Featured Product
This Week in Quality Digest Live
Operations Features
Elliot Dratch
What’s your plan for growth?
Dawn Bailey
MESA’s business involves excavating and working on high-pressure pipelines carrying hydrocarbon liquids and gas
MIT News
How a pair of MIT business program grads translated teachings from a Sloan Executive Education course to operations improvements at Mexico’s largest brewery
Kimberly Merriman
At issue are scant remote-work resources, updated policies on flexibility, and communication from leadership
Michael Lee Stallard
How important—and challenging—our human relationships can be

More Features

Operations News
Optimized operating efficiencies for more accurate flow measurement under diverse conditions
Engineered to cover the core business needs of smaller companies and projects
Purpose-built for cannabis analysis
PBS-4100+ engine vibration analysis and balancing system is more mobile than ever
Siemens introduces PCBflow, a secure, cloud-based solution for accelerating design-to-manufacturing handoff for printed circuit boards
Offset-aware programming of spindle transfers and bar pulls helps manufacturers drive multichannel CNC machinery
Includes global overview and new additive manufacturing section
Delivers curved-surface analysis tools, helps deploy PolyWorks|Inspector as a standard offline CNC/CMM sequencing solution

More News

Celia Paulsen


Manufacturers, Here’s a Pre-Purchase Guide for Equipment

Eight issues must be thought through before making a purchasing decision

Published: Tuesday, October 6, 2020 - 12:02

A survey from 2014 found that small and medium-sized manufacturers do not like to compromise on quality when it comes to communications devices, vehicles, or tea (yes, tea—the survey respondents were probably British) but were more likely to skimp when it came to things like manufacturing equipment. Whether it is a new computer for the office or a welding station for the shop floor, purchasing new equipment is a decision about risk. A poor purchasing decision can result in a waste of resources and possibly a safety or cybersecurity incident.

Before you purchase or otherwise acquire a piece of equipment, whether it be a CNC machine or a cell phone, there are a lot of things to consider: How will it be financed? What special safety or cybersecurity concerns come with it? What will maintenance look like? How long is it expected to last?

It can be easy to overlook some aspect of risk involved in a purchase decision when overwhelmed with options. It can be especially difficult to know what to buy when comparing three different products that seem very similar.

NIST MEP has created a pre-purchase guide that might help.

The questions below are intended to help you make a well-informed decision about your purchase and understand which safety, cybersecurity, and other risks might impact the long-term cost-effectiveness of your purchase—reducing the chances of having buyer’s remorse later.

The sequence of the questions follows equipment life cycle and covers financing, installation, use, maintenance, and disposal of the equipment. There may be additional questions specific to your circumstances that you will want to include in your decision-making. Feel free to add them; this questionnaire is meant to help, not restrict, your decision-making process.

Be mindful of some of the questions you might not be able to answer. In this instance, what you don’t know can hurt you. Your local MEP center may be able to help if you are uncertain of what additional questions to ask.

You can download a PDF of the pre-purchase equipment guide for easier reference.

1. Will you lease or buy?

Leasing is becoming increasingly popular for high-tech equipment because it provides protection against obsolescence, but it can be more expensive in the long run, and customers may lose control over updates and upgrades. Whichever option you choose, check contracts for provisions that protect customers from security, quality, and compatibility problems that may develop, and how those problems will be addressed (see question 7).

2. Where will it be located?

Documentation for the equipment may provide much of the basic information you need about locating it, but you also want to consider location in terms of your specific business (e.g., food processing has different constraints than metal fabrication). Ask yourself:
• Where is the most efficient location?
• What are the safety requirements?
• What are the security requirements?
• What are the utility requirements?

3. Does it require ancillary equipment?

Sometimes one purchase can lead to several others. Many add-ons are included either to protect people from the equipment, or to protect the equipment from the environment.
• Does the equipment require special safety equipment to install, operate, or maintain? Examples include safety sensors, light screens, fire suppression, personal protective equipment (PPE), and static electricity protections.
• Does it require protection from the environment? This could include power fluctuation protection, or protection from moisture or humidity to comply with operating limits.

4. What connections does it have?

Any time a piece of equipment electronically “talks” to something else, be it a sensor or the internet, that communication channel represents a cybersecurity risk that should be protected. The more connected a piece of equipment is, the higher the cybersecurity risk.
• Does the equipment have a USB port, disk drive, network adapter, or other connection point (whether used or not)?
—How will the connection points, and associated communication channels, if used, be secured?
• If the equipment will need data (such as a design file or updates) to operate, how does it receive, store, verify, and protect those data?

5. Who will use it?

People often represent the most significant safety and security risk.
• Will training/retraining be necessary to use the equipment safely?
—Who will provide the training?
• What kind of safeguards will be included so that only those who are permitted to use the equipment have access to it (for regular use as well as for maintenance or changing settings)? You don’t want to put undue strain on employees by requiring individual passwords to sign in, but to ensure any login or authentication processes, follow best practices like dual-authentication.

6. How often will it be used?

If the equipment is used less often than anticipated in usual maintenance schedules, or less often than regular security updates are made available, this can result in both increased cybersecurity risk and decreased reliability.

7. What are the maintenance expectations?

Maintenance can be an expensive endeavor, making or breaking the usefulness of a piece of equipment. It is also a time when unexpected problems can surface, such as compatibility issues and cybersecurity concerns that lead to long-term unanticipated expenses.
• How often is the equipment expected to need maintenance?
—What is the expected mean time to failure?
—What is the anticipated downtime?
• How will someone know the equipment is not working properly? For example, are there indicator lights? Will there be quality control checks?
• Is there a backup option in case the equipment fails unexpectedly?
• What is covered by warranty or a service contract?
• If the equipment breaks in such a way as to cause a safety or security issue, how will that be handled?
—Who will be held liable?
• What kinds of maintenance can be done in-house vs. externally?
• Can it be replaced or upgraded piece-by-piece over time? A modular repair model can cause compatibility problems but is less of an immediate financial burden than replacing the equipment all at once.
• How will maintenance solutions be verified as effective? For example, did a change result in reduced quality? When possible, test maintenance solutions or review others’ experiences with a solution prior to implementing.
• If it needs much more maintenance than expected or maintenance is ineffective, what are the options? Would a replacement or refund be provided?

8. What does the equipment’s end of life look like?

Some equipment is designed to last decades, while other equipment lasts a few years at most. Understanding and planning for what will happen when the equipment dies will prevent production interruptions and some cybersecurity concerns.
• If the expected life span of the equipment is less than the expected-use period, there will be increased cybersecurity and reliability risk when the equipment becomes obsolete.
• Are there hazardous materials or sensitive data storage that need to be considered when disposing of any part of the equipment?

Next steps

Once you have answered these questions, it’s time to make a decision to purchase the equipment or not. If you purchase the equipment, use the information you gathered to make sure it is installed and configured in a way that meets your efficiency, safety, and security requirements.

Your local MEP center will have resources to help you make the best decisions possible for your business and can help you understand the safety, security, quality, and efficiency of the equipment you either purchase or lease.

The content in this article is intended to be used to help inform equipment assessment and selection. However, any resulting equipment decisions on the part of the reader are the sole responsibility of the reader. NIST MEP is not liable for any results or ramifications of such decisions.

First published Sept. 9, 2020, on NIST’s Manufacturing Innovation Blog.


About The Author

Celia Paulsen’s picture

Celia Paulsen

Celia Paulsen facilitates efforts to improve the cybersecurity posture of small and medium size manufacturers throughout the United States as the National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) cybersecurity services specialist. She has been at NIST for about 10 years doing research and developing guidance in areas such as cyber supply-chain risk management, small business cybersecurity, and cybersecurity for additive manufacturing. Prior to joining NIST, Paulsen was an analyst for the National Security Agency in the U.S. Army. She has an MBA in information security from California State University, San Bernardino, and bachelor’s degrees in information technology and business management.