FAQ

What types of controls does AS9100 expect for counterfeit parts prevention?

Quality, Compliance and TraceabilityAS9100 Aerospace Quality Management Standard

AS9100 expects you to implement a documented, risk-based counterfeit parts prevention process that is integrated into your quality management system. The standard does not prescribe a single method, but it does expect a coherent set of controls across supplier management, purchasing, receiving, production, and nonconformance handling.

1. Documented counterfeit parts prevention process

AS9100 requires you to define, maintain, and control a counterfeit parts prevention process or procedure. At a minimum, it should:

  • Define what your organization considers a counterfeit or suspected counterfeit part (aligned with AS9100 and any customer/contract definitions).
  • Describe responsibilities across quality, supply chain, engineering, and production.
  • Specify where and how controls apply: supplier selection, purchasing, receiving, in-process, inventory, service/repair, and disposal.
  • Describe how to escalate, investigate, and disposition suspected counterfeit parts using your existing nonconformance and CAPA processes.
  • Include how you maintain records to provide objective evidence during audits.

2. Supplier evaluation and approval controls

AS9100 expects you to reduce counterfeit risk by controlling who you buy from and under what conditions. Typical controls include:

  • Approved supplier list (ASL): Criteria for adding and maintaining suppliers, with stronger criteria for high-risk categories (electronic components, hardware, high-value or safety-critical items).
  • Preference for original sources: Using original component manufacturers (OCMs), original equipment manufacturers (OEMs), or their authorized distributors whenever feasible.
  • Heightened controls for brokers/independent distributors: Additional verification, audits, or test requirements when you must use non-authorized sources.
  • Supplier performance monitoring: Tracking quality history, documentation issues, and any counterfeit-related incidents as part of supplier scorecards or periodic reviews.
  • Flowdown requirements: Requiring suppliers to maintain their own counterfeit parts prevention controls and to flow those requirements down their supply chains when applicable.

In brownfield environments this usually means tightening criteria and documentation around an existing ASL, not replacing supplier systems outright. Changes typically have to move through established change control and supplier qualification processes.

3. Purchasing and contract controls

AS9100 expects purchasing documents to include requirements that reduce counterfeit risk. Common elements are:

  • Clear sourcing requirements: Specifying OCM/OEM or authorized distribution channels where required.
  • Traceability requirements: Mandating certificates of conformity, manufacturer certificates, test reports, and lot/date codes as appropriate.
  • Change notification: Requiring suppliers to notify you of substitutions, alternate sources, or changes in distribution channels.
  • Right of access and audit: Enabling you (and sometimes customers or regulators) to review the supplier’s counterfeit controls.
  • Suspected counterfeit reporting obligations: Expecting the supplier to cooperate in investigations and reporting if suspect parts are identified.

Practically, this often involves updating PO templates and ERP purchasing data, plus retraining buyers on when to invoke stricter clauses based on part criticality and risk.

4. Receiving inspection and verification controls

AS9100 expects you to verify that incoming product is authentic and conforms to requirements, with the level of scrutiny based on risk. Typical controls include:

  • Document verification: Checking certificates of conformity, manufacturer certificates, lot/date codes, and serial numbers for consistency with POs and specifications.
  • Visual inspection: Looking for signs of tampering, re-marking, inconsistent packaging, or physical anomalies (especially for electronic components and hardware).
  • Sampling plans: Applying more stringent sampling and verification for high-risk sources or part families.
  • Enhanced testing where warranted: Electrical tests, X-ray, material analysis, or other methods for high-risk items when risk assessment justifies the cost and time.
  • Receiving holds: Preventing use of high-risk parts until required documentation and verification steps are completed.

In brownfield plants this usually requires procedural updates and receiving training, plus some alignment with existing inspection and sampling plans. It may also require adjustments in ERP/MES receiving workflows to support holds and additional checks.

5. Traceability and inventory controls

AS9100 expects you to maintain sufficient traceability to detect, contain, and remove counterfeit or suspect parts. Controls typically include:

  • Lot and serial tracking: Maintaining traceability from received lot or serial numbers to work orders, assemblies, and shipped product for critical parts.
  • Segregated storage: Clearly separating conforming stock, suspect stock, and nonconforming/scrap so suspect material cannot be used by mistake.
  • Inventory transactions with genealogy: Recording movements between locations and work orders to support fast containment.
  • Controlled returns and reuse: Procedures for returns (RMA), teardown, and reuse to avoid reintroducing suspect material into inventory.

In many regulated environments, full system replacement is not realistic due to validation and downtime constraints. Instead, organizations typically enhance traceability within existing ERP/MES/WMS platforms, use add-on tools for genealogy where needed, and strengthen procedures and labeling for suspect and nonconforming stock.

6. Production and maintenance controls

AS9100 expects counterfeit prevention to extend into production, repair, and overhaul activities:

  • Bill of material (BOM) and routing control: Ensuring only approved part numbers and sources are used for critical items.
  • Shop-floor verification: Work instructions or traveler checks for critical parts (e.g., verifying part/lot/serial against the traveler or build record).
  • Control of customer-furnished or repaired parts: Verifying authenticity and condition of customer-supplied items and parts returned for overhaul or repair.
  • Scrap and rework handling: Clear rules preventing scrapped or high-risk suspect parts from being reintroduced into production.

These controls typically coexist with existing digital travelers, work instructions, and tool control in MES or paper-based systems. Organizations rarely replace core systems just to add counterfeit checks; they embed steps into existing workflows and validate those changes.

7. Nonconformance, investigation, and disposition controls

AS9100 expects suspected counterfeit parts to be managed through your nonconformance and CAPA processes, not treated as an informal side process. Typical controls include:

  • Immediate segregation and quarantine: Any suspected counterfeit part is clearly identified, removed from use, and placed in a controlled area.
  • Formal NCR / MRB process: Documenting the nonconformance, performing risk assessment, and deciding disposition via MRB in accordance with your QMS.
  • Root cause and corrective action: Using structured methods (e.g., RCA, 8D) to address why the counterfeit part entered your system (supplier, purchasing, inspection, design, or system gap).
  • Communication and reporting: Notifying affected customers and, where applicable, industry reporting bodies in line with contractual and regulatory requirements.
  • Documented disposal: Ensuring confirmed counterfeit parts are destroyed or rendered unusable and cannot re-enter the supply chain.

Because nonconformance and CAPA systems are usually deeply embedded and validated, organizations tend to extend those systems for counterfeit scenarios rather than deploy a separate tool. Careful change control and validation are important if you modify digital NCR/MRB workflows.

8. Training and awareness

AS9100 expects personnel who can influence counterfeit risk to be trained and aware of their role. Typical practices include:

  • Role-specific training: For buyers, receiving inspectors, warehouse staff, engineers, and production supervisors.
  • Recognition of red flags: Visual cues, documentation anomalies, unusual pricing or lead times, and channel risks.
  • Reporting expectations: How to escalate if a part looks suspicious or documentation does not align with expectations.
  • Periodic refreshers: Integrating counterfeit awareness into ongoing competency and recurrent training schedules.

9. Risk-based application and continual improvement

AS9100 is explicit about risk-based thinking. Counterfeit controls should scale with risk, considering part criticality, market conditions, and supplier history. Auditors will typically look for:

  • Evidence that you have assessed which parts and suppliers present higher counterfeit risk.
  • Stronger controls where the risk and consequence of failure are higher.
  • Use of data from NCRs, supplier performance, and industry alerts to update controls over time.
  • Change control and, where relevant, validation of system or process updates related to counterfeit prevention.

In long-lifecycle aerospace programs, any changes to traceability, supplier qualification, or digital workflows often require careful planning to avoid disrupting qualified configurations and to preserve evidence trails.

10. Limits and dependencies

AS9100 does not guarantee that counterfeit parts will never enter your supply chain. What it expects is:

  • A documented and implemented process appropriate to your risk profile and product types.
  • Integration of counterfeit prevention into your existing QMS, supplier management, and traceability processes.
  • Objective evidence that controls are followed, monitored, and improved when issues occur.

The exact mix of controls you adopt will depend on your supply base, product mix, digital maturity, and the practical constraints of your brownfield environment. Full replacement of core systems solely to add counterfeit controls is rarely necessary and often impractical given qualification and downtime risks; most organizations layer additional controls onto existing, validated processes and systems.

Related Blog Articles

ISO 22400 for Aerospace and MRO: Standard KPIs in Highly Regulated Operations

How aerospace manufacturing and MRO organizations can apply ISO 22400 KPI definitions to standardize performance language while meeting strict traceability, regulatory, and turnaround requirements.

ISO 22400 Scope and Limits: Where Strategy Begins and the Standard Ends

ISO 22400 standardizes how manufacturing KPIs are defined and structured, but it deliberately stops short of telling aerospace plants which KPIs to use, what targets to set, or how to run performance programs. Understanding these boundaries is essential for building a standards-aligned KPI framework that still reflects your own strategy, risk profile, and regulatory obligations.

Building ISO 22400-Aligned Data Models for Connected Manufacturing

How to design ISO 22400-aligned data models that unify ERP, MES, SCADA, and historians into a consistent KPI layer for aerospace manufacturing.

DFARS CMMC Clauses Are Now an Execution Problem, Not Just an IT Problem

DFARS CMMC clauses formalize cybersecurity as a contract condition, but the work happens on the shop floor: evidence, training, access, change control, and traceability. Here is how to frame CMMC and NIST 800-171 evidence so audits do not collide with manufacturing reality.

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.

Request a Demo
Explore Solutions

product

Shopfloor OperationsSupply Chain & ProcurementMROSolutions

Resources

BlogCommunitySecurity & ComplianceAPI & Integrations

About

About UsPrivacy PolicyCookie PolicyTerms of ServiceContact Us

© 2026 C981. All rights reserved.