Safe & Sora
After winning the safety award at the Lake Kivu Challenge, in a three part series we dive into the reliability of our Avy Aera drone and what that means for the team. Part 1 explores the FMEA, SORA and Safety by Design principle adopted by Avy and the team's overall commitment to safety.
Why is safety important at Avy?
To anyone, safety is the most basic principle of flying. One will go into an Airbus A330 without a doubt in their mind that they will reach their destination. When talking about drones, however, safety concerns may arise when the thought of a future with (medical) delivery drones pops up. Some may question their safety and others may be concerned that drones will be invasive once integrated into airspace. This is why drone companies must take into account the worries of the public, demonstrate that drones can also be used for good causes, show transparency and commit to safety.
Avy was granted the safety award during the Lake Kivu Challenge, a global drone competition held in Rwanda, putting drone operators and manufacturers in real-life scenarios with beyond visual line of sight (BVLOS) flights to deliver medical goods to an island. We’re proud that our Avy Aera was recognised as the safest aircraft, as well as the safety protocols led by our Avy team on the ground.
We pioneer in sustainable aviation and see ourselves as more than a drone company. We’re aware that drones may be considered risky, which is why safety is taken seriously and a core value at Avy. Being a drone manufacturer and operator, our efforts are guided by the EASA (European Union Aviation Safety Agency) regulations and the SORA (Specific Operations Risk Assessment) approach, a multistage process of risk analysis for unmanned aircraft operations, that helps to define necessary mitigations and levels of robustness. This combination of aircraft design and operations governs the requirements for Avy as an organisation and brings added value to the thought process behind every aircraft, such as the “Safety by Design principle”.
In a three-part safety series, we want to shed light into why we value safety at Avy and how it’s implemented within the company and our drones. In this blog, we’ll explore the fundamentals behind the design of our aircraft.
Safety by design principle
To use a drone for commercial purposes, and in Avy’s case for medical deliveries or first response missions, our operations are subject to compliance. We have applicable limitations, technical requirements and operational restrictions to follow. From a technical point of view, safety is the benchmark for our whole design process at Avy and number 1 variable when building the aircraft - from beginning to end.
Designing and building a safe aircraft can be done in a number of ways, but Avy uses the Safety-by-Design principle as a starting point and incorporates the FMEA (Failure Mode and Effect Analysis) to guide along the design process. It’s a process of reviewing all components, assemblies, and subsystems to identify potential failure modes in the aircraft and their causes and effects. As stated by Ben, our CTO:
We’ve come across potential failure modes and had to learn it the hard way. Early on in our design process we made many mistakes. Building an aircraft is hard, and a simple mistake can cost you a drone. We’ve lost prototypes over not wiring things correctly or not properly communicating over a change in software. We test in a secluded area, we crash, and we learn. We know mistakes happen, but now have the checks and balances in place throughout our design, manufacturing and flight testing procedures to catch those mistakes. We also assume failure of components, but design for other systems to take over their functionality, so that a single failure can not directly lead to a crash.
We implement FMEA into our design and use the SORA framework for our desired operations, to see what the risk of a failure occurs and its impact. SORA is a regulatory framework established by the EASA with applicable limitations and operational restrictions, that ensures the drone is safe for operations. It’s a methodology to identify the air risk and ground risk for a certain operation, and to define technical (aircraft) and operational (procedures) measures needed in order to mitigate the risks involved and achieve an acceptable level of compliance to conduct the operation.
The ground and air risks as well as operational safety objectives evaluated previously will output a Specific Assurance and Integrity Level (SAIL). The SAIL determines the level of robustness required for the operational safety objectives (OSO), and represents the level of confidence that the drone operation will remain under control. Any given risk mitigation or operational safety objective can be demonstrated at differing levels of robustness : Low - Medium - High. Robustness is achieved through calculating the level of integrity (safety gained for each objective) provided by each mitigation and level of assurance (method of proof), that the claimed safety gained has been achieved.
To align ourselves with the technical requirements, it’s critical to find the right mitigations and look at it from 2 sides: technological and operational. From a technological perspective, we make sure we build our aircraft in such a way that the risk is low enough, making it possible to fly anywhere (if permitted under current EASA regulations).
Aera's fallback systems
There are a number of ways airworthiness is guaranteed for an aircraft. The main one being redundancy, which is defined as the duplication of critical components or functions of a system. Within all our Avy aircraft, we are making everything that is flight critical and the components needed for safe flight, to be redundant and have their own fallback systems. Some examples include:
- Elevons: These are the aircraft control surfaces that combine the functions of the elevator and the aileron, used for pitch and roll control of the aircraft. Elevons help to stabilise and control the aircraft. The Avy Aera has two independent elevons on both sides. In case of a failure, the second elevon continues to work and the aircraft maintains controllability.
- Separate Propulsion Systems: Aera packs two separate propulsion systems on-board. One for forward flight and one for multicopter flight. If anything happens during forward flight, we always have our 'quadchute' to fall back on - a quadchute is the mechanism where the multicopter motors power on, and bring the aircraft to a steady hover.
- C2 link: Command and Control (C2) at all times is vital to guarantee safety and controlling the aircraft. As our systems are designed to fly far and BVLOS, we cannot rely on range limited systems like ground based radio systems. We control our aircraft over a cellular link (LTE). As a backup we carry an iridium satellite link, like LTE this link is range independent. And while the satellite link does not provide the bandwidth for long range FPV (First Person View) footage, we are able to follow and control the drone.
Flying forward
A future with drones is inevitable, and public perception is everything to drive this forward. Our goal at Avy is to prove that drones can be used to help and contribute to lifesaving missions in a sustainable way. We partner up with trusted operators that have gained experience over decades and learn from them because we understand that drones may be seen as risky. This is also the reason we guarantee safety as a must at Avy - not only in the design of the aircraft but the protocols and measures taken to embed it at the core of our team.
Don’t miss out on the next edition of the Safety Series, focused on our operational mitigations and reliability of Avy operations, with a guest piece written by our Swiss software partner Auterion about their integration into the Avy Aera.
