Articles
Name | Author |
---|
Effective and efficient – obtaining regulator acceptance for electronic signature
Author: Mark Schulz, Senior Vice President Worldwide Sales, EmpowerMX
Subscribe
Effective and efficient
Mark Schulz, Senior Vice President Worldwide Sales, EmpowerMX on how to obtaining regulator acceptance for electronic signature
I know that regulatory approval can sometimes seem a little dry as subjects go but I have, for forty years, been passionate about the implementation of digital technology, and we’re at a place today where more paperless operations are possible than ever before in our industry. The question is, ‘what is preventing us from being successful?’ One thing preventing that success is the difficulty in moving forward and one item key to that is the ability to obtain regulatory approval. So this article is going to address that topic; how to obtain regulatory approval on the projects that readers might wish to implement.
A PROFOUND PERSPECTIVE
Let me set the scene: I was recently visiting a new customer in Latin America, COOPESA. Walter Ching, Director of Operations, and he said something that I considered profound. He said, “The reason that we implemented paperless operations was because we are effective but we are not efficient.” That’s really very true for many operations. People find ways to be successful in their operation, to be effective, to get the job done but they don’t end up being efficient in those processes. Bearing that in mind, I decided to focus this article around that concept.
Effective and efficient
Let’s start by envisioning an environment in which, whatever our rank or standing in the business, each of us has a role to play in the successful implementation of paperless operations. Let’s start from a situation where you have an effective environment. Aircraft are being delivered on time, when they are scheduled to go out. Quality escapes and defects are minimized and safety isn’t simply the number one priority but it is proven by the results of the operation; and employee satisfaction is at an all-time high. Those are situations where we begin to consider ourselves to be effective; when things are going well. Now let’s envisage a situation where there is an efficient environment. In this situation, maintenance event man hours are down, time to accomplish work is down and cycle times are reduced, perhaps getting aircraft out ahead of schedule. Revenues are up and costs are down so margins are significantly improved. The vision I often have when walking into an efficient operation is that the flow of work is like a school of fish swimming perfectly in an ocean in one direction and in synchronization. That’s the type of operation in which I wish to be: one that’s effective and that’s also efficient.
Now, consider yourself in that environment and think what you have to do as a person wanting to implement a paperless environment and accomplish being both effective and efficient? My question is: what is stopping you? What is keeping you from achieving this kind of environment? Is it a lack of belief that it is possible or simply that it’s just not attainable? Is there a lack of technology in your operation or a lack of management support for the initiative? Or is it the belief that the regulators will not approve it?
Having been involved with the implementation of paperless operations in airlines, MROs and lots of different operations for almost forty years, there are key things I have seen that have prevented successful implementation for many years. One of the perennial obstacles to success has been the lack of ability to convince regulators that what is being done is an acceptable practice. I challenge that thinking and say that you, the reader, the person working in the business can be the hero of the story. Paperless operations are possible today and you can be taking the lead in your organization to make this happen. In this article I want to share the things that I’ve learned from the people that I’ve worked with in implementations and that have helped them to become the heroes of their environments; helped them to create an effective and an efficient operation.
THE TIME TO DO THIS
When is the time to do this? Is the time now? Let’s look back: I was flying airplanes in the late 1970s and, in the 1980s, I joined airlines and manufacturers and was party to the development of ATA standards, IATA standards, OEM standards and SGML (Standard Generalized Markup Language); those early efforts where we were defining data standards that would become the foundation for what was going to become the success of paperless operations today. Moving on into the 1990s, I was involved in the development of software tools for electronic maintenance manuals with other things at the time around electronic task cards, materials, maintenance planning documents (MPDs), minimum equipment lists (MELs), trouble shooting manuals… many different things and, again, core elements for the success of paperless operations. In the 2000s we began to see developing infrastructure with the Internet coming into play, computers, mobile devices becoming available and, as technology continued to improve, tablets became available… clunky and inefficient maybe; but mobile devices were developing. Moving into the 2010s, we began to get developing acceptance. Electronic records and signatures are no longer an anomaly in the aviation industry but are now the preferred method of compliance by most regulators. FAA, EASA and regulators worldwide offer guidance for the use of electronic signatures, electronic recordkeeping and electronic manuals.
So, is now the perfect timing? I believe that the critical factors have aligned to provide the most optimum environment possible for the creation of necessary efficiencies resulting from paperless operations in technical operations. So the real question is: if the time is not now, when is it? If you’ve been holding back from implementing a paperless operation because of some of these factors that might have seemed difficult to overcome, the question you might ask yourself now is, if all these things have not come together now, when will be the right time?
REGULATOR GUIDANCE HISTORY
Let’s now look at the history of regulator guidance on this subject, things that have happened over time and have affected our ability within the aviation industry to be successful in the deployment of paperless operations.
Going back to the 2000s, on June 30 2000, the President of the USA signed into law the Electronic Records and Signatures in Commerce Act (or Electronic Signatures Act). He actually signed it both on paper and electronically and it gave the ability for an electronic signature to be an electronically binding contract just as though it had been signed on paper; setting the beginning for giving electronic contracts the same weight as those executed on paper. But this was nearly twenty years ago, so why are we still where we are today on this subject? We should be further on.
In 2002 on October 29, the FAA released an advisory circular, AC 120-78 on Acceptance and Use of Electronic Signatures, Electronic Recordkeeping Systems, and Electronic Manuals. This AC gave guidance on the acceptance and use of electronic signatures to satisfy certain operational and maintenance requirements. I have to emphasize that it’s a method of acceptable use, not the only method but one method. More recently, in 2016, the FAA released a revision to that AC, AC120-78A, which provided additional guidance on the use of electronic signatures, electronic recordkeeping, and electronic manuals. This advisory circular (AC), as with any AC, is not mandatory and does not constitute a regulation; rather, it provides standards and guidance for electronic signatures, electronic recordkeeping, and electronic manual systems. Electronic recordkeeping systems/programs are used to generate many types of records This AC describes an acceptable means, but not the only means, for a certificate holder to be in compliance and utilize an electronic signature, electronic recordkeeping, and electronic manual systems. So, this information has been out there from some of the core regulators for sixteen or seventeen years at the time of writing.
BASELINE REGULATOR REQUIREMENTS
In a similar manner to the FAA guidelines, EASA guidelines offer some specific, unique characteristics that must be addressed in the application for or in the obtaining of agreement from the regulator of electronic signature. Many of the customers with whom I deal will use this guidance as a map or checklist to be able to secure agreement from them. They literally go down the guidelines and ask ‘what am I doing to prove uniqueness, to prove significance and scope? Let’s consider these.
- Uniqueness: an electronic signature needs to be able to provide uniqueness and identify a specific individual and be difficult to duplicate: the signature needs to confirm ‘this is the person who provided the signature’. In gaining regulatory approval, you need to demonstrate that the methods you are employing are meeting those criteria, i.e. providing the ability to be unique and say ‘this is the person who signed off this particular paperless document’.
- Significance: this is important inasmuch as, the individual using the electronic signature should be taking a deliberate action to affix their signature. It cannot just be an automatic sign-off; it has to be something where the person creating the signature has to take action and has to know that they’re taking action to affix their electronic signature to that record that they’re signing off. It will be necessary to demonstrate that the processes, the software and the approach that the business is taking allows the ability to be able to track that it’s a deliberate action.
- Scope: this is also important that the scope of the information being affirmed with the electronic signature needs to be clear to the people who look at it following the signing. Scope means, what is the scope of the signature? Is it signing off a particular task, an entire task card… what is being signed off: the scope.
- Digital security: the security of an individual’s hand-written signature is maintained by ensuring that it’s difficult for another individual to duplicate it. Of course, somebody could write your signature and forge it but that’s not easy and it’s even harder to forge a digital signature. The system has to be able to demonstrate that it’s not possible or that it’s very, very difficult to be able to forge and electronic signature.
- Non-repudiation: this is essential; it must not be possible for someone to say ‘I didn’t sign that off’. It must be possible to prove that, if someone signed something off, that it actually was them that signed it off. It will be necessary to identify what actions have been taken to ensure that it’s non-repudiatable.
- Traceability: an electronic signature should provide positive traceability to the individual who signed a record, record entry, or any other document. This could be a history or a log that occurs within a system or a process.
A lot of software provides these kinds of capabilities and, by now, readers might be wondering how to come up with all these ideas or what about the business processes and we’ll look at that below. But this is a combination of technology and process that has to be put together into a plan which is presented to the regulator to offer them the comfort level that the system provides security with a digital signature that’s equal to or better than a hand written signature.
THE PERFECT TIMING
Why am I writing about all these things? This is not a new subject; it’s been over twenty years that this information has been available. What I contend and readers should consider is that everyone worldwide knows that paperless operations (paperless environments and electronic signatures) are progressing. Probably five years ago, there were more regulators who were apprehensive of or reluctant to agree to electronic signatures because they were uncomfortable whether the processes and technology were there to be able to demonstrate and provide security around a digital signature. I have been with MROs and regulators all around the world for the last five years and can confirm that there are many more regulators who are looking for digital signature than those who are resisting it. There are still places where people are saying that it isn’t possible or that they can’t control this but it’s really only a very small number. Having been involved in operational approval for flight deck equipment, regulatory approval for maintenance manuals and being involved in regulatory approval at the moment, I write not as an expert in the industry but as someone who has worked with enough people that I’ve seen that it is possible to successfully implement this.
EmpowerMX has 30,000 users today and, whether they’re using an electronic task card or a non-routine, every one of those has to have agreement from the regulators that they’re using an electronic signature because part of our system is that every user is using an electronic signature. The largest airlines in the world are using electronic signatures today and readers should not be afraid to proceed with the same actions.
THE APPROACH
How can people get more comfortable with the approach now? At the highest level, the regulators are primarily concerned about developing a value proposition and a company approach. So, what is the value to a company to be able to have paperless operations and what is the approach they are going to take at a high level? Consider the factors that the regulator is going to look at such as safety, quality and compliance. Then consider what the key performance indicators (KPIs) are that will need to be put into place to demonstrate to that regulator that the company has done those things; i.e. created an environment that’s going to be safe, deliver quality and provide compliance according to those things that we identified above.
A PROCESS FOR MOVING FORWARD
Let’s look at the process (figure 1) step by step using key elements developed with customers that I’ve worked with on building successfully achieved approval by their regulator.
Figure 1
- Regulators need to understand the requirements of the project so it’s important that those implementing the project understand what they are trying to capture; how big is the scope… what is it that the company is trying to do?
- Develop a high level plan: it doesn’t need to figure out every little detail in fact, where there are multiple systems in a large MRO environment, it won’t be possible to address every one of those: but it is necessary to look at the paperless operation and know what the scope is and what the high level plan is. Consider it as the corners of a canvas when getting ready to paint a picture, first identifying the corners of the canvas – that’s the high level plan that needs to initially be taken to the regulator.
- It’s very important to bring in the affected regulators early and often and let them know the general intentions. There doesn’t have to be an entire plan figured out when that first approach is made to the regulators; it’s the involvement that counts. I’ve found a successful approach is to go to the regulator and say…
- ‘We just want to let you know that paperless operations are happening all around the world and we’re going to head in that direction and want to let you know that we’re considering a program or project that will address electronic signature: we’ll keep you involved to make sure you’re comfortable that the things we’re doing meet your requirements and we’re giving you an early advanced notice’
- That has been a critical part of people’s success, bringing in the regulator early in the process.
- Identify those elements that will need to be accepted and approved by the regulators. We’ve identified a few above (Baseline Regulator Requirements), including six that will be of key importance. Some of my customers have taken those six items and built their plan around them asking, ‘how are we meeting the objectives of each of those requirements in that regulation’.
- Develop a detailed approach for implementation of the program and electronic signature meeting all of the regulator’s requirements. This is where it’s time to develop the detailed approach but readers might say that they’ve not done that before so where would they get the details, they don’t have the expertise or know what to do. The answer is to find someone who does know what to do and has been successful at accomplishing these things, and use their experience with the regulators to be able to create a detailed plan that will also be successful.
- Secure agreement from the operator / customer. Some readers will be from airlines, some will be from MROs, some from consulting organizations, many different types of operations. There are a few key things, in my experience, that have caused significant risks and delays in a program.
- o The availability of data has been one that’s been a risk in a program from the beginning.
- o Changing requirements from the operator or from the customer.
- o A regulator that didn’t know what the company was doing and, at the last minute, decided they wanted to make changes. In a recent large implementation at an MRO in the USA, two days before the program was going to go live, the regulator decided it was time to look at the program in detail then came back with ‘I don’t like the way that this statement reads, it doesn’t define the scope of the program.’ So, two days before the first aircraft was due to be moved over to the new system, we had to go away and re-code the application to make changes based on the regulator’s requirements. That delayed the program by one aircraft because, while we got it done within two days, the regulator couldn’t approve it within two days.
- So it’s very important to secure agreement with the operator and the customer.
- Develop changes to the required operations manuals required by the operator and the MRO. There will be changes to manuals and exactly what they will be can vary quite widely. But it’s very important to look at the details of the manuals and the expectations of the regulators. Some regulators are very broad in nature and will say that, if it’s not stated, it’s OK to do it. Others will say that, if it’s not stated, it’s not OK to do it. There is no general rule I can offer because each regulator is different. It’s important to bring these things to them, bring up the subject of manuals and documentation. I always recommend don’t ask the regulators what to do but tell them what you’re going to do to meet compliance and see what their response is. Say, ‘We see this as what our current manuals say; this is what our plan is; do you agree with that?’ The response will generally be more favorable than if the company had asked, ‘What should we do?’ to which the response will be to tell the questioner ‘do everything’.
- Demonstrate that the new processes meet the intent of the regulations. So, now that the plan is laid out with its details, and the manuals have been updated, now is the time to use the KPIs to be able to say, ‘this is what we’ve done in order to be able to meet your regulations.’
- Secure agreement from the regulator at every stage because if that agreement is not secured, it creates risks.
- Validate that the process has integrity and will maintain integrity over time. That includes data integrity, a very important part of the process because poor data integrity has created failure for many programs in my experience. Maybe the data is not presented in the best way or maybe some of the structured data isn’t structure properly and loses data when it’s being presented but data, its structure and the integrity of the data is very important and the only way to verify that is to check it over and over, and over again.
Build upon the baseline requirements
We’ve already looked at what the EASA regulations say and how they identify:
- Uniqueness;
- Significance;
- Scope;
- Signature security;
- Non-repudiation;
- Traceability.
There are other factors that are affected in this process: however, those are six key pieces. I’ve seen many businesses be successful in building their case for approval around those six factors.
Collaboration
This is a really important part in the success of a project. For executives, leadership in any organization is extremely important. I’ve seen leaders in organizations who have said something along the lines of, ‘We’re going to try this paperless operation; let’s just see how it works.’ Or, perhaps, ‘The new way of doing business is paperless operations; we need to make this successful.’ That first approach is sometimes difficult and the second approach, the more authoritative approach, the stronger approach, has been much more successful in operations than has any other way. So, if you’re in a leadership role in your organization, I’d encourage you to make sure that when you make a decision to move forward, that there’s a strong commitment to the success of such an operation.
There also needs to be a focused project team. I’ve seen efforts in this regard fail because there wasn’t a focused project team: they had too many activities to do, they weren’t able to focus on the successful implementation of a paperless operation and when they were diluted and spread across too many functions, they were not able to be successful. The project needs to be focused on this program of change.
Engage early and often with your experts:
- Internal business subject matter experts.
- Internal training department.
- Civil Aviation Authority.
- Technology providers who will have implemented solutions at many different airlines and MROs, so you can use their knowledge and expertise.
- OEMs and other suppliers.
- Form relationships with like-minded airlines and learn from each other (benchmarking): it’s a common practice for us, as a technology provider, to take a prospective customer to meet one of our existing customers and connect them; let them work together and to see how people have achieved success, and to leverage that. Those relationships that we’ve helped create have lasted for many years and they’ve been able to learn from that, to be mentored by the success of another organization to help them be successful.
- Test, test, and test again prior to going live to make sure that everything works and that you’re successful.
Key risk factors
We’ve already looked at risk factors but, just to reprise, they are data issues, operator / customer acceptance and regulatory requirements.
IN SUMMARY
The world is moving forward with the acceptance of Paperless Operations. The ability to have Electronic Signature is a fundamental element of the solution. How can you have a paperless operation if you don’t have electronic signature approval; it’s a critical element for success; maybe not the most riveting subject but, nonetheless critical and important.
Many readers will have been waiting their whole career for this time so you should make this the moment that you move forward. All factors have come together to make this the best time in history to seize the moment and leverage paperless operations, including electronic signature. Standards are in place, data is ready, software is ready and the infrastructure is ready. The industry needs to move forward and, now, regulators are ready. You can make this your moment in time. If you’ve been waiting for many years to decide when is the right time: there is no better time than today for a paperless operation. You, reader, and your company can be the hero of this story and help your organization to be successful through the implementation of such technology.
Contributor’s Details
Mark S. Schulz
Prior to joining EmpowerMX, Mark worked in the Professional Services consulting division of Boeing. Core support was for entry into service of the 787, eEnabling software solutions, consultative projects including operational approval of electronic and mobile solutions. Prior to this Mark worked with over 100 Aviation Aerospace companies in the implementation of solutions supporting primarily aircraft maintenance. Mark holds an MBA, a BS in Mechanical Engineering, a Commercial Instrument Multi Engine Land Pilot License as well as an FAA A&P Mechanic certificate.
EmpowerMX
EmpowerMX provides intelligent maintenance solutions for today’s aircraft. Headquartered in Frisco, Texas, with offices in Europe and the Far East, EmpowerMX is uniquely focused on the aircraft maintenance industry and is managed by aviation maintenance experts. Since its inception, EmpowerMX has focused on the aviation sector with most of the major US airlines now using the FleetCycle® solution. Beyond the US major airline carriers, Norwegian, GOL, Embraer, TechOps Mexico, AAR, COOPESA, JORAMCO and others are users of the system.
Comments (0)
There are currently no comments about this article.
To post a comment, please login or subscribe.