Space engineering - Control engineering handbook

This Handbook deals with control systems developed as part of a space project. It is applicable to all the elements of a space system, including the space segment, the ground segment and the launch service segment. The handbook covers all aspects of space control engineering including requirements definition, analysis, design, production, verification and validation, transfer, operations and maintenance. It describes the scope of the space control engineering process and its interfaces with management and product assurance, and explains how they apply to the control engineering process.

Raumfahrttechnik - Handbuch zur Regelungstechnik

Ingénierie spatiale - Manuel d'ingénierie du contrôle

Vesoljska tehnika - Priročnik o nadzornem inženiringu

Ta priročnik zajema nadzorne sisteme, razvite kot del vesoljskega projekta. Uporablja se za vse elemente vesoljskega sistema, vključno z vesoljskim delom, zemeljskim delom in lansirnimi storitvami. Ta priročnik zajema vse vidike inženiringa vesoljskega nadzora, vključno z opredelitvijo zahtev, analizo, načrtovanjem, proizvodnjo, preverjanjem in potrjevanjem, prenosom, delovanjem ter vzdrževanjem. Opisuje obseg procesa inženiringa vesoljskega nadzora in njegove vmesnike z upravljanjem in zagotavljanjem izdelkov ter pojasnjuje, kako se uporabljajo za proces inženiringa nadzora.

General Information

Status
Published
Public Enquiry End Date
27-Oct-2021
Publication Date
01-Feb-2022
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
31-Jan-2022
Due Date
07-Apr-2022
Completion Date
02-Feb-2022

Buy Standard

Technical report
TP CEN/TR 17603-60:2022 - BARVE
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Technical report
kTP FprCEN/TR 17603-60:2021 - BARVE na PDF-str 16,18,20
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TP CEN/TR 17603-60:2022
01-marec-2022
Vesoljska tehnika - Priročnik o nadzornem inženiringu
Space engineering - Control engineering handbook
Raumfahrttechnik - Handbuch zur Regelungstechnik
Ingénierie spatiale - Manuel d'ingénierie du contrôle
Ta slovenski standard je istoveten z: CEN/TR 17603-60:2022
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
SIST-TP CEN/TR 17603-60:2022 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TP CEN/TR 17603-60:2022

---------------------- Page: 2 ----------------------
SIST-TP CEN/TR 17603-60:2022


TECHNICAL REPORT CEN/TR 17603-60

RAPPORT TECHNIQUE

TECHNISCHER BERICHT
January 2022
ICS 49.140

English version

Space engineering - Control engineering handbook
Ingénierie spatiale - Manuel d'ingénierie du contrôle Raumfahrttechnik - Handbuch zur Regelungstechnik


This Technical Report was approved by CEN on 29 November 2021. It has been drawn up by the Technical Committee
CEN/CLC/JTC 5.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
























CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2022 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. CEN/TR 17603-60:2022 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
Table of contents
European Foreword . 4
Introduction . 5
1 Scope . 6
2 References . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms from other documents . 8
3.2 Terms specific to the present handbook . 8
3.3 Abbreviated terms. 12
4 Space system control engineering process . 14
4.1 General . 14
4.1.1 The general control structure . 14
4.1.2 Control engineering activities . 17
4.1.3 Organization of this Handbook . 17
4.2 Definition of the control engineering process . 17
4.3 Control engineering tasks per project phase . 18
5 Control engineering process recommendations . 24
5.1 Integration and control . 24
5.1.1 General . 24
5.1.2 Organization and planning of CE activities . 24
5.1.3 Contribution to system engineering data base and documentation . 24
5.1.4 Management of interfaces with other disciplines . 24
5.1.5 Contribution to human factors engineering . 25
5.1.6 Budget and margin philosophy for control . 25
5.1.7 Assessment of control technology and cost effectiveness . 25
5.1.8 Risk management . 25
5.1.9 Support to control components procurement . 25
5.1.10 Support to change management involving control . 26
2

---------------------- Page: 4 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
5.1.11 Control engineering capability assessment and resource
management . 26
5.2 Requirements engineering . 26
5.2.1 General . 26
5.2.2 Generation of control requirements . 26
5.2.3 Allocation of control requirements to control components. 27
5.2.4 Control verification requirements . 30
5.2.5 Control operations requirements . 30
5.3 Analysis . 30
5.3.1 General . 30
5.3.2 Analysis tasks, methods and tools . 31
5.3.3 Requirements analysis . 32
5.3.4 Disturbance analysis . 33
5.3.5 Performance analysis . 33
5.4 Design and configuration . 35
5.4.1 General . 35
5.4.2 Functional design . 36
5.4.3 Operational design . 36
5.4.4 Control implementation architecture . 36
5.4.5 Controller design . 37
5.5 Verification and validation . 38
5.5.1 Definition of control verification strategy . 38
5.5.2 Preliminary verification of performance . 39
5.5.3 Final functional and performance verification . 39
5.5.4 In-flight validation . 39

Figures
Figure 4-1: General control structure . 14
Figure 4-2: Example of controller structure . 16
Figure 4-3: Interaction between CE activities . 18

Tables
Table 4-1: Summary of control engineering tasks . 19
Table 4-2: Control engineering inputs, tasks and outputs, Phase 0/A . 20
Table 4-3: Control engineering inputs, tasks and outputs, Phase B . 21
Table 4-4: Control engineering inputs, tasks and outputs, Phase C/D . 22
Table 4-5: Control engineering inputs, tasks and outputs, Phase E/F . 23
Table 5-1: Contributions of analysis to the CE process. 31

3

---------------------- Page: 5 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
European Foreword
This document (CEN/TR 17603-60:2022) has been prepared by Technical Committee CEN/CLC/JTC 5
“Space”, the secretariat of which is held by DIN.
It is highlighted that this technical report does not contain any requirement but only collection of data
or descriptions and guidelines about how to organize and perform the work in support of EN 16603-
60.
This Technical report (CEN/TR 17603-60:2022) originates from ECSS-E-HB-60A.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and
the European Free Trade Association.
This document has been developed to cover specifically space systems and has therefore precedence
over any TR covering the same scope but with a wider domain of applicability (e.g.: aerospace).
4

---------------------- Page: 6 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
Introduction
Control engineering, particularly as applied to space systems, is a multi-disciplinary field. The
analysis, design and implementation of complex (end to end) control systems include aspects of
system engineering, electrical and electronic engineering, mechanical engineering, software
engineering, communications, ground systems and operations – all of which have dedicated ECSS
engineering standards and handbooks. This Handbook is not intended to duplicate them.
This Handbook focuses on the specific issues involved in control engineering and is intended to be
used as a structured set of systematic engineering provisions, referring to the specific standards and
handbooks of the discipline where appropriate. For this, and reasons such as the very rapid progress
of control component technologies and associated “de facto” standards, this Handbook does not go to
the level of describing equipment or interfaces.
This Handbook is not intended to replace textbook material on control systems theory or technology,
and such material is intentionally avoided. The readers and users of this Handbook are assumed to
possess general knowledge of control systems engineering and its applications to space missions.
5

---------------------- Page: 7 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
1
Scope
This Handbook deals with control systems developed as part of a space project. It is applicable to all
the elements of a space system, including the space segment, the ground segment and the launch
service segment.
The handbook covers all aspects of space control engineering including requirements definition,
analysis, design, production, verification and validation, transfer, operations and maintenance.
It describes the scope of the space control engineering process and its interfaces with management and
product assurance, and explains how they apply to the control engineering process.
6

---------------------- Page: 8 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
2
References
EN References References in text Title
EN 16601-00-01 ECSS-S-ST-00-01 ECSS System – Glossary of terms
EN 16603-10 ECSS-E-ST-10 Space engineering – System engineering general
requirements
EN 16603-10-04 ECSS-E-ST-10-04 Space engineering – Space environment
EN 16603-70 ECSS-E-ST-70 Space engineering – Ground systems and operations
EN 16602-20 ECSS-Q-ST-20 Space product assurance – Quality assurance

7

---------------------- Page: 9 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
3
Terms, definitions and abbreviated terms
3.1 Terms from other documents
For the purpose of this document, the terms and definitions from ECSS-S-ST-00-01 apply.
3.2 Terms specific to the present handbook
3.2.1 actuator
technical system or device which converts commands from the controller into physical effects on the
controlled plant
3.2.2 autonomy
capability of a system to perform its functions in the absence of certain resources
NOTE The degree of (control) autonomy of a space system is defined
through the allocation of its overall control functions among
controller hardware, software, human operations, the space and
ground segment, and preparation and execution. A low degree of
autonomy is characterized by a few functions performed in the
software of the space segment. Conversely, a high degree of
autonomy assigns even higher level functions to space software,
relieving humans and the ground segment from issuing control
commands, at least for the routine operations. The degree of
autonomy can also be considered to be the amount of machine
intelligence installed in the system.
3.2.3 control
function of the controller to derive control commands to match the current or future estimated state
with the desired state
NOTE This term is used as in GNC.
3.2.4 control command
output of the controller to the actuators and the sensors
NOTE This definition is applicable in case of sensors with command
interfaces.
8

---------------------- Page: 10 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
3.2.5 control component
element of the control system which is used in part or in total to achieve the control objectives
3.2.6 control feedback
input to the controller from the sensors and the actuators
NOTE This definition is applicable to actuators with status feedback.
3.2.7 control function
group of related control actions (or activities) contributing to achieving some of the control objectives
NOTE A control function describes what the controller does, usually by
specifying the necessary inputs, boundary conditions, and
expected outputs.
3.2.8 control mode
temporary operational configuration of the control system implemented through a unique set of
sensors, actuators and controller algorithms acting upon a given plant configuration
3.2.9 control mode transition
passage or change from one control mode to another
3.2.10 control objective
goal that the controlled system is supposed to achieve
NOTE Control objectives are issued as requests to the controller, to give
the controlled plant a specified control performance despite the
disturbing influences of the environment. Depending on the
complexity of the control problem, control objectives can range
from very low level commands to high level mission goals.
3.2.11 control performance
quantified capabilities of a controlled system
NOTE 1 The control performance is usually the quantified output of the
controlled plant.
NOTE 2 The control performance is shaped by the controller through
sensors and actuators.
3.2.12 control system
part of a controlled system which is designed to give the controlled plant the specified control
objectives
NOTE This includes all relevant functions of controllers, sensors and
actuators.
3.2.13 controllability
property of a given plant to be steered from a given state to any other given state
NOTE This mainly refers to linear systems, even if it applies also to
nonlinear ones.
9

---------------------- Page: 11 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
3.2.14 controlled plant
physical system, or one of its parts, which is the target of the control problem
NOTE 1 The control problem is to modify and shape the intrinsic behaviour
of the plant such that it yields the control performance despite its
(uncontrolled other) interactions with its environment. For space
systems, the controlled plant can be a launcher rocket, a satellite, a
cluster of satellites, a payload pointing system, a robot arm, a
rover, a laboratory facility, or any other technical system.
NOTE 2 The controlled plant is also referred as the plant.
3.2.15 controlled system
control relevant part of a system to achieve the specified control objectives
NOTE This includes the control system and the controlled plant.
3.2.16 controller
control component designed to give the controlled plant a specified control performance
NOTE The controller interacts with the controlled plant through sensors
and actuators. In its most general form, a controller can include
hardware, software, and human operations. Its implementation
can be distributed over the space segment and the ground
segment.
3.2.17 desired state
set of variables or parameters describing the controller internal reference for derivation of the control
commands
NOTE 1 The desired state is typically determined from the reference state,
e.g. by generation of a profile.
NOTE 2 The difference between desired state and estimated state is
typically used for the derivation of the control commands (see 0).
3.2.18 disturbance
physical effect affecting the control performance that can act onto all components of the controlled
system
NOTE The source of the disturbance can be internal (if generated inside
the controlled system) or external (if coming from the
environment).
3.2.19 environment
set of external physical effects that interact with the controlled system
NOTE The environment can act as disturbance on the plant but also on
sensors, actuators and the controller.
3.2.20 estimated state
set of variables or parameters describing the controller internal knowledge of the controlled system
and environment
10

---------------------- Page: 12 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
3.2.21 estimator
algorithm to determine the current or future state (estimated state) of a dynamic system from the
measured state
3.2.22 guidance
function of the controller to define the current or future desired state
NOTE The term is used as in GNC.
3.2.23 implementation
actual realization of a specific function in terms of algorithms, hardware, software, or human
operations
3.2.24 mathematical model
mathematical description of the behaviour of the plant, a control system component or the
environment
NOTE This consists of algorithms, formulas and parameters.
3.2.25 measured state
set of variables or parameters derived from physical measurements
NOTE This is based on the control feedback of sensors and actuators
3.2.26 navigation
function of the controller to determine the current or future estimated state from the measured state
NOTE The term is used as in GNC.
3.2.27 observability
property of a given controlled system that enables the complete state to be determined describing its
dynamics
NOTE The observability is normally affected by number and location of
sensors.
3.2.28 quantization
process by which control system variables are converted into discrete finite units
NOTE This usually applies to sensor readings and control commands
towards actuators, and in general, when an analogue-digital
conversion is used.
3.2.29 reference state
set of variables or parameters describing the control objectives for a controlled system
3.2.30 robustness
property of a controlled system to achieve the control objectives in spite of uncertainties
NOTE 1 The uncertainty can be divided into:
• signal uncertainty, when disturbances acting on the controlled
system are not fully known in advance;
11

---------------------- Page: 13 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
• model uncertainty, when the parameters of the controlled
system are not well known.
NOTE 2 Robustness is achieved using suitable control algorithms that act
against these disturbances or are insensitive to controlled system
parameter variations (e.g. inertia, stiffness).
3.2.31 sensor
device that measures states of the controlled plant and provides them as feedback inputs to the
controller
3.2.32 simulation model
implementation of a mathematical model in an environment to calculate the behaviour of the model
NOTE It is usually implemented by use of a computer program.
3.2.33 stability
property that defines the specified static and dynamics limits of a system
NOTE A given dynamic system is not fully defined until the notion of
stability is precisely mathematically defined according to its
characteristics and specified behaviour.
3.2.34 state
set of variables or parameters describing the dynamic behaviour of the controlled system at a given
time
NOTE 1 The state is also referred as state vector.
NOTE 2 The state can describe the true, reference, desired, measured or
estimated behaviour (see also 0).
3.2.35 true state
set of variables or parameters defining the actual behaviour of the controlled system and
environment
NOTE 1 The true state is not known.
NOTE 2 In a simulation, the true state is the simulated state of the sensors,
actuators, plant and environment excluding any measurement
error of the sensors.
3.3 Abbreviated terms
For the purpose of this document, the abbreviated terms from ECSS-S-ST-00-01 and the following
apply:
Abbreviation Meaning
three-dimensional
3D
analogue-digital
A/D
attitude and orbit control system
AOCS
automation and robotics
A&R
beginning-of-life
BOL
12

---------------------- Page: 14 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
Abbreviation Meaning
computer aided design
CAD
computer aided engineering
CAE
control algorithm specification
CAS
control engineering
CE
controlled system analysis report
CSAR
control system design report
CSDR
controlled system verification plan
CSVP
controlled system verification report
CSVR
digital-analogue
D/A
document requirements definition
DRD
document requirements list
DRL
electrical ground support equipment
EGSE
end-of-life
EOL
failure detection, isolation and recovery
FDIR
guidance, navigation and control
GNC
hardware
H/W
interface
I/F
interface control document
ICD
line of sight
LOS
mechanical ground support equipment
MGSE
man-machine interface
MMI
product assurance
PA
preliminary design review
PDR
power spectral density
PSD
root mean square
RMS
system engineering plan
SEP
software verification facility
SVF
software
S/W
to be defined
TBD
telemetry-telecommand
TM/TC
telemetry, tracking and control
TT&C
with respect to
w.r.t.
verification control document
VCD
versus
vs.
13

---------------------- Page: 15 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
4
Space system control engineering process
4.1 General
4.1.1 The general control structure
To illustrate and delineate the scope of control engineering, Figure 4-1 shows a general control
structure. This fundamental diagram introduces the following basic concepts and definitions
explained below.
Interaction with
environment
Controlled system
Control
Control
objectives Control
performance
commands
Controller
Actuators
Controlled
Plant
Control
feedback
Sensors
Control
system

Figure 4-1: General control structure
The controlled system is defined as the control relevant part of a system to achieve the specified
control objectives. It includes the control system (consisting of all relevant functional behaviour of
controllers, sensors and actuators) and the controlled plant.
Control engineering always includes some kind of feedback loop. There is a physical system whose
intrinsic behaviour and output do not meet the expectations without being modified and shaped
(improved in the sense of some well-defined objectives). This is called the controlled plant. For space
applications, the controlled plant can be:
• a satellite (e.g. w.r.t. its attitude and orbit, or in the case of active thermal control, w.r.t. to its
temperatures) or a cluster of satellites;
• a spacecraft during re-entry and landing, or during rendezvous and docking;
14

---------------------- Page: 16 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
• a pointing system;
• a robot arm system;
• a rover;
• an automated payload or laboratory facility;
• a launcher rocket;
• any other technical system involving control.
The users of the controlled plant have very specific goals. At the most abstract level, they are called
control objectives. The purpose is to have a control system that gives the controlled plant a specified
control performance, despite its interaction with its environment.
To do this, suitable devices are used: actuators which can convert control commands into physical
effects (such as a motor driving a pointing system through a gearbox upon a current command), and
sensors which measure states of the controlled plant and provide control feedback to the controller.
Besides this primary flow of information which forms a classical feedback loop, the dashed arrows in
Figure 4-1 also show some secondary flow of information or physical reaction.
With more complex plants, sensors and actuators can be quite complex systems in their own right,
with additional cross-coupling of information, e.g. control commands can modify the configuration or
parameters of a sensor, or actuators can produce direct feedback to the controller. The dynamics of the
controlled plant can have a relevant physical effect on the sensors and actuators, and the operation of
the sensors can feed back onto the controlled plant.
Control objectives (as the reference input to the controller) can range from very low level commands
(such as set points to a simple servo control loop) to high level mission goals (such as soft landing on
the surface of Mars). In the latter case, the actual controller consists of many layers of (usually
hierarchically decomposed and refined) control functions and the corresponding sensors, actuators
and the controlled plants (which can be suitable abstractions of lower level control loops). In the
reverse direction, there can be information (such as status) returned from the controller to a higher
level system.
Consequently, the control performance can also range from very elementary behaviour (such as the
speed of a motor) to complex high level concepts.
With this in mind, the controller can range from something very confined and simple (such as an
analogue on-off logic) to a highly complex system in its own right. In the most general case, the
controller is considered to include:
• (digital or analogue electronics) hardware, software and human operation;
• elements in the space segment and in the ground segment (if essential control loops are closed
via the ground);
• aspects of planning (quasi “off-line” preparation of the commands to be provided in the future)
and of execution of these commands (“on-line” in the sense of the update frequency of the
control loop);
• nominal and back-up control (e.g. exception handling, failure detection, and isolation and
recovery).
This notion of controller is a general concept which, amongst others, enables a quite natural definition
of the various degrees of autonomy or “intelligence” that can be given to a controlled system.
The allocation of control functions to hardware vs. software vs. human operations, space vs. ground,
planning vs. execution (which are essentially independent “dimensions” in implementation) for a
15

---------------------- Page: 17 ----------------------
SIST-TP CEN/TR 17603-60:2022
CEN/TR 17603-60:2022 (E)
particular phase (or mode) of a mission are based on a judicious trade-off considering such aspects as
predictability of the situation (availability of reliable models), specified reaction time, available
on-board computer resources, available telecommunications coverage and bandwidth,
decision-making complexity, cost of development and operations, and acceptable risk.
The consideration of human operations and ground systems in the control engineering process is not
surprising, since, after all, they serve essential roles in achieving a control performance and thus are
part of a higher level controller. In any case, for all specific aspects of ground systems and operations
this handbook refers to ECSS-E-ST-70.
In the sense of classical control theory, the controller has an internal functional structure with the
following functions (as shown in Figure 4-2):
• determination of current or future desired state;
• determination of current or future estimated state;
• derivation of control commands.
Desired
Reference
Control
state
state
Derivation of
Determination of commands
control
current or future
commands
estimated state
Estimated
state
Determination of
current or future
estimated state
Measured
state
Controller
Control
feedback

Figure 4-2: Example of controller structure
This functional concept can be applied to very simple controllers in which some of the functions can
be absent (e.g. when the desired state is ide
...

SLOVENSKI STANDARD
kSIST-TP FprCEN/TR 17603-60:2021
01-oktober-2021
Vesoljska tehnika - Priročnik o nadzornem inženiringu
Space engineering - Control engineering handbook
Raumfahrttechnik - Handbuch zur Regelungstechnik
Ingénierie spatiale - Manuel d'ingénierie du contrôle
Ta slovenski standard je istoveten z: FprCEN/TR 17603-60
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
kSIST-TP FprCEN/TR 17603-60:2021 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021

---------------------- Page: 2 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021


TECHNICAL REPORT
FINAL DRAFT
FprCEN/TR 17603-60
RAPPORT TECHNIQUE

TECHNISCHER BERICHT

August 2021
ICS 49.140

English version

Space engineering - Control engineering handbook
Ingénierie spatiale - Manuel d'ingénierie du contrôle Raumfahrttechnik - Handbuch zur Regelungstechnik


This draft Technical Report is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/CLC/JTC 5.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Report. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a Technical Report.





















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2021 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. FprCEN/TR 17603-60:2021 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
Table of contents
European Foreword . 4
Introduction . 5
1 Scope . 6
2 References . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms from other documents . 8
3.2 Terms specific to the present handbook . 8
3.3 Abbreviated terms. 12
4 Space system control engineering process . 14
4.1 General . 14
4.1.1 The general control structure . 14
4.1.2 Control engineering activities . 17
4.1.3 Organization of this Handbook . 17
4.2 Definition of the control engineering process . 17
4.3 Control engineering tasks per project phase . 18
5 Control engineering process recommendations . 24
5.1 Integration and control . 24
5.1.1 General . 24
5.1.2 Organization and planning of CE activities . 24
5.1.3 Contribution to system engineering data base and documentation . 24
5.1.4 Management of interfaces with other disciplines . 24
5.1.5 Contribution to human factors engineering . 25
5.1.6 Budget and margin philosophy for control . 25
5.1.7 Assessment of control technology and cost effectiveness . 25
5.1.8 Risk management . 25
5.1.9 Support to control components procurement . 25
5.1.10 Support to change management involving control . 26
2

---------------------- Page: 4 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
5.1.11 Control engineering capability assessment and resource
management . 26
5.2 Requirements engineering . 26
5.2.1 General . 26
5.2.2 Generation of control requirements . 26
5.2.3 Allocation of control requirements to control components. 27
5.2.4 Control verification requirements . 30
5.2.5 Control operations requirements . 30
5.3 Analysis . 30
5.3.1 General . 30
5.3.2 Analysis tasks, methods and tools . 31
5.3.3 Requirements analysis . 32
5.3.4 Disturbance analysis . 33
5.3.5 Performance analysis . 33
5.4 Design and configuration . 35
5.4.1 General . 35
5.4.2 Functional design . 36
5.4.3 Operational design . 36
5.4.4 Control implementation architecture . 36
5.4.5 Controller design . 37
5.5 Verification and validation . 38
5.5.1 Definition of control verification strategy . 38
5.5.2 Preliminary verification of performance . 39
5.5.3 Final functional and performance verification . 39
5.5.4 In­flight validation . 39

Figures
Figure 4-1: General control structure . 14
Figure 4-2: Example of controller structure . 16
Figure 4-3: Interaction between CE activities . 18

Tables
Table 4-1: Summary of control engineering tasks . 19
Table 4-2: Control engineering inputs, tasks and outputs, Phase 0/A . 20
Table 4-3: Control engineering inputs, tasks and outputs, Phase B . 21
Table 4-4: Control engineering inputs, tasks and outputs, Phase C/D . 22
Table 4-5: Control engineering inputs, tasks and outputs, Phase E/F . 23
Table 5-1: Contributions of analysis to the CE process. 31

3

---------------------- Page: 5 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
European Foreword
This document (FprCEN/TR 17603-60:2021) has been prepared by Technical Committee
CEN/CLC/JTC 5 “Space”, the secretariat of which is held by DIN.
It is highlighted that this technical report does not contain any requirement but only collection of data
or descriptions and guidelines about how to organize and perform the work in support of EN 16603-
60.
This Technical report (FprCEN/TR 17603-60:2021) originates from ECSS-E-HB-60A.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such
patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and
the European Free Trade Association.
This document has been developed to cover specifically space systems and has therefore precedence
over any TR covering the same scope but with a wider domain of applicability (e.g.: aerospace).

This document is currently submitted to the CEN CONSULTATION.
4

---------------------- Page: 6 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
Introduction
Control engineering, particularly as applied to space systems, is a multi­disciplinary field. The
analysis, design and implementation of complex (end to end) control systems include aspects of
system engineering, electrical and electronic engineering, mechanical engineering, software
engineering, communications, ground systems and operations – all of which have dedicated ECSS
engineering standards and handbooks. This Handbook is not intended to duplicate them.
This Handbook focuses on the specific issues involved in control engineering and is intended to be
used as a structured set of systematic engineering provisions, referring to the specific standards and
handbooks of the discipline where appropriate. For this, and reasons such as the very rapid progress
of control component technologies and associated “de facto” standards, this Handbook does not go to
the level of describing equipment or interfaces.
This Handbook is not intended to replace textbook material on control systems theory or technology,
and such material is intentionally avoided. The readers and users of this Handbook are assumed to
possess general knowledge of control systems engineering and its applications to space missions.
5

---------------------- Page: 7 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
1
Scope
This Handbook deals with control systems developed as part of a space project. It is applicable to all
the elements of a space system, including the space segment, the ground segment and the launch
service segment.
The handbook covers all aspects of space control engineering including requirements definition,
analysis, design, production, verification and validation, transfer, operations and maintenance.
It describes the scope of the space control engineering process and its interfaces with management and
product assurance, and explains how they apply to the control engineering process.
6

---------------------- Page: 8 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
2
References
EN References References in text Title
EN 16601-00-01 ECSS-S-ST-00-01 ECSS System – Glossary of terms
EN 16603-10 ECSS-E-ST-10 Space engineering – System engineering general
requirements
EN 16603-10-04 ECSS-E-ST-10-04 Space engineering – Space environment
EN 16603-70 ECSS-E-ST-70 Space engineering – Ground systems and operations
EN 16602-20 ECSS-Q-ST-20 Space product assurance – Quality assurance

7

---------------------- Page: 9 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
3
Terms, definitions and abbreviated terms
3.1 Terms from other documents
For the purpose of this document, the terms and definitions from ECSS-S-ST-00-01 apply.
3.2 Terms specific to the present handbook
3.2.1 actuator
technical system or device which converts commands from the controller into physical effects on the
controlled plant
3.2.2 autonomy
capability of a system to perform its functions in the absence of certain resources
NOTE The degree of (control) autonomy of a space system is defined
through the allocation of its overall control functions among
controller hardware, software, human operations, the space and
ground segment, and preparation and execution. A low degree of
autonomy is characterized by a few functions performed in the
software of the space segment. Conversely, a high degree of
autonomy assigns even higher level functions to space software,
relieving humans and the ground segment from issuing control
commands, at least for the routine operations. The degree of
autonomy can also be considered to be the amount of machine
intelligence installed in the system.
3.2.3 control
function of the controller to derive control commands to match the current or future estimated state
with the desired state
NOTE This term is used as in GNC.
3.2.4 control command
output of the controller to the actuators and the sensors
NOTE This definition is applicable in case of sensors with command
interfaces.
8

---------------------- Page: 10 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
3.2.5 control component
element of the control system which is used in part or in total to achieve the control objectives
3.2.6 control feedback
input to the controller from the sensors and the actuators
NOTE This definition is applicable to actuators with status feedback.
3.2.7 control function
group of related control actions (or activities) contributing to achieving some of the control objectives
NOTE A control function describes what the controller does, usually by
specifying the necessary inputs, boundary conditions, and
expected outputs.
3.2.8 control mode
temporary operational configuration of the control system implemented through a unique set of
sensors, actuators and controller algorithms acting upon a given plant configuration
3.2.9 control mode transition
passage or change from one control mode to another
3.2.10 control objective
goal that the controlled system is supposed to achieve
NOTE Control objectives are issued as requests to the controller, to give
the controlled plant a specified control performance despite the
disturbing influences of the environment. Depending on the
complexity of the control problem, control objectives can range
from very low level commands to high level mission goals.
3.2.11 control performance
quantified capabilities of a controlled system
NOTE 1 The control performance is usually the quantified output of the
controlled plant.
NOTE 2 The control performance is shaped by the controller through
sensors and actuators.
3.2.12 control system
part of a controlled system which is designed to give the controlled plant the specified control
objectives
NOTE This includes all relevant functions of controllers, sensors and
actuators.
3.2.13 controllability
property of a given plant to be steered from a given state to any other given state
NOTE This mainly refers to linear systems, even if it applies also to
nonlinear ones.
9

---------------------- Page: 11 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
3.2.14 controlled plant
physical system, or one of its parts, which is the target of the control problem
NOTE 1 The control problem is to modify and shape the intrinsic behaviour
of the plant such that it yields the control performance despite its
(uncontrolled other) interactions with its environment. For space
systems, the controlled plant can be a launcher rocket, a satellite, a
cluster of satellites, a payload pointing system, a robot arm, a
rover, a laboratory facility, or any other technical system.
NOTE 2 The controlled plant is also referred as the plant.
3.2.15 controlled system
control relevant part of a system to achieve the specified control objectives
NOTE This includes the control system and the controlled plant.
3.2.16 controller
control component designed to give the controlled plant a specified control performance
NOTE The controller interacts with the controlled plant through sensors
and actuators. In its most general form, a controller can include
hardware, software, and human operations. Its implementation
can be distributed over the space segment and the ground
segment.
3.2.17 desired state
set of variables or parameters describing the controller internal reference for derivation of the control
commands
NOTE 1 The desired state is typically determined from the reference state,
e.g. by generation of a profile.
NOTE 2 The difference between desired state and estimated state is
typically used for the derivation of the control commands (see 0).
3.2.18 disturbance
physical effect affecting the control performance that can act onto all components of the controlled
system
NOTE The source of the disturbance can be internal (if generated inside
the controlled system) or external (if coming from the
environment).
3.2.19 environment
set of external physical effects that interact with the controlled system
NOTE The environment can act as disturbance on the plant but also on
sensors, actuators and the controller.
3.2.20 estimated state
set of variables or parameters describing the controller internal knowledge of the controlled system
and environment
10

---------------------- Page: 12 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
3.2.21 estimator
algorithm to determine the current or future state (estimated state) of a dynamic system from the
measured state
3.2.22 guidance
function of the controller to define the current or future desired state
NOTE The term is used as in GNC.
3.2.23 implementation
actual realization of a specific function in terms of algorithms, hardware, software, or human
operations
3.2.24 mathematical model
mathematical description of the behaviour of the plant, a control system component or the
environment
NOTE This consists of algorithms, formulas and parameters.
3.2.25 measured state
set of variables or parameters derived from physical measurements
NOTE This is based on the control feedback of sensors and actuators
3.2.26 navigation
function of the controller to determine the current or future estimated state from the measured state
NOTE The term is used as in GNC.
3.2.27 observability
property of a given controlled system that enables the complete state to be determined describing its
dynamics
NOTE The observability is normally affected by number and location of
sensors.
3.2.28 quantization
process by which control system variables are converted into discrete finite units
NOTE This usually applies to sensor readings and control commands
towards actuators, and in general, when an analogue­digital
conversion is used.
3.2.29 reference state
set of variables or parameters describing the control objectives for a controlled system
3.2.30 robustness
property of a controlled system to achieve the control objectives in spite of uncertainties
NOTE 1 The uncertainty can be divided into:
 signal uncertainty, when disturbances acting on the controlled
system are not fully known in advance;
11

---------------------- Page: 13 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
 model uncertainty, when the parameters of the controlled
system are not well known.
NOTE 2 Robustness is achieved using suitable control algorithms that act
against these disturbances or are insensitive to controlled system
parameter variations (e.g. inertia, stiffness).
3.2.31 sensor
device that measures states of the controlled plant and provides them as feedback inputs to the
controller
3.2.32 simulation model
implementation of a mathematical model in an environment to calculate the behaviour of the model
NOTE It is usually implemented by use of a computer program.
3.2.33 stability
property that defines the specified static and dynamics limits of a system
NOTE A given dynamic system is not fully defined until the notion of
stability is precisely mathematically defined according to its
characteristics and specified behaviour.
3.2.34 state
set of variables or parameters describing the dynamic behaviour of the controlled system at a given
time
NOTE 1 The state is also referred as state vector.
NOTE 2 The state can describe the true, reference, desired, measured or
estimated behaviour (see also 0).
3.2.35 true state
set of variables or parameters defining the actual behaviour of the controlled system and
environment
NOTE 1 The true state is not known.
NOTE 2 In a simulation, the true state is the simulated state of the sensors,
actuators, plant and environment excluding any measurement
error of the sensors.
3.3 Abbreviated terms
For the purpose of this document, the abbreviated terms from ECSS-S-ST-00-01 and the following
apply:
Abbreviation Meaning
three-dimensional
3D
analogue­digital
A/D
attitude and orbit control system
AOCS
automation and robotics
A&R
beginning­of­life
BOL
12

---------------------- Page: 14 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
Abbreviation Meaning
computer aided design
CAD
computer aided engineering
CAE
control algorithm specification
CAS
control engineering
CE
controlled system analysis report
CSAR
control system design report
CSDR
controlled system verification plan
CSVP
controlled system verification report
CSVR
digital­analogue
D/A
document requirements definition
DRD
document requirements list
DRL
electrical ground support equipment
EGSE
end­of­life
EOL
failure detection, isolation and recovery
FDIR
guidance, navigation and control
GNC
hardware
H/W
interface
I/F
interface control document
ICD
line of sight
LOS
mechanical ground support equipment
MGSE
man­machine interface
MMI
product assurance
PA
preliminary design review
PDR
power spectral density
PSD
root mean square
RMS
system engineering plan
SEP
software verification facility
SVF
software
S/W
to be defined
TBD
telemetry­telecommand
TM/TC
telemetry, tracking and control
TT&C
with respect to
w.r.t.
verification control document
VCD
versus
vs.
13

---------------------- Page: 15 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
4
Space system control engineering process
4.1 General
4.1.1 The general control structure
To illustrate and delineate the scope of control engineering, Figure 4-1 shows a general control
structure. This fundamental diagram introduces the following basic concepts and definitions
explained below.
Interaction with
environment
Controlled system
Control
Control
objectives
Control
performance
commands
Controller
Actuators
Controlled
Plant
Control
feedback
Sensors
Control
system

Figure 4-1: General control structure
The controlled system is defined as the control relevant part of a system to achieve the specified
control objectives. It includes the control system (consisting of all relevant functional behaviour of
controllers, sensors and actuators) and the controlled plant.
Control engineering always includes some kind of feedback loop. There is a physical system whose
intrinsic behaviour and output do not meet the expectations without being modified and shaped
(improved in the sense of some well­defined objectives). This is called the controlled plant. For space
applications, the controlled plant can be:
 a satellite (e.g. w.r.t. its attitude and orbit, or in the case of active thermal control, w.r.t. to its
temperatures) or a cluster of satellites;
 a spacecraft during re­entry and landing, or during rendezvous and docking;
14

---------------------- Page: 16 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
 a pointing system;
 a robot arm system;
 a rover;
 an automated payload or laboratory facility;
 a launcher rocket;
 any other technical system involving control.
The users of the controlled plant have very specific goals. At the most abstract level, they are called
control objectives. The purpose is to have a control system that gives the controlled plant a specified
control performance, despite its interaction with its environment.
To do this, suitable devices are used: actuators which can convert control commands into physical
effects (such as a motor driving a pointing system through a gearbox upon a current command), and
sensors which measure states of the controlled plant and provide control feedback to the controller.
Besides this primary flow of information which forms a classical feedback loop, the dashed arrows in
Figure 4-1 also show some secondary flow of information or physical reaction.
With more complex plants, sensors and actuators can be quite complex systems in their own right,
with additional cross­coupling of information, e.g. control commands can modify the configuration or
parameters of a sensor, or actuators can produce direct feedback to the controller. The dynamics of the
controlled plant can have a relevant physical effect on the sensors and actuators, and the operation of
the sensors can feed back onto the controlled plant.
Control objectives (as the reference input to the controller) can range from very low level commands
(such as set points to a simple servo control loop) to high level mission goals (such as soft landing on
the surface of Mars). In the latter case, the actual controller consists of many layers of (usually
hierarchically decomposed and refined) control functions and the corresponding sensors, actuators
and the controlled plants (which can be suitable abstractions of lower level control loops). In the
reverse direction, there can be information (such as status) returned from the controller to a higher
level system.
Consequently, the control performance can also range from very elementary behaviour (such as the
speed of a motor) to complex high level concepts.
With this in mind, the controller can range from something very confined and simple (such as an
analogue on­off logic) to a highly complex system in its own right. In the most general case, the
controller is considered to include:
 (digital or analogue electronics) hardware, software and human operation;
 elements in the space segment and in the ground segment (if essential control loops are closed
via the ground);
 aspects of planning (quasi “off­line” preparation of the commands to be provided in the future)
and of execution of these commands (“on­line” in the sense of the update frequency of the
control loop);
 nominal and back­up control (e.g. exception handling, failure detection, and isolation and
recovery).
This notion of controller is a general concept which, amongst others, enables a quite natural definition
of the various degrees of autonomy or “intelligence” that can be given to a controlled system.
The allocation of control functions to hardware vs. software vs. human operations, space vs. ground,
planning vs. execution (which are essentially independent “dimensions” in implementation) for a
15

---------------------- Page: 17 ----------------------
kSIST-TP FprCEN/TR 17603-60:2021
FprCEN/TR 17603-60:2021 (E)
particular phase (or mode) of a mission are based on a judicious trade­off considering such aspects as
predictability of the situation (availability of reliable models), specified reaction time, available
on­board computer resources, available telecommunications coverage and bandwidth,
decision­making complexity, cost of development and operations, and acceptable risk.
The consideration of human operations and ground systems in the control engineering process is not
surprising, since, after all, they serve essential roles in achieving a control performance and thus are
part of a higher level controller. In any case, for all specific aspects of ground systems and operations
this handbook refers to ECSS-E-ST-70.
In the sense of classical control theory, the controller has an internal functional structure with the
following functions (as shown in Figure 4-2):

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.