Enterprise Architecture, Open Standards, and Aircraft Certification

An opinion on the relevance of EA and Open Standards in Aircraft Certification

By Terence Blevins, Enterprise Wise LLC

Executive Summary

Aircraft safely is of interest to everyone around the world. To address aircraft safety there are certification processes in place where two organizations with the greatest involvement are the FAA (Federal Aviation Agency) in the US, and the EASA (European Union Aviation Safety Agency) in Europe.

Certification is how the FAA manages risk through safety assurance. It provides the FAA confidence that a proposed product or operation will meet FAA safety expectations to protect the public. Certification affirms that FAA requirements have been met.” (Source: https://www.faa.gov/uas/advanced_operations/certification/)

In September 2020, a report[1] was published to “help inform the public’s understanding” of what went wrong resulting in two aircraft accidents. The authors of this document each individually reviewed this report with a mindset of identifying how Enterprise Architecture and Open Standards might mitigate the risk of reoccurrence of such accidents. Each author focuses on a particular viewpoint with a specific focus. This document presents these viewpoints as developed sequentially with an end goal of initiating a discussion on potential Enterprise Architecture and Open Standard roles that could be played to improve Aircraft Certification if the situation presents itself. There is no intent to summarize the subject report nor the situation surrounding the subject of the report, but rather to use the report as a reference to determine where Enterprise Architecture and Open Standards may help.

The target audience for this document is those that are interested in improving Aircraft Certification processes and policy who might ask “can Enterprise Architecture and/or Open Standards help?”

The author of this document believes there is an opportunity to improve Aircraft Certification using Enterprise Architecture and Open Standards – in the hopes of initiating a conversation

Further Background

As might be expected given the serious nature that generated the need for the BOEING 737 MAX Final Committee Report (hereafter referred to as “the report”), it presents specific issues related to the outcome. It is obvious after reading the report that issues existed throughout the landscape in each of the high-level development, operations and maintenance, and governance areas.

In this document, I will not focus on blame, nor poor techniques, nor decisions. Rather, I will focus on establishing a context and recommendations to avoid such an outcome in the future by employing concepts of Enterprise Architecture and Open Standards. Also, we focus mostly in the governance area where Aircraft Certification is in play.

The author of this document is not an expert in aircraft design, manufacturing, nor Aircraft Certification. But the author has expertise that has been applied to many similar areas and, by providing their expert analysis of this subject scenario, hope to bring some cross-fertilization that may improve these areas in the airline industry.

Information Flow View

When first approached with the challenge of reviewing the report and providing my thoughts on the possibility of applying Enterprise Architecture and Open Standards to reduce the risk of reoccurrence of the outcomes related to the report, I immediately felt overwhelmed. However, as I started to review the report, I made note of the similarities between this scenario and other scenarios currently addressed by Enterprise Architecture and Open Standards. I took note of the information flow issues and the similarities of those that drove The Open Group Boundaryless Information Flow vision. Noticing that, I went forward with a notion that ignoring the similarities would result in a lost opportunity for the Airline Industry.

I believe that addressing information flow within the complex Aircraft Certification landscape will result in better outcomes for all. I found a similar sentiment in a statement from Stephen M. Dickson putting information flow at the forefront.

Beyond the 737 MAX, the FAA is committed to addressing issues regarding Aircraft Certification processes not only in the United States, but around the world. These issues include:

  • Moving toward a more holistic versus transactional, item-by-item approach to Aircraft Certification, taking into account the interactions between all aircraft systems and the crew
  • Integrating human factor considerations more effectively throughout the design process, as aircraft become more automated and systems more complex
  • Ensuring coordinated and flexible information flow during the oversight process”

(Source: A Statement of Stephen M. Dickson, before The House Committee on Transportation & Infrastructure, US House of Representatives, December 11, 2019.)

Further supporting a focus on information flow “… AIR sought to advance its safety mission and related outcomes by interrelated means, such as enhancing the accountability framework, adopting risk-based decision-making, implementing an information management strategy, and strengthening industry partnerships, among other initiatives.

(Source: Comprehensive Strategic Plan for AIR Transformation, p.4; see References).

Author’s Analysis from an Information Flow View

Aircraft Certification is a complex set of interrelated processes within a complex landscape of many entities that rely on quality information to perform the various roles. When I think about the different depths of various certification (or conformance) programs, I think first of the consequence of a misleading certification. The consequences range from something as simple as not being pleased with a design preference to loss of life. Different programs along this range would have different criteria, different assessment mechanisms, different auditing, etc. In other words, these programs go to greater depths as the consequences approach loss of life. When loss of life is a consequence, the most rigorous approaches should be in play. At the heart of this is information!

Consider a very high-level landscape picture[2] related to Aircraft Certification, as depicted in Figure 1.

Figure 1: High -Level Aircraft Certification Landscape

The landscape includes the high-level domains of Governance, Development, and Operations, which, in this author’s view, represent the meta-architecture of any enterprise where there is a natural separation of concerns and activities in each domain. Ultimately, the roles and activities depicted in Figure 1 result in an airworthiness certificate for an aircraft. These domains could and should connect in a virtuous cycle of improvement where Operations generate information that feeds Governance that supports decisions about what needs to be further developed to ensure the safety of an aircraft. I believe that high-quality information flowing within this landscape is essential to operate, govern, and develop safe aircraft.

The following paragraphs describe the domains and Aircraft Certification.

The aircraft Operations domain is where the business of an airline happens for profit. That business is to transport passengers and their luggage safely from one point to another while adhering to rules and regulations. Activities depicted in Figure 1 relate to Aircraft Certification in a somewhat indirect way in this Operations domain. When members of a crew are selected, they must meet certain requirements, like training on specific aspects of the aircraft. When aircraft are purchased, the airline must have aircraft that is certified to fly with full knowledge of capabilities and/or exceptions. Flight, ground, and cargo Operations are required to report issues related to flights. Aircraft Operations need information, and must share information, to result in a high-quality airworthiness assessment.

Pilots need the following to operate the aircraft safely:

  • Information about new capabilities of an aircraft
  • Information about new instrumentation
  • Information about recent maintenance issues and resolutions
  • Information about known anomalies and new behaviors of the aircraft
  • To share information about issues and remedies during flight

Ground maintenance personnel need the following to maintain the aircraft safely:

  • Information about certified replacement parts
  • To share information about repairs

Crew planners need the following to assign trained personnel:

  • Information about training requirements per aircraft per role
  • Information about the training of personnel

Without this information, accidents can happen, and certificates can be revoked.

The aircraft Governance domain manages the safety of aircraft by performing certification activities of “higher-risk items”, such as safety-critical or “new and novel designs”. This non-profit environment provides reassurance of aircraft safety to the public. The activities listed are actual activities of the Aircraft Certification process. Some of these activities are designated to Organization Designation Authorizations (ODAs) in certain circumstances under the regulator oversight. When certificate types are assigned to specific aircraft, the regulator needs to understand the new design and/or changes to an existing design. This also informs the regulator on the matter of delegating and reviewing activities to an ODA, as well as assessing the ODA recommendations. Managing certificates (issue or revoke) requires detailed understanding of aircraft testing and results as well as operations as described above.

To perform these activities requires high-quality objective information flowing in a timely fashion.

Regulators need the following to determine the certificate type:

  • Information about design
  • Information about new capabilities of an aircraft
  • Information about new instrumentation

Technical experts need the following to ensure the quality of their assessment:

  • Information about design
  • Information about new capabilities of an aircraft
  • Information about new instrumentation
  • Information about past maintenance issues and resolutions
  • Information about known anomalies and new behaviors of the aircraft
  • Historic information to support risk analysis

Test pilots supporting certification need the following to ensure quality of their assessment:

  • Information about manufacturers’ test pilot results
  • To share results of their testing

Engineers supporting certification need the following to ensure quality of their assessment:

  • Information about design
  • Information about new capabilities of an aircraft
  • Information about new instrumentation
  • Information about past maintenance issues and resolutions
  • Information about known anomalies and new behaviors of the aircraft

Without this information, airworthiness certificates lose their value.

The final domain is the aircraft Development domain where manufacturers design, build, and sell aircraft in accordance with the rules and regulations while meeting the requirements of airlines. Also, aircraft component providers design, build, and sell components in accordance with the rules and regulations while meeting the requirements of aircraft manufacturers. In this profit-oriented area manufacturers design, engineer, build, integrate, systems test, and test the aircraft. Component providers design, engineer, build, and test components of the aircraft. Aircraft features and functions are continuously changing; hence, this environment is becoming ever more complex. The following lists information requirements pertinent to certification.

Designers and engineers need the following:

  • Information about new capabilities requirements of an aircraft
  • Information about constraints related to aircraft design ($, standards, rules and regulations, etc.)
  • To share information about new capabilities designed in an aircraft
  • To share information about new instrumentation
  • To share information about risk areas

Builders and integrators need the following:

  • To share information about risk areas
  • To share information about the actual build (any issues, changes required)

Systems testers need the following:

  • Information about acceptance criteria for systems
  • To share information about past maintenance issues and resolutions
  • To share results of their testing

Aircraft testers need the following:

  • Information about new capabilities of an aircraft
  • Information about new instrumentation
  • Information about past maintenance issues and resolutions
  • Information about known anomalies and new behaviors of the aircraft
  • To share results of their testing

Without this information, airworthiness of an aircraft is in doubt.

Figure 2: Information Needs Matrix

Figure 2 provides a normalized view of the information needs based on a minimal architectural assessment. Enterprise Architecture practices in the Information Architecture area could improve this view and provide insight to the Aircraft Certification process improvement plans.

Information is provided and consumed as depicted below in Figures 3 and 4.

Figure 3: Information Origination
Figure 4: Information Consumption
Figure 5: Information Flow

Figure 3 depicts a view of where the information originates within the landscape and is provided. Figure 4 depicts a view of where the information is consumed within the landscape, and finally Figure 5 depicts the information flow among the domains.

The takeaway of considering each of these figures is certification that brings trust to the public depends on information flow. However, in review of the report, it cannot be concluded that information flowed within this landscape. Rather there were many instances where available information just did not flow. On the positive side, the report did not highlight “information quality” as an issue except for a bad sensor reporting bad information. Nor did this author assess information quality as a major issue. On the negative side, given that quality information was available, it did not flow.

As I reviewed the report, I counted over 100 instances of the term “information”, and a sample of these occurrences showed that two thirds of the uses were in a negative context where “information” was surrounded by words or phrases such as:

  • Did not have an important piece of
  • Concealed this
  • Withheld this
  • Failed to disclose important
  • No evidence of sharing critical
  • Not properly addressed
  • Removal of
  • Shield critical
  • Did not relay
  • Limits
  • Deprived
  • Gaps, etc.

It became obvious to this author that information flow was a critical piece of the puzzle. To further support this assessment, the report highlighted communications as a critical concern. The term “communications” occurred 28 times in the report where at least 20 were in a negative light. In this case, the term “communications” was surrounded by words such as:

  • Mismanaged
  • Tardy
  • Fragmented
  • Failures
  • Disjointed
  • Breakdown in

The context of the usage of the terms “information” and “communications” continue to drive this author’s opinion that information flow improvements can add significant value to the Aircraft Certification process. This scenario fits nicely in the Boundaryless Information Flow problem space.

The remaining question I wish to weigh in on is how to go about identifying and addressing needed improvements.

What Can be Done to Address Information Flow Issues Using Existing Standards?

I will not go into the barriers that are hindering information flow in this scenario, since they are potentially awkward for all the organizations despite the best intent of the vast number of individuals involved. Suffice it to say if viewing this scenario as an enterprise-critical information flow, automation would be put at the top of the list of improvements. The following standards (listed in References) would be relevant to facilitate this.

Applying the TOGAF Standard to create an Enterprise Architecture for Aircraft Certification would complete the identification and elicitation of information flow requirements and necessary automation, thereby addressing current barriers:

  • The TOGAF Standard, Version 9.2

Additional Enterprise Architecture detail can be developed by creating an information map, à la:

  • TOGAF Series Guide: Information Mapping

Also pertinent to information management is the standard that can be used to facilitate interoperability within the Aircraft Certification landscape:

  • O-DEF™, the Open Data Element Framework, Version 2.0

Applying Business Architecture standards would be helpful as well, à la:

  • Open Business Architecture (O-BA) – Part I
  • Open Business Architecture (O-BA) – Part II

Applying the Open FAIR™ methodology might shed light on the risks of not having the proper information flow:

  • Open FAIR Risk Analysis Process Guide

Applying The Open Group IT4IT™ Reference Architecture and the Integrated Information Infrastructure Reference Model (III-RM) would help manage the business of Aircraft Certification IT to support the automation of the information flow:

  • The Open Group IT4IT Reference Architecture, Version 2.1
  • TOGAF Series Guide: The TOGAF Integrated Information Infrastructure Reference Model (III-RM): An Architected Approach to Boundaryless Information Flow

The above standards can be applied and facilitate improvements in the information flow of Aircraft Certification. The next section presents a few areas where further work can be done in the standards world to facilitate information flow challenges.

What are Some Areas for Future Standard Development?

Some areas for future standardization that can facilitate progress are:

  • Information semantics and quality standards dealing with tagging information that conveys the importance of the information and specific context in which the information is to be consumed – it would address valid (and invalid) transformations
  • Enterprise Architecture standards specific to enterprises comprised of multi-organizations with different concerns, motives, and objectives.

Conclusion and Future Directions

Taking an information flow view of Aircraft Certification resulted in identification of areas where improvements can be made through standards. Taking additional views will most probably result in other areas where standardization could lead to improvements.

It is hoped that this document will reach an audience of those that are interested in improving Aircraft Certification processes and policy who might ask “can Enterprise Architecture and/or Open Standards help?”

Acronyms & Abbreviations

ACM              Army Capabilities Manager

AFCEA           Armed Forces Communications and Electronics Association

AIR                Aircraft Certification Service

BA                 Business Architecture

CAPEC          Common Attack Pattern Enumeration and Classification

CVE               Common Vulnerabilities and Exposures

CWE              Common Weakness Enumeration

EASA             European Union Aviation Safety Agency

FAA               Federal Aviation Agency (US)

IEEE  I           nstitute of Electrical and Electronics Engineers

III-RM             Integrated Information Infrastructure Reference Model

ODA              Organization Designation Authorization

OVAL             Open Vulnerability Assessment Language


(Please note that the links below are good at the time of writing but cannot be guaranteed for the future.)

[1] Final Committee Report: The Design, Development, and Certification of the BOEING 737 MAX (see References).

[2] Figure 1 is purposefully high level and generic. It is not the intent to be exhaustive.

Terence Blevins is a Fellow of The Open Group, owner of Enterprise Wise LLC, and a semi-retired Enterprise Architect. He is currently a Director of The Open Group Governing Board and an active contributor to the TOGAF® Standard.

He has been involved with the architecture discipline since the 1980s, much of which was done while he was Director of Strategic Architecture at NCR Corporation. Terence has been involved with The Open Group since 1996 when he was first introduced to the Architecture Forum. He was Co-Chair of the Architecture Forum and a frequent contributor of content to the TOGAF Standard, including the Business Scenario Method. Terence was Vice-President and CIO of The Open Group where he contributed to The Open Group Boundaryless Information Flow™ vision.

He holds Undergraduate and Master’s degrees in Mathematics from Youngstown State University. He is TOGAF 8 Certified.