Defining safety in the self-driving space and communicating that definition in a way that is transparent and thoughtful is an ongoing effort in the industry. Anyone who doesn’t live and breathe autonomous technology like we do might understandably be skeptical of this new and evolving space. Though many experts agree that autonomous vehicles will make our roads safer, to some, the idea of a self-driving vehicle may be incomprehensible or disconcerting. We believe that in order to quickly and broadly see the safety benefits of deploying self-driving vehicles on the road, autonomous vehicle companies like Aurora have a responsibility to be exceptionally transparent. That is why we are so vocal about our commitment to not deploying an autonomous product until we have a strong, evidence-based argument for the safety of our technology.
So, in the interest of transparency and accountability, today we are sharing a closer look at the work that underpins our development of safe self-driving technology.
A quick recap
Our Safety Case Framework, as we’ve outlined before, provides a comprehensive safety argument that addresses developmental and commercial products we create and operate on public roads. It consists of hundreds of safety claims and thousands of pieces of evidence that support the safety argument we make to satisfy the top-level claim that our self-driving vehicles are acceptably safe for operation on public roads.
Phase 1. Tailoring
We tailor individual Safety Cases from our Safety Case Framework for various self-driving vehicle forms, fits, or functions. This includes when we begin using a new vehicle platform (such as Paccar’s Peterbilt 579 and Kenworth T680 trucks, Volvo’s VNL truck, and Toyota’s Sienna Autono-MaaS minivan) for testing autonomous operations on public roads with operators behind the wheel. It also includes whenever we move on to a new operational mode, such as moving from autonomous operations with an operator to autonomous operations without an operator.
To tailor a Safety Case, we identify the specific claims that are pertinent to a given operational context, such as autonomous operations on a public road with an operator behind the wheel (this Safety Case consists of approximately 200 claims), autonomous operations on a public road without an operator behind the wheel (this one consists of almost 500 claims), and autonomous operations by customer-owned and -operated vehicles on a public road without an operator behind the wheel (approximately 550 claims).
While we do conduct manual operations on public roads and autonomous operations on closed tracks with an operator behind the wheel, in both of these operational contexts we manage safety risks differently given the type of missions they are (like mapping) or the absence of other road actors or members of the public. In the next post in this series, we’ll discuss why we address the safety of these operations with Safety Checklists.
Once we’ve determined which claims make up a particular Safety Case, each claim is assigned to a team within Aurora, which is then tasked with producing evidence to satisfy the claim.
Phase 2. Gathering evidence
Because safety is a part of everything we do at Aurora, teams from across the company are responsible for creating and compiling different kinds of evidence.
For example, in completing our safety case for autonomous operations on public roads with an operator behind the wheel, our product and engineering teams developed processes and generated performance reports as they worked to develop and release the Aurora Driver capabilities we’ve outlined as necessary for autonomously handling our commercial routes. Our operations teams developed vehicle and terminal operator training procedures, hazard mitigation efforts and results, and incident response procedures. And our government relations team developed our data collection and reporting processes for, as well as continued to refine Aurora’s relationships with, local, state, and federal stakeholders.
In conducting these efforts, teams also had to provide traceability as evidence of their fulfillment of the appropriate claim according to our internal standards of quality and safety sufficiency.
Phase 3. Assessment
Once a team is confident in the evidence they have compiled, we assess that evidence to determine whether it sufficiently satisfies a claim in the context of a given Safety Case application. This same process applies to each claim in a Safety Case.
For visibility among our leadership team, each quarter, we present the status of our Safety Cases to our Safety Review Board. We discuss assumptions, dependencies, or limitations, as well as open findings, recommendations, and implementation timelines.
Our Safety Review Board, which is made up of a group of senior leaders and executives empowered to approve or reject Safety Cases, decides whether to move forward with planned operations within the defined scope of a completed Safety Case, whether it’s necessary to outline any conditional provisions or restrictions for operations, or whether planned operations should be postponed.
Safety is our priority. Aurora’s safety strategy is rooted in a strong safety culture and built around a transparent approach to operational and developmental safety via our Safety Case Framework. We hold ourselves accountable to a high standard of safety by tying work we do across the company to our Safety Cases.
We are diligently and rigorously addressing the claims that make up the Aurora Driver Safety Case as we work toward our Aurora Driver Ready milestone. Look forward to more updates in the coming year.
