Skip to content
Pillar 8

The evidence base

An open, anonymised corpus of real pre-purchase procurement communications, published on IEEE DataPort. What the record actually contains, the research question it opens, how an earlier composite-risk annotation relates to the current CILM model, and what the corpus does not establish.

Most models of supply-chain risk are built from data that is already structured before the analysis begins: a component’s lifecycle position, its availability, the history of reported incidents, information about suppliers, and price anomalies. Commercial component-intelligence platforms work with exactly this kind of input, and they answer a question about the component and the market around it. That question is useful, and this page is not an argument against it.

The evidence base described here studies a different object. It is an open, anonymised corpus of real pre-purchase procurement communications, published on IEEE DataPort. Its subject is not the component but the process by which trust in a specific lot is formed, in the interval before a purchase decision is made. The operative question shifts from “how risky is this component?” to “what evidence is sufficient to justify a decision about this particular lot?” To the author’s knowledge, an open corpus of real procurement communications assembled for that purpose did not previously exist in the field.

The record is described here in two layers, and it is worth keeping them separate. The first is what the published package actually contains as data. The second is the research role that corpus now plays within CILM. Reading the two together, without merging them, is what keeps the description honest.

What the record contains

The published package holds anonymised episodes of real procurement communication concerning cooperation in the supply of electronic components. Each record is an episode of interaction rather than the raw text of a single email, and alongside the content the package preserves structural metadata: the type of communication, the stage of the process it belongs to, the presence or absence of particular risk signals, and the links between related messages.

The material is the ordinary traffic of procurement — buyer requests, supplier responses, commercial offers, and clarifications about origin, documents, timing, stock condition, and signs of risk. The package also ships reproducibility scripts and a supporting documentation set, including a codebook, an anonymisation protocol, and an ethics statement, and it is released under a CC BY 4.0 licence.

The package additionally carries an earlier composite-risk annotation. That annotation is addressed directly further down, because it belongs to a prior analytical phase and should not be read as the current CILM model.

How it was anonymised

Because the source material is real correspondence, anonymisation is the load-bearing part of the work, and it was done in stages with software written in Python.

Direct identifiers were removed first: the names of companies and people, addresses, and every form of contact information, together with order numbers, internal document numbers, financial details, part numbers tied to specific contracts, references to corporate systems, and any other direct identifier.

Indirect identifiers were removed next. A name can be absent while a combination of specific details still points to a particular company. To close that gap, dates, geographic markers, unique product designations, internal codes, and other rare features that could act as a fingerprint were also removed.

The communications were then normalised to a common structure. The aim was to keep the meaning of what happened and the sequence of actions while stripping out everything attached to a specific market participant. What remains is the behaviour of the process, not the personal or corporate information of the people inside it.

The question it opens

The reason this corpus matters is that the pre-purchase communication is where trust in a lot is actually built, and it is normally invisible. It stays inside procurement negotiations and rarely reaches any open source.

Each case follows the sequence of interaction around one supply: documents are exchanged, clarifying questions are asked, doubts appear, and steps are taken to resolve them. That structure makes it possible to study not only the final decision but the way it was reached. It becomes possible to trace the moment at which the available evidence stops being sufficient and an ordinary commercial exchange turns into a procedure for checking where a lot came from.

This is a layer of data that catalog-level models do not use. They read structured facts about the component and the market; the corpus reads the process of forming a judgement under incomplete information. The two are not in competition. The corpus opens a layer the scoring systems were never built to examine.

The earlier annotation, and what it is not

The published record includes a composite-risk annotation developed before the current CILM architecture was settled. It is retained deliberately, for reproducibility, so that the earlier analysis remains checkable rather than erased.

It should not be mistaken for the current model. The earlier annotation used a different naming and a different set of indicators, from a phase when the methodology had not yet been organised around lot-level evidence sufficiency. It does not establish whether any component is authentic, it is not a set of verified counterfeit labels, and it is not a supplier ranking. Treating those earlier values as the present CILM risk model would misread both. How CILM approaches risk, and why the present model is separated from that earlier work, is set out on the measuring supply-chain risk page.

The principle behind keeping both visible is ordinary version control. The underlying corpus does not change; the documentation and the analytical layer above it develop as the methodology develops, and each stage stays distinguishable from the next.

How it can be used

For a researcher, the corpus supports several distinct lines of work. It allows the patterns in procurement decision-making to be studied from real cases rather than reconstructions. It allows different methods of analysing procurement communication to be compared on the same material. It allows the sufficiency of an evidence base to be assessed: how much, and what kind, of evidence a given decision actually rested on. It supports work on evidence-seeking behaviour, on documentation gaps, and on the signals of an opaque counterparty. And it provides real engineering situations to build and test annotation schemes against, rather than invented examples.

Publishing the corpus openly has a further effect. It creates a basis for reproducible research: independent researchers can apply their own methods to the same cases and compare what they find, which is difficult when every group works from private material no one else can see.

Scope and limits

The boundaries of the corpus are as important as its contents, because they fix where its conclusions are valid.

The corpus studies the decision process, not its result. Everything drawn from it concerns the evidence available at the moment of decision, not the outcome of any later independent examination of the lot. For that reason it cannot establish whether a component is genuine or counterfeit, it cannot measure how common counterfeiting is in any market, and it does not rank suppliers as sound or unsound. It is not a training set for models that automatically detect counterfeits.

It was also collected from procurement activity within the Eurasian Economic Union (EAEU) economic space during a defined observation window. That is enough to study how decisions are formed; it is not a statistical sample of any whole market, and its wider geographic generalisability has not yet been independently established. What it makes visible is narrower and more specific: which signs, documents, and communication events shape an engineering decision when the information is incomplete.

Where it sits in CILM

The dataset is the empirical side of the same argument that runs through the rest of this material. Component integrity is treated as a question about a specific lot and the evidence attached to it, rather than a fixed property of a part or a supplier. Existing tools answer the catalog-level question well. The corpus provides material for studying the lot-level question that sits underneath a procurement decision.

It is one input, not a conclusion. It does not certify anything. Its role is to make a previously private layer of the problem available for open study, so that methods for reasoning about lot-level evidence can be built and checked against real cases rather than assumed.

[DIAGRAM: two stacked lanes. Top lane “Structured external sources” lists component lifecycle, availability, incident history, supplier data, price signals, feeding a box “Catalog-level risk: how risky is this component?”. Bottom lane “Pre-purchase procurement communication (this corpus)” shows an ordered sequence — request, offer, clarification, doubt raised, evidence check, decision — feeding a box “Lot-level question: what evidence is sufficient to trust this lot?”. A marker on the bottom lane flags the point where available evidence becomes insufficient and correspondence turns into origin verification. Caption notes the corpus opens the lower layer, which the upper layer does not record. Author-developed; DOI 10.21227/34y3-zj88.]

Information gain

The research object is moved from the component to the pre-purchase communication in which trust in a specific lot is formed, and the published record is described in two honest layers — what it contains as data, and its current research role — rather than restated from vendor literature or reduced to a single verdict.

Author contribution

The author's own published, anonymised corpus of real inbound procurement communications (IEEE DataPort, DOI 10.21227/34y3-zj88), its construction and deliberate limits, and the explicit separation of an earlier composite-risk annotation from the current CILM risk model.

Claims and sources

  • The corpus is published as an open dataset of anonymised procurement communication records on IEEE DataPort, under a CC BY 4.0 licence (DOI 10.21227/34y3-zj88).

    Verified Source: IEEE DataPort dataset record
  • The published record includes reproducibility scripts and a supporting documentation package covering the codebook, scoring rubric, anonymisation protocol, and ethics statement.

    Verified Source: IEEE DataPort dataset record

FAQ

What is in this dataset?

Anonymised episodes of real procurement communication about the supply of electronic components — requests, supplier responses, offers, and clarifications about origin, documents, timing, stock condition, and risk signals — together with structured metadata, an earlier composite-risk annotation, and reproducibility scripts.

Is it a database of components or of counterfeits?

No. It contains neither part data nor confirmed counterfeit cases. Its object is the communication around a supply, not the component and not a verdict on the component.

How was it anonymised?

In stages, with software written in Python. Direct identifiers were removed first, then indirect ones that could act as a fingerprint in combination, and the communications were then normalised to a common structure. What remains is the behaviour of the process, not the identity of its participants.

The record mentions a composite risk score. Is that the current CILM model?

No. That annotation comes from an earlier analytical phase and is retained for reproducibility. It is not the current CILM risk model, does not establish authenticity, and should not be read as a verified counterfeit label or a supplier ranking. How CILM approaches risk is discussed separately on the measuring supply-chain risk page.

Can it tell whether a component is genuine or counterfeit?

No. It records the evidence available at the moment of decision, not the outcome of any later independent test. It does not replace laboratory examination and is not a training set for automatic counterfeit detection.

Is it large enough to be representative?

It is a focused corpus rather than a market-wide sample. It is large enough to study patterns in how decisions are formed, and it is deliberately not presented as a statistical sample of any whole market; its wider generalisability has not yet been independently established.

References