Advisory Circular. 4. CANCELLATION. This is the first Advisory Circular issued on this subject.

Transcription

1 AC 1-2(0) 1 July 2003 Advisory Circular ELECTRONIC SIGNATURES AND RECORDKEEPING General...1 Purpose...1 Applicability...1 Cancellation...1 Effective Date...1 References...1 Introduction...1 Electronic Signatures...2 Electronic Recordkeeping GENERAL. Advisory Circulars (ACs) are issued by the Civil Aviation Authority of Singapore (CAAS) and contain information about standards, practices and procedures acceptable to the Authority. The revision number of the AC is indicated in parenthesis in the suffix of the AC number. 2. PURPOSE. This AC is issued to provide guidance and information on the use of electronic signatures, recordkeeping and manuals by CAAS approved organisations, as an alternative to paper-based systems. 3. APPLICABILITY. This AC applies to all CAAS approved organisations. 4. CANCELLATION. This is the first Advisory Circular issued on this subject. 5. EFFECTIVE DATE. This Advisory Circular is effective on 1 July REFERENCES. ANO, SAR, AOCR, Electronic Transactions Act 7. INTRODUCTION. Previously, the requirements governing the use of signatures to satisfy maintenance, manufacturing and operational requirements did not reflect advances in information storage and retrieval technology. These earlier requirements were developed at a time when the use of electronic transactions were neither available nor contemplated. CAAS recognises that the complexity of the aircraft design, operations and maintenance processes has increased, and that the number of records and documents generated and required to be retained by approved organisations have expanded as well. The Electronic Transactions Act 1998 has provided the basic legislative framework for the recognition and use of electronic transactions. CAAS supports the use of electronic transactions such as digital signatures and electronic recordkeeping. Such systems may now be used to generate and sign for aircraft records such as, but not limited to, load manifests, dispatch releases, maintenance and manufacturing task cards, aircraft maintenance records, certificate of release to service statement and flight test reports that can be authenticated using an electronic signature enabling a paperless system. AC 1-2(0) July 2003

2 8. ELECTRONIC SIGNATURES. 8.1 General An electronic signature s purpose is identical to that of a handwritten signature, and therefore must at a minimum possess those qualities and attributes intrinsic to that of a handwritten signature that guarantee its authenticity. 8.2 Forms of Electronic Signatures An electronic signature may be in the form of a digital signature, a digitised image of a paper signature or any other unique form of individual identification that can be used as a means of authenticating a record, record entry, or document. Users of electronic signatures should be aware that not all identifying information found in an electronic system may not constitute an electronic signature. Other guarantees equal to those of a handwritten signature should be provided. Although a signature may take many forms, the Authority emphasizes that not all electronic entries may satisfy the criteria to qualify the entry as an acceptable signature. 8.3 Attributes of an acceptable electronic signature An organisation intending to implement electronic signatures as part of a computer system must ensure that the electronic signature meets, at a minimum, the attributes below : (1) Uniqueness. An electronic signature should retain those qualities of a handwritten signature that guarantee its uniqueness. A signature should identify a specific individual and be difficult to duplicate. A unique signature provides evidence that an individual agrees with a statement. An electronic system cannot provide a unique identification with reasonable certainty unless the identification is difficult for an unauthorised individual to duplicate. An acceptable method of proving the uniqueness of a signature is by using an identification and authentication procedure that validates the identity of the signatory. For example, an individual using an electronic signature should be required to identify himself or herself, and the system that produces the electronic signature should then authenticate that identification. Acceptable means of identification and authentication include the use of separate and unrelated identification and authentication codes. These codes could be encoded onto badges, cards, cryptographic keys, or other objects. Systems using PINs or passwords also are an acceptable method of ensuring uniqueness. Additionally, a system could use physical characteristics, such as a fingerprint, handprint, or voice pattern, as a method of identification and authorisation. (2) Significance. An individual using an electronic signature should take deliberate and recognisable action to affix his or her signature. Acceptable, deliberate actions for creating a digital electronic signature include, but are not limited to, badge swipes, signing an electronic document with a stylus, typing specific keystrokes, or using a digital signature. (3) Scope. The scope of information being affirmed with an electronic signature should be clear to the signatory and to subsequent readers of the record, record entry, or document. AC 1-2(0) July 2003

3 Handwritten documents place the signature close to the information to identify those items attested to by a signature. However, electronic documents may not position a signature in the same way. It is therefore important to clearly identify the specific sections of a record or document that are affirmed by a signature from those sections that are not. Acceptable methods of marking the affected areas include, but are not limited to, highlighting, contrast inversion, or the use of borders or flashing characters. Additionally, the system should notify the signatory that the signature has been affixed. (4) Signature Security. The security of an individual s handwritten signature is maintained by ensuring that it is difficult for another individual to duplicate or alter it. An electronic signature should maintain an equivalent level of security. An electronic system that produces signatures should restrict other individuals from affixing another individual s signature to a record, record entry, or document. Such a system enhances safety by preventing an unauthorised individual from certifying required documents, such as a certificate of release to service. (5) Non-repudiation. An electronic signature should prevent a signatory from denying that he or she affixed a signature to a specific record, record entry, or document. The more difficult it is to duplicate a signature, the likelier the signature was created by the signatory. The system s security features that make it difficult for others to duplicate signatures or alter signed documents usually ensure that a signature was indeed made by the signatory. (6) Traceability. An electronic signature should provide positive traceability to the individual who signed a record, record entry, or any other document. 8.4 Minimum electronic signature system requirements A system implementing electronic signatures must have the following features: (a) Signature authenticity/verification: Through control and archives, the system must be capable of determining if the signature is genuine and if the individual is authorised to participate. This capability should be an integral part of the system. (b) Archiving electronically signed documents: A means of safely archiving electronically signed documents should be part of any electronic signature computer software. (c) The system must contain restrictions and procedures to prohibit the use of an individual s electronic signature when the individual leaves or terminates employment. This should be done immediately upon notification of the change in employment status. (d) Procedures must be established allowing the organisation to correct documents that were electronically signed in error. The signature should be invalidated anytime a superseding entry is made on the same document. (The entry should be voided but remain in place. Reference to a new entry should be made and electronically signed and dated). 8.5 Compliance with Other Regulatory Requirements In designing its system, the organisation must ensure that all applicable Singapore laws and regulations are met, including in particular all aviation regulations and the Electronic Transactions Act. AC 1-2(0) July 2003

4 8.6 Acceptance prior to the use of a System using Electronic Signatures Organisations intending to use electronic signatures should consult the Authority before implementing such a system. A written description of how electronic signatures will be used should be submitted along with the proposed amendments to the relevant manuals (such as the SAR-145 maintenance organisation exposition or the AOC Operations Manual) containing policies associated with the use of electronic signatures. The organisation should describe the system in sufficient detail to demonstrate that all the points in paragraph 8.3, 8.4 and 8.5 above are met. 9. ELECTRONIC RECORDKEEPING. 9.1 Acceptable Electronic Recordkeeping System When constructing an electronic recordkeeping system to meet the operational and maintenance requirements in this AC, the following information elements must be considered and addressed in the regulatory required manual or in the directions for the system. This information must be made available to each individual responsible for using the system. An electronic record may be a record generated electronically by an electronic transaction, or an electronic image of a paper record. Security (a) The electronic system must protect information confidentiality. (b) The system must ensure that the information is not altered in an unauthorised way. (c) A corresponding policy and management structure must support the computer hardware and software that delivers the information. Procedures. Before introducing an electronic recordkeeping system, procedures must be established, including : (a) Procedures for making the required records available to officers of the Authority and the Singapore Air Accident Investigation Bureau. This procedure and computer system must be capable of making paper copies of the viewed information at the request of the Authority and the Singapore Air Accident Investigation Bureau. (b) Procedures for reviewing the computerized personal identification codes system to ensure that the system will not permit password duplication. (c) Procedures for auditing the computer system every 60 days to ensure the integrity of the system. A record of the audit should be completed and retained on file as part of the operator s record retention requirements. This audit may be a computer program that automatically audits itself. (d) Audit procedures to ensure the integrity of each computerized workstation. (e) Procedures describing how the operator will ensure that the computerized records are transmitted in accordance with the appropriate regulatory requirements to customers or to another operator in a format acceptable to them. (f) Procedures to ensure that records required to be transferred with an aircraft are in a format (either electronic or on paper) that is acceptable to the new owner/operator. (g) Guidelines for authorised representatives of the owner/operator to use electronic signatures and to have access to the appropriate records. AC 1-2(0) July 2003

5 (h) A description of the training procedure and requirements necessary to authorise access to the computer hardware and software system. 9.2 Compliance with Other Regulatory Requirements In designing its system, the organisation must ensure that all applicable Singapore laws and regulations are met, including in particular all aviation regulations and the Electronic Transactions Act. 9.3 Acceptance prior to the use of a System using Electronic Recordkeeping Organisations intending to use an electronic recordkeeping system should consult the Authority before implementing such a system. A written description of how electronic recordkeeping will be used should be submitted along with the proposed amendments to the relevant manuals (such as the SAR-145 maintenance organisation exposition or the AOC Operations Manual) containing policies associated with the use of electronic recordkeeping. AC 1-2(0) July 2003