Securing the Computer Supply Chain with Design & Life Cycle Management

Photo: Rigorously managing the computer design and life cycle management processes should be a primary focus in every high-performance computer manufacturer's supply chain security plan.

Recent high-profile security breaches in government and industry have underscored the importance of a secure computer supply chain.

At Trenton Systems, we control components and suppliers down to the resistor level.

The motherboards and processor boards in our high-performance computing solutions are populated in the USA, and our domestic suppliers purchase board-level components through authorized distributors from our approved vendor list (AVL).

The following is a closer look at how we oversee the design and life cycle management processes associated with our overall supply chain security plan.

Graphic: Bills of materials (BOMs) should be assessed and graded during the prototyping phase of the computer life cycle to determine component risk levels. This helps manufacturers prevent material shortages and potentially counterfeit components from impacting end customers.

Building & Grading BOMs

During the design process, our engineers specify in a standard bill of materials (BOM) the components needed to construct our boards. The BOM can consist of hundreds of discrete parts, each at a different stage of its product life cycle.

During the prototype phase, we perform a BOM grading exercise that assesses the overall health of that BOM based on four primary criteria: component life cycle, sourcing, inventory, and environmental considerations.

The component life cycle is based on published information from the manufacturer. The typical life cycle status is one of the following:

• Active – the product is actively being produced with no current end-of-life (EOL) planned.
• Not recommended for new development (NRND) – the components are not yet on a last-time buy but are nearing the end of a typical product life cycle.
• Last-time buy (LTB) – components are still available through authorized distributors but have an end-of-life date, after which availability is uncertain.
• Obsolete – the manufacturer is no longer producing the component.

The product life cycle status is the most heavily weighted factor in BOM grading, but it doesn't tell the whole story. Two somewhat related factors are sourcing and inventory considerations.

The sourcing factor assigns a risk level based on the number of sources that currently offer the component. A component with an active life cycle status but that is only available through a single source poses risks. Adverse weather events, COVID-19 lockdowns, and supplier financial struggles are just a few.

Beyond the number of sources, we look at the amount of inventory available in the supply chain. If we have multiple sources but each is carrying a low level of inventory, then the supply chain is still at risk.

The final element we use for BOM grading is an environmental risk assessment, during which we look at the RoHS/REACH status of each part to determine its compliance with the applicable standard. Obviously, a part is useless to Trenton if it's widely available from numerous sources but does not meet the necessary environmental requirements.

Once a risk level is assigned to component life cycle, sourcing, inventory, and environmental considerations, we can then determine the overall risk level for each component. These determinations are then combined into a BOM grade for the board.

Graphic: Proactively monitoring and preparing for life cycle changes is vital to acquiring proper form, fit, and function replacements in a timely manner and protecting customers from counterfeit electronic parts, which jeopardize security, functionality, and mission success.

Managing the Computer Life Cycle

In addition to performing the BOM grading exercise during product development, we can also run our BOM grading report at any time. For example, if a customer is interested in a particular board for a new program, we can perform BOM grading to determine the longevity of their product and make changes proactively if necessary.

Our system also provides us with automated alerts any time the supplier issues a notification about the life cycle status of any component on our board BOM. For example, if a supplier issues an end-of-life notice on an active component, we will be notified of the upcoming status change along with the latest date we can place an order for that component before it reaches end-of-life.

This supply chain visibility affords us the opportunity to proactively address component constraints. We can work with our customers to prepare an optimal plan, which generally comprises one or more of the following:

• Last-time buys – we can place a one-time order on components prior to their EOL date. This will allow us to continue producing our customers’ boards without any changes to the components for a specified time period.
• Specifying alternate components – a form, fit, or function-compatible alternate component that is readily available can replace components at the end of their life cycle.
• Board redesigns – if no form, fit, or function alternate is available, and the customer is interested in extending the life cycle of the board, we have the option of redesigning the board to incorporate readily available components.

Graphic: BOMs, life cycle statuses, sourcing, environmental considerations... what does it all mean for the servicemember of the future and the computers they need to succeed?

What Does This Mean for Our Customers?

So, why would you care about our supply chain resilience and visibility efforts?

The availability of electronic components is constantly in flux. The typical challenges faced when managing component life cycles have been exasperated by the COVID-19 pandemic, transportation delays, and extended lead times.

In the absence of active supply chain management, these challenges translate to component shortages. These shortages can lead to delivery delays or may even result in the inability to procure components through authorized channels after they reach EOL. Once components are no longer available through authorized channels, the possibility of counterfeit parts entering the supply chain increases significantly.

Not only does BOM grading help reduce finished product lead times, but it also helps protect your products from sub-standard components being sold from less reputable sources. In some cases, these components would not offer the longevity that you expect, and in extreme cases, nefarious agents could jeopardize the security of your product.

This is why we deploy a BOM grading strategy. Our main goal is to keep our supply chain, products, and ultimately, our customers, secure.