ISO 21442:2022

INTERNATIONAL ISO
STANDARD 21442
First edition
2022-05
Space systems — General
requirements for control engineering
Systèmes spatiaux — Exigences générales relatives aux techniques de
régulation
Reference number
ISO 21442:2022(E)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO 21442:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 21442:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 5
5 Control engineering . 5
5.1 The general control structure. 5
5.2 Project phases . 6
5.3 Control engineering process . 7
5.4 Control engineering tasks per project phase . 10
6 Control engineering process requirement .16
6.1 Control engineering management . 16
6.1.1 General . 16
6.1.2 Organization and planning of control engineering activities . 16
6.1.3 Management of interfaces with other disciplines . . 16
6.1.4 Contribution to human factors engineering . 16
6.1.5 Budget and margin philosophy for control . 16
6.1.6 Assessment of control technology and cost effectiveness . 17
6.1.7 Risk management . 17
6.1.8 Support to control components procurement . 17
6.1.9 Change control and configuration management . 17
6.1.10 Control engineering capability assessment and resource management . 17
6.1.11 System safety . 17
6.1.12 Dependability management . 17
6.1.13 Quality assurance . 17
6.2 Requirements definition . 17
6.2.1 General . 17
6.2.2 Generation of control requirements . 18
6.2.3 Allocation of control requirements to control components . 18
6.3 Analysis . 21
6.3.1 General . 21
6.3.2 Analysis models, analysis methods and analysis tools . 21
6.3.3 Requirements analysis . 23
6.3.4 Control system performance analysis . 24
6.4 Design . 24
6.4.1 Control system architecture design . . 24
6.4.2 Control system functional design . 25
6.4.3 Control system interface design . 25
6.4.4 Control algorithm design . 25
6.4.5 Control system software design. 26
6.4.6 Control system configuration design . 26
6.4.7 Control system implementation and operational design .26
6.5 Production . 27
6.6 Verification and validation . 27
6.6.1 General . 27
6.6.2 Definition of control verification strategy . 27
6.6.3 Preliminary verification of performance .28
6.6.4 Final functional and performance verification .28
6.6.5 In-flight validation .28
6.7 Operation .29
6.8 Maintenance . 29
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO 21442:2022(E)
6.8.1 Equipment maintenance .29
6.8.2 Software maintenance .29
6.9 Disposal . . .29
Annex A (informative) Tailoring guidelines .30
Bibliography .34
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 21442:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles,
Subcommittee SC 14, Space systems and operations.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO 21442:2022(E)
Introduction
The development of control systems applied to space systems requires cooperation among multi-
disciplinary technology fields. A control system is often comprised of a large system integration of
these technology fields. The development also requires cooperation with higher-level systems and the
systems engineering method.
The purpose of this document is to provide general requirements for the entire life cycle in control
systems development including the systems engineering method required for developing control
systems applicable to space systems. Control engineering refers to systematic activities using
systems engineering methods to realize the control system. The concepts, methods and models of
system engineering are also applicable to control engineering. This document focuses on the special
requirements of control engineering.
The development of a control system involves important aspects of system engineering, electrical
and electronic engineering, mechanical engineering, software engineering, communications, ground
systems and operations – all of which have their own dedicated standards. This document does not
intend to duplicate them.
This document focuses on the specific issues involved in control engineering and is intended to be
used as a structured set of systematic engineering provisions, referring to the specific standards and
handbooks of the discipline where appropriate. For this and given the very rapid progress of control
component technologies and associated “de facto” standards, this document does not go to the level
of describing equipment or interfaces. Specific project or program standards are prepared for these
purposes.
This document is not intended to replace textbook material on control systems theory or technology;
and such material is intentionally avoided. The users of this document are assumed to possess general
knowledge of control systems engineering and its applications to space missions.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 21442:2022(E)
Space systems — General requirements for control
engineering
1 Scope
This document deals with control systems developed as part of a space project. It is applicable to all the
elements of a space control system, including the space segment, the ground segment and the launch
service segment.
This document establishes general principles for all technical activities of space control engineering,
including control engineering management, requirements definition, analysis, design, production,
verification and validation, operation, maintenance, and disposal. It also provides requirements to
progressively refine and manage control system realizations in space systems including multiple
control systems.
The requirements of this document can be tailored for each specific space program application.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14300-1, Space systems — Programme management — Part 1: Structuring of a project
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
activity
set of cohesive tasks (3.26) of a process (3.21)
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.3]
3.2
actuator
component that performs the moving function of a mechanism
Note 1 to entry: An actuator can be either an electric motor, or any other mechanical (e.g. spring) or electric
component or part providing the torque or force for the motion of the mechanism.
[SOURCE: ISO 26871:2020, 3.1.1]
3.3
control
purposeful action on or in a process (3.21) to meet specified objectives
Note 1 to entry: Control includes function of the controller (3.14) to derive control commands (3.4) to match the
current or future estimated state with the desired state.
1
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 21442:2022(E)
[SOURCE: IEC 60050-351:2013, 351-42-19, modified — The original notes to entry has been replaced by
a new note 1 to entry.]
3.4
control command
output of the controller (3.14) to the actuators (3.2) and the sensors (3.24)
Note 1 to entry: This definition is applicable in case of sensors with command interfaces.
3.5
control component
element of the control system (3.12) which is used in part or in total to achieve the control objectives
(3.9)
3.6
control engineering
systematic activities (3.1) using systems engineering methods to realize the control system (3.12)
3.7
control function
group of related control (3.3) actions (or activities (3.1)) contributing to achieving some of the control
objectives (3.9)
Note 1 to entry: A control function describes what the controller (3.14) does, usually by specifying the necessary
inputs, boundary conditions and expected outputs.
3.8
control mode
temporary operational configuration of control systems (3.12) implemented through a unique set
of sensors (3.24), actuators (3.2) and controller (3.14) algorithms acting upon a given controlled plant
(3.11) configuration
3.9
control objective
goal that the controlled system (3.13) is supposed to achieve
Note 1 to entry: Control objectives are issued as requests to the controller (3.14), to give the controlled plant
(3.11) a specified control performance (3.10) despite the disturbing influences of the environment. Depending on
the complexity of the control problem, control objectives can range from very low-level commands to high-level
mission goals.
3.10
control performance
quantified capabilities of a controlled system (3.13)
Note 1 to entry: The control performance is usually the quantified output of the controlled plant (3.11).
Note 2 to entry: The control performance is shaped by the controller (3.14) through sensors (3.24) and actuators
(3.2).
3.11
controlled plant
plant
physical system, or one of its parts, which is the target of the control problem
Note 1 to entry: The control problem is to modify and shape the intrinsic behaviour of the controlled plant such
that it yields the control performance (3.10) despite its (uncontrolled other) interactions with its environment.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 21442:2022(E)
3.12
control system
part of a controlled system (3.13) which is designed to give the controlled plant (3.11) the specified
control objectives (3.9)
Note 1 to entry: This includes all relevant functions of controllers (3.14), sensors (3.24) and actuators (3.2).
3.13
controlled system
control (3.3) relevant part of a system to achieve the specified control objectives (3.9)
Note 1 to entry: This includes the control system (3.12) and the controlled plant (3.11).
3.14
controller
control component (3.5) designed to give the controlled plant (3.11) a specified control performance
(3.10)
Note 1 to entry: The controller interacts with the controlled plant through sensors (3.24) and actuators (3.2). In
its most general form, a controller can include hardware, software, and human operations. Its implementation
can be distributed over the space segment and the ground segment.
3.15
dependability
ability to perform as and when required
Note 1 to entry: Its main components are reliability (3.22), availability and maintainability (3.17).
Note 2 to entry: The extent to which the fulfilment of a required function can be justifiably trusted.
Note 3 to entry: Dependability shall be considered in conjunction with safety (3.23).
Note 4 to entry: Dependability is used as a collective term for the time-related quality characteristics of an item.
[SOURCE: ISO 10795:2019, 3.80]
3.16
guidance
function of the controller (3.14) to define the current or future desired state
Note 1 to entry: This term is used as in guidance and navigation (3.18) control system (3.12) (GNC).
Note 2 to entry: GNC and attitude and orbit control systems (AOCS) or are often decomposed as two separate
subsystems.
3.17
maintainability
ability to be retained in, or restored to a state in which it can perform as required, under
given conditions of use and maintenance
Note 1 to entry: Given conditions of use may include storage.
Note 2 to entry: Given conditions of maintenance include the procedures and resources for use.
Note 3 to entry: Maintainability may be quantified using such measures as mean time to restoration, or the
probability of restoration within a specified period of time.
[SOURCE: ISO 10795:2019, 3.144]
3
© ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 21442:2022(E)
3.18
navigation
function of the controller (3.14) to determine the current or future estimated state from the measured
state
Note 1 to entry: This term is used as in guidance (3.16) and navigation control system (3.12) (GNC).
3.19
operability
feature of the spacecraft itself that enables a specified ground segment to operate the space segment
during the complete mission lifetime of the spacecraft
[SOURCE: ISO 14950:2004, 3.1.7, modified — Note 1 to entry has been removed.]
3.20
pointing control
function of determining the direction of the controlled plant (3.11), turning toward a target, and
remaining fixed on that target
3.21
process
set of interrelated or interacting activities (3.1) that use inputs to deliver an intended result
[SOURCE: ISO 9000:2015, 3.4.1, modified — Notes to entry have been removed.]
3.22
reliability
ability of an item to perform a required function under given conditions for a given time interval
[SOURCE: ISO 10795:2019, 3.198, modified — Notes to entry have been removed.]
3.23
safety
state where an acceptable level of risk is not exceeded
Note 1 to entry: Risk relates to:
— fatality,
— injury or occupational illness,
— damage to launcher hardware or launch site facilities,
— damage to an element of an interfacing crewed flight system,
— the main functions of a flight system itself,
— pollution of the environment, atmosphere or outer space, and
— damage to public or private property.
[SOURCE: ISO 10795:2019, 3.210, modified — "manned" has been changed to "crewed".]
3.24
sensor
device that measures states of the controlled plant (3.11) and provides them as feedback inputs to the
controller (3.14)
3.25
simulation
use of a similar or equivalent system to imitate a real system, so that it behaves like or appears to be the
real system
[SOURCE: ISO 16781:2021, 3.1.9]
4
  © ISO 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 21442:2022(E)
3.26
task
required, recommended, or permissible action, intended to contribute to the achievement of one or
more outcomes of a process (3.21)
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.50]
4 Abbreviated terms
CE control engineering
EGSE electrical ground support equipment
FDIR fault detection, isolation and recovery
H/W hardware
ICD interface control document
SE system engineering
S/W software
V&V verification and validation
TM/TC telemetry-telecommand
TRL technology readiness levels
TT&C telemetry, tracking and control
5 Control engineering
5.1 The general control structure
To illustrate and delineate the scope of CE, Figure 1 shows a general control structure.
5
© ISO 2022 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 21442:2022(E)
Figure 1 — General control structure
CE, as applied to control system development, in which performance and functional requirements and
trade-offs are allocated aspects of top-level systems design, performs in close cooperation with systems
engineering as specified in ISO 18676. CE aims at hands-on guidelines for developing the control system,
while SE is common for any technical field.
The controlled system can be realized as multiple instantiations of the general control structure.
Control engineering activities specified in this document are implemented for developing a control
system controlling each controlled target, and those activities are integrated within the controlled
system development.
Control system always includes some kind of feedback loop. The intrinsic behaviour and output of
the controlled plant do not meet the expectations without being modified and shaped. For space
applications, the controlled plant can be:
a) satellite (its attitude, orbit) or a cluster of satellites;
b) spacecraft during re-entry, landing, rendezvous or docking;
c) pointing control system;
d) robot arm system;
e) rover;
f) automation of payload and experiment facility;
g) launch vehicle;
h) any other technical system involving feedback control.
5.2 Project phases
As defined in ISO 14300-1, to minimize the technical, scheduling and economical risk of the project, and
to make the progress of the project being controlled, the product life cycle shall be divided into distinct
phases which are interlinked.
6
  © ISO 2022 – All rights reserved

---------------------- Page: 12 ----------------------
ISO 21442:2022(E)
The phases of a project are listed in Table 1.
Table 1 — Phases of a project
Index Name
Phase 0 or pre-phase A Mission analysis phase
Phase A Feasibility phase
Phase B Definition phase
Phase C Development phase
Phase D Production phase
Phase E Utilization phase
Phase F Disposal phase
During phase 0, CE makes an initial definition about the mission of control system development and
makes a preliminary assessment of the concepts needed for consideration in the next phase (phase A).
During phase A, CE explores various possible control system schemes, so as to meet the requirements
requested by the spacecraft system for the control system, including performance, cost and schedule.
During phase B, CE selects one proposal for development among those proposed at the end of the
previous phase (phase A) and specifies the necessary requirements.
During phase C, CE conducts a detailed study of the proposal of the previous phase (phase B), so as to
obtain a qualified solution of control system for mass production of deliverable products for operation.
During phase D, CE accomplishes procurements, manufacture and delivery to the user the control
system. For scheduling reasons, some procurement may be started prior to phase D.
Phase C and phase D may be merged into one unique C/D phase if the project leads to the manufacturing
of a single-flight unit or of a very small quantity of product.
During phase E, the control system is properly operated and maintained, thus it is put into service, used
and supported.
During phase F, CE prepares and completes the discontinuance of control system operation, in
accordance with other systems of the spacecraft.
The number of phases and their objectives should be defined at the start of the project. They should
also be tailored to minimize risks from cost, scheduling and technical problems that can compromise
the success of the project.
5.3 Control engineering process
The CE process itself employs many of the same elements as the SE process to achieve precision
performance, dynamic responsiveness, default isolation, control ability, and functional and non-
functional goals. As such, it can also be broken down into some engineering activities:
a) control engineering management, which integrates the various control related disciplines
throughout all project phases to define and realize the controlled system;
b) requirements definition, which includes proper interpretation of the mission, control requirements,
and definition of lower-level requirements;
c) analysis, performed at all levels and in all domains for resolving control related functional and
performance requirements, evaluating control design alternatives; consolidating and verifying
control performances and complementing tests;
d) design, which includes interface design, algorithm design, software desi
...