FRIEND or FOE: Off-the-Shelf Software for CAAs

To achieve synchronisation in the aviation business around the globe, National Civil Aviation Authorities (CAA) are expected to align its aviation safety oversight establishment and implementation with the industry benchmark, ICAO Critical Elements. The elements include the establishments of organisation governance – authority entity, legislation, operating regulation, working guidance and qualified personnel – and the implementation of surveillance and certification.

Conforming to international standards is a challenging task because some states may struggle in compromising its existing process, that embedded with prolonged history and cultural background, which evolve into different means of working. Therefore, one of the quickest solutions adopted by many regulators is to implement or replace the current systems with “off-the-shelf software” which contains best practices from well-established civil aviation authorities worldwide.

Challenge in Implementing Off-the-Shelf Software

Although off-the-shelf software could be the quickest solution, it may not be the easiest one.  Radical changes in many aspects are to be expected such as computing logic, users’ interface, working process, and data collection, which will be the major challenges for the authorities,


Although national civil aviation legislation and regulation are mostly developed based on ICAO’s standards and recommendations, the way they are interpreted and enforced may vary from state to state. Using off-the-shelf software is therefore not a one-size fits all solution for all authorities, as the software may not fully align with CAA requirements and workaround would be required.

It is therefore essential that the software should be customisable and configurable to tailor to the requirements of the authorities as much as possible. Nevertheless, with off-the-shelf software, changing configurations of the software is possible to a certain extent, which inevitably leaves some gaps between the work processes configured in the software and those employed by the authorities. The authorities may need to carry out impact assessment and evaluate options to close those gaps by, for example, changing/ optimising work processes, and in some cases adjustments to the regulations may be required.

Work Process:

Not only the difference at the state level, the differences in work processes are also found at the organisation level, where different departments may have their own way of working and handling issues and becomes a standard operating procedure at their departments. By adopting off-the-shelf software, this will gradually require the authority to standardise their internal processes to make them more systematic and efficient. This is a common challenge to all authorities. A well-planned and execution of change management, and effective communication within the organisation are the key to success for IT transformation.

Single source of truth: Centralised database

Individual departments at the authority use the data for different purposes, depending on their responsibilities. The same type of data such as personal/ organisational details of license/ certifications holders are used by several departments. However, it is often the case that these data are kept and used separately. The updates and changes of information are done at department levels and have not been shared within the organisation. This leads to inefficiency in work process as well as affecting data quality as the same set of data is maintained in more than one place.

By aggregating the data and information from different sources within an organisation into a single centralized database or single source of truth (SSOT), the organisation will have a clear view of the overall safety oversight processes. The SSOT will also make it possible for the authority to fully utilise the data collected for Risk-Based Oversight. The management will have a real-time data to support their decision.

The challenges shared here are based on our experience in implementing off-the-shelf software for the authorities. While good understanding in aviation regulations and standards both locally and internationally as well as selection of a good off-the-shelf software are crucial, the successful implementation would not have been possible without the support from the top management at the authorities as several important strategic decisions need to be made during the implementation.  Last but not least, the understanding of the importance of the transformation to a new safety oversight system and the collaboration from all the staff within the authority is a prerequisite for all successful implementations.


About To70. To70 is one of the world’s leading aviation consultancies, founded in the Netherlands with offices in Europe, Australia, Asia, and Latin America. To70 believes that society’s growing demand for transport and mobility can be met in a safe, efficient, environmentally friendly and economically viable manner. To achieve this, policy and business decisions have to be based on objective information. With our diverse team of specialists and generalists to70 provides pragmatic solutions and expert advice, based on high-quality data-driven analyses. For more information, please refer to

About post author

Leave a Reply

Your email address will not be published.

© Copyright To70 2021