AMC No 1 to 21.A.163(c) Computer generated signature and electronic exchange of the CAA Form 1

CAA ORS9 Decision No. 1

1. Submission to the CAA

Any POA holder/applicant intending to implement an electronic signature procedure to issue CAA Form 1 and/or to exchange electronically such data contained on the CAA Form 1, should document it and submit it to the CAA as part of the documents attached with its exposition.

2. Characteristics of the electronic system generating the CAA Form 1 The electronic system should:

— guarantee secure access for each certifying staff;

— ensure integrity and accuracy of the data certified by the signature of the Form and be able to show evidence of the authenticity of the CAA Form 1 (recording and record keeping) with suitable security, safeguards and backups;

— be active only at the location where the part is being released with a CAA Form 1;

— not permit to sign a blank form;

— provide a high degree of assurance that the data has not been modified after signature (if modification is necessary after issuance, i.e. re-certification of a part), a new form with a new number and reference to the initial issuance should be made); and

— provide for a ‘personal’ electronic signature, identifying the signatory. The signature should be generated only in the presence of the signatory.

An electronic signature means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication and should meet the following criteria:

— it is uniquely linked to the signatory;

— it is capable of identifying the signatory;

— it is created using means that the signatory can maintain under their sole control.

The electronic signature is defined as an electronically generated value based on a cryptographic algorithm and appended to data in a way to enable the verification of the data’s source and integrity.

POA holders/applicants are reminded that additional national requirements may need to be satisfied when operating electronic systems.

The electronic system should be based on a policy and management structure (confidentiality, integrity and availability), such as:

— administrators, signatories;

— scope of authorisation, rights;

— password and secure access, authentication, protections, confidentiality;

— track changes;

— minimum blocks to be completed, completeness of information;

— archives;

— etc.

The electronic system generating the CAA Form 1 may contain additional data such as:

— manufacturer code;

— customer identification code;

— workshop report;

— inspection results;

— etc.

3. Characteristics of the computer generated signature

To facilitate understanding and acceptance of the CAA Form 1 released with an electronic signature, the following statement should be in Block 13b: ‘Electronic Signature on File’.

In addition to this statement, it is accepted to print or display a signature in any form such as a representation of the hand-written signature of the person signing (i.e. scanned signature) or their name.

When printing the electronic form, the CAA Form 1 should meet the general format as specified in Appendix I to Part 21. A watermark-type ‘PRINTED FROM ELECTRONIC FILE’ should be printed on the document.

When the electronic file contains a hyperlink to data, required to determine the airworthiness of the item(s), the data associated to the hyperlink, when printed, should be in a legible format and be identified as a reference from the CAA Form 1.

Additional information not required by the CAA Form 1 completion instructions may be added to the printed copies of the CAA Form 1 as long as the additional data do not prevent a person from filling out, issuing, printing, or reading any portion of the CAA Form 1. This additional data should be provided only in block 12 unless it is necessary to include it in another block to clarify the content of that block.

4. Electronic exchange of the electronic CAA Form 1

The electronic exchange of the electronic CAA Form 1 should be accomplished on a voluntary basis. Both parties (issuer and receiver) should agree on electronic transfer of the CAA Form 1.

For that purpose, the exchange needs to include:

— all data of the CAA Form 1, including data referenced from the CAA Form 1;

— all data required for authentication of the CAA Form 1. In addition, the exchange may include:

— data necessary for the electronic format;

— additional data not required by the CAA Form 1 completion instructions, such as manufacturer code, customer identification code.

The system used for the exchange of the electronic CAA Form 1 should provide:

— a high level of digital security; the data should be protected, unaltered or uncorrupted;

— traceability of data back to its source should be possible.

Trading partners wishing to exchange CAA Form 1 electronically should do so in accordance with these means of compliance stated in this document. It is recommended that they use an established, common, industry method such as Air Transport Association (ATA) Spec 2000 Chapter 16.

The applicant(s) is/are reminded that additional national requirements may need to be satisfied when operating the electronic exchange of the electronic CAA Form 1.

The receiver should be capable of regenerating the CAA Form 1 from the received data without alteration; if not the system should revert back to the paper system.

When the receiver needs to print the electronic form, refer to the subparagraph 3 above.