What is a safety case?
With over 90% of road collision on roads being due to human error, it goes without saying that safety is one of the most important factors for enabling the development and deployment of Connected and Automated Mobility (CAM) technologies and solutions.
However, as these technologies emerge, two questions arise: how do we ensure that these technologies are developed in a way that is safe for organisations conducting trials, as well as the public? And how can a test facility or highways authority be reassured that key safety matters have been considered?
That’s where a safety case comes in. A safety case is a vital tool, or collection of documents, that clearly demonstrate how safety and security has been managed and assessed. All safety evidence is documented such that there is a ‘single source of the truth’ defining the risks, mitigations and evidence.
There is much work still to be done in the future as we transition from trials to full-scale deployment of CAM solutions, with type approval of automated driving systems and regulation of CAM operators, but these can build upon the experience and expertise gained through the safe and secure trials taking place right now.
How can CAM Testbed UK help? The Safety Case Framework: The Guidance Edition reports, developed by CAM Testbed UK, enables safety to be delivered in a high quality and consistent manner across testing and trial deployments of CAM services in the UK. This guidance brings together expert knowledge from organisations who have been leading on development and delivery of connected and automated technologies, to provide a concise and authoritative guide to best practice in this emerging market.
Our website has now been updated with additional assets to support the creation or review of a safety case. The new assets include a walkthrough of our recent workshops slides, a non-technical explainer as well as further templates that can be used.
What goes in a safety case?
The safety case is a body of information, often made up from multiple documents, that demonstrates safety in the following sub-areas:
- System safety – ensuring the system itself is safe. This includes consideration of the autonomous control system and the base vehicle it is operating within.
- Operational safety – ensuring safe procedures are in place during the trial. In particular, it is important to ensure that any safety operator involved in the trial is suitably trained and competent.
- Security – ensuring risks presented from accidental or deliberate outside interference are managed. This includes consideration of physical security and of cybersecurity.
The safety case should also include processes to manage the ongoing safety of the trial, such as incident reporting and triggering updates to the safety processes. Finally, it is important to include a ‘safety argument’; this is an explanation of how the information presented fits together such that, when taken as a whole, it indicates that the trial is acceptably safe. As such, this essential element brings together all the other safety case components, helping the reader to understand the value of each and demonstrating that there are no gaps in the safety assurance.
In practice, compiling sufficient evidence to show that a system is safe, including detailed analysis of the system design and comprehensive test evidence, tends to be impractical within the time and resource limitations of R&D. As such, trials typically rely upon controlling the environment and/ or upon the ability of a safety operator to intervene, in order to mitigate against the risks posed by systems that are not yet production-ready.
This shows how two alternative approaches can be taken within any of the components of the safety case:
- Provide evidence to show an absence of unacceptable risks, such as test evidence showing that the vehicle is able to react appropriately to any situation it could reasonably be expected to encounter on a particular test route
- Provide mitigations to compensate for not being able to evidence a lack of risk, such as using a safety operator to mitigate against lack of certainty that the vehicle would react safely to any permutations that could occur on public roads.
Safety cases provide a level of flexibility such that trialling organisations can develop a way of demonstrating safety that is specific to the challenges of a particular trial. Given the wide array of CAM technology and use cases, this flexibility supports the ability to test safely whilst avoiding undue burden.
We look forward to sharing more information with you as the Interoperable Simulation project develops. Sign up to our newsletter to be notified of these updates.