SOS Services
← Engineering
aviation · Vimal Bahuguna

When does an MRO outgrow spreadsheets?

There's a specific moment when a maintenance shop crosses from 'Excel is fine' to 'Excel is dangerous.' Most shops don't notice it until an audit catches them. Here are the signs.

Most aircraft maintenance operations run on spreadsheets for far longer than the size of the operation justifies. We’ve talked to small carrier MROs running 800-aircraft-month maintenance programs in Excel, with the operator’s wife as the unofficial DBA. It works until it doesn’t, and the failure modes when it stops working are bad — auditor-bad, FAA-letter-bad, insurance-claim-bad.

The transition isn’t gradual. There’s a specific point where the tooling has to change. This post is about how to recognise that point, before an audit recognises it for you.

The three signs

The operations that should have stopped using spreadsheets but haven’t usually have one of three signals firing:

1. More than one regulator. A pure-domestic Indian MRO running under DGCA is in one rule-set. Add SACAA-registered aircraft and you’re tracking the same tasks under two different schemas, with different intervals, different sign-off requirements, and different evidence formats. Spreadsheets can technically hold both, but the duplication means edits go into one sheet and not the other, and the gap surfaces during an audit. We routinely see shops with three regulators (DGCA + FAA-registered N-numbers + one EASA airframe) trying to reconcile by hand.

2. More than five aircraft tails. Below five, one maintenance coordinator can hold the state of the entire fleet in their head. Above five, no human can. Tasks start slipping past their next-due interval because nobody’s actively scanning the calendar at the right cadence. Excel does not page you when a task is due in 30 hours of flight time on the third aircraft you maintain.

3. More than three licensed engineers signing off tasks. A spreadsheet records “John approved on 2026-03-14.” It does not record which John (if there are two), what version of the task card he approved, or whether the parts batch he installed matches the one logged. Multi-engineer environments need cryptographic audit trails — not because anyone is malicious, but because in five years an investigator will ask, “show me the chain of custody for the part installed on this aircraft on this date” and the spreadsheet answer of “trust us” doesn’t work.

If any one of these is true today, the operation is over the line. Most shops have all three by the time they start looking for software.

Why spreadsheets fail at MRO scale specifically

Plenty of small operations run perfectly well on spreadsheets indefinitely. MRO is different because of four structural features of the work:

Maintenance Planning Documents (MPDs) define the recurring task schedule for each aircraft type. They are typically 500–2000 line items, each with a calendar interval, flight-hour interval, and flight-cycle interval. The next-due date for any given task is the minimum of those three. Spreadsheets can hold this, but the calculation has to be re-run every time you record a flight, and human-driven recalculation is exactly where things slip.

Airworthiness Directives (ADs) add tasks on top of MPDs. Each AD has a compliance window. Each AD applies to specific serial numbers within a type. You have to track which of your tails are affected, what your compliance status is, and what evidence you have. Auditors check this directly. Spreadsheets that don’t model the serial-number scoping of ADs always have wrong answers somewhere.

Parts traceability demands chain-of-custody from manufacturer through installation. Each part has a serial or batch number, an airworthiness certificate (EASA Form 1 / FAA 8130-3 / DGCA equivalent), and a paper trail. When you install a part on an aircraft, the spreadsheet entry that says “installed part X” needs to link back to which Form 1 you have for that batch — and if the part later gets pulled in service and reused on another aircraft, the chain has to extend. Spreadsheets can do this with discipline. They cannot do this reliably without discipline.

Task-level sign-off is regulator-mandated for every maintenance action. The licensed engineer who performed the work signs. In many regimes, the signature must include the engineer’s license number, the timestamp, a reference to the maintenance manual revision used, and the parts list. Spreadsheet “John signed on the 14th” doesn’t satisfy this. Auditors will ask to see the signed document; the document needs to be findable, retrievable, and tamper-evident.

The cost of switching late

Operations that switch from spreadsheets to a real maintenance system after one of the three signs has already fired pay a transition cost that’s much higher than switching earlier:

  • Backfilling history. A regulator who finds you on spreadsheets won’t accept “we just moved to a new system.” They want compliance evidence going back through your retention period. If the spreadsheet history is messy, you’ll spend months reconciling.
  • Workforce retraining. Engineers who’ve signed off paper for 20 years aren’t trivial to move to a tablet workflow. The transition is real change management.
  • Open-finding remediation. Most operations that switch under audit pressure have open findings that drove the switch. Those need to be closed within the audit window, which is short. Software that can’t onboard fast doesn’t help.

The shops that switch before the audit, when they’re at 3 aircraft / 1 regulator / 2 engineers and just seeing the third signal start to fire, pay a fraction of the transition cost. They get to choose their software, set it up calmly, and migrate one aircraft at a time.

What “good” looks like for MRO software

The maintenance software that actually works for sub-enterprise MRO has five properties:

  1. Multi-regulator at the data model. The same task can map to FAA, EASA, DGCA, CAAC, SACAA requirements simultaneously without duplicating records. Auditor exports can be filtered to one regulator’s view without losing the underlying record.

  2. MPD intervals are calculated, not stored. The system computes next-due-date from the three interval types automatically, every time flight hours or cycles change. Coordinators don’t recalculate; they review.

  3. Sign-offs are cryptographic. Each task closure is signed with the engineer’s credentials, timestamped server-side, immutable. The auditor’s “show me proof” is a query, not a paper hunt.

  4. Parts chain-of-custody is automatic. Receiving a part links it to its airworthiness certificate. Installing a part decrements inventory and writes the link to the aircraft. Removing and reinstalling extends the chain. The traceability happens as a side-effect of normal operation, not as a separate documentation step.

  5. Mobile-first for line-side work. Engineers in the hangar use the same system as the planners in the office. The data flows in real time. Tablet-friendly UIs for line operations, not desktop apps that get printed and re-typed.

What we built

AMRO Pro is our take on this category — built for regional carriers and mid-sized MROs that have outgrown spreadsheets but can’t justify enterprise CAMO software. Multi-regulator out of the box (FAA / EASA / CAAC / SACAA / DGCA via the regulator engine). MPD interval calculation runs every time flight data lands. Cryptographic sign-offs. Parts chain-of-custody as a first-class data type, not a documentation layer.

If you’re running an MRO operation and any of the three signs above describes you, we’d be glad to talk. The transition is cheaper before the audit.

← Back to engineering