international aerospace quality group · stems skills shortage 5. export compliance 6. cyber...

© Verify, Inc. 2013

International Aerospace Quality Group

Performance Excellence Marketplace – Workshop

Challenges Facing the Global Supply Chain – What’s New?

Montreal, Canada

October 10, 2013

Sarah Willis

Director,

Global Marketing

Alan McIntosh

Company President

James Simmons

Director,

Business Technology


Top 7: Supply Chain Challenges – IAQG picks the topics…. 2

1. Sequestration / Defense Spending Uncertainty

2. Supplier Capability to respond to Customer Flow Down

Requirements (PPAP etc.)

3. Supplier Capacity – Delivering Quality Product On-Time

4. STEMS Skills Shortage

5. Export Compliance

6. Cyber Security and Information Assurance

7. Counterfeit Parts


Verify - Snapshot 3

Founded in 1976 – Supporting the IAQG since 2002 (Committee / PEM)

Privately Held – Debt Free

Headquartered in Irvine, California, United States

Global Office Locations

Supplier Performance Management Company

Specialize in Aerospace and Defense

Currently Operate in 43 Countries and over 6,000 Supplier Locations

A&D Field Resource Team > 2,000 Professionals

GLOBAL VISION: – a world where quality product

is always delivered on-time


Where does Verify fit in the customer product lifecycle?

AftermarketProduct Design / Development Manufacturing / Production

Requirements Design ValidationSystems

Integration

Final Product

Delivery MRO

Sourcing

Manufacturing

Technical Resources

Engineering Support

Supplier Performance

Management


Expanding our Supplier Performance Management Lifecycle

AftermarketProduct Design / Development Manufacturing / Production

Requirements Design ValidationSystems

Integration

Final Product

Delivery MRO

Sourcing

Manufacturing

SPM Lifecycle Elements

1. Identification,

Selection & Qualification

2. Requirements Flow

Down

3. Qualification & Pre-

Production Planning

4. Verification /

Validation

5. Surveillance &

Performance Monitoring

6. Performance

Improvement

Quality Assurance

Delivery Assurance


QA

Systems Audit / Survey

Process Audit / Survey

Risk Assessment

DA

Capability Assessment

Capacity Assessment

QA

Quality Engineering

Corrective Action Management

DA

Project Management

Recovery / Improvement Plan

QA

Defective Parts Per Million (DPPM)

Corrective Action Management

Audits and Assessments

DA

On Time Delivery (OTD)

Alignment

QA

Procurement Specs & Drawings

Quality Notes / Clauses

DA

Part #, Qty, dates, etc.

QA

FAI

Product Audit

Production Part Approval Process

DA

Part Capability Assessment

Part Capacity Assessment

QA

Inspection

Delegation

DA

Delivery Status

WIP Status

Responsibilities for each SPM Lifecycle Element 6

1. Identification,

Selection &

Qualification


Down


Production Planning

4. Verification /

Validation

5. Surveillance &

Performance

Monitoring

6. Performance

Improvement

Quality Assurance

Delivery Assurance

SPM

Supplemental Resources >>>>>>> Fully Outsourced Managed Service


TIER 1 SUPPLIERS

Supply Chain – Verify’s Unique Perspective

USA

Fwd FuselageUSA

Wheels / Brakes Italy

Center Fuselage

USA

Avionics S. Korea

Aft FuselageJapan

Wings

France

In-Flight Entertainment

Italy

Tail Fin

UK

Engines

TIER 2 SUPPLIERS

TIER 3 SUPPLIERS

Windows DoorsNose

Airframe Fasteners

Valves Turbines

Hydraulics Skin FrameSkin

Flap

7

1. Identification and Qualification

2. Requirements Flow Down

3. Qualification / Pre-Production Planning

4. Verification and Validation

5. Surveillance / Performance Monitoring

6. Performance Improvement


Supply Chain Challenges – OEM / Tier-1 Perspective 8

Total Completed Surveys: 66Weighted

Score

1 Supplier Capacity: Delivering Quality Product On-Time 23.8%

2 Supplier Capability: Responding to Customer Flow Down Requirements 15.6%

3 Counterfeit Parts 14.1%

4 Cyber Security and Information Assurance 13.5%

5 Export Compliance 13.1%

6 Sequestration / Defense Spending Uncertainty 10.6%

7 STEMS Skills Shortage 9.3%


Supply Chain Challenges – Sub-Tier Perspective 9


Score









Supply Chain Challenges – Field Resources Perspective 10


Score









Supply Chain Challenges – Survey Summary 11

OEMs / Tier-1 believe that SUPPLIER CAPACITY is the #1 Supply Chain Challenge

Sub-tiers also believe that SUPPLIER CAPACITY is the #1 Supply Chain Challenge

Field Resources believe that SUPPLIER CAPACITY is the #1 Supply Chain Challenge

Aggregated Top-3

1. Supplier Capacity

2. Supplier Capability


What does the IAQG believe?


Supply Chain Challenges

1. Sequestration / Defense Spending Uncertainty

2. Supplier Capability – Responding to Customer Flow Down Requirements

3. Supplier Capacity – Delivering Quality Product On-Time


12


6. Cyber Security and Information Assurance




1. Sequestration / Defense

Spending Uncertainty

13


Sequestration / Defense Spending Uncertainty

EXAMPLE CHALLENGES

1. Shrinking Forecasts. Shrinking Revenues.

Shrinking Margins

2. Inability to Effectively Plan. Short Term

Focus.

3. Major Costs Pressures – Lay offs

4. Potentially leading to loss of supply chain

capability (talent) and capacity

5. National Security Considerations

EXAMPLE REACTIVE RISK MITIGATION

1. Minimally comply with customer

requirements

2. Cut costs and delay investments

EXAMPLE PROACTIVE RISK MITIGATION

1. Partnering with the customer, engineer

costs out of the product

2. Invest and upsell, take on higher value add

3. Acquire competitors, consolidate

4. Foreign Sales

5. Maintain and confirm baseline

order book with key suppliers

VERIFY OBSERVATION: Considerable number of customers and suppliers openly re-directing their

organization to focus less on Defense and Space and more on: Industrials; Medical; Security; CA

14



2. Supplier Capability -

Responding to Customer Flow

Down Requirements

15


Supplier Capability:

Responding to Customer Flow Down Requirements

EXAMPLE CHALLENGES

1. Overselling system capabilities of a lower-tier

supplier

2. Sub-tiers don’t realize what they’ve signed up

for

3. Inadequate supplier qualification,

management, and measurement

4. Lack of Customer enforcement of flow down

requirements

POTENTIAL ROOT CAUSE

1. Poor alignment between Sales, R&D, and

Operations/Supply Chain Mgmt

2. Lack of a robust or meaningful contract

review process

3. Lack of customer resources or pricing /

schedule pressures

4. Lack of systematic approach/interpretation

of contract requirements flow down

5. Poor product or process qualification

VERIFY OBSERVATION: Our global network constantly reports issues on supplier capability across all tiers

16

POSSIBLE BEST PRACTICE SOLUTIONS:

1. Qualification of suppliers by commodity / capability / site (e.g. Design or Build to Print)

2. Supplier development process / RESOURCES with boots on the ground

3. Consistent deployment and enforcement / interpretation of requirements (e.g. AS9102)


Boots on the Ground Case Study – Supplier Engagement 17

CHALLENGE

� Critical supplier

� Number of defects increased

across all value streams / part

numbers

� Substantial decrease in quality

rating

� Lack of substantive improvement

plan

� Lack of C/A follow-up and closure

� Supplier short-staffed

� Customer considering exit plan

SOLUTION

� Deployed Verify Engagement Team

₋ Led by Technical Lead

₋ Inspector

₋ Auditor / Trainer

� Verify Team worked in close

collaboration with the customer

and supplier

� Implemented product verification

across most critical value streams

� Closed out all open C/A. Opened

and implemented additional C/A

based on multiple audits

performed

� Trained supplier personnel

RESULT

� Zero escapes

� Visual controls implemented

through supplier facility

� All overdue C/As closed out

� 52 Opportunities for

Improvement (C/As)

implemented

� Four supplier personnel trained

to proper audit and C/A processes

� Consistent high quality ratings

CUSTOMER POST CHALLENGE FEEDBACK:

“(Supplier) has been diligent about non-conformances and root cause/corrective action. Their

paperwork errors have all but disappeared. We only received two paperwork defects

between April and July – zero hardware failures. They have implemented a quality clinic, their

SCAR responses are on-time and well executed. It is almost like a different company.”



3. Supplier Capacity – Delivering

Quality Product On-Time

18


Supplier Capacity: Delivering Quality Product On-Time

EXAMPLE CHALLENGES

1. Lack of capacity planning/scheduling, both

internal (shop floor) & external (suppliers)

2. Lack of resources (Human or Capital) to

adequately ramp to customer requirements

3. A&D Industry lacks maturity for PPAP deployment

(continued reliance on FAI)

4. Inadequate supplier oversight/management

and/or qualification/measurement

5. Supplier accepts all customer orders and

commitment dates leading to = who has priority?

POTENTIAL ROOT CAUSE

1. No formal ERP/MRP platform. Insufficient use

of ERP/MRP

2. Financial constraints. Inability to

identify/attract qualified human resources

3. Lack of qualified / experienced resources

4. Insufficient supplier mgmt or engineering

resources to develop (or recover) a global

supply chain

5. Lack of aligned production control practices

VERIFY OBSERVATION: Verify customers consistently indicate supplier capacity constraints and delinquencies

19


1. Capability/Capacity assessment planning for suppliers to include financial/capital analysis

2. Extensive training and development of people (internal and at supplier)

3. Identification and retention of highly skilled technical resources (internal and at supplier)

4. Establish A&D industry best practice for PPAP (enhanced FAI)


Driving Supplier Improvement – Delivery Assurance Case Study

Rationale: Proven team with extensive experience / online management tools

20

$0

$50,000

$100,000

$150,000

$200,000

$250,000

$300,000

$350,000

Past Due Wk 48 Wk 49 Wk 50 Wk 51 Wk 52 Wk 1 Wk 2 Wk 3 Wk 4 Wk 5

KPI DQ $ PLAN END of WEEK DQ $ Actual

REAL SUPPLIER EXAMPLE 2012-13

DELINQUENT QUANTITY & BURN-DOWN




21


Talent Asset (STEM) Shortage

SUPPLY CHAIN RESOURCE AVAILABILITY CHALLENGE

1. Scarcity of college graduates studying STEM

(science, technology, engineering & mathematics)

thereby limiting the supply of potential recruits

2. Lack of qualified resources to develop talent

3. Ability to retain talent

4. Limited centralized industry focus to encourage

and develop talent

5. Limited (arduous) US work visa issuances

6. Emerging Markets attracting foreign and US

educated talent

7. Aggressive emerging markets supply chain =

luring customers with cost reduction promises

EXAMPLE REACTIVE RISK MITIGATION

1. Survive with current employees or

outsource overseas

2. Hire best available within cost constraints

to perform defined tasks

EXAMPLE PROACTIVE RISK MITIGATION

1. Encourage and plan for employees to

innovate improved products and

processes

2. Make employees truly engaged and

inspired stakeholders

3. Maximize quality with limited resources

“Too few STEM students and workers, according to a significant majority of technologists” 13 Sep 13 IEEE

22


M

M

MB

BEFORE

Maximizing Quality with Limited Resources - Case Study

Performance

Improvement

Performance

Improvement

QualificationQualification

VerificationVerification

• Eliminate most receiving inspection

• More source inspection

• More delegation and self release

• Buy (outsource) inspection activity

• Strongly encourage Quality Management System (AS or

ISO) & National Aerospace & Defense Contractors

Accreditation Program (NADCAP) certifications

• Reduce QMS & Special Process compliance audits

• Increase product audits

• Reduce number of approved suppliers

• Strengthen supplier consequences for quarterly ratings

• Develop suppliers to achieve delegation

• Buy some help

AFTER

M

B

B

MB

Stra

teg

y

23

Tier-1 A&D Supplier


24Maximizing Quality with Limited Resources - Case Study Results

BE

FOR

E

• Tier-1 A&D Supplier

• 430 suppliers

• 50% of product was dock to stock

-500 Material Deficiency Reports

(MDRs) per month for Material

Review Board (MRB)

AFT

ER

201 suppliers

98% of product is dock to stock

80% decrease in receiving inspection

40% decrease in source inspection

40% increase self release or

delegated

Inspection and audit costs were

decreased by 50%

Escapes to floor drastically reduced

Saved >$2 million hard cost annually




25


Export Control and Compliance Headlines 26

“Pennsylvania man sentenced to 42 months in prison for illegally exporting goods” --- January 2013

“$75 million in fines & penalties for hundreds of violations of export control

laws & regulations in dealings with China” --- June 2012

“Company has agreed to pay $8 million in civil penalties to resolve hundreds of alleged

violations of U.S. export control laws” --- April 2013

“University charged with export violations in connection with the export of atmospheric testing device

and related equipment” --- May 2013

“Defense Services company faces $79M U.S. Fine as Part of Investigation for ITAR violations”

“Company resolved civil charges of violating the Arms Export Control Act, agreeing to a $32 million settlement”

“Bureau of Industry & Security Imposes One of its Highest Fines Ever for Export Control to U.S. company & its Chinese subsidiary”

BIGGER COMPANY PENALTIES …..

“Technology company and State Department

settles alleged export control violations with a

$25M penalty” --- August 2013

“Company agrees to a $42 million settlement with the State Department for Export Control Violations”


A&D Export Control and Compliance Relevance 27

International Traffic in Arms Regulations

ITAR

U.S. Department of State

Directorate of Defense Trade Controls

Export Administration Regulations

EAR

U.S. Department of Commerce

Bureau of Industry & Security

Defense articles and defense services listed on

United States Munitions List (USML)

Commercial and “dual use” items and technology

listed in Commerce Commodity List (CCL)

Most aerospace & defense companies work on U.S. origin items

that are on the United States Munitions or Commerce Commodity Lists

Many of these items are restricted by U.S. Export Control Compliance laws and regulations

A&D companies and individuals are regularly prosecuted for violations

of Export Control Compliance laws and regulations


What are Exports and their Violation Penalties?

• Any article or service (including technical data) imported or

exported from the U.S. to a foreign destination/person is an export

– May be subject to controls and restrictions

• Controlled items include:

– Hardware (I.E. parts, materials, sub assemblies)

– Information (I.E. drawings, specifications, test data, calculations)

– Technologies (I.E. composites)

– Software (I.E. source codes)

• Current penalties for each violation of EAR and ITAR include

– Civil fines up to $500,000 per violation

– Criminal fines up to $1,000,000 and/or up to 20 years in prison

– Debarment from directly or indirectly supporting export regulated

activities

28

Hardware

Information

Technology

Software


What is the Supply Chain Doing or Should IT be Doing?

• If there is a possibility that your company works with U.S. origin items that

are listed on the US Munitions List or Commerce Commodity List…..

1. Research regulations and assess your vulnerability to violations. Seek guidance.

2. Evaluate your current work:

• Is it covered by any of the US regulations?

• Do you import and/or export these items in any way?

3. Develop and implement an Export Control Compliance Program

4. Train your employees and conduct regular Export Control Compliance internal

audits/assessments

29



6. Cyber Security and

Information Assurance

30


Cybersecurity Headlines 31

“Cyber-Attack Concerns Raised Over Boeing 787 Chip’s ‘Back Door’”

- The Guardian, May 2012

“Lockheed Says Cyber Attacks Up Sharply, Suppliers Targeted”

- Reuters, November 2012

“U.S. Supply Chain Cyber-Security Weaker, More Vulnerable

than Thought”

- Homeland Security News Wire, December 2010

“Our adversaries are very active in trying to introduce material

into the supply chain in ways that threaten our security”

- David Shield, Deputy Director, Defense Intelligence Agency, July 2013


Anatomy of the Threat 32

Persistent Threat Tampering Theft Malicious SoftwareAdversarial -

Natural Disaster Poor Quality Poor ProcessesNon-Adversarial - User Error




Non-Adversarial - Natural Disaster Poor Quality Poor Practices User Error


Non-Adversarial - Natural Disaster Poor Quality Poor Practices



User Error




Non-Adversarial - Natural Disaster Poor Quality Poor Practices User Error




Natural Disaster Poor Quality Poor PracticesNon-Adversarial -

Th

rea

t V

ect

or

Simple Logic:1. Aerospace OEMs and Tier 1s are prime targets

2. OEMs and Tier 1s invest in security by necessity and contract flowdown

3. OEMs and Tier 1s rely on and exchange information with Tier 2-n suppliers

4. Tier 2-n suppliers do not have (and often cannot) afford the same level of

protection

=> Attack the sub-tiers to compromise the primes

User Error


What We See

CHALLENGES

1. Structured, sound internal supply chain

cyber/IA programs are rare

2. Suppliers don’t receive, don’t understand, or

don’t comply with cyber/IA flow down

requirements

3. Free exchange of information is becoming

increasingly difficult

4. Suppliers subjected to frequent, inconsistent,

and time-consuming assessments

POTENTIAL ROOT CAUSES

1. Ownership (RAA) of supply chain cyber/IA is

unclear

2. Ad-hoc approaches to flow down and

enforcement by OEMs and Tier 1s; little

regulatory or contractual guidance

3. Information security (IT, IA, or other group)

must treat suppliers as external risks and

dictate policies accordingly

4. Lack of unifying and consolidating standards

or frameworks in this space

VERIFY OBSERVATION: Frequency of information security assessments increased 400% last year

37


1. Standardized supplier assessments / standardized measurement across the industry

2. Customer-supported or contractually-mandated implementation and/or remediation

3. Partnership between supply chain functions, enterprise risk management, and IT/IA on building a supply

chain cyber security and information assurance program


The Challenge 38

Department of Defense. Distribution Statement A – Approved for public release; distribution is unlimited.

Logos are the trademark or copyright of their associated agency or standards body. Logos are included

for illustrative purposes only and are not intended to signify compliance, accreditation, etc.


Where to Start 39

• Infuse cyber security and information assurance into every stage of the

supplier performance management lifecycle

• Standardize requirements and processes across the enterprise and then the

industry

Cyber and IA

Standard Cyber and IA Assessment

Risk Analysis and Management

Adopt Standards

Cyber and IA

Incident Response

Security Engineering

Incorporate into CI / PA

Cyber and IA

Incident Response

Monitoring

Information Sharing

Cyber and IA

Gov’t Flow Down

Industry Frameworks

Mandatory Controls

Cyber and IA

Vulnerability Assessment

Threat Assessment

Cyber and IA

Penetration Testing

Audit

1. Identification,

Selection &

Qualification


Down


Production Planning

4. Verification /

Validation

5. Surveillance &

Performance

Monitoring

6. Performance

Improvement

Cybersecurity

Information Assurance

SPM

It’s still about Supplier

Performance Management


What’s Next 40

� Understand Ownership (Responsibility, Authority, Accountability)

� Procurement? Supplier Quality? Risk Management? IT or IA?

� Incorporate into Enterprise Supply Chain Management Processes

� Flow Down Requirements

� Qualify Suppliers (Match Rigor to Risk)

� Understand Emerging Standards, Regulations, and Frameworks

� US – NIST Cybersecurity Framework (draft release imminent)

� EU – EU Directive (currently in early stages)

� ISO 27036 – Information Security for Supplier Relationships (draft)

� AIAA Framework for Aviation Cybersecurity

� NAS 9924

� Perform a Threat and Vulnerability Assessment on your Supply Chain

� Join the Growing Discussion

� [email protected] | [email protected]




41


Counterfeit Parts

EXAMPLE CHALLENGES

1. Bait & Switch by Suppliers

2. Surplus parts and materials sold without

original documentation

3. Cost and Logistics of Inspection or Product

Testing

4. Long Product Life Cycle on A&D

POTENTIAL RISK MITIGATION

1. Improved Sourcing Strategies and Control.

2. Escrow of Intellectual Property

3. Outsourcing Inspection and Testing

Responsibilities

4. Longer Term Procurement Plans

Verify Observation: Noted increase in alerts on counterfeit parts. Inconsistency in

established policy and training from major customers.

42

POSSIBLE LONGER TERMS SOLUTIONS:

� Improved information sharing across the industry

� Anti-counterfeiting part-marking / packaging – cross industry cooperation

� Industry Leadership / Cooperation – Standardized Approach


Verify – In Summation…….. 43

Broad – Capable – Proven Organization

Supporting Every Stage of our Customer’s Product Life Cycle

Working for 300 A&D Customers @ 6000 Global Suppliers

Supplier Capability – Supplier Capacity – Cyber Security

A&D Field Resource Team > 2,000 Professionals

Assuring and Improving Quality And Delivery Performance

SUPPORTING OUR GLOBAL VISION:–

“a world where quality product is always delivered

on-time……”

international aerospace quality group · stems skills shortage 5. export compliance 6. cyber...

Documents