2007-01

Electronic Record Keeping Systems

Effective Date: 14 February 2007

Version in Effect: 4 (revised 18 September 2013)

Reference: TAM Part 5, Chapter 5, Section 2

OPI / Telephone: DTAES 4-5-4 / 819-939-4758

1.    Purpose

1.1.    This TAA Advisory provides a method for compliance with the requirements of the Technical Airworthiness Manual (TAM) pertaining to Electronic Record Keeping Systems (ERKS).

1.2.    This TAA Advisory is not mandatory, nor does it constitute a regulation. It describes a means acceptable to the TAA, but is not the only means to demonstrate compliance with the regulation(s). If you elect to use this TAA Advisory, then all the important aspects of it must be followed.

2.    Applicability

2.1.   This TAA Advisory is applicable to all organizations seeking TAA acceptance of an ERKS that is the sole repository for some part or all of their Type, Technical or Organizational records, as defined in TAM paragraphs 5.5.2.R1-R3.

2.2.   This TAA Advisory has been generated to assist organizations in achieving TAA acceptance for new ERKS or upgrades to existing systems. This advisory provides guidance on how the TAA will evaluate an ERKS to ensure compliance with the regulatory requirement stipulated under paragraph 3.2.1.

2.3.    All of the requirements described in paragraph 4.4.1. below are applicable to organizations seeking TAA Airworthiness Acceptance for the implementation of a new ERKS. For upgrades to existing ERKS, it is possible that not all of the elements listed in paragraph 4.4.1. may be applicable. Organizations seeking approval to upgrade an existing ERKS will be required to submit a project plan for the TAA's review and acceptance. The TAA will assist organizations in defining the project plan deliverables, which may vary depending on the complexity and extent of the upgrade.

3.    Related Material

3.1.  Definitions:

  1. Electronic Record Keeping System. A system of record processing in which records are entered, stored and retrieved electronically by a computer system rather than in the traditional hard copy form.

3.2  Regulatory References:

3.2.1.   Technical Airworthiness Manual (TAM), Part 5, Chapter 5, Section 2 – Electronic Record Keeping Systems.

4.    Discussion

4.1.    A significant amount of airworthiness-related documentation is produced to provide the essential information and data necessary to establish and maintain the airworthiness of an aeronautical product. Much of this information and data must be retained indefinitely and be accessible at any point in time. Computers have been used for many years for the planning, analysis, scheduling and documentation associated with the production of this airworthiness-related information and data. However, paper records were more often than not the method used to provide the documentary evidence required by the TAA. This is particularly true for the required airworthiness certifications associated with engineering decisions or the completion of a maintenance task.

4.2.    As organizations transition over to ERKS, they need to clearly understand the risks to their data. Common vulnerabilities of an ERKS of interest to the TAA include but are not limited to the following:

  1. electronic records can easily be deleted without trace in most commercial applications;
  2. editing of electronic records is facilitated by features such as global search and automatic replace functions;
  3. correction of data entry errors often involves “data overwrite” capabilities; and
  4. a secure electronic signature requires advanced technology and does not provide the physical evidence of a hand-written signature.

4.3.    Organizations must prove to the satisfaction of the TAA that sufficient safeguards have been implemented to overcome the vulnerabilities of electronic records and appropriate measures have been taken to assure the integrity of the system and the airworthiness-related data contained within the system.

4.4.    Acceptable Means of Compliance.

4.4.1.   An organization seeking acceptance for an ERKS must meet the requirements of reference 3.2.1. and provide the TAA with the following:

  1. A project plan. A plan must be submitted to the TAA for acceptance, covering the intended scope of the ERKS and describing how all the elements below will be accomplished;
  2. Verification and validation of system functionality. This phase shall ensure that the ERKS can meet all of the airworthiness requirements stipulated in the TAM that the ERKS is intended to support. For example, if the ERKS provides functionality related to aircraft release certification, it would need to comply with TAM 3.1.2.R11. In addition, ERKS validation is required to support all requirements of reference 3.2.1. The organization must prove that sufficient system validation and verification testing was conducted to demonstrate that the defined system functionality provides the results expected. In general, a series of tests involving a range of possible scenarios are executed with the results documented and assessed as satisfactory. The functionality targeted for verification and validation should include all functions deemed critical to the airworthiness-related information and data within the ERKS. The tests and scenarios used to demonstrate system integrity should reflect the way the system would be used within the organization. Reports from this phase must cover what was tested, expected results, actual results, recommendations, modifications (if required) and re-testing (if required);
  3. Parallel System Operation. Where the ERKS is used to capture critical data that supports airworthiness activities, a parallel record keeping system will be required during ERKS start-up. An example of a critical system would be a Health and Usage Monitoring System (HUMS) or electronic maintenance scheduling application. Paper-based records are an acceptable parallel system. Where an organization utilizes an additional electronic system as their parallel system, they will need to ensure that the systems are operated separately to avoid cross contamination of the data collected. The parallel system and duration of parallel system operations must be defined in the project plan;
  4. ERKS Management Plan. Data management involves the implementation of system safeguards and measures to prevent the loss during the storage, processing and transmission of information and data. In addition, data management involves the activities associated with updating, accessing and validating data records. A data management plan, at a minimum, shall cover:

(1)    Back-up procedures that ensure easy recovery of data in case of inadvertent loss or destruction of data. Backed-up data should be stored on a different server or medium than the primary data. In addition the backed-up data medium should be in a different location. Data back-ups should be done on a regular basis;

(2)    System Disaster Response procedures, to deal with all likely system failures, power shortages or data loss. The procedures should define how any lost data would be identified and recovered. One method that may be used within the disaster response procedures is for the organization to temporarily revert to paper records to minimise the impact on operations;

(3)    System Access procedures to ensure that access is controlled in order to protect the information and data retained within the electronic record keeping system against tampering whether it is accidental or intentional. An organization should define how the access control system will be implemented for each terminal used to enter or process data. If passwords are used, adequate procedures should be in place to protect and regularly change user passwords;

(4)    Data Transfer procedures to cover how data transfer is accomplished, the hardware used and the method of confirming that the data recorded by the server is accurate and complete;

(5)    System Configuration change procedures to ensure that all ERKS changes are documented and auditable. Configuration changes can result from ERKS software changes, user required changes, baseline data changes and dynamic data changes. Each of these change types will trigger unique system verification procedures required before the release of the change. In addition, system configuration changes can only be performed by authorized personnel within the organization;

(6)    Data Access procedures to cover how data within the ERKS is provided as information to the organization. The ERKS must be able to print appropriate reports of records upon demand. For example, if an ERKS is used to manage aircraft maintenance records, the ERKS must be able to produce hard copy reports that meet the technical record requirements of TAM 5.5.2.R2. This would include summary configuration reports for the entire fleet of aircraft;

(7)    Data Correction procedures to ensure access to the original data after a correction has been made to electronic data is required. Link between the original record and the corrected record must exist in order to provide the required data traceability. In addition substantiating information that includes the date of alteration, the reason for the alteration, and the person’s name and signature or employee identifier is required;

(8)    Electronic Signature procedures, when an electronic signature is used within the electronic record keeping system, must meet the requirements of TAM 5.5.1.3; and

(9)    Data Validation procedures to cover how ERKS data is audited in-service to ensure that the users and ERKS are accurately performing all required tasks. This is a critical activity since all systems will incur errors and the organization using the ERKS must take steps to minimize the likelihood that system errors will impact airworthiness related activities.

  1. System User Guides. The organization implementing the ERKS must develop user guides that describe how the ERKS system functionality is used and how the system is maintained. The user documentation will include basic user instructions and advanced system management instructions;
  2. Policy and Procedure Updates. The organization implementing the ERKS must update all airworthiness policy and enabling procedures that involve the use of the ERKS. Accredited organizations will require TAA approval of all changes to their Airworthiness Process Manuals;
  3. Training Plan. The organization implementing the ERKS must develop a training plan that ensures initial training is provided to all ERKS users and, where required, recurrent training is provided. The scope of the training must match the complexity of the user requirements. It would be expected that ERKS administrators would have skill, knowledge and experience to perform all ERKS management activities and would receive application specific training as required. All training must be carried out as close to commencement of ERKS use as possible;
  4. Transition Plan. During the stand-up period of the ERKS, the organization will be managing all legacy processes, migrating data to the ERKS, implementing new processes and initiating training. For a complex ERKS, the organization will need to develop a transition plan that describes how all of these activities will be managed. While the organization is transitioning, it must ensure that an appropriate level of additional user support is available during the implementation period; and
  5. Technical Data Package. The organization seeking TAA acceptance of the ERKS must provide the TAA staff with documentation that supports all of the requirements described above.

4.4.2.  The TAA will review the project plan and provide feedback to the organization. For a complex ERKS, there will be a number of millstones negotiated between the organization and the TAA for deliverable review. This will allow for the TAA Airworthiness Acceptance of the ERKS to be based on a process executed by the organization over an extended period of time. Once the TAA is satisfied that the ERKS is ready for implementation, based on the final Technical Data Package, the organization will be given the authority to commence interim operations in accordance with the transition plan. Prior to this occurring, the organization must submit a letter from the SMM and/or SDE certifying that the ERKS meets all airworthiness requirements and that all required training, procedures and instructions have been instituted. Depending on the complexity of the ERKS, the TAA may conduct an on-site audit and evaluate the ERKS against all airworthiness requirements prior to the full TAA acceptance.