Search for a command to run...
This paper outlines a systematic approach to tackle the creation of a safety case for Automated Driving Systems (ADS) that operate without a driver. A safety case is a formal way to explain how an ADS developer determines that its system is safe enough to be deployed on public roads without a human driver, and it includes evidence to support that determination. It involves an explanation of the system, the methodologies used to develop it, the metrics used to validate it and the actual results of validation tests. Yet, in order to develop a worthwhile safety case, it is first important to understand what makes it credible and well crafted, and align on evaluation criteria. This paper helps enable such alignment by providing foundational thinking into not only how a system is determined to be ready for deployment but also into justifying that the set of acceptance criteria employed in such determination is sufficient and that their evaluation (and associated methods) is credible. The presentation is anchored around the acknowledgement that absolute zero risk is unattainable, framing the definition of safety around the notion of "absence of unreasonable risk" in accordance with state of the art safety standards. The publication is structured around three complementary perspectives on safety: a layered approach to safety; a dynamic approach to safety; and a credible approach to safety. Each perspective focuses on the principles and methodological approach, rather than specific results that are often proprietary and this paper does not feature a full safety case nor the evidence to support it. While centered around the example of a SAE Level 4 ADS, the proposed approach is technology- and methodology-agnostic, making it adaptable for use in whole or in part by any entity in the field.