Washington, DC August 28, 2018 Request for Proposal To develop and teach a Training Course on RTCA Airworthiness Security Documents (DO-326A, DO-355, and DO-356A) 1. RTCA Background RTCA is a private, not-for-profit association founded in 1935 as the Radio Technical Commission for Aeronautics, now referred to simply as RTCA. RTCA is the premier Public-Private Partnership venue for developing consensus among diverse, competing interests on critical aviation modernization issues in an increasingly global enterprise. RTCA has provided the foundation for virtually every modern technical advance in aviation. Our products serve as the basis for government certification of equipment used by the tens of thousands of aircraft flying daily through the world s airspace. A Standards Development Organization (SDO), RTCA works with the Federal Aviation Administration (FAA) to develop comprehensive, industry-vetted and endorsed standards that can be used as means of compliance with FAA regulations. Our deliberations are open to the public and our products are developed by aviation community volunteers functioning in a consensusbased, collaborative, peer-reviewed environment. RTCA has more than 600 members representing government, industry and academic organizations from the United States and around the world that employ tens of thousands of people worldwide in the aviation business. Their work, facilitated by the RTCA staff, represents the consensus of thousands of experts from all corners of the aviation industry a unique public-private partnership among aviation system users, providers and regulators. Member organizations encompass all facets of the aviation community, including government organizations, airlines, airspace users and airport associations, labor unions, aviation service and equipment suppliers. 2. RTCA Standards Overview/Training Courses RTCA s Special Committees leverage the expertise of the aviation community to generate recommendations in response to requests from the FAA to address technical topics. The RTCA Special Committees develop performance standards, reports and guidance material that help shape the certification of the safety and efficiency of new equipment and technologies. RTCA standards are frequently invoked by the FAA in Technical Standard Orders and Advisory Circulars and, therefore, provide a partial basis for certification of equipment and systems. 1
RTCA guidance materials are intended for use by aircraft manufacturers and suppliers of electronic hardware and software of airborne systems. They are applicable to current, new and emerging technologies. Currently, RTCA offers four training courses on the standards and recommended practices. RTCA DO-160, Environmental Conditions and Test Procedures for Airborne Equipment RTCA DO-178C, Software Considerations in Airborne Systems and Equipment Certification Supplements to DO-178C RTCA DO-254, Design Assurance Guidance for Airborne Electronic Hardware The courses are designed to enhance the understanding of the guidance documents and are taught by knowledgeable, industry practitioners with expertise in the covered areas. 3. Description of Services In response to the requests and interest by the aviation community RTCA would like to develop and offer a training course covering the topics contained in RTCA security documents. DO-326A, Airworthiness Security Process Specification DO-355, Information Security Guidance for Continuing Airworthiness DO-356A, Airworthiness Security Methods and Considerations RTCA DO-326A provides guidance in addressing airworthiness security during the aircraft product life cycle from project initiation until the aircraft Type Certificate (or supplemental or amended Type Certificate) is issued for the aircraft type design. It concentrates on process assurance guidance and requirements for the aircraft design regarding systems information security. It is part of a series of documents on Aeronautical Systems Security that together address information security for the overall Aeronautical Information System Security (AISS). Issued in parallel with RTCA DO-355 and was coordinated with development of EUROCAE ED-202A. RTCA DO-355 provides guidance for operation, support, maintenance, administration and deconstruction stages of the product life cycle. The goal is assuring continued safety of aircraft in service regarding systems information security. It is a resource for civil aviation authorities and the aviation industry when the operation and maintenance of aircraft and the effects of information security threats can affect aircraft safety. DO-355 also addresses airworthiness security for continued airworthiness of the aircraft. Developed as coordinated effort with EUROCAE ED-204. RTCA DO-356A provides analysis and assessment methods for executing the process assurance specified in DO-326A. It addresses the assessment of the acceptability of the airworthiness security risk and the design and verification of the airworthiness security attributes as related to system safety and airworthiness. Regulators will refer to this document for accepted means of compliance. Developed as coordinated effort with EUROCAE ED-203A. 2
4. Requested Services RTCA is soliciting proposals from qualified training providers (RTCA member companies, non-member companies or individuals) who have the capacity to develop and deliver RTCA Security training course(s). Successful respondents shall possess required knowledge and practical understanding of the RTCA documents and have experience with developing and conducting training courses. The target audience for the training is primarily system and hardware engineers responsible for developing requirements for airborne equipment and test engineers responsible for writing test plans, procedures and running tests, as well as certification specialists. The requirements established for the RTCA security training course include: A three day (preferred) or four day (if necessary) practitioner-level course that will focus on the details of the three documents concepts and content, rationales and applications. The relationship between the three documents and their combined use. Key differences between revisions of documents, in particular what has been updated in DO-356A Other relevant information: Course could either be developed by an outside vendor for ownership by RTCA or developed by outside vendor and provided on a contractual basis by course offering. RTCA anticipates offering the course for at a minimum of 3 times during 2019 and then at a higher rate 2020 and beyond. Class size will be approximately 20 students. The Training will take place at RTCA headquarters in Washington, DC or at an RTCA designated facility in the US or other countries. RTCA would also consider the option of on-site training upon request. High quality expected, with RTCA stamp. 5. Role of RTCA Marketing and promotion of training course. Course registration and management. Provision of course facilities, course materials (including manuals and associated documents), audio visual equipment and associated logistics. Support for course attendees. Technical advisor for course development and on-going review and analysis. 6. Vendor Selection In preparing submissions, respondents shall, at minimum provide an answer to the questions/statements included below. 3
Questions The proposal should include a brief history of the company or individual, its size, and its experience with training development for technical standards. Please explain why are you interested in developing the RTCA Security Airworthiness Certification Training Course. What is your experience with aviation cybersecurity? Do you offer other Training Courses (RTCA standards or others)? What is your knowledge of the RTCA standards, FAA regulations (TSO, AC, etc), certification process (FAA/EASA)? Please provide us with system/equipment example development you work/worked on and the accomplishment, full development process up to the equipment certification. Please provide the security training overall outlines / training courses synopsis. Please submit a detailed time line for course development. Please identify potential trainers to provide the training services. Please include their resume/background information. What is the cost for developing the training course, please include a detailed budget. What is the cost for providing the training? Please include plans to access any specific intellectual property and/or anticipated development of IP in the proposal and its preferred handling (ownership, open access, access terms, etc.). Other information you would like to provide. 7. Selection criteria Selection of the successful offeror(s) will be based on: Relevant experience, competency, and past performance Training course development synopsis and detail Capacity to provide service to develop and conduct the training Experience of instructor(s) Cost of development Cost and sustainability of conducting training course(s) Ability to initially offer 3 classes in 2019 and as many as 4 per year beyond Cost proposal RTCA members preferred 4
All proposals received on or before September 28, 2018 will be reviewed. Incomplete proposals or proposals that fail to follow the submission guidelines will not be considered for review. RTCA reserves the right not to award any contract under this RFP. 8. Planned Milestones RFP Release: August 28, 2018 Deadline for Questions: September 14, 2018 Proposals Due: September 28, 2018 RTCA decision on Security Training: October 2018 First Training Class: 2019 Submit proposal for consideration on or before September 28, 2018 to: Ms. Karan Hofmann RTCA, Inc. 1150 18 th St NW, Suite 910 Washington DC 20036 Or email to khofmann@rtca.org Questions and requests for additional information may be directed to Ms. Karan Hofmann at the above email address. 5