Estimated reading time: 5 minutes

The PCB Norsemen: Avoid Failures in PCB Production With Compliance Control

Failures and reliability in the printed circuit industry are usually considered in the context of quality claims and non-conformity. This is a logical approach; however, there is a new context where these aspects are under close scrutiny, namely compliance—especially in the defense industry. Failing to understand import and export compliance for every country you deliver to and from will, at some point, result in challenges in your supply chain with potentially severe ramifications.

The Defining Factor Between Financial Success and Costly Mistakes

To be compliant or not—that is the question to ask. Saying, “Yes, we’re compliant,” is easy, but proving and documenting it is much harder. It is important to understand the challenge and recognize the importance of working diligently with all aspects of compliance. Compliance management in the defense industry can be the defining factor between financial success and costly mistakes.

When procuring components, printed circuits, or materials for the defense industry, there is no such thing as assuming or relying on questionable interpretations of rules and regulations. There’s no option for shortcuts as to whether your supplier follows regulations or not. You must know the country of origin down to the component, the printed circuit or material level of your products, and the bill of materials (BOM) should encompass a country of origin for every article. If you supply to the U.S. defense market, you risk: jeopardizing the business in your entire supply chain; exclusion from delivering to the U.S market; substantial penalties, and possibly jail time if you breach U.S. FAR/DFARS and ITAR regulations. So, how do you ensure that you are compliant with U.S. regulations?

What Questions Should You Ask?

Here are four questions to address to reduce the chance of failure and increase reliability:

1. How are we organized to meet compliance challenges?

2. What do we prioritize in our compliance work and why?

3. What policies and procedures do we need?

4. How do we train our colleagues in compliance?

A company supplying an article to a product purchased by the U.S. Department of Defense (DoD) must be aware of the strict compliance the DoD places on all exports and imports. The consequences can be severe; there are no excuses, and one cannot simply claim that one did not know; it is your responsibility to know. In other words, plausible deniability does not work.

Sounds scary and like a lot of work? It is, but not being compliant, or not taking the regulations seriously, is even scarier. Again, compliance management in the defense industry is of the utmost importance. A compliance strategy should be simple, stringent, and provide the company with an effective monitoring capability of its supply chain. This can be addressed by asking four questions:

1. Have we identified the risks?

2. Are we monitoring the risks?

3. Have we implemented elements to reduce those risks?

4. Do we have an action plan to implement if needed?

Figure 1: Example product development process.

Where Do You Start?

Let’s begin with six tips to get you started on your compliance strategy:

1. Stay up to date on rules and regulations. Don’t think you know it all. Seek advice.

2. Make sure you have a local champion—one that has the ultimate responsibility for compliance.

3. Involve all departments in a cross-functional, multi-departmental task force, making sure all involved employees are trained to identify and handle compliance articles.

4. Customize your procedures, systems, and methodologies to support compliance handling.

5. Restrict and control access to sensitive information. Make sure you only grant access to the minimum number of people needed to handle the task.

6. Contact and involve yourself with your customers’ products. Request compliance information to ensure that all parties are aware of the risks of being non-compliant. Sharing is caring.

Figure 2: Internal risk analysis.

Offering support, knowledge, and service during your customers’ product development process is the essential element to reduce the possibility of printed circuit failure and increase the reliability of your customers’ products. Ensuring that vital information is shared at the right stage of the product development process will result in the selection of the correct manufacturer, design, compliance setup, regulation, standards, and technical requirements of your printed circuit. Figure 1 shows one example of a product development process and a number of different steps where one can support development to reduce risk and increase reliability.

Each step is equally important for the product and its potential success. We have experienced over and over again that early involvement is the key, and sharing information with compliant partners is the requirement.

Having sorted out all the technical aspects, one question still remains. What information is imperative to have in order to understand the compliance requirements? We have learned that there is some vital information you should have answered. These questions will create a framework for which countries and companies you can cooperate with—an internal risk analysis (Figure 2).

Figure 3: External risk analysis.

After completing the internal risk analysis for the product, one should consider conducting an external risk analysis (Figure 3). This is an analysis of factors prone to investigate the reclassification cost of your printed circuit. These external factors can affect your supply chain by hindering your ability to purchase, produce, or ship printed circuits. These factors should consequently be addressed to reduce the chance of failure in delivering printed circuits.

Do Not Underestimate the Need for Data Security

Finally, in this age of data and IoT, we need to address the necessity to share more and more data. This data or information is also vital to share in order to be compliant and follow laws and regulations. Data and cyber security are unavoidably becoming a pivotal concern in all companies. “Who should have access to the data? Who is allowed to share the data? How do we save and store the data?” are only a few of the questions one must consider in order to avoid failure. Having a company compliance program combined with a cybersecurity strategy is something we all, sooner or later, will have to address to increase our reliability.

Didrik Bech is the CEO of Elmatica.

This article was initially published in the July 2019 issue of PCB007 Magazine.