JARUS SORA: Using the SORA Methodology for Risk Mitigation

Aug 13, 2021

by Daniel Jenkins, Aviation Policy Manager at Iris Automation

Here’s a high level introduction to the Joint Authorities for Rulemaking of Unmanned Systems (JARUS) Specific Operations Risk Assessment (SORA), a risk mitigation and assessment methodology for UAS operations. 

We’ll touch on Specific Assurance and Integrity Levels (SAIL), and what those levels mean, the Operational Safety Objectives or OSOs, and how those work with the SAIL score, and how the SORA is viewed by regulators in relation to being an acceptable means of compliance.

What is “risk”?

First off, let’s dig into the definition of risk in this context. First and foremost, it is ‘an occurrence;’ either something that has happened that was not supposed to happen, or something that does not happen that was supposed to happen, and that occurrence affects some type of ‘harm’. For the SORA, these are specific harms, not chronic harms. Chronic harms are things that take place over a longer period of time, such as toxic emissions. Specific harms are things like loss of property, loss of life, and/or loss of limb. 

The two components of harm are frequency and severity. Frequency is ‘how often does an occurrence result in harm?’, often expressed as a probability or as a function of X incidents per flight hour (typically one in a million or one in a billion). On the severity side, it is ‘how severe is the outcome given that a harm occurs?’, and again that’s loss of property, loss of life, and/or loss of limb, and not chronic harms. These risks can occur in the air or on the ground, and how the SORA tackles those is with the air risk class (ARC) and ground risk class (GRC).

Core components of risk assessment

Next up we’ll look at the core components of how a risk actually gets assessed. First, you’re looking at a concept of operations (CONOP). This is the document that describes all of the procedures for an operation: location, platform, what you’re going to do, where you’re going to do it, how you’re going to do it. With all of this information encapsulated, a CONOP serves as a good core for being able to assess the risk associated with that operation. 

Risk types typically split into two groups—ground risk and air risk. Ground risk for the JARUS SORA has two key components: UAS characteristic dimensions, such as wingspan or kinetic energy, and the operational scenario, such as whether you’re operating Beyond Visual Line of Sight (BVLOS) over a rural area, or operating over a heavily populated area and/or a gathering of people. Air risk is determined using a breakdown of airspace classification (the altitude level that you’re at) and population density. 

Using the Air Risk Class and the Ground Risk Class, a flowchart created by JARUS is used to generate the generalized SAIL score for the entire operation.This score is really just a number assigned with the generalized risk class so that you can appropriately assess the risk mitigation strategies needed. For example, you probably don’t need ground-based radar with a parachute or other expensive mitigations in place if you’re flying over an unpopulated rural farm.

So what we have here is pulled from the JARUS SORA package and this is how, at a rough level, ground risk is initially assigned. Intrinsic ground risk class means that it’s before any sort of risk mitigation, which we’re not going to get into, as those are a little bit more complex than we have space to discuss here. At a high level, these items are what is considered in assigning that ground risk class. If we are looking at a three meter wingspan aircraft flying visual line of sight over a sparsely populated area, you would follow the columns and rows, and it matches up to a Ground Risk Class of 3.

Next we have the Air Risk Class. Again, looking at an operation in uncontrolled airspace over a sparsely populated area we can follow this flowchart down the left side, all the way to the bottom where it says OPS under 500 feet AGL,’ which is where the vast majority of drone operations are taking place. Then if we follow that all the way across to ‘uncontrolled airspace over a rural area’ you can see that it matches up to an ARC of B.

Taking those two pieces of information, we can assess that the SAIL for the GRC of 3 and ARC of B comes out to a SAIL of 2, which is very typical for your very low risk operations. If you again refer to the chart on the left side, you can see that SAIL 1 only occurs in ARC A for a GRC of under 2, and ARC A is atypical air space, i.e. restricted airspace where you have special permissions that say, effectively, nobody else is going to be there. And that is a little bit outside the scope of the types of operations that most people are conducting right now, but for your rural operation, SAIL 2 is typically where these operations fall. Sometimes SAIL 3 if it’s a little bit of a bigger aircraft. 

Operational Safety Objectives (OSOs)

Using these two charts now, once you’ve assigned that SAIL, then you can get into the OSOs. SORA contains a breakdown of those SAILS and how they map to required OSOs. There are 24 OSOs that each have a required robustness level. Robustness, specifically, is calculated using integrity and assurance, and every OSO will have a breakdown of the required integrity and required assurance. The robustness is the lowest of those two; you take integrity, which is ‘how well do you mitigate the risk’ and assurance, which is ‘how confident the regulator can be that what you are saying mitigates the risk actually does mitigate that risk.’ So robustness then becomes the lowest combination of those two. If you have a high assurance but a low integrity, then it will be a low robustness. If they’re both medium it would be medium, and so on. Each SAIL score 1 through 6 maps to a certain robustness level for each of those OSOs. 

The first two (OSO #1 and #2) here are ensuring that the operator is competent and ensuring that the UAS manufacturer is competent. Referring back to that SAIL 2 that we had earlier, you can see here for OSO 1 we just need a low robustness, with L being low, M being medium, and H being high. With that low robustness, we could have a fantastic set of standard operating procedures and a flight operations manual which go to supporting this operator competence, and if those are high but our assurance is low, where it’s self-reported (in the specific example of OSO #1), then that becomes a low robustness. For OSO 2 you can see that it is O or optional. So for SAIL 2 very low risk operations, you don’t necessarily need an aircraft that has been manufactured to certain specifications. This allows for a home-built foam aircraft to conduct these kinds of missions: visual line of sight over a sparsely populated area is very standard part 107 operations and you don’t need special certification to do those kinds of things. So I hope that that gives a really good kind of high-level summary of how the OSOs and SORA work, and so now we’re going to talk about how that fits in as an acceptable means of compliance.

“Acceptable Means of Compliance”

I’m gonna look at North America and the European Union specifically, as those are my areas of expertise. Within North America, the FAA has acknowledged that the SORA is acceptable as the operational risk assessment, but there’s additional items needed on top of that to get an actual operational approval. This is a little bit different from it being an acceptable means of compliance for an approval, as you do need those extra components that the FAA evaluates. Transport Canada has taken the JARUS SORA and slightly modified it and released it as AC 903-001. They view this as an acceptable means of risk assessment, but not necessarily the only means, and you wouldn’t want to follow the JARUS SORA package, you would want to follow AC 903-001, as it does have different caveats in there for Transport Canada operations. On the European Union side, the operational risk assessment required by Article 11 of UAS regulation is based on the JARUS SORA. They effectively did what Transport Canada did, which is modify it, and it is detailed in the Acceptable Means of Compliance (AMC1) as a means of compliance for this operational risk assessment. Again, it’s a slight modification of the JARUS SORA, but at the level of everything that I’ve covered today it’s all the same.

Still chave questions? Iris Automation’s Regulatory Resource Center has all the information, tools, and expertise you need to navigate risk assessment and means of compliance for your drone program. And make sure you check out our ‘Ask Me Anything’ webinar on Demystifying the JARUS SORA.