What does AS9100 require for counterfeit parts prevention?

AS9100 requires the organization to plan, implement, and control processes to prevent counterfeit or suspect counterfeit parts from entering the product. It does not prescribe a single software system, inspection method, or purchasing model, and it does not guarantee that all counterfeit parts will be detected. The controls must be appropriate to the product, sourcing risk, customer requirements, and the organization’s role in the supply chain.

What the requirement usually means in practice

In AS9100D, counterfeit parts prevention is addressed explicitly in clause 8.1.4. In practical terms, organizations are expected to define and maintain controls such as:

• buying from original manufacturers, authorized distributors, or otherwise controlled sources where required or justified;
• maintaining approved supplier controls and purchasing requirements that address counterfeit risk;
• flowing down counterfeit parts prevention requirements to external providers;
• requiring and retaining appropriate traceability records, such as certificates of conformance, lot records, serial records, or manufacturer traceability where applicable;
• training personnel who purchase, receive, inspect, handle, or disposition parts;
• using verification, inspection, or test methods appropriate to the risk of the part and source;
• controlling obsolete, hard-to-find, broker-sourced, or high-risk parts more tightly;
• segregating, identifying, and dispositioning suspect counterfeit parts through the nonconformance process;
• reporting suspect or confirmed counterfeit parts when required by contract, customer requirement, regulation, or internal procedure.

The standard expects a controlled process, not a cosmetic policy. A written procedure with weak purchasing discipline, poor traceability, or uncontrolled broker buys will not be credible in a regulated aerospace environment.

What is site-specific or customer-specific

The depth of control depends heavily on the product and contract. Electronic components, safety-critical hardware, defense articles, life-limited parts, MRO material, and obsolete components typically carry higher counterfeit risk than low-criticality catalog items. Customer requirements may also mandate specific standards, reporting paths, approved sources, or documentation packages.

Standards such as AS5553 for electronic parts or AS6174 for non-electronic products may be relevant, but they are not automatically universal requirements for every AS9100-certified organization. They usually become binding through contract, customer flowdown, internal procedure, or program risk controls.

How systems usually support the control

ERP, MES, PLM, QMS, and maintenance systems often share responsibility for counterfeit parts prevention evidence. In a brownfield environment, this is rarely clean.

• ERP typically controls suppliers, purchase orders, approved source rules, receiving records, and inventory status.
• MES may control material issue, consumption, lot or serial genealogy, work order history, and operator checks.
• PLM may define approved parts, approved manufacturers, alternates, specifications, and configuration effectivity.
• QMS usually manages supplier quality events, nonconformance reports, CAPA, audit findings, and disposition records.
• Document control governs procedures, inspection criteria, training material, and revision history.

Full replacement of these systems is usually unrealistic in aerospace-grade and similarly regulated operations. Qualification burden, validation cost, downtime risk, integration complexity, traceability obligations, and long equipment lifecycles usually force companies to map controls across existing systems rather than replace everything at once.

Common failure modes

Counterfeit parts prevention often fails at the interfaces between process ownership and system ownership. Typical weak points include uncontrolled substitutions, incomplete supplier master data, missing manufacturer traceability, receiving records that are not linked to production consumption, certificates accepted without review, broker purchases handled as exceptions, and suspect material released before containment is complete.

Another common weakness is treating counterfeit prevention as only a purchasing issue. Purchasing is important, but the control also depends on engineering approval of alternates, quality review of evidence, receiving inspection discipline, inventory segregation, MES genealogy, and timely nonconformance handling.

Audit reality

An auditor will usually look for evidence that the organization has identified counterfeit risk, defined controls, trained relevant personnel, applied the controls on actual purchases and receipts, retained traceability records, and handled suspect material through a controlled process. The exact evidence varies by site, program, customer flowdown, and product type.

AS9100 does not require perfection, but it does require a process that is defined, implemented, and supported by records. If the process relies on manual checks, spreadsheets, or tribal knowledge, that may be acceptable only if it is controlled, repeatable, and auditable. In high-risk supply chains, that is often difficult to sustain without better integration and stronger data governance.