How should organizations respond when they identify a suspect counterfeit part?

Organizations should respond to a suspect counterfeit part through a structured, documented process that protects safety, preserves traceability, and aligns with their quality management system (QMS) and contractual / regulatory obligations. The details will depend on sector, contracts, and system maturity, but the core steps are consistent.

1. Immediate containment and segregation

As soon as a part is suspected (not just confirmed) to be counterfeit:

• Stop use and installation of the specific unit and any associated lot / batch.
• Physically segregate the suspect parts in a clearly identified, access-controlled quarantine area.
• Block inventory and work orders in ERP/MES so operators cannot consume the material by mistake (e.g., status change to blocked/hold).
• Identify potential spread using available genealogy: other lots, work orders, serials, or customers that may have received the same material.

The goal is to prevent further use while preserving evidence and traceability, not to immediately scrap material.

2. Open a formal nonconformance / incident record

Treat suspect counterfeit parts as formal nonconformances, even before confirmation:

• Create an NCR or equivalent record in the QMS/NCR system with traceable identifiers (lot, serial, PO, work orders, supplier, operator, machine, date, etc.).
• Document how the suspicion arose (inspection finding, performance anomaly, supplier notification, customer alert, industry advisory).
• Attach objective evidence (photos, measurements, documents, labeling and packaging details, test results).

This record becomes the backbone for internal investigation, supplier interaction, and any regulatory or customer reporting.

3. Preserve evidence and avoid uncontrolled rework

Do not alter or destroy evidence prematurely:

• Retain original packaging, labels, and paperwork (COCs, test reports, shipping labels, invoices).
• Control access to the suspect parts so that they cannot be mixed back into stock or modified by well-meaning operators.
• Log all handling of the suspect material in your traceability systems (ERP/MES/QMS) to maintain a robust audit trail.

Uncoordinated scrapping or rework can break the chain of evidence, complicate supplier recovery, and weaken your position in any dispute or audit.

4. Notify internal stakeholders quickly

Internal communication usually matters more than initial technical certainty:

• Quality / QMS owner for NCR control and investigation leadership.
• Supply chain / purchasing for supplier communication and any stop-ship or stop-buy decisions.
• Manufacturing / operations for work stoppages, routing changes, or material substitutions.
• Engineering and design authority to assess technical risk, fit/function, and possible field impact.
• Program management / account management if key customers or programs may be affected.

Most regulated plants formalize this notification through predefined workflows in their QMS or via controlled deviation / MRB processes.

5. Engage the supplier through controlled channels

Supplier interaction should follow documented procedures and any contractual requirements:

• Issue a supplier NCR or formal notice with factual, objective information only.
• Request supporting documentation such as detailed COC, traceability to OEM/OCM, test results, and distribution chain records.
• Coordinate return or further testing only under a documented plan that preserves evidence and chain of custody.
• Avoid informal resolutions (e.g., quick credits or replacements) without a documented position on whether the material is confirmed or suspected counterfeit.

If the supplier is an authorized distributor or OEM, their counterfeit control program may define specific steps. For brokers or gray-market sources, you may need more extensive verification and risk mitigation.

6. Assess risk to in-process and fielded product

With containment in place, organizations need a structured risk assessment:

• Identify where parts were used using as-built genealogy from MES/ERP/QMS: work orders, serial numbers, ship sets, customers.
• Determine potential impact on safety, reliability, mission/flight-worthiness, and regulatory status.
• Involve engineering and, where required, the design authority for technical assessment and any need for analysis, test, or teardown.
• Evaluate field exposure: units in service, at distributors, or at MRO providers.

This assessment will drive decisions on rework, enhanced inspection, field campaigns, or customer notifications. In highly regulated environments, the applicable authority, OEM, or prime contractor may have specific requirements for such evaluations.

7. Decide disposition under MRB / equivalent governance

Disposition decisions must go through the appropriate review board (e.g., MRB) or delegated authority:

• Do not return suspect counterfeit parts to service, even if they appear functional, unless a higher-level authority explicitly approves with documented justification.
• Consider destructive testing or enhanced verification for a sample if this will materially improve confidence and supports decision-making.
• Document final disposition (scrap, return to supplier, retain for evidence) with clear instructions on physical destruction when applicable.
• Ensure ERP/MES status matches physical reality so quarantined or scrapped parts cannot be accidentally re-issued.

For confirmed counterfeit parts, many organizations require irreversible destruction and photographic or witness evidence, consistent with contracts and local regulations.

8. Determine external reporting and customer communication

Whether and how you report externally depends on your sector, contracts, and regulatory environment. Common cases include:

• Customer notification when impacted parts may exist in customer inventory or fielded equipment.
• Prime/OEM notification where flow-down requirements or quality clauses mandate disclosure of counterfeit suspicions.
• Industry or regulatory databases / reporting channels where applicable, as required by local law, sector guidance, or specific contracts.

Legal and compliance teams should be involved in drafting communications. This content should be factual, traceable to your records, and avoid claims you cannot substantiate.

9. Strengthen controls to prevent recurrence

After immediate containment and disposition, organizations should treat the event as an input to continuous improvement, not just a one-time anomaly:

• Perform a structured root cause analysis (e.g., 8D, fishbone, 5-Whys) that considers both internal and supply chain contributors.
• Review supplier approval and monitoring: approved distributor lists, broker use policies, and supplier scorecards.
• Update receiving and inspection controls: enhanced verification steps, sampling plans, and training on counterfeit indicators.
• Strengthen traceability in ERP/MES/QMS so that future incidents can be traced and contained quickly.
• Review contract language around counterfeit risk, documentation, and recourse with suppliers.

The outcome should be documented changes to procedures, training, and where appropriate, digital system configuration. These changes must follow your change control and validation processes, especially in regulated environments.

10. Brownfield system considerations

Most plants operate with mixed legacy and modern systems, which affects how this process works in practice:

• Multiple systems: Counterfeit-related holds may require updates in ERP (inventory status), MES (work order holds), and QMS (NCR/CAPA). If integrations are weak, manual reconciliation and clear ownership are essential.
• Partial traceability: Some facilities can only trace to batch level rather than serial. In those cases, containment zones will be wider, with more conservative risk assumptions.
• Paper travelers and manual records: Where digital travelers or genealogy are limited, you may need manual record reviews and physical inspections to identify affected units.
• Change control burden: Tightening controls (e.g., new inspection steps in MES, new receiving workflows, extra data capture for traceability) often requires formal validation and documented change control. Full system replacements just to address counterfeit risk rarely succeed because of the qualification and downtime burdens; incremental, well-isolated improvements are typically more realistic.

Each site should define a pragmatic process that fits its system landscape, recognizing that high counterfeiting risk with low traceability may require more conservative containment and customer communication strategies.

11. Clarifying limits and local dependencies

The exact response requirements can vary significantly:

• By regulation and sector: Aerospace, defense, and medical devices often have sector-specific guidance, contract clauses, or mandated reporting paths for suspect counterfeit parts.
• By position in the supply chain: Primes and OEMs may demand immediate notification and joint investigation, while lower-tier subcontractors may be guided more directly by purchase order terms.
• By data maturity: Plants with well-integrated QMS/ERP/MES can perform tight, targeted containment; those with fragmented data may need to broaden the scope of holds and inspections.

Organizations should codify their counterfeit response in controlled procedures, train relevant personnel, and periodically drill the process so that when a suspect part is identified, the response is disciplined, traceable, and defensible in audits and customer reviews.