It was in 2000 that Dominique Mineo came up with the idea of modelling flight data to make it more understandable and accessible, leading to the creation of CEFA Aviation. "Although we often talk about this information following an accident, a lesser known fact is that airlines continuously use black box recordings to improve flight safety, carry out aircraft maintenance and even enhance pilot training with the aim of improving flight safety," explains Dominique Mineo. “We have been specialising in flight data animation for 20 years. We use the technical information recorded in the black box to produce action sequences, animations and videos that faithfully reconstruct the flights. It is therefore possible to relive the flight in a virtual reconstruction enhanced with virtual reality elements, such as a view of the cockpit instruments for example, to review all the events that occurred during the flight.”
The flight reconstructed and available on the tablet upon landing
Building on its accumulated expertise, CEFA Aviation launched a breakthrough innovation in 2017 that would revolutionise post-flight debriefings. This solution offers staff a unique expertise tool for flight preparation and debriefing. It enables each pilot to analyse all the parameters of their flight a few minutes after landing from a simple tablet in order to objectively self-analyse and work on the phases of their piloting and flight circumstances. This enables them to improve more quickly, or to share their own experience with less experienced pilots.
This last advance made possible through the use of the cloud requires ad hoc protection of the data processed by CEFA Aviation. In this context, the company therefore decided to embark on an ISO 27001 certification process; ISO 27001 is an international standard relating to the security of information systems. The company was supported in this process by EBRC, an emblematic European player that since 2000 has made the management of sensitive information, the security of information systems and cyber-resilience its mission. "Black box data can indeed constitute sensitive information which, if it falls into the wrong hands, could be used to damage the reputation of an airline company, for example," explains Dominique Mineo.
Securing every link in the chain
CEFA Aviation became aware of what was at stake. “There can be no weak link at the heart of the information security chain. We must therefore be able to provide our clients with guarantees that their data is perfectly protected. With a certification based on an international standard that is ideal for a company whose clients are spread across the world, our contacts have a convincing guarantee of the seriousness and reliability of the partner to whom they entrust their information. This contributes greatly and simply to establishing a framework of trust that simplifies and accelerates exchanges and seals the service partnerships that we establish”, assure Dominique Mineo.
The implementation of ISO 27001 certification means that the company must conduct a continuous improvement process in terms of information system security and data processing. Initially, the standard enabled CEFA to assess its level of maturity in relation to all the good practices to be implemented. Beyond this, the aim is to formalise the procedures guaranteeing the security of information and processing and to establish control points that can be regularly audited.
Continuous improvement of security
In its desire to improve its resilience, CEFA Aviation also called upon EBRC to outsource the function of Information Systems Security Manager (ISSM). "CEFA Aviation wanted to quickly implement the IS0 27001 standard and obtain certification without impacting the development of its products,” explains Jean-Bernard Yata, Senior Consultant - CyberSecurity - Business Continuity - IS Strategist at EBRC. "CEFA therefore decided to rely on EBRC's experience and expertise. Indeed, EBRC (European Business Reliance Centre) is itself ISO 27001 and ISO 22301 certified (among others) which allows us to share factual feedback with our clients: "we recommend to our clients what we apply to ourselves". The certification process covers all company functions: HR processes, with the establishment of charters or documents setting out responsibilities in the use of data, governance, legal and statutory aspects, as well as the redesign and security design of the IT infrastructure.”