DRONE RISK ASSESSMENT - MyDroneGuide

The drone safety risk assessment is an instrument used to identify and assess safety hazards for drone operations. This safety risk assessment includes actions for mitigating the predicted probability and severity of the consequences or outcomes of each operational risk. A drone safety risk assessment makes safety risks measurable so that risks can be better controlled.

It is important to evaluate factors such as weather conditions, flight location, equipment malfunction, human error, and regulatory compliance to ensure safe drone operations.

Safety risk assessment is the fundamental principle of safe drone operations and a tool for continuous improvement

Safety risk assessment for drone operation

The drone safety risk assessment, based on a systematic approach from safety hazard identification to risk management, ensures the maintenance of the required safety standards for drone operations.

By performing a safety risk assessment, the commercial industry could help in advance to identify drone operation safety hazards.

The European Aviation Safety Agency (EASA) will require a documented safety risk assessment performed by the operator and a manual of operations, which lists the risk mitigation measures for all unmanned drones with ‘specific’ operation purposes (as per EASA A-NPA 2015-10).

The Federal Aviation Authority (FAA) requires a preflight assessment including risk mitigation actions so that small unmanned aircraft will pose no undue hazard to other aircraft, people, or property in the event of a loss of control or other safety hazards (as per FAA NPRM RIN 2120-AJ60).

UAV safety risk assessment phases

Drone Industry Insights presents a four-phase model of a UAS safety risk assessment.

Phase I – Safety Hazard Identification

Occurrences such as near misses or latent conditions, which led or could have led to drone operational flight safety harm, will be identified.

Drone safety hazards are separated into “active failures” and “latent conditions”, both of which occur or might occur during flight operations. Active failures are actions including errors and violations that have an immediate effect. Generally, they are viewed as unsafe acts. Active failures are generally associated with front-line personnel (pilots, air traffic controllers, engineers, and so on). Latent conditions are those that exist in the UAV system well before a damaging outcome is experienced. Initially, these latent conditions are not perceived as harmful, but could become evident once the system defenses are breached People removed in time and space from the event generally create these conditions.

Safety hazard identification methodologies

Reactive: This methodology involves analysis of past outcomes or events. Hazards are identified through investigation of safety occurrences. Incidents and accidents are clear indicators of system deficiencies; therefore, they can be used to determine the hazards that contributed either to the event or to the latent.
Proactive: This methodology involves an analysis of existing or real-time situations during drone operations.
Predictive: This methodology involving data gathering is used to identify possible negative future outcomes or events during drone operation, analyze system processes and the environment, identify potential future hazards, and initiate mitigating actions (e.g. FMEA).

The following methods can be used to identify safety hazards:

Flight Operations Data Analysis (FODA)
Flight Reports
Maintenance Reports
Safety and Quality Audits / Assessments
Voluntary reporting of Incidents/accidents/near misses
Mandatory accident reporting to the competent authority
Brainstorm acc. to Failure Mode Effects Analysis (FMEA)
Surveys

Phase II – Safety Risk Assessment

All identified hazards will be assessed, according to the operational risks severity and operational risk probability.

The second phase of the drone risk assessment measures the projected probability and severity of the consequences of the identified safety hazards of drone operation. This phase presents the fundamentals of safety risk management.

Drone safety risk probability

The safety risk probability is defined as the likelihood or frequency that the consequence of a safety hazard might occur. The probability must be categorized into criteria such as numbers. These numbers should be assigned to each probability level.

Likelihood	Detail (Example)	Value
Frequently	Likely to occur many times or has occurred frequently (“five times during operation”)	5
Occasional	Likely to occur sometimes or has occurred infrequently (“Every second operation”)	4
Remote	Unlikely to occur, but possible or has occurred rarely (“I know it from some events”)	3
Improbable	Very unlikely to occur or not known to have occurred (“it happened once and I heard about it from other operator”)	2
Extremely improbable	Almost inconceivable that the event will occur (“never happend”)	1

Drone safety risk severity

The safety risk severity is defined as the extent of harm that might reasonably occur as an outcome of the identified safety hazard. The severity assessment can be based on injuries (persons) and/or damages (Drones and buildings, power lines, or the cost dimension).

The worst foreseeable situation should be taken into account.
The severity must be categorized in quantifiable criteria such as numbers.
These numbers should be assigned to each probability level.

Severity	Detail (Example)	Value
Catastrophic	Death to people; Drone, equipment or buildings destroyed	E
Hazardous	Serious injury to persons; major equipment or buildings damage	D
Major	Injury to persons; Further operation not possible without major adjustments	C
Minor	Minor incident to persons; Minor effect on system performance	B
Negligible	No injury to persons; Minor consequences on system	A

Safety risk acceptance

The third step in the drone safety risk assessment process is to determine the safety risks that require action. The safety risk acceptance indicates the combined results of the safety risk probability and safety risk severity assessments.

Safety risk probability values are labeled 1, 2, 3, 4, 5
Safety risk severity values are labeled A, B, C, D, E

5	5A	5B	5C	5D	5E
4	4A	4B	4C	4D	4E
3	3A	3B	3C	3D	3E
2	2A	2B	2C	2D	2E
1	1A	1B	1C	1D	1E
	A	B	C	D	E

Example of safety risk assessment matrix

The drone safety risk matrix can be customized according to the operator’s safety policy. For example, 5D and 5E are not acceptable.

This Safety Risk Index (SRI) can be used as an Indicator for statistical data acquisition and for a “before/after comparison” to measure the efficiency of drone safety risk management.

Phase III – Safety Risk Mitigation

According to the operational risk acceptance level, risk mitigation action will be defined. This drone safety risk mitigation explains the approach to react to unacceptable or tolerable UAV safety risks. It is a systematic reduction of the risk severity and the probability of its occurrence.

Drone safety risk acceptance level

Unacceptable – the probability and/or severity of the consequence is intolerable. Major mitigation or redesign of the system is necessary to reduce the probability or the severity of the consequences of the safety hazard to an acceptable level.
Tolerable level – the consequence and/or likelihood is of concern; measures to mitigate the risk to a reasonably low level should be sought for. This risk can be tolerated if the risk is understood and if it has an endorsement within the organization.
Acceptable level – the consequence is very unlikely or not severe enough to be of concern. The risk is tolerable and the safety objective has been met. However, consideration should be given to reducing the risk further to a reasonably practical level.

Drone safety risk mitigation actions

Corrective actions – Actions with an immediate effect for the safety hazard.
Preventive actions – Actions that have a long-term effect on the safety hazard to mitigate the risk to an acceptable level.

Phase IV – Safety Documentation

Not only the results but also the whole UAS safety risk assessment process should be documented to ensure continuous safety assurance. Here are some recommendations:

Set up a drone safety risk database including safety hazards and mitigation actions.
Establish a risk monitoring procedure.
Establish voluntary and mandatory reporting systems.
Establish a safety culture.

Drone Safety Hazards

List of possible safety hazards in drone operations, for example –

High loss of altitude
Loss of control
Loss of transmission
Collision with manned, unmanned aircraft or buildings, power lines
Partial failure or loss of navigation systems
Severe weather or climatic events
Existence of corrosion
Pilot unfamiliar with area
Rotor failures
Take-off and landing incidents as undershooting or overrunning

Rules for conducting an operational risk assessment

According to Article 11 of the UAS Regulation (EU) 2019/947, The assessment shall propose a target level of safety, which shall be equivalent to the safety level in manned aviation, in view of the specific characteristics of UAS operation.

An operational risk assessment shall:

describe the characteristics of the UAS operation;
propose adequate operational safety objectives;
identify the risks of the operation on the ground and in the air considering all of the below:
- the extent to which third parties or property on the ground could be endangered by the activity;
- the complexity, performance and operational characteristics of the unmanned aircraft involved;
- the purpose of the flight, the type of UAS, the probability of collision with other aircraft and class of airspace used;
- the type, scale, and complexity of the UAS operation or activity, including, where relevant, the size and type of the traffic handled by the responsible organisation or person;
- the extent to which the persons affected by the risks involved in the UAS operation are able to assess and exercise control over those risks.
identify a range of possible risk mitigating measures;
determine the necessary level of robustness of the selected mitigating measures in such a way that the operation can be conducted safely. The robustness of the proposed mitigating measures shall be assessed in order to determine whether they are commensurate with the safety objectives and risks of the intended operation, particularly to make sure that every stage of the operation is safe.

The description of the UAS operation shall include at least the following:

the nature of the activities performed;
the operational environment and geographical area for the intended operation, in particular overflown population, orography, types of airspace, airspace volume where the operation will take place and which airspace volume is kept as necessary risk buffers, including the operational requirements for geographical zones;
the complexity of the operation, in particular which planning and execution, personnel competencies, experience and composition, required technical means are planned to conduct the operation;
the technical features of the UAS, including its performance in view of the conditions of the planned operation and, where applicable, its registration number;
the competence of the personnel for conducting the operation including their composition, role, responsibilities, training and recent experience.

The identification of the risks shall include the determination of all of the below:

the unmitigated ground risk of the operation taking into account the type of operation and the conditions under which the operation takes place, including at least the following criteria:
- VLOS or BVLOS;
- population density of the overflown areas;
- flying over an assembly of people;
- the dimension characteristics of the unmanned aircraft;
the unmitigated air risk of the operation taking into account all of the below:
- the exact airspace volume where the operation will take place, extended by a volume of airspace necessary for contingency procedures;
- the class of the airspace;
- the impact on other air traffic and air traffic management (ATM) and in particular:
  - the altitude of the operation;
  - controlled versus uncontrolled airspace;
  - aerodrome versus non-aerodrome environment;
  - airspace over urban versus rural environment;
  - separation from other traffic.

The operational risk assessment required by Article 11 of the UAS Regulation (EU) 2019/947 may be conducted using the methodology called Specific Operations Risk Assessment (SORA) developed by JARUS. Other methodologies might be used by the UAS operator as alternative means of compliance.

About JARUS

In 2007, Joint Authorities for Rulemaking on Unmanned Systems (JARUS) was formed as a worldwide group of regulatory experts from the Authorities. Its purpose is to recommend a single set of technical, safety and operational requirements for all aspects linked to the safe operation of UAS.

JARUS is a group of experts from the National Aviation Authorities (NAAs) and regional aviation safety organizations. JARUS recommends technical, safety, and operational requirements to safely integrate Unmanned Aircraft Systems (UAS) into aviation. JARUS provides guidance material to facilitate each authority to write their own requirements and avoid duplicated efforts.

Specific Operations Risk Assessment (SORA)

The SORA serves as a means of evaluating risks for the purpose of determining the acceptable UAS operations. It is a methodology of assessing risk in the specific category of drone operations.

This SORA is based on the document developed by JARUS, providing a vision on how to safely create, evaluate and conduct an unmanned aircraft system (UAS) operation. The SORA provides a methodology to guide both the UAS operator and the competent authority in determining whether a UAS operation can be conducted in a safe manner. The document should not be used as a checklist, nor be expected to provide answers to all the challenges related to the integration of the UAS in the airspace. The SORA is a tailoring guide that allows a UAS operator to find a best-fit mitigation means, and hence reduce the risk to an acceptable level. For this reason, it does not contain prescriptive requirements, but rather safety objectives to be met at various levels of robustness, commensurate with the risk.

The SORA is meant to inspire UAS operators and competent authorities and highlight the benefits of a harmonized risk assessment methodology. The feedback collected from real-life UAS operations will form the backbone of the updates in the upcoming revisions of the document.

The purpose of the SORA is to propose a methodology that is to evaluate the risks and determine the acceptability of a proposed operation of a UAS within the ‘specific’ category. This is an acceptable means of compliance with the UAS Regulation.

The methodology is based on the principle of a holistic/total system safety risk-based assessment model used to evaluate the risks related to a given UAS operation. The model considers the nature of all the threats associated with a specified hazard, the relevant design, and the proposed operational mitigations for a specific UAS operation. The SORA then helps to evaluate the risks systematically, and determine the boundaries required for a safe operation. This method allows the applicant to determine the acceptable risk levels, and to validate that those levels are complied with by the proposed operations. The competent authority may also apply this methodology to gain confidence that the UAS operator can conduct the operation safely.

Through a SORA, you can obtain a value called SAIL (Specific Assurance Integrity Level) resulting from the combination of Ground Risk Class (GRC), Air Risk Class (ARC), and its corresponding mitigations applied. Depending on the SAIL index obtained, the operation will be considered more or less risky:

Low Risk (SAIL I and II)
Medium Risk (SAIL III and IV)
High Risk (SAIL V and VI)

To properly understand the SORA process, it is important to introduce the key concept of robustness. Any given risk mitigation or operational safety objective can be demonstrated at differing levels of robustness. The SORA proposes three different levels of robustness: Low, Medium and High, commensurate with risk.

The robustness designation is achieved using both the level of integrity (i.e. safety gain) provided by each mitigation, and the level of assurance (i.e. method of proof) that the claimed safety gain has been achieved. These are both risk-based.

General guidance for the level of assurance is provided below:

A Low level of assurance is where the applicant simply declares that the required level of integrity has been achieved.
A Medium level of assurance is one where the applicant provides supporting evidence that the required level of integrity has been achieved. This is typically achieved by means of testing (e.g. for technical mitigations) or by proof of experience (e.g. for human-related mitigations).
A High level of assurance is where the achieved integrity has been found acceptable by a competent third party.

The SORA process

The SORA focuses on the assessment of ground and air risk. In addition to air and ground
risks, an additional risk assessment of critical infrastructure should also be performed. There are ten steps supporting the SORA methodology.

It is a 10 steps process starting with the description of the operation and the evaluation of ground risk and air risk:

Step #1: ConOps Description
Step #2: Determination of the intrinsic UAS Ground Risk Class (GRC)
Step #3: Final GRC Determination
Step #4: Determination of the Initial Air Risk Class (ARC)
Step #5: Application of Strategic Mitigations to determine Residual ARC (optional)
Step #6: Tactical Mitigation Performance Requirement (TMPR) and Robustness Levels
Step #7: SAIL (Specific Assurance and Integrity Levels) determination
Step #8: Identification of Operational Safety Objectives (OSO)
Step #9: Adjacent Area/Airspace Considerations
Step #10: Comprehensive Safety Portfolio