Data Integrity Requirements
Total Page:16
File Type:pdf, Size:1020Kb
AIS-AIMSG/3-SN No. 13 29/10/10
AERONAUTICAL INFORMATION SERVICES-AERONAUTICAL INFORMATION MANAGEMENT STUDY GROUP (AIS-AIMSG)
THIRD MEETING
Montréal, 9 to 12 November 2010
DRAFT
Agenda Item 9: AIM quality system 9.1 Data integrity requirements
DATA INTEGRITY REQUIREMENTS
(Presented by the Rapportuer of the Ad-hoc Group on Including AIM in Annex 15)
SUMMARY The group is invited to review and comment on this paper and present ideas concerning the SARPS and guidance materials required to provide for the means of compliance with the aeronautical data integrity levels specified in Annex 15.
1. INTRODUCTION
1.1 The Roadmap for the Transition from AIS to AIM provides major steps for the transition to AIM. Step P-02 - Data integrity monitoring states:
“Data integrity requirements introduced by safety objectives must be measurable and adequate.”
1.2 The AIS-AIMSG/2 meeting noted the need to clarify the means for measuring the integrity requirements stated in the SARPs and the need for guidance material. The group agreed on the following actions:
Action agreed 2/2 — Review of the data integrity requirements in Annex 15 AIS-AIMSG/3-SN No. 13 -2-
That the ad-hoc group consisting of Greg (Rapporteur), Amy, Augustin, Charity, Paul, Stéphane, Stefan, Tony and Valerie be tasked with reviewing the data integrity requirements in Annex 15 with a view to clarifying them or developing additional requirements as necessary and submit proposals to the AIS-AIMSG/3 meeting for possible inclusion in Amendment 37 to Annex 15.
Action agreed 2/20 — Inclusion of means for measuring integrity in the AIS quality manual
That the ad-hoc group consisting of Susumu (Rapporteur), Amy, Augustin, Charity, Paul (replacing Manfred), Tony and Valerie develop guidance material on the means for measuring integrity for examination by the group at AIS-AIMSG/3 and subsequent inclusion in the AIS quality manual.
2. BACKGROUND
2.1 Annex 15 provides the following definition:
“Integrity (aeronautical data). A degree of assurance that an aeronautical data and its value has not been lost or altered since the data origination or authorized amendment.”
2.2 Annex 15, as amended through Amendment 36, provides SARPS on the integrity of aeronautical data as follows:
“3.2.10 The integrity of aeronautical data shall be maintained throughout the data process from survey/origin to distribution to the next intended user (the entity that receives the aeronautical information from the aeronautical information service provider). Aeronautical data integrity requirements shall be based upon the potential risk resulting from the corruption of data and upon the use to which the data item is put. Consequently, the following classifications and data integrity levels shall apply:
a) critical data, integrity level 1 × 10-8: there is a high probability when using corrupted critical data that the continued safe flight and landing of an aircraft would be severely at risk with the potential for catastrophe;
b) essential data, integrity level 1 × 10-5: there is a low probability when using corrupted essential data that the continued safe flight and landing of an aircraft would be severely at risk with the potential for catastrophe; and
c) routine data, integrity level 1 × 10-3: there is a very low probability when using corrupted routine data that the continued safe flight and landing of an aircraft would be severely at risk with the potential for catastrophe.
Note 1.— Distribution to the next intended user will differ in the delivery method applied which may either be:
Physical distribution. The means by which aeronautical information/data distribution is achieved through the delivery of a physical package, such as postal services. -3- AIS-AIMSG/3-SN No. 13
Or
Direct electronic distribution. The means by which aeronautical information/data distribution is achieved automatically through the use of a direct electronic connection between the AIS and the next intended user.
Note 2.— Different delivery methods and data media may require different procedures to ensure the required data quality.
3.2.11 Aeronautical data quality requirements related to classification and data integrity shall be as provided in Tables A7-1 to A7-5 of Appendix 7.
Note. — Guidance material on the aeronautical data quality requirements (accuracy, resolution, integrity, protection and traceability) is contained in the World Geodetic System — 1984 (WGS-84) Manual (Doc 9674). Supporting material in respect of the provisions of Appendices 1 and 7 related to publication resolution and integrity of aeronautical data is contained in RTCA Document DO-201A and European Organization for Civil Aviation Equipment (EUROCAE) Document ED-77 — Industry Requirements for Aeronautical Information.”
2.3 Appendix 7 of Annex 15 specifies the aeronautical data quality requirements for the publication resolution of aeronautical data elements and the integrity classification of each element. However, there are no SARPS for the means of compliance to meet the required data integrity levels such as the critical integrity level of 10-8.
2.4 The following excerpt from RTCA DO 200A/EUROCAE ED-76 Standards for Processing Aeronautical Data provides the industry requirement for data process assurance levels.
This standard defines the requirements for the data process. The required assurance level for the data process must be identified, based on the overall system architecture through allocation of risk. Since integrity of a process usually cannot be numerically quantified, the integrity requirement may be defined by a quality assurance level. The following assurance levels are defined to support the definition of the integrity requirement for the data process. These assurance levels are defined to be compatible with other safety analyses conducted for aircraft applications.
Table B-1 Assurance Levels
Data Process Related Requirement on Assurance Level State-Provided Data (ICAO
1 Critical
2 Essential AIS-AIMSG/3-SN No. 13 -4-
3 Routine
3. DISCUSSION
3.1 The means of compliance with aeronautical data integrity requirements must be developed, demonstrated as meeting the requirements and included in SARPs and guidance materials.
3.2 Attention is drawn to the RTCA DO 200A/EUROCAE ED-76 statement in paragraph 2.4 above that “Since the integrity of a process usually cannot be numerically quantified, the integrity requirement may be defined by a quality assurance level.” Therefore the demonstration of compliance with the requirements specified should be by the quality assurance processes that the aeronautical data and information are subjected to. In the case of digital error detection during the transfer or storage of data RTCA DO 200A/EUROCAE ED-76 states that “The most common form of error detection for navigation data is the application of a CRC (cyclic redundancy check).”
3.3 Processes that are correctly defined and applied to each step of the aeronautical data chain from origin to end use may be used to provide the necessary assurance that the aeronautical data and information meets the required level of integrity. RTCA DO 200A/EUROCAE ED-76 and RTCA DO-201A/EUROCAE ED-77 have been submitted to the aviation community as a collection of disciplines necessary to provide assurance that the production of aeronautical databases meets the high integrity required for safe flight. These documents indicate that more stringent processes or added steps may be applied as needed for the processing of critical and essential data versus routine data. Finally the AIS-AIM transition to fully automated systems supported by a common digital data exchange model will further benefit the integrity of aeronautical data.
3.4 Annex 15 SARPS and guidance materials need further development to provide for well defined information management processes in the entire aeronautical data chain to assure aeronautical data integrity. The draft Manual on the Quality Management System for Aeronautical Information Services provides guidance on data quality processes that support data integrity although the means for assuring and measuring (where possible) data integrity require further development. The following notes the Annex 15 SARPS that currently support aeronautical data integrity, new SARPS in draft Amendments 37 and 38, and additional SARPS that may be considered to provide additional tools for the means of compliance:
3.4.1 Annex 15, section 3.2 Quality management system, provides for:
a) personnel skills and competencies;
b) policies, processes and procedures to trace aeronautical data for error detection;
c) checks and coordination by the services responsible for submission of material to the AIS, including validation and verification procedures; and
d) the requirement that integrity of aeronautical data shall be maintained throughout the data process from survey/origin to distribution to the next intended user. -5- AIS-AIMSG/3-SN No. 13
3.4.2 New SARPS in draft Amendments 37 and 38 require additional development; however they provide for the following processes that will enhance data integrity:
a) data handling;
b) evidence of data quality;
c) data exchange;
d) enhanced metadata processes;
e) enhanced data protection processes;
f) tool management; and
g) safety and security management.
3.4.3 Additional SARPS that may be considered to provide additional tools for the means of compliance:
a) in addition to the Cyclic Redundancy Checks (CRCs) as stated in Annex 15 for data protection, include data authentication processes such as digital encryption and digital signatures where needed to ensure the integrity of critical and essential data;
b) the application of redundant checks, verification and validation as required to ensure the integrity of critical and essential data;
c) the verification and validation of the integrity of the tools used in aeronautical data processing;
d) the use of quantitative measurements of data integrity where determined to be possible and practical; and
e) processes for ensuring the necessary level of protection, checking, verification and validation are monitored and accomplished throughout the aeronautical data chain.
3.5 It should be noted that the draft EUROCONTROL Specification for Data Assurance Levels (DAL) is being considered in Europe as a means for compliance. The DAL objectives define the manner in which processes, tools and procedures should be applied at each stage of the aeronautical data chain to achieve data integrity.
4. ACTION BY THE AIS-AIMSG
4.1 The AIS-AIMSG is invited to:
a) review and provide comment on this paper; and
b) present ideas for the means of compliance to assure aeronautical data integrity. AIS-AIMSG/3-SN No. 13 -6-
— END —