Electronic Signatures and Electronic Exchange of the Authorized Release Certificate – Form One
Issuing Office: | Civil Aviation - Standards | Document No. : | AC 571-006 |
---|---|---|---|
File Classification No. : | Z 5000-34 | Issue No. : | 01 |
RDIMS No. : | 6956082-V14 | Effective Date: | 2012-03-26 |
- 1.0 INTRODUCTION
- 2.0 REFERENCES AND REQUIREMENTS
- 3.0 BACKGROUND
- 4.0 ELECTRONIC RECORDKEEPING SYSTEM
- 5.0 ELECTRONIC SIGNATURE ON AUTHORIZED RELEASE CERTIFICATE – FORM ONE
- 6.0 ELECTRONIC EXCHANGE OF FORM ONE AND AIR TRANSPORT ASSOCIATION SPEC 2000 CHAPTER 16
- 7.0 TRANSPORT CANADA APPROVAL
- 8.0 INFORMATION MANAGEMENT
- 9.0 DOCUMENT HISTORY
- 10.0 CONTACT OFFICE
1.0 INTRODUCTION
- This Advisory Circular ( AC ) is provided for information and guidance purposes. It describes an example of an acceptable means, but not the only means, of demonstrating compliance with regulations and standards. This AC on its own does not change, create, amend or permit deviations from regulatory requirements, nor does it establish minimum standards.
1.1 Purpose
- The purpose of this document is to provide guidance on the use of electronic signatures on the computer generated Authorized Release Certificate – Form One and identify Air Transport Association ( ATA ) Spec 2000, Chapter 16, Electronic Product and Part Regulatory Documentation, as the standard to be used for the electronic exchange of Form One.
1.2 Applicability
- This document applies to Transport Canada Civil Aviation ( TCCA ) personnel, delegates, and the aviation industry.
1.3 Description of Changes
- Not applicable.
2.0 REFERENCES AND REQUIREMENTS
2.1 Reference Documents
-
It is intended that the following reference materials be used in conjunction with this document:
-
Aeronautics Act ( R.S. , 1985, c. A-2);
-
Canada Evidence Act ( R.S.C. , 1985, c. C-5);
-
Part I, Subpart 3 of the Canadian Aviation Regulations ( CARs ) — Administration and Compliance;
-
Part 5, Subpart 61 of the CARs — Manufacture of Aeronautical Products;
-
Part 5, Subpart 71 of the CARs — Aircraft Maintenance Requirements;
-
Part 5, Subpart 73 of the CARs — Approved Maintenance Organizations;
-
Part 6, Subpart 5 of the CARs — Aircraft Requirements;
-
Standard 561 of the CARs — Approved Manufacturers;
-
Standard 571 of the CARs — Maintenance;
-
Standard 573 of the CARs — Approved Maintenance Organizations;
-
Standard 625 of the CARs — Aircraft Equipment and Maintenance Standard;
-
Transport Canada Publication ( TP ) 14428, 2005-08-01 — Maintenance Policy Manual – ( MPM ) Checklist;
-
TP 14308, 2003-12-01 - Transport Canada Civil Aviation Guidelines: Maintenance Policy Manuals;
-
Federal Aviation Administration Advisory Circular ( FAA AC ) 120-78 — Acceptance and Use of Electronic Signatures, Electronic Recordkeeping Systems and Electronic Manuals;
-
FAA Order 8130.21F Chapter 5 — Electronic Use of the Authorized Release Certificate, FAA Form 8130-3;
-
European Aviation Safety Agency ( EASA ) Continuing Airworthiness Requirements Part M — Acceptable Means of Compliance ( AMC ) to Appendix II;
-
Air Transport Association ( ATA ) Spec 2000 E-Business Specification for Materials management, Chapter 16 – Electronic Product and Part Regulatory Documentation revision 2009.1 or latest;
-
ATA Spec 42 — Aviation Industry Standards for Digital Information Security revision 2010.1 or latest.
-
2.2 Cancelled Documents
- Not applicable.
2.3 Definitions and Abbreviations
-
The following definitions are used in this document:
-
ATA Spec 2000 Chapter 16 refers to an aviation industry standard for the electronic exchange of the Authorized Release Certificate – Form. ATA Spec 2000 Chapter 16 provides the specific eXtensible Markup Language ( XML ) as the standard format for the exchange of electronic Form One for products, parts, and appliances. This specification also provides the minimum requirements for digital security when issuing and receiving the electronic Form One.
-
ATA Spec 42 specifies standard digital certificate profiles for use across the air transport industry, as well as standard policies governing the issuance and use of these certificates. It also details the Public Key Infrastructure ( PKI ) requirements and specifications for the aviation industry. ATA Spec 2000 chapter 16 quotes this specification for the type of assurance level for digital security implementation.
-
Electronic Document means data that is recorded or stored on any medium in or by a computer system or other similar device and that can be read or perceived by a person or a computer system or other similar device. The data also includes the Authorized Release Certificate – Form One.
-
Electronic Signature means a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document. It electronically identifies and authenticates an individual entering, verifying, or auditing computer-based records.
-
Digital Signature means a cryptographically generated data that identifies a document’s signatory (signer) and certifies that the document has not been altered. Digital signature technology is the foundation of a variety of security, electronic business, and electronic commerce products. This technology is based on public/private key cryptography, digital signature technology used in secure messaging, PKI , virtual private network ( VPN ), web standards for secure transactions, and digital signatures. A digital signature is not a facsimile or an image of a person’s handwritten signature.
-
Public Key Infrastructure means a set of policies, practices, technology and cryptography used to create a trust framework for securing digital data and authenticating digital identities of people and organizations for the purposes of the secure exchange of electronic information over a public system such as the Internet.
-
Signature means any form of identification used to attest to the completion of an act and authenticate a record entry, must be traceable to the person making the entry, and must be handwritten or part of an electronic signature system or other form acceptable to Transport Canada.
-
-
The following abbreviations are used in this document:
-
AC : Advisory Circular;
-
AMO : Approved Maintenance Organization;
-
ARC : Authorized Release Certificate;
-
ATA : Air Transport Association;
-
CARs : Canadian Aviation Regulations;
-
EASA : European Aviation Safety Agency;
-
FAA : Federal Aviation Administration (United States of America);
-
PKI : Public Key Infrastructure;
-
STD : Standard;
-
TCCA : Transport Canada Civil Aviation; and
-
XML : eXtensible Markup Language.
-
3.0 BACKGROUND
-
Electronic information storage and retrieval systems have enhanced significantly the aviation industry’s ability not only to meet Canadian Aviation Regulations ( CARs ) technical recordkeeping requirements but also to manufacture, operate, and maintain today’s highly complex aircraft and aircraft systems in a demanding operational environment.
-
The Federal Aviation Administration ( FAA ) and industry formed the Electronic Documentation Project Team ( EDPT ) to develop an industry specification to enable the electronic exchange of FAA Form 8130-3 for aircraft products and articles. The requirements contained in FAA Order 8130.21F Chapter 5 for the use of the electronic version of FAA Form 8130-3 and the specifications contained in Air Transport Association ( ATA ) Spec 2000 Chapter 16 is the direct result of the efforts put forth by that team. Not only the requirements of FAA Form 8130-3 were developed, but corresponding forms used by other authorities (that is, European Aviation Safety Agency ( EASA ), Transport Canada Civil Aviation ( TCCA ), etc.) were considered. As a result, the FAA and EASA have accepted the use of this industry specification, ATA Spec 2000 Chapter 16, to enable the electronic exchange of their Authorised Release Certificate ( ARC ) for aircraft products and parts.
-
Following acceptance of this specification by other authorities, the Canadian Aviation Industry raised questions to TCCA regarding our position on using the ATA Spec 2000 Chapter 16 as the standard on the electronic exchange of the ARC with the use of Public Key Infrastructure credentials.
4.0 ELECTRONIC RECORDKEEPING SYSTEM
4.1 Requirements
-
In order to comply with the CARs and Standards ( STDs ) listed in Section 2.1 of this Advisory Circular, the electronic record keeping system must include provisions to ensure that:
-
Records are protected by electronic means against loss, destruction or tampering to the same extent as that provided to paper records;
-
Back-up copies are made and kept in a secure location;
-
Copy of records can be printed on paper for the Minister upon request;
-
Access to records and entries made into records are limited to authorized personnel;
-
Any corrections and revision made to saved records are made by authorized personnel only and that the revised or corrected record shows that it has been changed and ensure that no original entry is deleted;
-
If a correction to the ARC is required, the system generates a new certificate with a new tracking number and makes reference to the previous certificate;
-
Records are retained for periods stated in Section 561.14 of the CARs for manufacturers of aeronautical products and Section 573.15 of the CARs for Approved Maintenance Organizations ( AMOs ).
-
4.2 Additional Provisions of Electronic Recordkeeping System for the Electronic Exchange of Form One
-
Although ATA Spec 2000 Chapter 16 is the industry standard for the electronic exchange of Form One, additional provisions for the electronic recordkeeping system are as follows, the system must:
-
Guarantee secure access for each employee certifying the part or product;
-
Provide for a personal electronic and digital signature identifying the signatory and generated using cryptographic keys held by the signatory;
-
Ensure integrity and accuracy of the data certified by the signature on the ARC Form One and be able to show evidence of the authenticity of the ARC with suitable security, safeguards and backups;
-
Be active only at the location where the part is being released with an ARC Form One. All other access to the document is “read only”;
-
Not allow the signing of a blank ARC ;
-
Not permit modification of the ARC after signing and provide a high degree of assurance that the data has not been modified or if modification of the document is necessary after issuance, a new form with a new tracking number and reference to the initial certification issuance should be made or the electronic recordkeeping system should render the data invalid to any computer application processing the electronic file;
-
Provide traceability of the electronic document back to its source;
-
Be able to provide the standard format Extensible Markup Language, digital security signature recommendations ( PKI ) and guidelines stated in ATA Spec 2000 Chapter 16 revision 2009.1 or latest.
-
5.0 ELECTRONIC SIGNATURE ON AUTHORIZED RELEASE CERTIFICATE – FORM ONE
5.1 Requirements of a Signature on the Authorized Release Certificate
-
According to Section 561.10 of the CARs and STD 561.10 of the CARs , the statement of conformity may be made on an ARC completed in accordance with Appendix A of STD 561 of the CARs . Once block 13b of the ARC is signed by a person authorized by the certificate holder in accordance with Subpart 561 of the CARs , the ARC is subject to all the applicable regulations related to manufacturing and technical records. A signature in this block constitutes a statement of conformity pursuant to Subpart 561 of the CARs .
-
Under Section 571.10 of the CARs and STD 571.10 of the CARs , where a maintenance release is made using an ARC , the requirements of Appendix J of STD 571 of the CARs would normally apply. Once block 14b of the ARC is signed by a person authorized by the certificate holder in accordance with Subpart 573 of the CARs , the ARC is subject to all applicable regulations related to maintenance and technical records. A signature in this block constitutes a maintenance release pursuant to Section 571.10 of the CARs .
-
The uses of alternative methods of signing the ARC by authorized persons, such as electronic signature are only permitted when authorized by Transport Canada.
5.2 Description of an Electronic Signature
-
An electronic signature should have the same qualities and attributes that guarantee a handwritten signature’s authenticity and should be traceable to the person signing. The electronic signature should be:
-
Uniquely linked to the signatory;
-
Capable of identifying the signatory;
-
Created using means solely controlled by the signatory;
-
Appended to the data being signed in a way to enable the verification of the data’s source and integrity.
-
-
An electronic signature may be in the following forms:
-
Digital image of a paper signature;
-
Typed notation;
-
Electronic code;
-
Equivalent security designator for individual identification that can be used as a means of authenticating the individual signing the electronic document.
-
5.3 Attributes of an Electronic Signature Program
-
The computer program generating the electronic signature shall provide the following electronic signature attributes:
-
Uniqueness: identify the individual and be difficult to duplicate;
-
Significance: deliberate action taken to create the electronic signature;
-
Scope: information being affirmed is clear to the signatory and the readers of the document;
-
Signature Security: difficult for another to duplicate or alter it;
-
Non-repudiation: should not prevent the signatory from denying he or she affixed the signature to the document; and
-
Traceability: to the individual who affixed their electronic signature to the document.
-
6.0 ELECTRONIC EXCHANGE OF FORM ONE AND AIR TRANSPORT ASSOCIATION SPEC 2000 CHAPTER 16
6.1 Criteria for the Exchange
-
Trading partners wishing to exchange the ARC Form One electronically should do so in accordance with this AC and common industry practice as currently described in ATA Spec 2000 Chapter 16.
-
To facilitate the understanding and acceptance of the ARC Form One released and exchanged using ATA Spec 2000 Chapter 16, the signature requirement in block 13b or 14b of the ARC (electronic signature) and the digital signature (security of the exchange) must be completed by the same authorized person.
-
The electronic exchange of the electronic ARC Form One should be accomplished on a voluntary basis. Both the issuer and receiver of the ARC should agree on the electronic transfer of the electronic document. As soon as the receiver is not capable of receiving the document electronically using this specification, the system should revert back to the paper system.
-
ATA Spec 2000 Chapter 16 does not replace any regulatory requirements or guidance regarding the ARC Form One and electronic signatures.
-
In revision 2009.1 of ATA Spec 2000 Chapter 16, the part certification form blocks displayed in Section 16-2 (3) – Data Requirements do not entirely reflect the format of Canadian ARC Form One. Be sure to follow the format and the data requirements, including applying the electronic signature, pursuant to Appendix A of STD 561 of the CARs and Appendix J of STD 571 of the CARs .
6.2 Criteria for Foreign Exchange
-
Organizations wishing to send or receive an ARC from a foreign organization shall do the following:
-
Ensur'e that the ARC content meets the requirements of the CARs ;
-
Ensure that the ARC content meets the requirements of the applicable bilateral agreement or technical arrangement;
-
Produce an ARC that conforms to a standardized, internationally recognized format; and
-
Be sure that the necessary security requirements of this AC and ATA Spec 2000 Chapter 16 are met.
-
6.3 Printing Authorized Release Certificate Form One from an Electronic File
-
Where both the certificate format and the data are entirely computer generated, retention by means of secure database is acceptable provided it is possible to generate a hard copy on request.
-
The printed release certificate should meet the general format as specified in Appendix A of STD 561 of the CARs and Appendix J of STD 571 of the CARs including the electronic signature in block 13b or 14b of the ARC .
-
It should have a watermark displayed on the form background stating “PRINTED FROM ELECTRONIC FILE”. When the receiver is required to print the electronic ARC , they should be capable of regenerating it from the received data without alteration. The printed ARC is a copy of the original electronic ARC .
7.0 TRANSPORT CANADA APPROVAL
- TCCA shall be notified of the intent to implement electronic signatures and/or the electronic exchange of Form One. Details of how the electronic recordkeeping system is used to generate, maintain and retain the electronic ARC Form One and how the electronic signatures are controlled shall be stated in the company approved manual. The system must meet the requirements of Subpart 561 of the CARs for manufacture of aeronautical products or Subpart 573 of the CARs for AMOs . Procedures and implementation of such a system must be approved by TCCA prior to use.
8.0 INFORMATION MANAGEMENT
- Not applicable.
9.0 DOCUMENT HISTORY
- Not applicable.
10.0 CONTACT OFFICE
For more information, please contact the:
Chief, Operational Airworthiness
Phone: 613-952-4386
Fax: 613-952-3298
E-mail: jeff.phipps@tc.gc.ca
Suggestions for amendment to this document are invited, and should be submitted via: AARTinfodoc@tc.gc.ca
Original signed by
Jacqueline Booth
A
/Director, Standards
Civil Aviation
Transport Canada
Transport Canada documents or intranet pages mentioned in this document are available upon request.