Standards from FSIMS 8900.1 Chapter 31
B. Electronic Recordkeeping Systems.
Each certificate holder with an electronic recordkeeping system must have policies, procedures, and methods in place that support the use of the system and ensure the integrity of the records maintained on the system. Electronic recordkeeping system procedures must be incorporated into the certificate holder’s manual system, along with a description of the system itself. For those certificate holders who are not required to have manuals (e.g., part 135 single pilot and part 141), a standalone electronic recordkeeping system procedures document is an acceptable alternative, provided it is an official document maintained by the certificate holder. Policies, procedures, and system descriptions must address all of the elements outlined in paragraph 3-3010, including all of the subparagraphs contained therein.
1) System Description.
The certificate holder’s manual (or document for operations that do not require a manual) must contain a detailed description of each electronic recordkeeping system utilized by the certificate holder to maintain and store records required by 14 CFR. A certificate holder may utilize more than one system to maintain various kinds of records. In addition to addressing all of the elements contained in paragraph 3-3010, including all of the subparagraphs contained therein, the system description should include the following:
a) System facilities, hardware, and software.
b) Identification of the records maintained and stored on the system. If there is more than one system, a description of each recordkeeping system is required along with the records maintained and stored on each system.
c) Identification of which electronic records for which the certificate holder will use an authorized electronic signature process.
An electronic recordkeeping system must ensure that each record is preserved and cannot be altered. Access to the system must be controlled and password protected. The system must also have the ability to protect confidential information.
3) Authenticity and Prevention of Unauthorized Access or Data Corruption.
An electronic recordkeeping system must have a method of ensuring the integrity of each record through appropriate levels of security such as recognition of an electronic signature or other means, which uniquely identify the initiating person as the author of that record. The system must provide for secure access and contain safeguards against unauthorized access. Procedures should include unauthorized event recognition, which includes actions to be taken by the certificate holder upon discovery of an attempt by an unauthorized individual to access and/or make entries into the electronic recordkeeping system.
4) QC and Auditing.
An electronic recordkeeping system should have a means to ensure the quality, accuracy, and integrity of the records maintained on the system, as well as any backup to the system. There should be auditing procedures for computer systems and workstations that are part of, or have access to, the electronic recordkeeping system. QC policies and procedures must include at least the following:
a) Verification of Record Accuracy. Policies and procedures must include the verification of the accuracy and integrity of records maintained on the recordkeeping system through auditing at regular intervals (e.g., biannually, annually, or in accordance with a certificate holder’s training cycle).
b) Verification of Backup Integrity. Policies and procedures should include verification of the accuracy and integrity of records maintained on the backup system.
c) Verification of Changes Requiring Electronic Signature. Policies and procedures must include verification that any changes made to record data contain a new electronic signature, for those records that contain signatures.
d) Persons Responsible for Verification. Policies and procedures must name the person responsible for the QC process and for verification of records.
5) Maintenance Support and Backup Measures.
The system should include procedures for maintenance and support that include provisions for electronic system (computer hardware, software, application network, etc.) outages and protect against the loss of record data. The system should also include backup measures to maintain and provide access to records in the event of a system failure. The method of backup may be a separate electronic system, a backup server, or backup drive. Backup can also include media, such as print or CD-ROM, external drive, or other media acceptable to the FAA.
6) Procedures for Making Required Records Available to FAA and National Transportation Safety Board (NTSB) Personnel.
A certificate holder must provide its records in a format and manner that is acceptable to the requesting agency. FAA personnel assigned to a certificate holder with an electronic recordkeeping system may request a certificate holder to provide direct access to the electronic system for the purpose of inspecting regulatory records. Providing this direct access to the FAA is voluntary. The FAA will not request direct electronic access to records beyond those that are required by regulation and authorized in A025. It is important to distinguish a certificate holder’s voluntary provision of direct access to its electronic recordkeeping system to the FAA from the certificate holder’s responsibility to make regulatory records available to the FAA in accordance with 14 CFR part 119, § 119.59(c). In accordance with this regulation, each employee of, or person used by, the certificate holder who is responsible for maintaining the certificate holder’s regulatory records (those required under Title 49 of the United States Code (49 U.S.C.) applicable to the operation of the certificate holder) must make those records available to the Administrator.
7) Training and User Instructions.
A certificate holder with an electronic recordkeeping system must provide training and user instructions to persons responsible for entering, maintaining, and retrieving data from the system. Training should include security awareness and system integrity, as well as procedures that are necessary to authorize access to the electronic recordkeeping system. User instructions should include those for FAA personnel who are provided direct access to the system. Acceptable methods of providing training include, but are not limited to: classroom instruction, online or system tutorials, user guides, and simulated problem solving exercises.
8) Persons with Authorized Access.
System procedures should address specific access requirements for personnel authorized to make entries into the system. The certificate holder must provide each person with a unique individual access code and password to validate any entry made by the individual.
9) Instructor and Evaluator Access and Certifications.
Policies and procedures should address access by designated personnel, such as instructors, check pilots, check Flight Engineers (FE), aircraft dispatcher supervisors, and flight attendant (F/A) supervisors, to electronically enter record information and certify all record entries for which they are responsible. Electronic instructor certifications must meet all of the requirements of a valid electronic signature. The certificate holder may devise a system that requires the validating official to either enter a real-time record into the system or complete a written transmittal document in Portable Document Format (PDF) to be uploaded into the system by the appropriate personnel. If a PDF is used, the document must contain a valid electronic signature of the individual certifying the record. For authentication purposes, the electronic signature must be a permanent part of the electronic record.
10) Responsible Personnel.
Policies and procedures should identify the personnel who have the overall responsibility for the integrity and security of the electronic recordkeeping system(s) and who are responsible for controlling access to the system. Policies and procedures should also identify the persons with the authority and responsibility for modifying the electronic record system, as well as those who are responsible for entering data into the system.
11) Transferring Data to Another System.
Technological advances may make it desirable or necessary for a certificate holder to update its electronic recordkeeping system or transfer data to a new system. The certificate holder must have policies and procedures that ensure the continued integrity of record data when a certificate holder moves records from one system to another. This could entail running redundant systems for a brief period of time.
12) Continuity of Data between Legacy and Electronic Systems.
Any certificate holder should have a method to ensure continuity of data during transition from a legacy system (hardcopy) to an electronic system.
13) Continuity of Data for Outsource Maintenance Providers.
Procedures should ensure continuity of record data utilized and maintained by outsource maintenance providers.
14) Maintenance Record Transfer.
Procedures should ensure that electronic maintenance records transferred with an aircraft meet the regulatory requirements for record transfer (refer to part 43, § 43.10, and §§ 91.419, 121.380a, and 135.441).
15) Electronic Authentication, Signature, Validation, or Endorsement.
Most regulatory records require some kind of validation, such as a signature, certification, endorsement, or authentication. This validation must be a permanent part of any electronic record. To be considered valid, any electronic form of validation, authentication, endorsement, etc., must meet the FAA’s standards for electronic signatures, and the certificate holder must have the authority to use electronic signatures in its OpSpec A025. See paragraph 3-3006 for FAA standards for electronic signatures.
C. Changes to the System Require FAA Approval or Acceptance Prior to Implementation.
A certificate holder’s policies and procedures should include details of when revisions to the electronic recordkeeping system will be submitted for approval or acceptance (depending on the regulatory requirement) prior to implementation. This includes new versions of system software. Software version numbers will be included in the OpSpec A025 authorization for parts 91K, 121, 125, and 135. For all operations to which this section applies, changes to the electronic recordkeeping system must be included in the manual or official document containing the electronic recordkeeping system description.