2007-03

Electronic Signature Requirements

Effective Date: 28 July 2007

Version in Effect: 3 (revised 18 September 2012)

Reference: TAM Part 5, Chapter 5, Section 2

OPI / Telephone: DTAES 4-5-4 / 819-939-4758

1.       Purpose

1.1.         This TAA advisory provides a method for compliance with the requirements of the DND/CAF Technical Airworthiness Manual (TAM) pertaining to electronic signatures. 

1.2.        This advisory has been generated to assist organizations in achieving TAA acceptance of electronic signatures. This advisory provides guidance on how the TAA will evaluate the electronic signatures to ensure compliance to the regulatory requirement stipulated at reference 3.2.1.a.

1.3.         This TAA Advisory is not mandatory nor does it constitute a regulation. It describes a means acceptable to the TAA. However, it is not the only means to demonstrate compliance with the regulation(s). If this TAA Advisory is chosen as the method of compliance, then all its important aspects must be followed.

2.       Applicability

2.1.         This TAA advisory is applicable to all organizations seeking TAA acceptance of an Electronic Signature System used in support of Type, Technical or Organizational records, as defined in TAM 5.5.2.R1-R3.

3.       Related Material

3.1.         Definition:

  1. Electronic Signature – A unique digital identifier, traceable to an authorized person, which is used by the individual to authenticate, attest to and certify that entries made into a legal record are verifiable, complete and accurate.

3.2.         Regulatory References:

3.2.1.      Technical Airworthiness Manual (TAM):

  1. Part 5, Chapter 5, Section 2, Standard S5, paragraph 2 on electronic signatures.

3.2.2.     Civil and/or other military airworthiness regulations/advisories:

  1. Transport Canada Civil Aviation (TCCA) Canadian Aviation Regulation (CAR), Part VI – General Operating and Flight Rules, Subpart 5 – Aircraft Requirements, Division IV – Technical Records 605.93, Technical Records – General.
  2. TAA Advisory 2007-01 – Electronic Record Keeping Systems.

4.       Discussion

4.1.         In the Technical Airworthiness Program, the signing of a technical airworthiness function by an authorized individual constitutes an airworthiness certification. This signature confirms that relevant airworthiness-related tasks have been carried out as required and that the individual signing for the airworthiness function is assuming responsibility for it. It recognizes previous actions accomplished by one or more individuals and is a pre-requisite for further actions to be carried out subsequently by other individuals. The signing of these technical airworthiness functions are subject to TAM Part 5, Chapter 5, which states the rules and standards that regulate the generation and maintenance of airworthiness documentation, including the requirements for electronic record keeping systems (ERKS) and electronic signatures. In this context, the signature process, written or electronic, must meet the same requirements. These requirements are:

  1. Identification. The signature must positively identify the signatory for the life of the document.
  2. Uniqueness. The signature must identify the signatory such that the signatory cannot credibly deny the signature.
  3. Protection. The signature process must ensure that the use of the signature is under the sole control of the signatory.
  4. Accountability. The signature process must affix the signature to all applicable data and information such that the signatory is fully aware of what he or she is signing for and is accountable for the validity and accuracy of that data and information.
  5. Integrity. The signature process must maintain the integrity of the data and information preventing or detecting alterations being made after signing of the original document. Any corrections or changes must be made in such a way that the original data will still be available.

4.2.        Acceptable Means of Compliance.

4.2.1.    An organization seeking acceptance for use of Electronic Signatures within an ERKS must meet the requirements of reference 3.2.1.a and satisfy the TAA that the following have been met:

  1. Identification. An identification number, a coded magnetic card, a thumb/finger print, an eye print or similar concepts can be used to identify the signatory.
  2. Uniqueness. An acceptable method of proving uniqueness of a signature is by using an authentication procedure that, in combination with the identification procedure, validates the identity of the signatory. Acceptable means of identification and authentication includes the use of separate and unrelated identification and authentication codes. A combination of a Personal Identification Number (PIN) and coded magnetic card, a thumb/finger print, a retina scan or similar concepts can be used to authenticate the identity of the signatory accurately and positively.
  3. Protection. The satisfaction of identification and uniqueness outlined above plus positive control over the process of issuing and use of identification and authentication codes can ensure that an acceptable electronic signature would be under the direct control of the signatory.
  4. Accountability. The accountability for the validity and accuracy of the information can be accomplished by ensuring that the system links the signature to all the information, and only the information, relevant to the specific airworthiness function being affirmed by that signature and identifies to the signatory all information or actions that are being signed for.
  5. Integrity. A date/time stamp should be incorporated into the electronic document at the time of the original electronic signature, and thereafter at every alteration of the document.

4.2.2.    The organization seeking TAA acceptance of Electronic Signatures will need to provide the TAA staff with the required Airworthiness Process Manual and procedure content that details:

  1. the means used to manage and control each physical item provided to support the signature process;
  2. the means used to manage and control the assignment of identification codes to support the signature process;
  3. instructions for data management that ensure the integrity of information, allowing all data changes to be traced to the author of the change;
  4. instructions for data management that ensure the integrity of information, ensuring that original data that has been subjected to a change process is still retrievable in its original unchanged form;
  5. instructions that allow for data to be retrieved as a complete set of information so that all data associated with a single signature are known; and
  6. a policy that covers the organization's acceptance of the electronic signature and the airworthiness documentation where electronic signatures are deemed acceptable.

4.2.3.      An organization seeking TAA acceptance of Electronic Signatures should consult with TAA staff prior to initiating a project involving the transition from hand-written signatures to electronic signatures.