GM1 21.A.130, 21.A.163 and 21.A.165 Performance of tasks in real time for the issuance of a ‘CAA Form 1’ for prototype and new parts, appliances and products other than complete aircraft, using information and communication technologies (ICT)

CAA ORS9 Decision No. 48

This GM provides technical guidance on the use of remote ICT to support the issuance of a ‘CAA Form 1’ for prototype and newly produced parts, appliances and products other than complete aircraft.

It is the responsibility of the production organisation to assess whether the use of remote ICT constitutes a suitable alternative to the physical inspection of the part, appliance or product in accordance with the applicable requirements set out in 21.A.130(a). Consequently, the production organisation that intends to use the remote ICT for such purposes should first discuss the feasibility aspects with the CAA.

1. Terminology

   In the context of this GM, the following terminology is used:

   — ‘issue of a CAA Form 1’ means:

   i. the issue of a CAA Form 1 under Part 21 Subpart G by certifying staff;

   ii. the raising of a CAA Form 1 under Part 21 Subpart F by an authorised person; and

   iii. the validation of a CAA Form 1 under Part 21 Subpart F by the CAA inspector;

   except in the case of issue of a CAA Form 1 for the correction of error(s) on a previously issued certificate and for the recertification of an item from ‘prototype’ to ‘new’ provided that the design data has not changed;

   — ‘authorised staff’ means certifying staff as defined in Part 21 Subpart G, and ‘authorised person’ and ‘CAA inspector’ as defined in Part 21 Subpart F;

   — ‘item’ means any part, appliance or product other than a complete aircraft;

   — ‘applicable design data’ means non-approved design data for a prototype item and approved design data for a newly produced item;

   — ‘task’ means any inspection, test and/or verification, as described in a documented procedure, which is needed to be performed by an authorised staff before signing a CAA Form 1;

   — ‘remote ICT’ means any real-time video and audio communication tools using information and communication technologies (ICT) whose aim is to enable the performance of the task(s) by the authorised staff from a location different from that where the item is located (on-site).

2. Regulatory context

   The following entities may issue a CAA Form 1 for produced items in order to certify their conformity to the applicable design data and, for new items, their condition for safe operation:

   — the holder of a letter of agreement (LoA) that is issued in accordance with Part 21 Subpart F (refer to point 21.A.130(a));

   — the CAA in the context of Part 21 Subpart F (refer to point 21.A.130(d));

   — the holder of a production organisation approval (POA) in accordance with Part 21 Subpart G (refer to point 21.A.163(c)).

   A CAA Form 1 has to be issued by appropriately qualified authorised staff. Part 21 does not require authorised staff to be on-site when issuing a CAA Form 1, nor how the production organisation and the CAA shall determine whether the part/appliance/product other than a complete aircraft conforms to the applicable design data and, for a new item, is in a condition for safe operation. These should be detailed in a documented procedure accepted by the CAA.

   Part 21 requires:

   — in point 21.A.130(d) that the CAA validate the CAA Form 1 following inspections performed in accordance with 21.B.135(b) if it finds after the inspection that the product, part or appliance conforms to the applicable design data and is in a condition for safe operation;

   — in point 21.A.165(c) that the POA holder has to determine that:

   — other products, parts or appliances are complete and conform to the approved design data and are in a condition for safe operation before issuing a CAA Form 1;

   — other products, parts or appliances conform to the applicable data before issuing a CAA Form 1.

   Typically, compliance with these requirements is ensured through the on-site presence of the authorised staff in order to guarantee they have appropriate access to the item, as needed.

   However, compliance with these requirements may be also ensured in certain circumstances, determined as per the considerations described in point (c) below, by remotely conducting the tasks which are needed before the issuance of a CAA Form 1 by the use of remote ICT. The following considerations should be used as guidelines when the on-site presence of the authorised staff is to be replaced by virtual presence, using remote ICT.

3. The use of remote ICT to support the issuance of a CAA Form 1

   Remote ICT may have limitations that could render it unsuitable for some applications. Accordingly, careful consideration and risk management should be applied when determining when to use remote ICT. These considerations, listed below, are however not exhaustive and should not be treated as a checklist.

   1. General considerations

   — As an overarching principle, it needs to be determined whether the nature of the tasks to be performed by the authorised staff allows the use of remote ICT.

   — The facility where the item is located:

   — should be referred to in CAA Form 65 or CAA Form 55, directly or indirectly by reference to the corresponding section of the manual or production organisation exposition (POE); or

   — for a POA, should be a facility from where a POE procedure related to point 21.A.139(b)(1)(xv) authorises the issuance of a CAA Form 1.

   — The complexity, novelty and safety criticality of the item to be released with the CAA A Form 1 should be taken into account.

   — The level of competence and experience of the personnel in the use of the particular procedures and equipment that will be used to perform the tasks before issuing CAA Form 1.

   — Previous experience of the organisation / confidence in the organisation’s inspection system / quality system / management system.

   — The appropriateness of the inspection and test instruments and/or equipment, especially if used to evaluate qualitative aspects of a product, part or appliance.

   2. Equipment and set-up considerations

   — The suitability of video resolution, fidelity, and field of view for the task being performed.

   — The need for multiple cameras, imaging systems or microphones, and whether the person that performs or witnesses the tasks can switch between them, or direct them to be switched, and has the possibility to stop the process, ask a question, move the equipment, etc.

   — The controllability of viewing direction, zoom, and lighting.

   — The appropriateness of audio fidelity for the evaluation being conducted.

   — Whether real-time, uninterrupted communication between the person(s) authorised to remotely witness the activity (authorised staff) and the personnel performing it exists at the location where the item is located.

   — The need for unique testing devices or equipment (for example, fast-frame cameras, special lighting conditions, sensitive listening devices, mobile phones with cameras for HD video calls).

   — Whether personnel have been adequately trained in the proper set-up, validation and use of the technology, tools and/or equipment to be used.

   — The need for the recording of audio and video data, as well for its retention or for the retention of other information.

   3. Cybersecurity considerations

   There are cases where the facilities where the tasks have to be performed are subject to strict security limitations. When using remote ICT for the tasks needed before issuing a CAA Form 1, it is the responsibility of the organisation to provide an equivalent level of security, therefore the person that is responsible for IT security within the organisation should concur to the ICT technology before proceeding.

   4. Documenting the use of the remote ICT

   The documented procedures developed by the holder of a LoA or a POA should be contained within the POE and submitted to the CAA for acceptance. The procedures should describe the following:

   — the risk assessment process required to determine the appropriateness of the remote ICT taking into account the above-mentioned considerations;

   — the tasks to be performed, including preparation activities, inspections, tests, verifications to be done, personnel involved in the remote ICT activities and their level of competence;

   — that authorised staff have access to all necessary data (e.g. drawings, schematics, datasheets, etc.) they require in order to determine that the item conforms to the applicable design data, and how this can be ensured;

   — how remote ICT will be used in real time (not pre-recorded) so that authorised staff may direct the performance of the tasks as if it were conducted in-person, on-site, with the aid of the equipment or the personnel supporting the activity at the remote location;

   — the procedures for conducting a reinspection in case the equipment malfunctions or the process fails to yield acceptable results; a reinspection using remote ICT may be accomplished after correcting the malfunction or process, or by an actual on- site inspection;

   — how authorised staff should record and communicate any difficulties or concerns regarding the process so that the organisation can improve its programme;

   — how the use of the remote ICT will be documented in the required records; and

   — how the organisation’s IT security is ensured throughout the remote ICT process (data protection and intellectual property of the organisation also need to be safeguarded).