Leading with Safety: The Core Principles of Self-Driving Safety
At Aurora, we frequently talk about the importance of a comprehensive, thoughtful approach to safety. We strongly believe that safety must be at the core of autonomous vehicle development and deployment.
We’ve shared how we structure our safety approach with our Safety Case Framework and explained what a safety case is, why it’s important, and how it is applied at Aurora in Safety Case 101. We’ve even unpacked our Safety Case Framework in more depth by showing what it looks like in the real world – watch the video here.
To close out National Safety Month we’re diving even deeper into the five key principles that make up our Safety Case Framework – Proficient, Fail-Safe, Continuously Improving, Resilient, and Trustworthy. Jump in and learn more about how these principles form the foundation of our safety approach and help demonstrate that our technology is acceptably safe to operate on public roads:
- Proficient: The self-driving vehicle is acceptably safe during nominal operation
- Fail safe: The self-driving vehicle is acceptably safe in the presence of faults and failures
- Continuously improving: All identified potential safety issues posing an unreasonable risk to safety are evaluated, and resolved with appropriate corrective and preventative actions
- Resilient: The self-driving vehicle is acceptably safe in case of reasonably foreseeable misuse and unavoidable events
- Trustworthy: The self-driving enterprise is trustworthy
Principle 1: Proficient
The first of our core safety principles is Proficiency, which is how we show that our autonomous vehicles are acceptably safe when everything is working as intended.
When we demonstrate Proficiency, we are showing that we have a strong understanding of the self-driving product we’re developing, including its capabilities within our intended operational design domain, and our vehicles are operating as designed. If we say the Aurora Driver can do something, we have evidence to support the precise engineering that enables that function and show that our technology can execute it appropriately. Further, we implement and execute operational safety policies and procedures to support safe track and on-road testing.
For example, to operate safely the Aurora Driver needs to be capable of reliably detecting and reacting to pedestrians. To ensure the Aurora Driver’s advanced sensor hardware and intelligent perception software can respond to pedestrians appropriately within the Aurora Driver’s operational design domain, we extensively test and validate our technology in simulation and on the road, while observing procedures for safe testing. The result is a system that takes the right actions at the right times.
Principle 2: Fail-Safe
Our autonomous vehicles can’t only be acceptably safe when everything is operating as intended, they must continue to be safe when something goes wrong while on the road. Our Fail-Safe principle means that Aurora Driver-powered vehicles must be able to detect and react appropriately to system faults or failures, like losing lidar data due to an obstruction or a radar sensor being damaged by debris.
Aurora’s self-driving semi-trucks and passenger vehicles are being developed with a Fault Management System that is designed to bring the vehicle to safety in the event of a fault, helping to keep passengers and other road users out of harm’s way.
Principle 3: Continuously Improving
While we’re moving quickly toward commercializing our self-driving technology, our safety work doesn’t end at the launch of our autonomous trucking and ride-hailing products. Instead, we are committed to Continuously Improving – constantly enhancing our software, hardware, and support services to increase the safety of our vehicles.
In practice, this means leveraging our Safety Management System (SMS) to manage safety risk and find opportunities to improve our technology even in environments where it already performs well. We hone our capabilities around the clock by actively testing our technology in simulation. We also collect data on how our technology performs in the real world and where it could be refined by driving autonomously on commercial freight routes in Texas every day.
Principle 4: Resilient
Just as Fail-Safe means that our vehicles must be able to respond to a system fault while on the road, Resilience reduces our technology’s vulnerability to tampering or misuse.
We consider the ways an outside entity could seek to compromise our technology – whether through human error, cyber attacks, or malicious actions – and design our system to respond to these situations, to mitigate any issues, and to continue operating safely. This includes working with public safety officials to establish best practices for responding to autonomous vehicle emergencies by sharing key training and information through, for example, our first responder guides.
Principle 5: Trustworthy
Building safety into the core of our self-driving technology is essential, but ultimately we need to earn the public’s trust in order to deploy it broadly. This is the foundation of our Trustworthy principle, which describes how our safety culture must support dependable and responsible autonomous vehicle development.
At Aurora, our safety culture is built on the SMS and best practices of other safety-critical industries, like aviation, nuclear, and rail. We empower our team members to speak up about safety concerns and we work quickly to resolve flagged issues and institutionalize the learnings. We also strive to be transparent in sharing our development approach with the public through technology, product, and progress updates on our website, blog, and social media channels.
As part of our commitment to Trustworthiness, we also established an external Safety Advisory Board of esteemed transportation leaders, published a Voluntary Safety Self-Assessment with significant details about our operations, engage with key transportation stakeholders, and frequently speak at transportation events, conferences, and workshops about where our industry can be safer.
Conclusion
We’ve built our Safety Case Framework and each of its five supporting principles to guide responsible development of autonomous vehicle technology. Each principle is supported by multiple claims and will be substantiated by hundreds of pieces of evidence. Only by validating our system with hardened evidence through this process can we build confidence in the Aurora Driver’s ability to safely operate on public roads without a human driver.
This article was originally published by Aurora Innovation Inc..
