Home' RTCA Documents for Review : DO-230H FRAC Contents 31
©2017 RTCA, Inc.
the purpose of authorizing access. In some more rudimentary systems, integration may simply list
management functions (drawing from sources such as manually populated spreadsheets).
Different independent databases can be maintained for other functional activities (like security training or
drivers training) which are related, directly or indirectly, to credentialing. As with the application process
itself, the collection of this data can be through automated processes or through manual data entry. Each of
these data fields may impact on what permissions are given for access. For example, an individual may be
able to access a gate to the airfield on foot or as a vehicle passenger, but unless the individual has passed
an airfield driver’s test and that information is reflected on the badge (either electronically, or by some
visible marking or both), that individual may be precluded from driving through the gate. The information
required for making a decision on issuing a badge may need to be drawn from a number of different systems.
The wide variation in size and complexity in airports and airport operations is, unsurprisingly, also reflected
in the complexity of the credentialing operations that support security. While the federal regulations set a
baseline requirement applicable to all facilities, the need for integration grows as the supported security
operations become larger and more complex and the number of persons requiring credentials increases,
though this impacts larger airports far more than smaller airports.
As for all automated systems, an increase in the number, complexity and capacity of subsystems
requirements likewise increases the need for more robust integration. As the degree of automation in the
interface of disparate data systems increases, the ability to ensure accurate and updated credential
information increases. The greater the reliance on manual input, the slower the process and more prone it
is to data input error. However, successful integration does require a substantial level of cooperation.
Efficient integration of disparate data systems requires the sharing of information between those systems.
Where the systems are automated, the most effective way of sharing involves either the exchange of data
necessary to create application programming interfaces (APIs) (or utilizing existing APIs), or the creation
of a graphical user interface (GUI) that allows access to that data.
A common impediment to successful integration concerns the integrity of proprietary software in
credentialing systems. The reluctance of the entities which own proprietary systems to share information
necessary for complete integration often means that a partially integrated system will perform sub-
optimally. The more critical the data in one system is to the overall performance of an operational function,
the more critical is the need for data essential to smooth integration.
As a general example, the information obtained and provided to/from the DAC is critical to the overall
process of the issuance of credentials. Accordingly, the smoother the integration between airport systems
and the selected DAC, the greater the efficiency that can be expected. Where possible, airports with
partially integrated systems should look to maximize the ability to integrate with the DAC data input and
Two cautionary notes are appropriate on the issue of such integrations.
First, it should be noted that integration may involve both internal and externally controlled data sources.
Where the airport has control over its data sources, integration is more easily accomplished because there
is a greater ability to ensure cooperation. In some circumstances, an airport operator may find itself in the
position of needing to interface with systems over which it has little control or influence.
For example, state or local law or regulation may require airports to submit data to state or local law
enforcement agencies, in addition to the TSA DAC process, before a credential can be approved. As noted
above, airport operators are permitted to have more stringent standards for credential issuance than that
which is imposed by the federally mandated review. There may well need to be processed manually in
Links Archive Navigation Previous Page Next Page