Introducing the UAS safety risk model
There are many rules about operating with UAV (unmanned aircraft). But now Drone Industry Insights (DRONEII) presents a four-phase model of an UAS safety risk assessment. This approach is an appropriate solution which fits, according to effort and usability, in everybody’s organization. This model is the fundamental frame for a safe and reliable organization set up, which should be used for drone flight permission and insurance applications.
Phases of UAS Safety Risk Assessment
Drone Industry Insights recommends to separate the UAS safety risk assessment into four phases:
- Part I – UAS Safety Hazard Identification: Occurrences like near misses or latent conditions which led or could have led to a drone operational flight safety harm will be identified.
- Part II – UAS Safety Risk Assessment: All identified hazards will be assessed according to the severity and probability of each operational risk.
- Part III – UAS Safety Risk Mitigation: According to the operational risk acceptance level risk mitigation actions will be defined.
- Part IV – UAS Safety Documentation: Not only the assessment results but the whole UAS safety risk assessment process should be documented to ensure a continuous safety assurance.
UAS Safety Risk Assessment Definition
The operational flight safety of drones is the desired optimum state in which flight operations are executed in circumstances that can be controlled with acceptable operational risk. The UAS safety risk assessment, based on a systematic approach from safety hazard identification to a risk management, ensures maintaining the required safety standards of drone operation.
The UAS safety risk assessment is an instrument how to identify and assess active and latent safety hazards of drone operation. This safety risk assessment includes actions for mitigating the predicted probability and severity of the consequences or outcomes of each operational risk. An UAS safety risk assessment makes safety risks measurable so that risks can be better controlled.
Part I – Safety Hazard Identification
Definition of Safety Hazards
With the first phase of the UAS safety risk assessment we collect and identify operational drone safety hazards which can be separated into “active failures” and “latent conditions” which occurs or might occur during the flight operations.
Active failures are actions including errors and violations, which have an immediate effect. They are generally viewed as unsafe acts. Active failures are generally associated with front-line personnel (pilots, air traffic controllers, engineers, etc.).
Latent conditions are those that exist in the UAV system well before a damaging outcome is experienced. Initially, these latent conditions are not perceived as harmful, but could become evident once the system defenses are breached. These conditions are generally created by people far removed in time and space from the event.
Safety hazards identification methodologies
- Reactive: This methodology involves analysis of past outcomes or events. Hazards are identified through investigation of safety occurrences. Incidents and accidents are clear indicators of system deficiencies and therefore can be used to determine the hazards that either contributed to the event or are latent.
- Proactive: This methodology involves analysis of existing or real-time situations during drone operation
- Predictive: This methodology involves data gathering in order to identify possible negative future outcomes or events during drone operation, analyzing system processes and the environment to identify potential future hazards and initiating mitigating actions (e.g. FMEA). If you want to learn more about drone data security, feel free to take a look at our post about drone data security.
Examples of safety hazard identification sources
- Flight Operations Data Analysis (FODA)
- Flight Reports
- Maintenance Reports
- Safety (& Quality) Audits / Assessments
- Voluntary reporting of Incident/accidents/near misses
- Mandatory accident reporting to the competent authority
- Brainstorm according to Failure Mode Effects Analysis (FMEA)
Part II – UAS Safety Risk Assessment
The second phase, the UAS risk assessment, measures the projected probability and severity of the consequences of the identified safety hazards of drone operation. This phase presents the fundamentals of safety risk management.
UAS Safety Risk Probability
The safety risk probability is defined as the likelihood or frequency that a safety hazard consequence or outcome might occur.
- All scenarios should be taken into consideration
- The probability must be categorized in criteria like numbers
- These numbers should be assigned to each probability level
The following figure displays a common used five level probability table. It’s possible to extend the safety risk probability to six, ten, or 15 values.
UAS Safety Risk Acceptance
The third step in the UAV safety risk assessment process is to determine the safety risks that require actions.
The safety risk acceptance indicates the combined results of the safety risk probability and safety risk severity assessments. The respective assessment combination is presented in the safety risk assessment matrix which is shown in the figures.
This UAV safety risk matrix can be customized according to the UAS company’s business or safety policy. The combination of risk probability and severity indicates following:
- The safety risk acceptance level:
- Red is not acceptable
- Yellow is tolerable but requires risk mitigation
- Green is an acceptable level
- The UAS safety risk index (SRI) which can be used as an Indicator for statistical data and for the “before/after comparison” to measure the efficiency of a UAV safety risk management.
The UAS safety risk matrix must then be exported into a safety risk acceptance matrix to determine required actions to mitigate unacceptable and tolerable safety risks into an acceptable status.
UAS Safety Risk Severity
The safety risk severity is defined as the extent of harm that might reasonably occur as a consequence or outcome of the identified safety hazard. The severity assessment can be based upon on injuries (persons) and/or damages (Drones themselves and buildings, powerlines etc. / the cost dimension).
- The worst foreseeable situation should be taken into account
- The severity must be categorized in quantifiable criteria like numbers
- These numbers should be assigned to each probability level
The following figure displays a typical five level severity table.
Based on the Failure Mode Effects Analysis (FMEA) methodology assessors often use the “probability of detection” as a third dimension in addition to risk severity and probability. This dimension is commonly required in the product development to include natural or technical safety barriers into the measurement.
There is also the possibility to extend the safety risk severity to six, ten, or 15 values.
Part III – UAS Safety Risk Mitigation
The UAV safety risk mitigation explains the approach to react on unacceptable or tolerable UAV safety risks. It’s a systematic reduction of the risk severity and the probability of its occurrence.
The UAS safety risk acceptance matrix provides information about the required actions for the risk mitigation strategies:
- Unacceptable level – the probability and/or severity of the consequence is intolerable. Major mitigation or redesign of the system is necessary to reduce the probability or the severity of the consequences of the safety hazard to an acceptable level.
- Tolerable level – the consequence and/or likelihood is of concern; measures to mitigate the risk to as low as reasonable practicable should be sought. This risk can be tolerated provided that the risk is understood and has the endorsement of within the organization.
- Acceptable level – the consequence is so unlikely or not severe enough to be of concern. The risk is tolerable and the Safety Objective has been met. However, consideration should be given to reducing the risk further as low as reasonably practical.
UAS safety risk mitigation actions can be separated into two dimensions:
- Corrective actions (CA): Actions with an immediate effect for the safety hazard
- Preventive actions (PA): Actions which have a long-term effect on the safety hazard to mitigate the risk to an acceptable level
The corrective and preventive actions should be recorded in UAS safety risk map to assign responsible persons for actions and due dates.
The UAV safety risk mitigation describes the last step of a UAV safety risk assessment. The question, if a continuous review of UAS safety risks and a safety performance increase is necessary, is obsolete. UAV safety risk documentation and documented risk management procedures are required and are described in the following paragraph.
Part IV – UAS Safety Documentation & Management
Not only UAS risk mitigation exercises need to be documented, but due to the ambition of a continuous improvement and a transparent organization a documented risk management process is required. A risk management process example is displayed in the following figure:
Additionally a safety risk database should be established which shall be used as evidence for required pre-flight checks or as a basic for UAS operation manuals.
Further Droneii.com recommendations:
- Set up an UAS safety risk database including safety hazards and mitigation actions
- Establish a risk monitoring procedure
- Establish voluntary and mandatory reporting systems
- Establish a safety culture
There is much to come in the future in UAV rule making and safety restrictions. Be prepared until the Civil Aviation Authorities will required it from you!