BS EN 16603-70-11:2015 BSI Standards Publication Space engineering — Space segment operability BS EN 16603-70-11:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of EN 16603-70-11:2015 The UK participation in its preparation was entrusted to Technical Committee ACE/68, Space systems and operations A list of organizations represented on this committee can be obtained on request to its secretary This publication does not purport to include all the necessary provisions of a contract Users are responsible for its correct application © The British Standards Institution 2015 Published by BSI Standards Limited 2015 ISBN 978 580 86760 ICS 49.140 Compliance with a British Standard cannot confer immunity from legal obligations This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 January 2015 Amendments/corrigenda issued since publication Date Text affected EN 16603-70-11 EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM January 2015 ICS 49.140 English version Space engineering - Space segment operability Ingénierie spatiale - Opérabilité du segment spatial Raumfahrttechnik - Raumsegment-Bedienbarkeit This European Standard was approved by CEN on 24 November 2014 CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member This European Standard exists in three official versions (English, French, German) A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels © 2015 CEN/CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members Ref No EN 16603-70-11:2015 E BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Table of contents Foreword Introduction Scope Normative references Terms, definitions and abbreviated terms 3.1 Terms from other standards 3.2 Terms specific to the present standard .9 3.3 Abbreviated terms 14 3.4 Conventions 14 General requirements 15 4.1 Introduction .15 4.2 Observability 15 4.3 Commandability 15 4.4 Compatibility 16 4.5 Safety and fault tolerance .16 4.6 Flexibility 17 4.7 Testability .18 4.8 Deactivation 18 Detailed requirements 19 5.1 Introduction .19 5.2 Missionlevel 19 5.3 5.2.1 Security .19 5.2.2 Control functions .20 5.2.3 Uplink and downlink 20 Telemetry .21 5.3.1 Telemetry design 21 5.3.2 Diagnostic mode .23 5.4 Datation and synchronization 24 5.5 Telecommanding 25 BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) 5.6 5.7 5.8 5.9 5.5.1 Telecommand design 25 5.5.2 Critical telecommands .27 5.5.3 Telecommand transmission and distribution 27 5.5.4 Telecommand verification 28 Configuration management .29 5.6.1 Modes .29 5.6.2 Onboard configuration handling 30 Onboard autonomy 31 5.7.1 Introduction .31 5.7.2 General autonomy 31 5.7.3 Autonomy for execution of nominal mission operations 32 5.7.4 Autonomy for mission data management 33 5.7.5 Onboard fault management 33 Requirements specific to the telemetry and telecommand packet utilization standard 38 5.8.1 Application process and service design 38 5.8.2 Statistical data reporting 39 5.8.3 Memory management .40 5.8.4 Function management 41 5.8.5 Onboard operations scheduling 41 5.8.6 Onboard monitoring 42 5.8.7 Large data transfer 44 5.8.8 Telemetry generation and forwarding 44 5.8.9 Onboard storage and retrieval 44 5.8.10 Onboard traffic management 46 5.8.11 Onboard operations procedures 46 5.8.12 Eventtoaction coupling 47 Equipment and subsystemspecific 47 5.9.1 Onboard processors and software 47 5.9.2 Power supply and consumption 49 5.9.3 Telemetry, tracking and command (TT&C) 49 5.9.4 Attitude and orbit control 50 5.9.5 Mechanisms 50 5.9.6 Thermal control 51 5.9.7 Payload .51 Annex A (informative) Mission constants 52 Annex B (informative) Tailoring guide 54 BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Bibliography 75 Tables Table 5-1: Mission execution autonomy levels 32 Table 5-2: Mission execution autonomy levels 33 Table 5-3: Mission execution autonomy levels 34 Table B-1 : Tailoring guide 55 BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Foreword This document (EN 16603-70-11:2015) has been prepared by Technical Committee CEN/CLC/TC “Space”, the secretariat of which is held by DIN This standard (EN 16603-70-11:2015) originates from ECSS-E-ST-70-11C This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by July 2015, and conflicting national standards shall be withdrawn at the latest by July 2015 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association This document has been developed to cover specifically space systems and has therefore precedence over any EN covering the same scope but with a wider domain of applicability (e.g : aerospace) According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Introduction The operability of the space segment has an impact on total life cycle cost inasmuch as increased operability can increase development costs, but certainly decreases operations and maintenance costs Therefore, the adoption of specific operability goals for a given mission is decided by careful balancing of costs, risks, and schedules for both the development and the operations and maintenance phases The objective of this standard is to define operability requirements that: • ensure that the space segment can be operated in a safe and costeffective manner; • facilitate the tasks of preparation for, and execution and evaluation of, space segment checkout and mission operations activities; • facilitate the tasks of space segment suppliers when preparing a proposal in response to a request for proposal (RFP) BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Scope This Standard contains provisions for the design of onboard functions for unmanned space segments in order to ensure that the space segment can be operated inflight in any nominal or predefined contingency situation The requirements in this Standard are grouped in two clauses, containing general operability requirements and detailed operability requirements, respectively The general operability requirements can be applied to all missions, whilst the detailed operability requirements are only applicable if the corresponding onboard function is implemented The operability of the space segment to meet missionspecific requirements is outside the scope of this standard To support the users of this Standard in tailoring the requirements to the needs of their particular mission, Annex B contains a table that indicates, for each requirement, the potential impact of its omission This standard may be tailored for the specific characteristics and constraints of a space project, in conformance with ECSS-S-ST-00 BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Normative references The following normative documents contain provisions which, through reference in this text, constitute provisions of this ECSS Standard For dated references, subsequent amendments to, or revisions of any of these publications, not apply However, parties to agreements based on this ECSS Standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below For undated references the latest edition of the publication referred to applies EN reference Reference in text Title EN 16601-00-01 ECSS-S-ST-00-01 ECSS system – Glossary of terms EN 16603-50-03 ECSS-E-ST-50-03 Space engineering – Space data links – Telemetry transfer frame protocol EN 16603-50-04 ECSS-E-ST-50-04 Space engineering – Space data links – Telecommand protocols, synchronization and channel coding EN 16603-70-41 ECSS-E-ST-70-41 Space engineering – Telemetry and telecommand packet utilization EN 16603-70-11:2015 (E) Requirement Ground segment function Space segment safety 5.7.5.3i 5.7.5.4a X Space segment and mission degradation Ops impact X X X 5.7.5.4c X X 5.7.5.5b X X X X 5.7.5.5c X X 5.7.5.5d X X X X 5.7.5.6b X X 5.7.5.6c X X 5.7.5.6a X X Potential failure of recovery if faulty equipment is used 5.7.5.6d X X 5.7.5.6e X X 5.7.5.7a X X 5.7.5.7b Potential inappropriate entry of the space segment into survival states, which impacts the mission return X 5.8.1a 5.8.1b Inability of the ground to correct the onboard configuration in the event of performance degradation or onboard failures X 5.7.5.4b 5.7.5.5a Tailoring out implications X X X Loss of control of onboard processes in case of failures X 5.8.1c X 5.8.1d X Potential high complexity of the configuration control task on ground EN 16603-70-11:2015 (E) Requirement Ground segment function 5.8.1e X 5.8.1f X 5.8.1g X 5.8.1h X 5.8.1i X 5.8.1j X 5.8.1k X Space segment safety Space segment and mission degradation Ops impact Tailoring out implications Implementation of special ground processing functions and inability to reuse the standard infrastructure Implementation of special ground processing functions and inability to reuse the standard infrastructure This requirement can be relaxed for payload data, for which special processing is envisaged 5.8.1l X 5.8.1m X 5.8.1n X Potential high complexity of the configuration control task on ground 5.8.2a X Impact on long periods without ground coverage and on downlink efficiency 5.8.2b X 5.8.2c X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.2d X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.2e X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service EN 16603-70-11:2015 (E) Requirement Ground segment function Space segment safety Space segment and mission degradation Ops impact Tailoring out implications 5.8.2f X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.3a X Loss of flexibility to react to changes of the onboard performance and functions 5.8.3b X X 5.8.3c X X 5.8.3d 5.8.3e X X 5.8.3f X X 5.8.3g X X 5.8.3h X X 5.8.3i X X 5.8.3j X X 5.8.3k X X 5.8.3l X High complexity of the processing of dump data Risk of inconsistent onboard memory if there are no automatic onboard functions to check the consistency of the memory This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.3m X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.3n X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.3o X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service EN 16603-70-11:2015 (E) Requirement Ground segment function 5.8.3p Space segment safety Space segment and mission degradation Ops impact Tailoring out implications X 5.8.3q X X 5.8.4a X X 5.8.4b X X Implementation of special ground processing functions, if this functionality is provided and ECSS-E-ST-70-41 is not followed 5.8.5a X 5.8.5b X 5.8.5c X 5.8.5d X 5.8.5e X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.5f X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service X Risk of releasing commands in the wrong context, which can lead to hazardous situations 5.8.5g X Significant impact on the execution of the operations This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.5h X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.5i X 5.8.5j X Endangering of the safety of the space segment if the space segment autonomy is not ensured 5.8.5k X Potential inefficient use of the onboard operations schedule 5.8.5l X Potential sending of commands in the wrong context EN 16603-70-11:2015 (E) Space segment and mission degradation Ops impact 5.8.5m X X 5.8.5n X X Requirement Ground segment function Space segment safety 5.8.5o Potential sending of commands in the wrong context X 5.8.5p 5.8.5q Tailoring out implications X X X Potential entry of the space segment into a dangerous state X 5.8.5r X 5.8.6a X X Reduction of the onboard autonomy and potential inability to detect anomalies in time 5.8.6b X X 5.8.6c X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6d X X Risk of false anomaly notifications in the event of an onboard failure, which can lead to wrong operational decisions This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6e X X Loss of flexibility to handle changes of the performance and functions of the space segment e.g in the event of failures This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6f X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6g X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6h X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service EN 16603-70-11:2015 (E) Requirement Ground segment function 5.8.6i 5.8.6j X X 5.8.6k 5.8.6l Space segment safety X Space segment and mission degradation Ops impact Tailoring out implications X X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service X Implementation of a complex ground model This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.6m X 5.8.6n X 5.8.7a X X 5.8.7b X X 5.8.7c X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.7d X 5.8.7e X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.8a X Inability to use the available telemetry bandwidth in an efficient manner and potential overflow in case of a failed application 5.8.8b X Potential overflow in case of a failed application 5.8.8c X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.9a X Impact on the onboard autonomy and the completeness of the data The functionality to be provided depends on the mission characteristics EN 16603-70-11:2015 (E) Requirement Ground segment function Space segment safety Space segment and mission degradation Ops impact Tailoring out implications 5.8.9b X 5.8.9c X 5.8.9d X 5.8.9e X 5.8.9f X 5.8.9g X 5.8.9h X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.9i X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.9j X 5.8.9k X 5.8.9l X 5.8.9m X 5.8.9n X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.9o X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.9p X 5.8.9q X 5.8.9r X 5.8.10a X X This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service Reduced probability of detecting onboard malfunctions EN 16603-70-11:2015 (E) Requirement Ground segment function Space segment safety 5.8.10b Space segment and mission degradation Ops impact X X 5.8.10c X 5.8.11a X X 5.8.11b X 5.8.11c X 5.8.11d Tailoring out implications X X Potential noncompliance of the achieved onboard autonomy with the mission goals Implementation of complex ground models This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.11e X X Implementation of complex ground models This requirement corresponds to an optional capability of the corresponding ECSS-E-ST-70-41 service 5.8.11f X 5.8.11g X 5.8.11h X 5.8.12a X X X Potential noncompliance of the achieved onboard autonomy with the mission goals 5.8.12b X X X Potential noncompliance of the achieved onboard autonomy with the mission goals 5.8.12c X X X 5.8.12d X 5.8.12e X Reduced probability of detecting the execution of an onboard action with the risk that the ground interferes erroneously with an onboard process 5.9.1a X Loss of flexibility to handle changes of the performance and functions of the space segment 5.9.1b X X EN 16603-70-11:2015 (E) Requirement Ground segment function Space segment safety 5.9.1c 5.9.1d Space segment and mission degradation Ops impact X X X X X 5.9.1f X X 5.9.1g X X 5.9.1h X X X X X 5.9.1j 5.9.1k X X X 5.9.1l X X 5.9.1m X X 5.9.1n X X X X 5.9.1p X X 5.9.1q X X 5.9.1r X X 5.9.1s X X 5.9.1t X X 5.9.1u X X 5.9.1o Potential sending of commands in the wrong context X 5.9.1e 5.9.1i Tailoring out implications X 5.9.1v X 5.9.2a X X 5.9.2b X X Potential inefficient use of the onboard processors EN 16603-70-11:2015 (E) Space segment and mission degradation Ops impact 5.9.2c X X 5.9.2d X 5.9.2e X Requirement Ground segment function 5.9.2f Space segment safety X X 5.9.2g X 5.9.2h X 5.9.3a X 5.9.3b X X X 5.9.3c X X 5.9.3d X X X X 5.9.4a X 5.9.4b X X 5.9.4c X X 5.9.4d X X 5.9.4e X X X X 5.9.4g X X 5.9.4h X X 5.9.5a X X 5.9.5b X X 5.9.5c X X 5.9.5d X X 5.9.4f X Tailoring out implications EN 16603-70-11:2015 (E) Requirement 5.9.5e Ground segment function Space segment safety Space segment and mission degradation X Ops impact Tailoring out implications X 5.9.6a X X 5.9.6b X X 5.9.7a X X 5.9.7b X X This requirement depends on the mission characteristics X 5.9.7c X X Implementation of special functions on ground 5.9.7d X X Implementation of special functions on ground 5.9.7e X X Implementation of special functions on ground High availability of the ground segment 5.9.7f 5.9.7g X X X X Implementation of special functions on ground BS EN 16603-70-11:2015 EN 16603-70-11:2015 (E) Bibliography EN reference Reference in text Title EN 16601-00 ECSS-S-ST-00 ECSS system — Description and implementation and general requirements EN 16603-70-11:2015 (E) This page deliberately left blank This page deliberately left blank NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW British Standards Institution (BSI) BSI is the national body responsible for preparing British Standards and other standards-related publications, information and services BSI is incorporated by Royal Charter British Standards and other standardization products are published by BSI Standards Limited About us Revisions We bring together business, industry, government, consumers, innovators and others to shape their combined experience and expertise into standards -based solutions Our British Standards and other publications are updated by amendment or revision The knowledge embodied in our standards has been carefully assembled in a dependable format and refined through our open consultation process Organizations of all sizes and across all sectors choose standards to help them achieve their goals Information on standards We can provide you with the knowledge that your organization needs to succeed Find out more about British Standards by visiting our website at bsigroup.com/standards or contacting our Customer Services team or Knowledge Centre Buying standards You can buy and download PDF versions of BSI publications, including British and adopted European and international standards, through our website at bsigroup.com/shop, where hard copies can also be purchased If you need international and foreign standards from other Standards Development Organizations, hard copies can be ordered from our Customer Services team Subscriptions Our range of subscription services are designed to make using standards easier for you For further information on our subscription products go to bsigroup.com/subscriptions With British Standards Online (BSOL) you’ll have instant access to over 55,000 British and adopted European and international standards from your desktop It’s available 24/7 and is refreshed daily so you’ll always be up to date You can keep in touch with standards developments and receive substantial discounts on the purchase price of standards, both in single copy and subscription format, by becoming a BSI Subscribing Member PLUS is an updating service exclusive to BSI Subscribing Members You will automatically receive the latest hard copy of your standards when they’re revised or replaced To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit bsigroup.com/shop With a Multi-User Network Licence (MUNL) you are able to host standards publications on your intranet Licences can cover as few or as many users as you wish With updates supplied as soon as they’re available, you can be sure your documentation is current For further information, email bsmusales@bsigroup.com BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK We continually improve the quality of our products and services to benefit your business If you find an inaccuracy or ambiguity within a British Standard or other BSI publication please inform the Knowledge Centre Copyright All the data, software and documentation set out in all British Standards and other BSI publications are the property of and copyrighted by BSI, or some person or entity that owns copyright in the information used (such as the international standardization bodies) and has formally licensed such information to BSI for commercial publication and use Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic, photocopying, recording or otherwise – without prior written permission from BSI Details and advice can be obtained from the Copyright & Licensing Department Useful Contacts: Customer Services Tel: +44 845 086 9001 Email (orders): orders@bsigroup.com Email (enquiries): cservices@bsigroup.com Subscriptions Tel: +44 845 086 9001 Email: subscriptions@bsigroup.com Knowledge Centre Tel: +44 20 8996 7004 Email: knowledgecentre@bsigroup.com Copyright & Licensing Tel: +44 20 8996 7070 Email: copyright@bsigroup.com