AMC to Appendix II to Part-M — Use of the CAA Form 1 for maintenance
CAA ORS9 Decision No. 1
1. The following formats of an issued CAA Form 1 or equivalent certificate are acceptable:
— A paper certificate bearing a signature (both originals and copies are accepted);
— A paper certificate generated from an electronic system (printed from electronically stored data) when complying with the following subparagraph 2;
— An electronic CAA Form 1 or equivalent when complying with the following subparagraph 2.
a) Submission to the CAA
Any organisation intending to implement an electronic signature procedure to issue CAA Form 1 and/or to exchange electronically such data contained on the CAA Form 1, should document it and submit it to the CAA as part of the documents attached to its exposition.
b) Characteristics of the electronic system generating the CAA Form 1 The electronic system should:
— guarantee secure access for each certifying staff;
— ensure integrity and accuracy of the data certified by the signature on the form and be able to show evidence of the authenticity of the CAA Form 1 (recording and record keeping) with suitable security, safeguards and backups;
— be active only at the location where the part is being released with an CAA Form 1;
— not permit to sign a blank form;
— provide a high degree of assurance that the data has not been modified after signature (if modification is necessary after issuance, i.e., re-certification of a part, a new form with a new number and reference to the initial issuance should be made).
— provide for a ‘personal’ electronic signature, identifying the signatory. The signature should be generated only in presence of the signatory.
An electronic signature means data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication and should meet the following criteria:
— it is uniquely linked to the signatory;
— it is capable of identifying the signatory;
— it is created using means that the signatory can maintain under his sole control.
This electronic signature should be an electronically generated value based on a cryptographic algorithm and appended to data in a way to enable the verification of the data’s source and integrity.
Organisation(s) are reminded that additional national requirements may need to be satisfied when operating electronic systems.
The electronic system should be based on a policy and management structure (confidentiality, integrity and availability), such as:
— Administrators, signatories;
— Scope of authorisation, rights;
— Password and secure access, authentication, protections, confidentiality;
— Track changes;
— Minimum blocks to be completed, completeness of information;
— Archives;
— etc.
The electronic system generating the CAA Form 1 may contain additional data such as;
— Manufacturer code;
— Customer identification code;
— Workshop report;
— Inspection results;
— etc.
c) Characteristics of the CAA Form 1 generated from the electronic system.
To facilitate understanding and acceptance of the CAA Form 1 released with an electronic signature, the following statement should be in Block 14b: ‘Electronic Signature on File’.
In addition to this statement, it is accepted to print or display a signature in any form, such as a representation of the hand-written signature of the person signing (i.e. scanned signature) or a representation of their name.
When printing the electronic form, the CAA Form 1 should meet the general format as specified in Appendix II to Part-M. A watermark-type ‘PRINTED FROM ELECTRONIC FILE’ should be printed on the document.
When the electronic file contains a hyperlink to data required to determine the airworthiness of the item(s), the data associated to the hyperlink, when printed, should be in a legible format and be identified as a reference from the CAA Form 1.
Additional information not required by the CAA Form 1 completion instructions may be added to the printed copies of CAA Form 1, as long as the additional data do not prevent a person from filling out, issuing, printing, or reading any portion of the CAA Form 1. This additional data should be provided only in block 12 unless it is necessary to include it in another block to clarify the content of that block.
d) Electronic exchange of the electronic CAA Form 1
The electronic exchange of the electronic CAA Form 1 should be accomplished on a voluntary basis. Both parties (issuer and receiver) should agree on electronic transfer of the CAA Form 1.
For that purpose, the exchange needs to include:
— all data of the CAA Form 1, including referenced data required by the CAA Form 1 completion instructions;
— all data required for authentication of the CAA Form 1.
— In addition, the exchange may include:
— data necessary for the electronic format;
— additional data not required by the CAA Form 1 completion instructions, such as manufacturer code, customer identification code.
— The system used for the exchange of the electronic CAA Form 1 should provide:
— A high level of digital security; the data should be protected, not altered or not corrupted;
— Traceability of data back to its source.
Trading partners wishing to exchange CAA Form 1 electronically should do so in accordance with the means of compliance stated in this document. It is recommended that they use an established, common, industry method such as Air Transport Association (ATA) Spec 2000 Chapter 16.
The organisation(s) are reminded that additional national requirements may need to be satisfied when operating the electronic exchange of the electronic CAA Form 1.
The receiver should be capable of regenerating the CAA Form 1 from the received data without alteration; if not, the system should revert back to the paper system.
When the receiver needs to print the electronic form, refer to subparagraph c) here above.