Professional Documents
Culture Documents
Paul Barlow
Chris was formerly Site Quality Manager for BAE Systems Combat
Vehicles UK’s Newcastle Site and represented the Land element of BAE
Systems on the DIG Steering Committee. Although now working in the
Oil and Gas Industry, Chris still serves as Secretary of the DIG Steering
Chris Hughes Committee.
Gary Illingworth
Acknowledgements
The DIG Steering would also like to thank Steve Warwood and Neil Stanbury and everyone at the
Quality Careers in Defence event in Manchester for their assistance in their capacity as reviewers of this
material.
Page 2 of 35
Introduction
Paul Barlow
The Defence Body of Quality Knowledge (DBoQK) has been written as a guidance document for the UK
Defence Sector inclusive of the Defence Industry and the MOD. It is intended to provide a detailed
breakdown of the knowledge required by any person working for or on behalf of Defence Sector bodies or
organisations.
It has been written to complement the Chartered Quality Institute Body of Quality Knowledge (BoQK) and is
aimed mainly at those that have little or no experience of UK Defence contracting whilst also providing a
reference for the more experienced Quality Professional within the Defence Sector. It is also intended as a
guide for Certification Body auditors when assessing Defence Contractors wishing to attain ISO 9001
certification under the MOD Sector Scheme.
The DBoQK aims to avoid duplication the CQI BoQK by only highlighting information and practices that are
specific to the UK Defence Sector. It will, for example provide detailed guidance and information on
standards and requirements that apply to Defence contracts and will also explain some of the practices and
processes that are used and required by the MOD. Within the CQI Competency Framework this work fits in
the Context section.
It is envisaged that the topics and information in the DBoQK will evolve over time and will be regularly
reviewed and updated by the CQI Defence SIG Steering Committee given this first version will not address
everything in the sector.
Note | This work was undertaken before the release of ISO 9001:2015 and has not been written to address
the changes it introduces. The DIG Steering Committee will commence a review of the Defence Body of
Quality Knowledge during 2016 to begin addressing these new requirements.
Page 3 of 35
Contents
1. History and Future of Quality in Defence | Gerry Fice
Page 4 of 35
History & Future of Quality in
Defence
Gerry Fice
Page 6 of 35
and in 2nd Party Assessments of potential System based on risk.
Suppliers and adding the to the Defence
Contractors List. 2000. ISO9001:2000 based on 8
principles of Quality Management
1951. J M Juran documented the introduced. This has been updated twice,
principles of QM in his Quality Control the current version being ISO9001:2008
Handbook. which is used Defence wide to
demonstrate acceptable Quality
1959.The first Quality Management Management throughout.
Standard, Mil Std-Q-9858 was issued by
the US Department of Defense. Today and the Future.
As seen above, Quality has had a long
Late 1960’s and 1970’s. Revisions of and illustrious history from Pharoah
defence standards i.e. AQAP 1, Def Stan Imhotep times going through many
05-90 series. phases of control, inspection, assurance
and now quality management as detailed
1979. A British Standard BS5750 in three in the ISO9000 family.
parts matching Def Stan 05-90 series
issued although the MOD continued to This focus on Quality Management is
use the Def Stan 05-90 for a short while demonstrated by the MOD’s policy of
after. “Appropriate Certification” in preferring to
do business with Suppliers that have a
1982. The recognition by the UK certificated Business Management
Government that the efficiency and System.
international competitiveness of British
Industry need to be improved and that However, they do not place contracts to
enhanced recognition for Standards and the ISO Standards because they do not
QA was necessary. The MOD for its part address all of the MOD’S requirements for
began to devolve its 2nd Party Acquisition; Defence Standards and
Assessment of Suppliers to 3rd Parties AQAPs are used to apply these
starting with Stockists by BSI QA and requirements on Suppliers. The AQAP
laboratories and test houses to the 2000 series embody the requirements of
National Testing Laboratory Accreditation the ISO 9000 standard and the
Service. requirement for a certified Management
System but also embeds additional
Sept 1991. MOD accepts 3rd Party requirements which are not included in
Assessments of its suppliers to the ISO the ISO standard.
Standards. This replaced the 2nd Party
Assessments to Allied Quality Assurance Today there is also much more contact
Publications (AQAP) 1, 4 or 9 with AQAP and joint working between the MOD and
13 being invoked when software was Industry. This is carried out under the
involved undertaken by the MOD. direction of the Defence Industries
The role of the MOD Inspector also Quality Forum (DIQF) who set out their
changed to reflect these new joint objectives within their Business Plan;
arrangements with many of the further details can be found on the CQI
mandatory “inspection” duties carried out DIG website.
by them being made the responsibility of
the Supplier and change from inspection
of products to a more systems approach
based around the Suppliers Management
Page 7 of 35
International Organisations,
Legal and Regulatory
Requirements
Andy Lennon
Page 8 of 35
OCCAR is the multinational organisation for Joint business entities, foreign government entities or
Armament Co-operation established to enable international organisations that are approved end
European countries to collaborate on defence users or consignees for such defence articles.
equipment procurement in order to compete in If you are an approved UK end user or consignee
the global market and deliver projects more company then you should be aware of the
efficiently and economically. regulations and the exemption, which is subject to
satisfying certain screening and record keeping
At this moment six nations are member Nations
requirements.
of OCCAR: Belgium, France, Germany, The
The US government has agreed that the UK pre
United Kingdom, Italy and Spain.
existing Baseline Personnel Security Standard
OCCAR mission is to facilitate and manage (BPSS) meets the screening requirements of ITAR
collaborative European Armament Programmes rule 126.18(c)(2). However, if you choose not to
and Technology Demonstrator Programmes use the BPSS you must ensure you are able to
through their life cycle to the satisfaction of their meet the screening requirements through
customers. suitable, alternative means.
Page 9 of 35
submarine movements/dockings will not normally Berth Categories
be licensable activities even when controlled by Two main categories of berth have been defined.
the commercial site operator. These are known as Licensed/Authorised Site
Obviously, however such activities, which do carry Berths (used to be called X berths) and
a nuclear risk, must still be controlled somehow. Operational Berths (Used to be called Z Berths).
The solution is to regard such exempt activities as Operational Berths are all berths (in UK, UK
“Authorised (by MoD)” activities even if conducted dependent territories and foreign berths) outside
by a commercial operator on a commercial site. of Licensed or Authorised Sites.
The result is that such activities will be regulated
by the MoD Authorisation process Explosives Regulations
There are no specific international regulations or
Authorisation Conditions (ACs) codes of practice that relate directly to the safe
Since the process of authorisation is based on storage of ammunition and explosives, this is a
that for civil Licensing we need the Defence national responsibility. However, international
Sector needs a Regulation process to mirror the alliances do have consolidated literature that
role of the HSE/NII in the civil sector. MoDs covers this technical area.
equivalent is called the Defence Nuclear Safety
Regulator (DNSR) An excellent example is the NATO Allied
Ammunition Storage and Transportation
DNSR has published a set of 36 Authorisation Publications 2. (AASTP 2) - Safety Principles for
conditions that mirror as closely as possible the the Storage and Transport of Military Ammunition
Licence conditions published by the HSE/NII but and Explosives.
have a broader scope than the NII licence
conditions, to cater for additional needs owing to Defence suppliers contracted, to manufacture or
the mobile nature of the naval reactor plant. store explosives, by the MoD must apply to the
HSE for a licence under the Manufacture and
Site Safety Justification (SSJ) Storage of Explosives Regulations 2005 (MSER)
JSP 518 (regulation of the naval nuclear Such Licences are termed Explosive site licences
propulsion programme) requires that sites which and, unless they are fixed rule licences are
support nuclear submarines should produce a Site subject to Local authority assent. Further
Safety Justification (SSJ) to demonstrate that an guidance on how to apply is provided within Joint
adequate level of safety has been achieved for Service Publication (JSP 482) Classification for
the site and its various support facility activities. Transport: ‘Classification’ identifies the hazards
The SSJ is generally considered to be comprised posed by explosive substances and articles as
of 3 main parts. packaged for transport. The Competent Authority
a. The Site Safety Case of a Contracting Party to ADR must assign the
b. Facility Safety Case classification of explosive materials before they
c. The Management arrangements for safety can be transported. This involves assessing an
explosive to determine whether it is assigned to –
Independent Nuclear Safety or excluded from – Class 1 of the UN classification
Assessment (INSA) scheme for the transportation of dangerous
INSA services in support of the nuclear plant on goods. An explosive assigned to Class 1 is given
submarines is provided to the Naval Reactor Plant an appropriate UN Serial Number, hazard code
authorisee (HNP) by Serco Submarine Reactor and compatibility group, depending on its
Department (SRD) composition, type, and hazard. A Competent
Authority is a body designated or recognised to
The NPIPT-SRD INSA process is, of course carry out duties under transport of dangerous
monitored by DNSR as the overall MoD regulator. goods regulations. In Great Britain: HSE is the
Competent Authority for the classification of non-
military explosives Military explosives, ie
Berth Assessment explosives under the control of and/or in
Berths include dry-docks, ship-lifts, tidal berths connection with the execution of contracts for the
and mooring buoys. Berth clearance relates to the Secretary of State for Defence are classified by
process of minimising the consequences of a
the Explosives Storage and Transport Committee
nuclear accident and so is an element of nuclear
(ESTC) of the Ministry of Defence Once the
safety and safety case.
Competent Authority has agreed the classification,
Generally each berth requires an assessment to it issues a Competent Authority Document (CAD).
be made by its sponsor. This assessment is
subsequently agreed by DNSR.
Environmental
Page 10 of 35
MOD recognises the importance of protecting the Appropriate certifications are outlined in order of
environment and being able to demonstrate good preference.
environmental management performance. The
strategic policy is set out in Joint Service
Publication (JSP) 815 and the policy sets out the
framework for the MOD EMS as the ISO 14001 First Preference
Standard for environmental management. Third Party Certifications such as:
• BS EN ISO 9001:2008 issued by a UKAS
While with each Defence Supplieris expected to recognised 3rd party certification body
adopt the key principles of ISO 14001 Standard,
some flexibility is acceptable. The work required • BS EN ISO 17025 (previously EN45001)
must be proportional to the potential accreditations issued by UKAS
environmental impacts and the organisation’s • BS EN ISO 14001 Environmental
other priorities. Management Systems issued by a UKAS
recognised 3rd party certification body.
MOD takes a systematic approach to incorporating
environmental considerations into every business Provided that the scope of the certification covers
decision including all aspects of policy making, the work to be done, UKAS accredited sector
procurement and change management. It scheme appropriate to the contract, for example:
provides a framework for continual improvement
in performance and represents a long-term
• AS 9100 (Quality Management System -
commitment to environmentally responsible
Aerospace Requirements)
management.
• AS 9110 (Quality Maintenance Systems -
Aerospace Requirements for Maintenance
organisations)
Acquisition Operating
• TickIT (Software)
Framework (AOF)
• NF EN 46001 Medical Devices (Quality
Managing Quality Systems Medical Devices)
The AOF is a source of policy and good practice • ISO/TS 16949:2002 (Quality Management
on Managing Quality for all members of the UK Systems applicable to the Automotive
Ministry of Defence and their industry partners Industry)
concerned with Defence Acquisition.
It is intended to improve the consistency of the Provided that the scope of the certification covers
MoD’s application of policy and best practice and the work to be done, MOD approved sector
play an important role in delivering better scheme appropriate to the contract, for example:
solutions for defence in the future.
• Design Approved Organisation Scheme
Responsibilities (DAOS) – Aerospace
Although MoD delivery team leaders are • Maintenance Approved Organisation Scheme
responsible for the quality of the product they (MAOS) – MOD owned aircraft
acquire, Suppliers are totally responsible for the
Quality of the product they deliver, and Suppliers
Second Preference
are required to maintain adequate control of their
Second Party Certification by a NATO government
supply chains. This responsibility extends to all
organisation to an appropriate:
levels of subcontractor, including those overseas.
• AQAP
Appropriate Certification • ISO 9001:2008
Where contracts are placed for products / services
that are not simple, commercial-off-the-shelf or of
low-value, and conformance to requirements Third preference
cannot readily be checked after receipt, the MoD Delivery team leader approved alternative
delivery team leader shall ensure that such arrangements, agreed by the Defence Quality
contracts are only placed with contractors holding Assurance Authority (DQAA).
an appropriate quality system certification.
Order of Preference
Page 11 of 35
Management Systems,
Standards and Assessment
Chris Hughes
Page 13 of 35
who are certified to ISO 9001:2008 but
do not necessarily mandate the
requirement to their supply chains.
Page 14 of 35
Knowledge Management
Chris Hughes
Page 15 of 35
Procurement and Supply Chain
Assurance
Gary Illingworth
Page 18 of 35
A FAI is “a complete, independent, and Source Inspection
documented physical and functional Source Inspection is an examination of
inspection process to verify that purchased product performed by the
prescribed production methods have Customer/Buyer at the Supplier's or
produced an acceptable item as specified Supplier’s sub-tier facility to verify
by engineering drawings, planning, product integrity and conformance to
purchase order, engineering specified requirements, through product
specifications, and/or other applicable inspection, test, and/or documentation
design documents” review.
Page 19 of 35
escapes, supplier corrective action The following activities shall be
requests (SCAR) etc. considered as part of the supplier
surveillance plan:
Supplier Performance Improvement
The following activities should be initiated Product Audits
to improve supplier performance A Product Audit will provide a test of the
(eliminate non-conformances, reduce Supplier’s Quality Management System
lead times, reduce costs, improve OTD, (QMS) for its compliance to the
etc.): contracted requirements through the
• Root Cause Analysis and Corrective audit of a product to its conformance.
Action The Product Audit is a systematic and
• Lean events documented process for obtaining and
• Six Sigma methodologies evaluating objective evidence in
• 9100, 9110, 9120 QMS certification. determining the extent to which product
• Special process certification criteria are fulfilled
• Improvement plans (quality, delivery,
design, etc.). Manufacturing Process Audits
• Supplier mentoring A Manufacturing Process Audit will also
provide a test of the supplier’s Quality
Supplier Continual Improvement Management System (QMS) for its
The use of a continual improvement compliance to the contracted
philosophy and tools are fast becoming a requirements. The audit shall consider
buyer requirement. Leadership should the following aspects of the
drive the culture of engagement and manufacturing processes: product’s
empowerment leading to an environment planning, equipment, materials,
of continual improvement. The goal is to inspections, documentation and all the
improve process performance (quality, sundry processes that are used to
delivery, and cost) and eliminate waste in produce the contracted product
all areas of business and is a never
ending process. Key Characteristics
The features selected as Key
Supplier Surveillance Characteristics (KC) are monitored to
Supplier Surveillance covers the activities determine the need for process capability
associated with the monitoring of a improvements. KC’s should be identified
Supplier’s performance through a risk in the design definition or should be
based, assessment model. The frequency selected by the manufacturer based on
and level of audit depends on a number history. Supplier should ensure
of factors including but not limited to compliance with the KC process
audit results, escaping defects, supplier requirements and customer should
performance metrics and rejection rate. monitor the KC process during the
surveillance activities.
To promote conformance throughout the
supply chain, it is important that the QMS Audit
Supplier has a robust sub-tier supplier Following the initial QMS approval audit,
control program. The Buyers’ surveillance the buyer should perform periodic
audit should include an assessment of supplier quality system audits or rely on
this program with emphasis on the Third Party Certification Body Audit
Buyer’s specific requirements as defined results to ensure continual compliance of
in the flow down documents. the supplier’s QMS.
Page 20 of 35
If an “other party” / Certification Body is
used, communication between the Buyer,
supplier and the Certification Body is
important to ensure records are aligned
and accurate
Risk Analysis
Supplier surveillance method and
frequency should be based on the results
of the risk analysis. Supplier should
develop and implement mitigation plans
for the risk items identified during risk
assessment or surveillance audit. The
Buyer should monitor status of mitigation
plans during future supplier surveillance
activities.
Corrective Action
An effective Root Cause and Corrective
Action process is needed to prevent
reoccurrences of product and system
non-conformances related to events such
as:
• Internal Escapes (before the article is
approved for return to service and
released to the customer)
• External Escapes (after the article has
been approved for return to service and
released to the customer)
• Audit Findings (Regulatory, Customer,
Registrar, Process and Internal Audits)
• Customer Complaints
• Sub-contractor
Nonconformities/Supplier Discrepancies
Page 21 of 35
Risk and Safety
Darren Rusling
Page 22 of 35
Safety within the organisation and the Supply of the information within it and an evaluation of
Chain is about understanding and adhering to progress.
existing procedures and related technical
standards and specifications as they are focussed
on safeguarding both quality and safety.
The organisations culture should allow individuals
to raise concerns without fear and demonstrate a
questioning attitude by challenging assumptions,
investigating anomalies and considering adverse
consequences.
Risk
The debate involving both risk management and
quality assurance programs has led many to
argue that the differences between these two
activities are negligible. The relationship between
a risk management plan and a quality assurance
programme overlap and compliment the purposes
of both. Risk management could be thought of in
terms of "risk" to the reliability of a product, and
that "assuring product quality" using a robust
internal / external audit process is the most
efficient method of risk mitigation, then the
relationship between the two is clear.
Page 23 of 35
Identification, Traceability,
Fraudulent & Counterfeit
Materials
Paul Bayley
Page 24 of 35
ISO 12931- Performance criteria for required information on a tag or label
authentication solutions used to combat attached to a container or bag.
counterfeiting of material goods.
When identifying parts, consideration
BS 10008 - Evidential Weight and Legal
must be given to the type of component
Admissibility of Electronic Information.
and operating environment, for instance:
SAE AS5553 - Counterfeit Parts;
Avoidance, Detection, Mitigation and • No method of marking shall be used
Disposition in such a manner or in such a place
SAE AS6081 - Counterfeit Electronic that it would reduce the strength or
Parts; Avoidance Protocol, Distributors the life or affect the performance of
the part.
SAE AS6174 – Counterfeit Materiel; • The method of marking adopted shall
Assuring Acquisition of Authentic and not increase the risk of corrosion.
Conforming Materiel. E.g. where a plate made from a
SAE AS6178 - Fraudulent/Counterfeit different material to the component is
Electronic Parts; Tool for Risk Assessment affixed to it for marking purposes,
of Distributors precautions shall be taken so that no
risk of corrosion is introduced.
Identification
• Details of identification markings
Identification is normally performed by
used, the methods by which they are
assigning a unique part number, serial
applied and their location shall be
number or batch number for material.
stated on the drawing of the part.
• Parts shall be marked so that they
Typical methods of identification are:
can be easily identified for
maintenance purposes when
• Labels or tags
assembled.
• Nameplates
• Permanent marker pens
Typical component or equipment
• Bar Code
assembly identification markings should
• Etching
include:
• Dot Peening
• Radio frequency identification tags
• Part number
• Ink jet
• Serial number, where applicable
• Laser jet
• Batch number, where applicable
However, the requirement for more
• Series, modification or strike off
secure methods of identification in order
number
to prevent fraudulent and counterfeit
• Identification of life limited or critical
parts is driving more advanced
parts
technological solutions, such as:
• Holograms Traceability
• Materiel biometrics (DNA) Traceability through the accurate
• Nano codes maintenance and retention of records
• Forensic Markers provides the ability to identify and track a
• Security coatings product or a component through its
provenance to its point of origin. The
Parts that are too small or otherwise point of origin may be a particular lot or
impractical to be marked may, as an batch, production line or time frame or
alternative, be marked showing the supplier. This then enables operational
Page 25 of 35
and economic benefits whereby Traceability requirements should be
component failure or fault occurrences maintained throughout the product life.
can be traced and confined to identifiable Whilst software applications are typically
material, components and equipment. used for this, the management of
Traceability is critical for many reasons, physical records is also important.
for instance;
General Records Management
• Supply chain provenance Defence Industry organisations need to
• Conformance to requirements. establish effective records management
• Monitoring of critical safety items arrangements as an integral part of their
• Tracking of life limited items quality management systems. Records
• Monitoring maintenance requirements form part of the demonstration that
• Identification of condition (e.g. new, equipment meets the design intent and
repaired, altered or rebuilt) safety requirements and therefore the
• Product recall identification, generation, completion and
• Failure rate analysis retention of records associated with the
• Interchangeable and replaceable supply of products should form part of
parts identification the contractual arrangements between
• Tracking critical to mission parts purchaser and supplier at all levels of the
• Identifying tooling used in supply chain.
manufacture
• Software standards Such arrangements typically have the
• Modification and upgrade status following key features:
• Measurement and test equipment
calibration history • Infrastructure, such as appropriate
• Inspection stages, identification of storage facilities and equipment.
which inspector and techniques used. • A clear definition of record keeping
• Manufacturing stages, identification responsibilities and requirements.
of which operator and techniques This is normally done through the
used. production and implementation of
• For an assembly, the ability to trace one or more procedures.
its components to the assembly and • The clear specification of the records
then to the next higher level to be kept, their retention period and
assembly. form. This is normally done through
• The ability to trace all products the production of a records retention
manufactured from the same batch of schedule.
raw material, or from the same • Defined controls to ensure that the
manufacturing batch, to the integrity and authenticity of records is
destination (e.g., delivery, scrap). maintained during organisational and
• Whether the item has ever been technology changes. These controls
identified as scrap are normally defined in procedures
• Whether the item has ever been and project plans.
identified for disposal and • Appropriate security arrangements to
destruction. prevent inappropriate access and
• Return to service tags loss. This is particularly important in
• Certificates of conformity relation to sensitive information.
• Airworthiness directive status • As-constructed records should
• Tracking operating hours or cycles provide a fully referenced account of
the work actually constructed and
Page 26 of 35
should be produced in a timely Records may exist in electronic form
manner as the information becomes throughout their lifecycle or originate in
available throughout the contract. physical form and be
converted to electronic format. Electronic
formats can offer some significant
Physical Records Management
advantages but there
Physical records can take a number of
are also challenges in maintaining the
forms, common examples are; paper
security and integrity of records.
documents, microfilms, photographs and
material samples. Appropriate storage
Electronic records need to be subject to
facilities and systems need to be
carefully defined procedural controls. This
established that ensure that records are:
can be facilitated
by the use of electronic document
• Categorised according to the
management system. Information
retention schedule
security risks need to be carefully
• Registered upon receipt
considered and this can be aided by use
• Readily retrievable
of ISO 27001.
• Indexed and placed in designated
locations appropriate to their use
Particular care is needed to ensure that
• Stored in a controlled and secure
the hardware and software that is used
environment
does not become obsolete. Periodic
• Subject to periodic review
technology reviews are, therefore, very
• Transferred to a secure archive at the
important particularly where records have
appropriate time if retention times
retention times of 30 years or more. Risks
are prolonged
can be minimised by selection of widely
• Destroyed in a secure manner when
used software, file formats and hardware.
no longer required.
Special care is needed when software or
hardware is upgraded to ensure that
Storage facilities for physical records
records do not become corrupted or lost.
should be maintained to prevent damage
from causes such as fire, water, air,
Special care to ensure that the
rodents, insects, earthquakes and
authenticity of records is maintained
unauthorised access. Consideration
during times of change. Changes include
should be
the conversion of physical records to
given to appropriate contingency
electronic format and technology
arrangements including making copies of
upgrades. BS 10008 defines the controls
important records.
to be applied when scanning paper
Physical records can normally be stored
documents to help ensure that
under conditions of ambient temperature
authenticity is preserved.
and humidity for periods up to five years.
Long retention times may require a
special facility such as an archive that Fraudulent and Counterfeit Material.
meets the temperature and humidity For this topic, the term ‘materiel’ is used
conditions specified in PD 5454. There to define all material, components, parts,
are a number of specialist suppliers who equipment, platforms and documentation.
can provide records archiving services.
There are many definitions for suspect,
fraudulent and counterfeit materiel. The
Electronic Records Management
MOD uses the following:
Page 27 of 35
Suspect Materiel: Materiel in which and obsolete parts have proved to be
there is an indication by visual inspection, targets for this fraudulent activity.
testing or other information that it may
have been misrepresented by the supplier Within the UK Defence industry the
or manufacturer and may meet the Counterfeit Awareness Working Group
definition of a fraudulent or counterfeit (CAWG) has been established; this group
materiel. consists of MOD and Industry
representatives and has the following
Fraudulent Materiel: Any suspect intentions:
materiel misrepresented to the customer
as meeting the customer’s requirements. Aim:
• Provide direction, through policy &
Counterfeit Materiel: Fraudulent guidance on Preventing, Detecting &
materiel that has been confirmed to be a Responding to the threat of
copy, imitation or substitute that has fraudulent / counterfeit product
been represented, identified or marked as supply within defence acquisition.
genuine, and / or altered by a source
without legal right with intent to mislead, Objectives:
deceive of defraud • Raise awareness
• Determine & share good practice
The provision of provenance is a key • Propose continual improvement to
element in providing assurance that current practice
materiel is manufactured and supplied in
accordance with the original design Outputs:
organisations and the delivery team • Policy & guidance
and/or design authority’s intent, as • Provide Support to Standards
expressed by the equipment drawings Committees
and specifications. • Communication with UK Industry &
other Organisations
The fitment of parts other than those
authorised, presents the following risks to Supply of misrepresented material
the defence industry: introduces a potential of non-
conformance as the detection can be
• Schedule delays hard, due to the complexities of the
• Legal – Criminal & Civil Actions supply chain and the ever increasing
• Reduced Performance replication of materiel by illegal
• Poor Reliability organisations.
• Product Failure
• Damaged Reputation Identification of suspect material is as
• Decline In Mission Readiness much about change of culture as it is
• Threat to Systems Security change of process.
• Risk to life Understanding/awareness of the issue
• Environmental – toxic waste and the vigilance of staff is the key to
detecting and removing unapproved parts
All materiel may be subject to fraudulent from the supply chain.
and counterfeit activities. However the
most common are electronic, electrical, There are some key identifiers that may
electro-mechanical parts for example but indicate suspect parts:
not limited to; Integrated Circuits,
transistors etc. In particular, hard to find In the supply chain:
Page 28 of 35
• Results of Supplier Evaluations. needs to deliver positive authentication in
• Quoted or advertised price the supply chain. Secure acquisition of
significantly lower than that quoted this information needs to be available to
by other distributors/suppliers inspection teams, customs, distributors
• Delivery schedule significantly shorter and the end-user. Authentication needs
than that of others when stock is to provide absolute proof of authenticity
exhausted in court cases and situations where goods
• Sales quotes or discussions implying are seized as suspected counterfeits.
an unlimited supply
Anti-counterfeiting devices and
Acceptance / Inspection: identification markings in isolation cannot
• Packaging identifies the supplier and stop counterfeiting, but can aid in the
is free from alteration or damage quick and unambiguous identification of
• Part and delivery receipt are fake products (in a correctly designed
consistent and reflect purchase order system).
information for part number, serial
number and part history (if
applicable)
• Part identification has not been
tampered with (serial number over-
stamps, label or part/serial numbers
missing, vibro-etch or serial numbers
located at other than normal
locations).
• Visual inspection of part and
documents to provide positive
identification.
• Evaluate any visual irregularities
(altered or unusual surface, absence
of required plating, evidence of prior
use on new part, scratches, new
paint over old, attempted exterior
repair, pitting or corrosion).
• Random Samples of Standard
Hardware
Operational:
• Parts do not perform to the standard
required.
• High failure rate.
• Failure of a particular batch from a
supplier.
• Limited life.
• Unreliable.
Page 29 of 35
Configuration Management
Gerry Fice
• Safety
• Interoperability with other
equipment, including NATO Figure 1: Example of a product structure
nations for joint operations
• Maintainability Within each level of the product structure
• Reliability reference should be made to product
configuration information (e.g. – design
CIs are usually established at the end of data, operational information,
the Assessment stage, from Supplier maintenance procedures, storage
recommendations as a result of system requirements and training requirements).
engineering analysis of the initial Systems
Requirements Document. Further CIs CIs are defined within technical
may be identified during product documentation that should also detail the
development up to the time that the interfaces between other product CIs.
product design Configuration Baseline is The release of approved configuration
established at Critical Design Review information establishes CI baselines.
CIs are usually the deliverable and CIs are usually identified by part numbers
separately installable units of the system. and naming convention. The Supplier –
Computer software items are normally Designer will usually use its own
recognised as CIs because of the control numbering system and maintain
of systems functionality. traceability between the Supplier’s
identification numbering and the NATO
The selection of configuration items and Stock Number (NSN).
their interrelationships should describe
the product structure, including a list of Where CIs are designated for the MOD
assemblies, sub-assemblies and items Supply System, a NSN must be
that require configuration management. established for each item of supply. The
The diagram in Figure 1 is an example of contractual requirement for NSN support
a top-down product structure, is invoked by DEFCON 117 - Supply of
highlighting the relationships of the Documentation for NATO Codification.
assemblies, sub-assemblies and When a change to a CI affects the fit,
components that make up the system. form or function, it will affect the
Configuration Baseline. The revised CI
must be identified with a new NSN to
differentiate this new CI from the earlier
CI version.
Page 32 of 35
(design freeze) the supplier relinquishes In-Service configuration change approval
Configuration Change Authority control, / rejection is provided by a meeting of
and therefore can no longer make the Configuration Change Authority - CCB
changes unilaterally. At this point, the or subsidiary committee attended by the
responsibility for configuration change Industry Design Organisation and
decisions is transferred to the Authority’s relevant sub-suppliers. The Authority’s
Delivery Team Leader responsible for In- representatives can include Safety; ILS,
Service design integrity. Quality Management and the Front Line
Command (customer).
The Delivery Team Leader is supported
by a Configuration Control Board (CCB), Where configuration change is agreed
subsidiary committee(s) and personnel then the change control process should
with configuration management consider:
responsibilities.
• When the change can be
The following is a sample of reasons for incorporated – (Effectivity
change: Date)
• How the change will be
• Improvements to safety / risk incorporated.
elimination. • Who will incorporate the
• Changes to legislation. change (Reference ISO 10007)
• Improvements to product
performance. Change Control - Concessions
• Provide new capability Concessions are contractual non-
requirements. conformities and do not affect the
• Obsolescence of products or product or system configuration baseline.
equipment. A concession is generally limited to the
• Availability of spares. delivery of the product that has
• Insertion of new technology. nonconforming characteristics within
• Correct defects (both specified limits for an agreed time or
preventive and corrective). quantity of that product. (Reference ISO
• Improve product support. 10007)
Page 33 of 35
product configuration information to the CI, prior to acceptance of the Product
relevant stakeholders in a timely manner. Baseline, to verify that the CI has
achieved the performance and functional
The depth and range of the information characteristics specified in the associated
captured in the CSA system should be requirements configuration
based the nature of the product, the documentation.
environment in which the product will be
operated, the anticipated volume and An FCA should be conducted for each CI,
complexity of change activity and the or group of CIs, for which a separate
information requirements of the project. development/ requirement specification
has been baselined.
Configuration Audit
Configuration Audit is a formal Physical Configuration Audit
examination to verify that the A Physical Configuration Audit (PCA) is
requirements of the product configuration the formal examination of the as-built
information are realised by the product / configuration of a CI against its design
system Configuration Items (CIs). There documentation to ensure that the CI
are two types of audit: conforms to its specified physical
requirements.
• Functional Configuration Audit
(FCA) During the PCA any differences between
• Physical Configuration Audit the physical configurations of the selected
(PCA) production CI and the development CIs
used for the FCA should be evaluated to
Benefits of Configuration audit include: assure no degradation of the functional
characteristics of the selected CI.
• Validation for the integrity of
the configuration
documentation.
• Verification of consistency
between a product and its
configuration documentation.
• Determination that an
adequate process is in place to
provide continuing control of
the configuration
Page 34 of 35
Abbreviations
Chris Hughes
Page 35 of 35