria are not a checklist you satisfy once. They describe a living system. The two that suppliers most often underbuild are traceability and staying informed. Traceability fails because the buyer bought from a broker who could not provide a clean chain back to the OCM. Staying informed fails because nobody owns the GIDEP screening and it lapses the moment the one person who did it leaves.

The Authorized Distributor Rule

The single decision that drives counterfeit risk is where the part comes from. The supply chain has a clear hierarchy, and the standard wants you at the top of it.

Original Component Manufacturer (OCM) or Original Equipment Manufacturer (OEM). Buying directly from the company that made the part is the lowest-risk path. Full traceability, no intermediate handling, no relabeling opportunity.

Authorized or franchised distributor. A distributor with a contractual franchise agreement from the OCM. The part flows from the manufacturer to the distributor under a controlled chain. AS6496 is the SAE standard that governs counterfeit avoidance for these authorized distributors. This is the second-best source and the one most aerospace suppliers should default to.

Independent distributor or broker (the open market). A source that buys and sells parts on the open market without a franchise agreement. This is where counterfeit risk concentrates. Relabeled parts, parts pulled from scrapped boards, parts with forged date codes, and parts that never met spec all enter the supply chain here. AS6081 is the SAE standard specifically written for fraudulent and counterfeit avoidance when buying from independent distributors, and it imposes a much heavier test and inspection burden precisely because the source carries more risk.

The rule that follows from this hierarchy is procurement-first prevention: buy from the OCM or an authorized distributor whenever the part is available, and treat open-market purchases as an exception that triggers the full AS6081 test regime. DFARS 252.246-7008 codifies this by requiring contractors to obtain electronic parts from original manufacturers, their authorized suppliers, or suppliers that meet specified traceability and inspection criteria when the original sources are not available.

The hard cases are obsolete and long-lead parts. When the OCM has discontinued a microcontroller and the only stock is on the open market, the supplier cannot simply refuse to build. This is where obsolescence monitoring earns its place in the system. A supplier who tracks end-of-life notices and last-time-buy windows can secure authorized stock before the part goes obsolete, instead of being forced into the broker market two years later with no good options.

GIDEP: The Reporting Obligation Most Suppliers Miss

The Government-Industry Data Exchange Program (GIDEP) is the shared database where industry and government report suspect and confirmed counterfeit parts. It serves two functions in a counterfeit avoidance system, and most suppliers only build one of them.

Screening GIDEP means checking incoming GIDEP alerts against your inventory and your bills of material. If GIDEP publishes an alert on a counterfeit lot of a specific part number with a specific date code, your system has to catch whether you hold any of that stock or have shipped it. This is the input side, and it is part of the "staying informed" and "screening GIDEP" system criteria.

Reporting to GIDEP means filing a report when you detect a counterfeit or suspect counterfeit part. Under DFARS 252.246-7007, covered contractors are required to report counterfeit and suspect counterfeit electronic parts to GIDEP within sixty days of becoming aware of them. This is the output side, and it is the obligation suppliers most often miss because reporting a counterfeit feels like admitting a problem. It is not. Failing to report when the clause requires it is the actual finding.

A working GIDEP process has a named owner, a defined screening frequency, a documented link from a GIDEP alert to an inventory check and a BOM check, and a defined trigger and timeline for filing a report. If your procedure says "we monitor GIDEP" with no owner and no frequency, an auditor will ask for the last screening record, and the date on that record will tell the whole story.

Detection: The AS6171 Test Methods

When a part comes from a source that does not carry full authorized-distributor traceability, the system has to fall back on physical detection. AS6171 is the SAE standard that defines the suspect counterfeit part test methods and a risk-based framework for selecting them. The methods escalate from non-destructive and inexpensive to destructive and costly:

External visual inspection. The first and cheapest screen. Inspectors look for evidence of remarking, resurfacing, sanded part surfaces, mismatched date codes, lead damage from desoldering, and packaging anomalies.
Remarking and resurfacing tests. Solvent tests and surface examination to detect whether part markings have been removed and reapplied.
X-ray and X-ray fluorescence (XRF). X-ray reveals internal die and bond wire anomalies without opening the part. XRF checks the material composition of leads and finishes against what the genuine part should show.
Scanning acoustic microscopy. Detects delamination, voids, and evidence that a part has been previously used and reflowed.
Decapsulation and die analysis. Destructive. The package is opened to inspect the die, verify the manufacturer logo and die markings, and confirm the part is what the label claims.
Electrical test. Verifying the part performs to its datasheet parameters, which catches functional counterfeits that pass visual inspection.

The point of the AS6171 framework is that you do not run every method on every part. You assess the risk based on the source, the part criticality, and the application, and you select a test level that matches. A franchised-distributor part in a low-criticality application may need only documentation review. An open-market part going into a flight-critical assembly may need the full destructive workup on a sample. Documenting that risk-based selection is what turns a pile of test reports into a defensible system.

Building the System Into Your Supplier Quality Process

Counterfeit prevention is not a standalone program. It lives inside supplier qualification, incoming inspection, and the corrective action loop that already exist in your QMS.

Supplier qualification carries the source classification. Every supplier of electronic parts gets classified as OCM, OEM, authorized distributor, or independent distributor, and that classification drives the inspection and test requirements for everything they ship. A structured supplier evaluation process is where this classification belongs, so the source risk is captured once and applied to every receipt rather than re-litigated on each purchase order.

Incoming inspection scales to the source. The receiving inspector should not have to remember the AS6171 test level for each part. The inspection plan should already encode it based on the supplier classification and the part criticality, so an open-market part automatically routes to enhanced inspection and a franchised-distributor part routes to documentation verification.

Suspect parts feed the CAPA loop. When a suspect counterfeit is found, it triggers containment, quarantine, root cause, and the GIDEP report, which is exactly the 8D and CAPA workflow your team already runs for any nonconformance. The difference is the reporting obligation and the sixty-day clock. Treating a counterfeit find as a normal CAPA, with the GIDEP report as a required closeout step, keeps the response inside a process the team already knows.

Flowdown is a contract requirement, not a courtesy. The counterfeit prevention requirements you receive from your customer have to flow down to your own subcontractors and distributors. A supplier who absorbs a DFARS 252.246-7007 flowdown and does not pass it down has broken the chain, and the break shows up the first time a sub-tier source cannot produce traceability.

This is also where automated supplier risk assessment helps. Reading certificates, classifying sources, and tracking which suppliers carry authorized-distributor status across a large approved supplier list is the kind of documentation-heavy work that an AI-assisted supplier evaluation handles while a human owns the risk calls. The system has to be defensible, and defensible means the records exist and stay current, which is precisely the part of counterfeit prevention that decays when it depends on one person's memory.

What an Auditor Actually Checks

A counterfeit prevention audit is short and pointed. The auditor will:

Ask to see the documented counterfeit avoidance system and confirm it addresses each system criterion.
Pull a purchase order for an electronic part and follow the traceability back to its source.
Check whether the source classification on that PO matches the inspection and test that was actually performed.
Ask for the last GIDEP screening record and the date on it.
Ask whether any counterfeit or suspect part has been found, and if so, whether it was reported to GIDEP within the required window.
Check that counterfeit prevention requirements flowed down to the relevant subcontractors.

Each of those checks terminates in a record. The system either produces the record on demand or it does not. Counterfeit prevention is one of the cleanest examples of the principle that runs through all of aerospace quality: the standard is satisfied by evidence, not by intent. A well-worded procedure with no screening records, no source classification, and no test evidence is a finding. A plainly worded procedure backed by a clean traceability trail, a current GIDEP screening log, and risk-based test records passes.