SIST-TP CEN/CLC/TR 17603-10-02:2021
(Main)Space engineering - Verification guidelines
Space engineering - Verification guidelines
This handbook provides additional information for the application of the verification standard EN 16603-10-02 to a space system product.
This handbook does not contain requirements and therefore cannot be made applicable. In case of conflict betw een the standard and this handbook, the standard prevails.
This handbook is relevant for both the customer and the supplier of the product during all project phases.
To facilitate the cross-reference, this handbook follow s as much as is practical, the structure of the standard and quotes the requirements, to make itself standing and easier to read (the text from the standard is in italic).
As the Standard applies to different products at different product levels from single equipment to the overall system (including space segment hardw are and softw are, launchers and Transportation Systems, ground segment, Verification tools, and GSE) several examples of tailoring, to match the specificity of each application, are proposed in Annex B.
Specific discipline related verification aspects are covered in other dedicated standards and handbooks. In particular the detailed aspects for Testing are covered in the EN 16603-10-03 and in its corresponding handbook.
The application of the requirements of the standard to a particular project is intended to result in effective product
verification and consequently to a high confidence in achieving successful product operations for the intended use, in this respect this handbook has the goal to help reaching these objectives.
Raumfahrttechnik - Leitfaden zur Verifikation
Ingénierie spatiale - Lignes directrices pour la vérification
Vesoljska tehnika - Smernice za preverjanje
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TP CEN/CLC/TR 17603-10-02:2021
01-november-2021
Vesoljska tehnika - Smernice za preverjanje
Space engineering - Verification guidelines
Raumfahrttechnik - Leitfaden zur Verifikation
Ingénierie spatiale - Lignes directrices pour la vérification
Ta slovenski standard je istoveten z: CEN/CLC/TR 17603-10-02:2021
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
SIST-TP CEN/CLC/TR 17603-10-02:2021 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
---------------------- Page: 2 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
TECHNICAL REPORT
CEN/CLC/TR 17603-10-
02
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
September 2021
ICS 49.140
English version
Space engineering - Verification guidelines
Ingénierie spatiale - Lignes directrices pour la Raumfahrttechnik - Leitfaden zur Verifikation
vérification
This Technical Report was approved by CEN on 19 March 2021. It has been drawn up by the Technical Committee CEN/CLC/JTC
5.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2021 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. CEN/CLC/TR 17603-10-02:2021 E
reserved worldwide for CEN national Members and for
CENELEC Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
Table of contents
European Foreword . 5
1 Scope . 6
2 References . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms from other documents . 8
3.2 Terms specific to the present handbook . 8
3.3 Abbreviated terms. 9
4 Verification principles . 12
4.1 Introduction . 12
4.2 Verification versus Validation . 12
4.3 Applicability to all engineering domains . 13
4.4 Development . 13
5 Verification guidelines . 14
5.1 Verification process . 14
5.2 Verification planning . 14
5.2.1 Verification approach . 14
5.2.2 Verification methods . 19
5.2.3 Verification levels . 23
5.2.4 Verification stages . 24
5.2.5 Models and Models Description . 27
5.2.6 Verification tools . 42
5.2.7 Verification process phasing . 44
5.3 Verification execution and reporting . 51
5.3.1 General . 51
5.3.2 Example of verification team responsibility and interfaces . 51
5.4 Verification control and close-out . 53
5.4.1 General . 53
5.4.2 Verification control board (VCB) . 54
5.4.3 Re-verification . 54
2
---------------------- Page: 4 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
6 Verification documentation . 55
6.1 Introduction . 55
6.2 Verification planning documents . 57
6.2.1 Verification plan (VP) . 57
6.2.2 Verification control document (VCD) . 64
6.2.3 Other verification planning Documents . 67
6.3 Verification execution and reporting documentation . 68
6.3.1 Test report (TRPT) . 68
6.3.2 Analysis report (ARPT) . 70
6.3.3 Review-of-design report (RRPT) . 71
6.3.4 Inspection report (IRPT) . 73
6.3.5 Verification report (VRPT) . 75
6.3.6 VRPT DRD explanation . 76
6.3.7 Other verification execution and reporting Document . 77
6.3.8 Other close-out documents . 79
Annex A Verification documents delivery per review . 80
Annex B Verification Standard Tailoring . 81
Figures
Figure 5-1: Basic verification approach . 16
Figure 5-2: Parameters for Model Philosophy definition. 34
Figure 5-3: Example of Unmanned project model philosophy . 36
Figure 5-4: Example of Manned project model philosophy . 37
Figure 5-5: Example of Protoflight model philosophy . 38
Figure 5-6: Example of Hybrid model philosophy. 40
Figure 5-7: Example of verification process phasing with the project life cycle . 45
Figure 5-8: Verification activities flow (Phases A/B) . 48
Figure 5-9: Verification activities flow (Phases C/D) . 49
Figure 5-10: Verification activities flow (Phases E/F) . 50
Figure 6-1: Verification documentation . 56
Figure 6-2: Example of Verification Strategies per Group/level . 59
Figure 6-3: Example of verification strategy for a single Requirement Group . 60
Figure 6-4: Example of verification planning . 61
Figure 6-5: Example of activity sheet for analysis programme . 62
Figure 6-6: Example of Activity Sheet for Integration and Test Programme . 63
Figure 6-7: Example of the close-out status table . 66
3
---------------------- Page: 5 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
Figure 6-8: Example of VCD sheet . 67
Figure 6-9: Example of test report sheet . 70
Figure 6-10: Example of an analysis report sheet . 71
Figure 6-11: Example of review-of-design report sheet. 73
Figure 6-12: Example of an inspection report sheet . 75
Figure 6-13: Example of verification report sheet. 77
Tables
Table 5-1: Product categories according to heritage . 25
Table 5-2 : Summary model definitions . 32
Table 5-3 : Example of a product matrix as viewed with a satellite perspective . 41
Table B-1 : Tailoring guidelines and some examples per product type . 82
4
---------------------- Page: 6 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
European Foreword
This document (CEN/CLC/TR 17603-10-02:2021) has been prepared by Technical Committee
CEN/CLC/JTC 5 “Space”, the secretariat of which is held by DIN.
It is highlighted that this technical report does not contain any requirement but only collection of data
or descriptions and guidelines about how to organize and perform the work in support of EN 16603-
10-02.
This Technical report CEN/CLC/(TR 17603-10-02:2021) originates from ECSS-E-HB-10-02A.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such
patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and
the European Free Trade Association.
This document has been developed to cover specifically space systems and has therefore precedence
over any TR covering the same scope but with a wider domain of applicability (e.g.: aerospace).
5
---------------------- Page: 7 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
1
Scope
This handbook provides additional information for the application of the verification standard EN
16603-10-02 to a space system product.
This handbook does not contain requirements and therefore cannot be made applicable. In case of
conflict between the standard and this handbook, the standard prevails.
This handbook is relevant for both the customer and the supplier of the product during all project
phases.
To facilitate the cross-reference, this handbook follows as much as is practical, the structure of the
standard and quotes the requirements, to make it self standing and easier to read (the text from the
standard is in italic).
As the Standard applies to different products at different product levels from single equipment to the
overall system (including space segment hardware and software, launchers and Transportation
Systems, ground segment, Verification tools, and GSE) several examples of tailoring, to match the
specificity of each application, are proposed in Annex B.
Specific discipline related verification aspects are covered in other dedicated standards and
handbooks. In particular the detailed aspects for Testing are covered in the EN 16603-10-03 and in its
corresponding handbook TR 17603-10-03.
The application of the requirements of the standard to a particular project is intended to result in
effective product verification and consequently to a high confidence in achieving successful product
operations for the intended use, in this respect this handbook has the goal to help reaching these
objectives.
6
---------------------- Page: 8 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
2
References
This document is the handbook corresponding to the Verification standard ECSS-E-ST-10-02C.
The following documents are referenced in this text or provide additional information useful for the
reader.
EN Reference Reference in text Title
EN 16601-00-01 ECSS-S-ST-00-01 ECSS system - Glossary of terms
EN 16603-10 ECSS-E-ST-10 Space engineering - System engineering
general requirements
EN 16603-10-02 ECSS-E-ST-10-02 Space engineering - Verification
EN 16603-10-03 ECSS-E-ST-10-03 Space engineering - Testing
EN 16603-40 ECSS-E-ST-40 Space engineering - Software
EN 16603-50 ECSS-E-ST-50 Space engineering - Communications
EN 16603-70 ECSS-E-ST-70 Space engineering - Ground systems and
operations
TR 16703-10-03 ECSS-E-HB-10-03 Space engineering - Testing guidelines
- ECSS-E-TM-10-21 Space engineering - System modelling and
simulation
EN 16601-10 ECSS-M-ST-10 Space project management - Project planning
and implementation.
EN 16602-10-09 ECSS-Q-ST-10-09 Space product assurance - Nonconformance
control system.
EN 16602-20 ECSS-Q-ST-20 Space product assurance - Quality assurance.
EN 16602-20-07 ECSS-Q-20-07 Space product assurance - Quality assurance
for test centres.
EN 16602-40 ECSS-Q-ST-40 Space product assurance - Safety.
EN 16602-60 ECSS-Q-ST-60 Space product assurance - Electrical,
electronic and electromechanical (EEE)
components.
EN 16602-70 ECSS-Q-ST-70 Space product assurance - Materials,
mechanical parts and processes.
7
---------------------- Page: 9 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
3
Terms, definitions and abbreviated terms
3.1 Terms from other documents
For the purpose of this document, the terms and definitions from ECSS-ST-00-01 apply, in particular
for the following terms:
validation
verification
3.2 Terms specific to the present handbook
3.2.1 acceptance stage
verification stage with the objective of demonstrating that the product is free of workmanship defects,
is in accordance with the qualified design and is ready for its intended use
3.2.2 analysis
verification method performing a theoretical or empirical evaluation using techniques agreed with the
customer
NOTE The selected techniques can typically include statistics, qualitative
design analysis, modelling and computer simulation.
3.2.3 commissioning
verification and validation activities conducted after the launch and before the entry in operational
service either on the space elements only or on the overall system (including the ground elements)
3.2.4 in-orbit stage
verification stage valid for projects for which in-orbit verification is performed, including the
commissioning and verification activities which are delayed because the activation of a space element
is performed later during the mission (e.g. for Interplanetary mission, lander).
3.2.5 inspection
verification method by visual determination of physical characteristics
NOTE 1 Product characteristics include constructional features, hardware
conformance to document drawing or workmanship requirements,
physical conditions, software source code conformance with
coding standards
NOTE 2 See also ECSS-ST-00-01.
8
---------------------- Page: 10 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
3.2.6 model philosophy
definition of the optimum number and the characteristics of physical models required to achieve
confidence in the product verification with the shortest planning and a suitable weighing of costs and
risks
3.2.7 post-landing stage
verification stage valid for projects for which post-landing verification is performed (e.g. for
Multimission projects)
3.2.8 pre-launch stage
verification stage with the objective to verify that the flight article is properly configured for launch
and capable of functioning as planned for launch
3.2.9 qualification stage
verification stage with the objective to demonstrate that the design fulfils the applicable requirements
including proper margins
3.2.10 review-of-design
verification method using approved records or evidence that unambiguously show that the
requirement is met (e.g. using design documents, design reports, technical descriptions, engineering
drawings)
3.2.11 test
verification method by measurement of product performance and functions under representative
simulated environments
NOTE See also ECSS-ST-00-01.
3.2.12 Verification Control Board (VCB)
a board composed of customer and supplier representatives that monitors the verification process and
formally assesses the requirements verification close-out.
3.2.13 verification level
product architectural level at which the relevant verification is performed
3.3 Abbreviated terms
The following abbreviated terms are used within this document:
Abbreviation Meaning
AIT assembly, integration and test
AITP assembly, integration and test plan
AIV assembly, integration and verification
AIVP assembly, integration and verification plan
AOCS attitude and orbit control system
9
---------------------- Page: 11 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
Abbreviation Meaning
AR acceptance review
ARPT analysis report
BB Breadboard
CDR critical design review
CRR commissioning result review
CP commissioning plan
DM development model
DRD document requirements definition
ECSS European Cooperation for Space Standardization
EEE electronic electrical and electromechanical
EIDP end item data package
ELR End of Life Review
EM engineering model
EMC electromagnetic compatibility
EOL end-of-life
EQM engineering qualification model
FM flight model
FMECA failure mode effects and criticality analysis
FRR flight readiness review
FS flight spare
GPS global positioning system
GSE ground support equipment
H/W Hardware
HFE human factors engineering
I/F Interface
IM integration model
IRPT inspection report
ISO International Organisation for Standardisation
LRR launch readiness review
LTM Life Test Model
MU mock-up
NCR Non conformance report
NRB Non conformance review board
OBDH on-board data handling
10
---------------------- Page: 12 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
Abbreviation Meaning
ORR Operations Readiness Review
P/L Payload
PDR preliminary design review
PFM protoflight model
PRR preliminary requirement review
PTR post test review
QA quality assurance
QM qualification model
QR qualification review
RCS reaction control system
RF radio frequency
RFW request for waiver
ROD review of design
RRPT review of design report
S/C spacecraft
S/W software
SM structural model
SRR system requirements review
SS subsystem
STM structural-thermal model
SVF software validation facility
TCL test configuration list
ThM thermal model
TPRO Test Procedure
TRR test readiness review
TRPT test report
TSPE Test Specification
TT&C telemetry, tracking and command
VCB verification control board
VCD verification control document
VP verification plan
VRPT verification report
11
---------------------- Page: 13 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
4
Verification principles
4.1 Introduction
ECSS-E-ST-10 states that verification demonstrates, through a dedicated process, that the deliverable
system meets the specified requirements and is capable of sustaining its operational role during the
project life cycle.
ECSS-E-ST-10-02 establishes the requirements for the verification of a space system product. It
specifies the fundamental concepts of the verification process, the criteria for defining the verification
strategy and the requirements for the implementation of the verification programme. It is intended to
apply to different products at different levels, from single equipment to the overall system (including
space segment hardware and software, ground segment, launchers and transportation systems,
Verification tools and GSE).
Concerning the scope of the standard, it is useful to address at this point some frequently asked
questions posed by users, in order to emphasize certain concepts and definitions imposed by higher
level standards and by the accepted European practices enshrined within the standard.
4.2 Verification versus Validation
A question often posed is why, within European space projects, we mandate a “verification”
programme as opposed to a “verification and validation” programme, as practiced in other
engineering disciplines (e.g. software, ground segment).
In general terms verification addresses whether a product satisfies the requirements placed upon it,
whilst validation addresses whether a product will satisfy the needs of its users, or as is often more
simply said,
Verification proves the product is right.
Validation proves it is the right product.
The Verification Standard does not mandate the need for a separate programme of validation of space
products, since product verification is performed against a set of requirements that also address the
suitability of the product to fulfil the needs of its intended use. However, the standard does not
prevent the execution of a separate validation activity if this is considered appropriate, as is practiced
for example, in the operation or ground segment domains. Essentially the process to be followed is the
same, although it addresses mainly the use of the product.
12
---------------------- Page: 14 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
4.3 Applicability to all engineering domains
The verification standard is applicable to all engineering domains where space products are
developed and as such it is viewed as an “umbrella” under which all domains are covered.
In order to use the standard in a specific engineering domain it is necessary to tailor the standard for
that domain and where necessary, to make applicable the standards that define the verification
requirements of that domain. A clear example is the verification of the ground segment and
operations, whereby its verification is addressed specifically in ECSS-E-ST-70 (Ground systems and
operations), by mandating specific verification (and validation) requirements and processes for the
ground segment. The fact that ECSS-E-ST-10-02C addresses in detail the space segment does not
preclude the use of the standard in other domains, subject to correct tailoring.
4.4 Development
The ECSS glossary defines development as the process by which the capability to adequately
implement a technology or design is established before manufacture and that this process can include
the building of various partial or complete models of the products in order to assess amongst other
things, their performance.
Whilst it is obvious that testing and analysis activities occur during the product development process,
they are not addressed by the standard because they are not formal requirement verification activities
in the sense of the customer-supplier relationship and consequently do not fall within the mandate of
ECSS verification standard.
13
---------------------- Page: 15 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
5
Verification guidelines
5.1 Verification process
ECSS-E-ST-10-02C clause 5.1 specifies that:
a. The verification process shall demonstrate that the deliverable product meets the specified
customer requirements and is capable of sustaining its operational role through:
1. Verification planning;
2. Verification execution and reporting;
3. Verification control and close-out.
The detailed objectives of the Verification process are as follows:
a. to demonstrate the qualification of design and performance, as meeting the specified
requirements at the specified levels;
b. to ensure that the product is in agreement with the qualified design, is free from workmanship
defects and acceptable for use;
c. to confirm product integrity and performance at particular steps of the project life cycle (e.g.
launch, commissioning, mission events and landing).
While this process looks sequential in nature, it is in fact more complex because the verification
process of a multi level product is conducted in a top down approach for the planning, while the
execution and reporting is conducted bottom up. In addition, the verification control and close-out is
conducted in parallel to the entire process.
The verification process activities are incrementally performed at various levels and in different
stages, and utilizing a combination of the different verification methods as described in the following
clause 5.2.
5.2 Verification planning
5.2.1 Verification approach
5.2.1.1 General
ECSS-E-ST-10-02C clause 5.2.1 specifies that:
a. The customer shall define the project requirements, verification objectives and constraints
affecting the supplier verification process.
Note: For example, ground segment characteristics, launch service, envisaged
end to end tests involving several suppliers. The usual general objectives
are listed in clause 4.1.1 “Verification objectives”.
14
---------------------- Page: 16 ----------------------
SIST-TP CEN/CLC/TR 17603-10-02:2021
CEN/CLC/TR 17603-10-02:2021 (E)
b. The requirements specified in 5.2.2.1a shall always include those of the technical
specification
c. The supplier shall define the verification approach by conducting the following steps:
1. Identify and agree with the customer the set of requirements to be subject of the
verification process;
2. Select the methods and levels of verification, associated model philosophy and
verification tools;
3. Identify the stages and events in which the verification is implemented.
d. The verification approach shall be defined by the supplier in the Verification Plan (VP) for
approval by the customer prior to implementation.
e. For each requirement to be verified, the verification strategy shall be defined in terms of the
combination of the selected verification methods for the different verification levels at the
applicable verification stages in the initial issue of the Verification Control Document
(VCD also called verification matrix (see Annex B), for approval by the customer.
To reach the verification objectives a verification approach is defined in phases A and B of the project
by analyzing the requirements to be verified, taking into account:
a. design peculiarities and constraints,
b. qualification status of candidate solutions (product category),
c. availability and maturity of verification tools,
d. verification (including test) methodologies,
e. programmatic constraints, and
f. cost and schedule.
The requirement criticality, in terms of technical and programmatic impacts on the verification
implementation, should be assessed by the involvement of the verification team in the requirement
definition process during phases A and B, since it drives the verification strategy.
The verification approach should allow:
a. To ensure the definition of correct verification criteria for each requirement by participating in
the preparation of product specifications.
b. To assess the impact that verification has on the design (e.g. modularity, testability, and
accessibility).
c. To ensure a coherent approach to verification implementation throughout the various levels
avoiding duplication of activities.
d. To ensure early verification of critical items to reduce the risks of late failure identification.
e. To ensure the coverage of the interface verification.
f. To optimize the design and use of ground support equipment, simulators, test tools and test
software (e.g. re-use between levels, stages and models).
g. To optimize the use of test facilities.
h. To plan for feedback to the verification activity from the commissioning results in case of multi-
mission projects or recurring products.
i. To consider innovative solutions that can reduce overall verification costs.
j. To provide visibility and
...
SLOVENSKI STANDARD
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
01-februar-2021
Vesoljska tehnika - Smernice za preverjanje
Space engineering - Verification guidelines
Raumfahrttechnik - Verifizierungsrichtlinien
Ingénierie spatiale - Lignes directrices pour la vérification
Ta slovenski standard je istoveten z: FprCEN/CLC/TR 17603-10-02
ICS:
49.140 Vesoljski sistemi in operacije Space systems and
operations
kSIST-TP FprCEN/CLC/TR 17603-10- en,fr,de
02:2021
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
---------------------- Page: 2 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
TECHNICAL REPORT
FINAL DRAFT
FprCEN/CLC/TR 17603-
RAPPORT TECHNIQUE
10-02
TECHNISCHER BERICHT
November 2020
ICS
English version
Space engineering - Verification guidelines
Ingénierie spatiale - Lignes directrices pour la Raumfahrttechnik - Verifizierungsrichtlinien
vérification
This draft Technical Report is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/CLC/JTC 5.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.
Warning : This document is not a Technical Report. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a Technical Report.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. FprCEN/CLC/TR 17603-10-02:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.
---------------------- Page: 3 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
Table of contents
European Foreword . 5
1 Scope . 6
2 References . 7
3 Terms, definitions and abbreviated terms . 8
3.1 Terms from other documents . 8
3.2 Terms specific to the present handbook . 8
3.3 Abbreviated terms. 9
4 Verification principles . 12
4.1 Introduction . 12
4.2 Verification versus Validation . 12
4.3 Applicability to all engineering domains . 12
4.4 Development . 13
5 Verification guidelines . 14
5.1 Verification process . 14
5.2 Verification planning . 14
5.2.1 Verification approach . 14
5.2.2 Verification methods . 18
5.2.3 Verification levels . 23
5.2.4 Verification stages . 24
5.2.5 Models and Models Description . 27
5.2.6 Verification tools . 42
5.2.7 Verification process phasing . 44
5.3 Verification execution and reporting . 51
5.3.1 General . 51
5.3.2 Example of verification team responsibility and interfaces . 51
5.4 Verification control and close-out . 53
5.4.1 General . 53
5.4.2 Verification control board (VCB) . 54
5.4.3 Re-verification . 54
2
---------------------- Page: 4 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
6 Verification documentation . 55
6.1 Introduction . 55
6.2 Verification planning documents . 57
6.2.1 Verification plan (VP) . 57
6.2.2 Verification control document (VCD) . 64
6.2.3 Other verification planning Documents . 67
6.3 Verification execution and reporting documentation . 68
6.3.1 Test report (TRPT) . 68
6.3.2 Analysis report (ARPT) . 70
6.3.3 Review-of-design report (RRPT) . 71
6.3.4 Inspection report (IRPT) . 73
6.3.5 Verification report (VRPT) . 75
6.3.6 VRPT DRD explanation . 76
6.3.7 Other verification execution and reporting Document . 77
6.3.8 Other close-out documents . 79
Annex A Verification documents delivery per review . 80
Annex B Verification Standard Tailoring . 81
Figures
Figure 5-1: Basic verification approach . 16
Figure 5-2: Parameters for Model Philosophy definition. 34
Figure 5-3: Example of Unmanned project model philosophy . 36
Figure 5-4: Example of Manned project model philosophy . 37
Figure 5-5: Example of Protoflight model philosophy . 38
Figure 5-6: Example of Hybrid model philosophy. 40
Figure 5-7: Example of verification process phasing with the project life cycle . 45
Figure 5-8: Verification activities flow (Phases A/B) . 48
Figure 5-9: Verification activities flow (Phases C/D) . 49
Figure 5-10: Verification activities flow (Phases E/F) . 50
Figure 6-1: Verification documentation . 56
Figure 6-2: Example of Verification Strategies per Group/level . 59
Figure 6-3: Example of verification strategy for a single Requirement Group . 60
Figure 6-4: Example of verification planning . 61
Figure 6-5: Example of activity sheet for analysis programme . 62
Figure 6-6: Example of Activity Sheet for Integration and Test Programme . 63
Figure 6-7: Example of the close-out status table . 66
3
---------------------- Page: 5 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
Figure 6-8: Example of VCD sheet . 67
Figure 6-9: Example of test report sheet . 70
Figure 6-10: Example of an analysis report sheet . 71
Figure 6-11: Example of review-of-design report sheet. 73
Figure 6-12: Example of an inspection report sheet . 75
Figure 6-13: Example of verification report sheet. 77
Tables
Table 5-1: Product categories according to heritage . 24
Table 5-2 : Summary model definitions . 32
Table 5-3 : Example of a product matrix as viewed with a satellite perspective . 41
Table B-1 : Tailoring guidelines and some examples per product type . 82
4
---------------------- Page: 6 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
European Foreword
This document (FprCEN/CLC/TR 17603-10-02:2020) has been prepared by Technical Committee
CEN/CLC/JTC 5 “Space”, the secretariat of which is held by DIN.
This document is currently submitted to the Vote on TR.
It is highlighted that this technical report does not contain any requirement but only collection of data
or descriptions and guidelines about how to organize and perform the work in support of EN 16603-10-
02.
This Technical report (FprCEN/CLC/TR 17603-10-02:2020) originates from ECSS-E-HB-10-02A.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such
patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and
the European Free Trade Association.
This document has been developed to cover specifically space systems and has therefore precedence
over any TR covering the same scope but with a wider domain of applicability (e.g.: aerospace).
This document is currently submitted to the CEN CONSULTATION.
5
---------------------- Page: 7 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
1
Scope
This handbook provides additional information for the application of the verification standard EN
16603-10-02 to a space system product.
This handbook does not contain requirements and therefore cannot be made applicable. In case of
conflict between the standard and this handbook, the standard prevails.
This handbook is relevant for both the customer and the supplier of the product during all project
phases.
To facilitate the cross-reference, this handbook follows as much as is practical, the structure of the
standard and quotes the requirements, to make it self standing and easier to read (the text from the
standard is in italic).
As the Standard applies to different products at different product levels from single equipment to the
overall system (including space segment hardware and software, launchers and Transportation
Systems, ground segment, Verification tools, and GSE) several examples of tailoring, to match the
specificity of each application, are proposed in Annex B.
Specific discipline related verification aspects are covered in other dedicated standards and handbooks.
In particular the detailed aspects for Testing are covered in the EN 16603-10-03 and in its corresponding
handbook TR 17603-10-03.
The application of the requirements of the standard to a particular project is intended to result in
effective product verification and consequently to a high confidence in achieving successful product
operations for the intended use, in this respect this handbook has the goal to help reaching these
objectives.
6
---------------------- Page: 8 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
2
References
This document is the handbook corresponding to the Verification standard ECSS-E-ST-10-02C.
The following documents are referenced in this text or provide additional information useful for the
reader.
EN Reference Reference in text Title
EN 16601-00-01 ECSS-S-ST-00-01 ECSS system - Glossary of terms
EN 16603-10 ECSS-E-ST-10 Space engineering - System engineering
general requirements
EN 16603-10-02 ECSS-E-ST-10-02 Space engineering - Verification
EN 16603-10-03 ECSS-E-ST-10-03 Space engineering - Testing
EN 16603-40 ECSS-E-ST-40 Space engineering - Software
EN 16603-50 ECSS-E-ST-50 Space engineering - Communications
EN 16603-70 ECSS-E-ST-70 Space engineering - Ground systems and
operations
TR 16703-10-03 ECSS-E-HB-10-03 Space engineering - Testing guidelines
- ECSS-E-TM-10-21 Space engineering - System modelling and
simulation
EN 16601-10 ECSS-M-ST-10 Space project management - Project planning
and implementation.
EN 16602-10-09 ECSS-Q-ST-10-09 Space product assurance - Nonconformance
control system.
EN 16602-20 ECSS-Q-ST-20 Space product assurance - Quality assurance.
EN 16602-20-07 ECSS-Q-20-07 Space product assurance - Quality assurance
for test centres.
EN 16602-40 ECSS-Q-ST-40 Space product assurance - Safety.
EN 16602-60 ECSS-Q-ST-60 Space product assurance - Electrical,
electronic and electromechanical (EEE)
components.
EN 16602-70 ECSS-Q-ST-70 Space product assurance - Materials,
mechanical parts and processes.
7
---------------------- Page: 9 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
3
Terms, definitions and abbreviated terms
3.1 Terms from other documents
For the purpose of this document, the terms and definitions from ECSS-ST-00-01 apply, in particular for
the following terms:
validation
verification
3.2 Terms specific to the present handbook
3.2.1 acceptance stage
verification stage with the objective of demonstrating that the product is free of workmanship defects,
is in accordance with the qualified design and is ready for its intended use
3.2.2 analysis
verification method performing a theoretical or empirical evaluation using techniques agreed with the
customer
NOTE The selected techniques can typically include statistics, qualitative
design analysis, modelling and computer simulation.
3.2.3 commissioning
verification and validation activities conducted after the launch and before the entry in operational
service either on the space elements only or on the overall system (including the ground elements)
3.2.4 in-orbit stage
verification stage valid for projects for which inorbit verification is performed, including the
commissioning and verification activities which are delayed because the activation of a space element
is performed later during the mission (e.g. for Interplanetary mission, lander).
3.2.5 inspection
verification method by visual determination of physical characteristics
NOTE 1 Product characteristics include constructional features, hardware
conformance to document drawing or workmanship requirements,
physical conditions, software source code conformance with coding
standards
NOTE 2 See also ECSS-ST-00-01.
3.2.6 model philosophy
definition of the optimum number and the characteristics of physical models required to achieve
confidence in the product verification with the shortest planning and a suitable weighing of costs and
risks
8
---------------------- Page: 10 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
3.2.7 postlanding stage
verification stage valid for projects for which postlanding verification is performed (e.g. for
Multimission projects)
3.2.8 prelaunch stage
verification stage with the objective to verify that the flight article is properly configured for launch and
capable of functioning as planned for launch
3.2.9 qualification stage
verification stage with the objective to demonstrate that the design fulfils the applicable requirements
including proper margins
3.2.10 reviewofdesign
verification method using approved records or evidence that unambiguously show that the requirement
is met (e.g. using design documents, design reports, technical descriptions, engineering drawings)
3.2.11 test
verification method by measurement of product performance and functions under representative
simulated environments
NOTE See also ECSS-ST-00-01.
3.2.12 Verification Control Board (VCB)
a board composed of customer and supplier representatives that monitors the verification process and
formally assesses the requirements verification close-out.
3.2.13 verification level
product architectural level at which the relevant verification is performed
3.3 Abbreviated terms
The following abbreviated terms are used within this document:
Abbreviation Meaning
AIT assembly, integration and test
AITP assembly, integration and test plan
AIV assembly, integration and verification
AIVP assembly, integration and verification plan
AOCS attitude and orbit control system
AR acceptance review
ARPT analysis report
BB Breadboard
CDR critical design review
CRR commissioning result review
9
---------------------- Page: 11 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
Abbreviation Meaning
CP
commissioning plan
DM development model
DRD
document requirements definition
ECSS European Cooperation for Space Standardization
EEE
electronic electrical and electromechanical
EIDP end item data package
ELR
End of Life Review
EM engineering model
EMC
electromagnetic compatibility
EOL end-of-life
EQM
engineering qualification model
FM flight model
FMECA failure mode effects and criticality analysis
FRR flight readiness review
FS flight spare
GPS global positioning system
GSE ground support equipment
H/W Hardware
HFE human factors engineering
I/F Interface
IM integration model
IRPT inspection report
ISO International Organisation for Standardisation
LRR launch readiness review
LTM Life Test Model
MU mock-up
NCR Non conformance report
NRB Non conformance review board
OBDH on-board data handling
ORR Operations Readiness Review
P/L Payload
PDR preliminary design review
PFM protoflight model
PRR preliminary requirement review
10
---------------------- Page: 12 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
Abbreviation Meaning
PTR
post test review
QA quality assurance
QM
qualification model
QR qualification review
RCS
reaction control system
RF radio frequency
RFW
request for waiver
ROD review of design
RRPT
review of design report
S/C spacecraft
S/W
software
SM structural model
SRR system requirements review
SS subsystem
STM structural-thermal model
SVF software validation facility
TCL test configuration list
ThM thermal model
TPRO Test Procedure
TRR test readiness review
TRPT test report
TSPE Test Specification
TT&C telemetry, tracking and command
VCB verification control board
VCD verification control document
VP verification plan
VRPT verification report
11
---------------------- Page: 13 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
4
Verification principles
4.1 Introduction
ECSS-E-ST-10 states that verification demonstrates, through a dedicated process, that the deliverable
system meets the specified requirements and is capable of sustaining its operational role during the
project life cycle.
ECSS-E-ST-10-02 establishes the requirements for the verification of a space system product. It specifies
the fundamental concepts of the verification process, the criteria for defining the verification strategy
and the requirements for the implementation of the verification programme. It is intended to apply to
different products at different levels, from single equipment to the overall system (including space
segment hardware and software, ground segment, launchers and transportation systems, Verification
tools and GSE).
Concerning the scope of the standard, it is useful to address at this point some frequently asked
questions posed by users, in order to emphasize certain concepts and definitions imposed by higher
level standards and by the accepted European practices enshrined within the standard.
4.2 Verification versus Validation
A question often posed is why, within European space projects, we mandate a “verification”
programme as opposed to a “verification and validation” programme, as practiced in other engineering
disciplines (e.g. software, ground segment).
In general terms verification addresses whether a product satisfies the requirements placed upon it,
whilst validation addresses whether a product will satisfy the needs of its users, or as is often more
simply said,
Verification proves the product is right.
Validation proves it is the right product.
The Verification Standard does not mandate the need for a separate programme of validation of space
products, since product verification is performed against a set of requirements that also address the
suitability of the product to fulfil the needs of its intended use. However, the standard does not prevent
the execution of a separate validation activity if this is considered appropriate, as is practiced for
example, in the operation or ground segment domains. Essentially the process to be followed is the
same, although it addresses mainly the use of the product.
4.3 Applicability to all engineering domains
The verification standard is applicable to all engineering domains where space products are developed
and as such it is viewed as an “umbrella” under which all domains are covered.
In order to use the standard in a specific engineering domain it is necessary to tailor the standard for
that domain and where necessary, to make applicable the standards that define the verification
requirements of that domain. A clear example is the verification of the ground segment and operations,
12
---------------------- Page: 14 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
whereby its verification is addressed specifically in ECSS-E-ST-70 (Ground systems and operations), by
mandating specific verification (and validation) requirements and processes for the ground segment.
The fact that ECSS-E-ST-10-02C addresses in detail the space segment does not preclude the use of the
standard in other domains, subject to correct tailoring.
4.4 Development
The ECSS glossary defines development as the process by which the capability to adequately implement
a technology or design is established before manufacture and that this process can include the building
of various partial or complete models of the products in order to assess amongst other things, their
performance.
Whilst it is obvious that testing and analysis activities occur during the product development process,
they are not addressed by the standard because they are not formal requirement verification activities
in the sense of the customer-supplier relationship and consequently do not fall within the mandate of
ECSS verification standard.
13
---------------------- Page: 15 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
5
Verification guidelines
5.1 Verification process
ECSS-E-ST-10-02C clause 5.1 specifies that:
a. The verification process shall demonstrate that the deliverable product meets the specified
customer requirements and is capable of sustaining its operational role through:
1. Verification planning;
2. Verification execution and reporting;
3. Verification control and close-out.
The detailed objectives of the Verification process are as follows:
a. to demonstrate the qualification of design and performance, as meeting the specified
requirements at the specified levels;
b. to ensure that the product is in agreement with the qualified design, is free from workmanship
defects and acceptable for use;
c. to confirm product integrity and performance at particular steps of the project life cycle (e.g.
launch, commissioning, mission events and landing).
While this process looks sequential in nature, it is in fact more complex because the verification process
of a multi level product is conducted in a top down approach for the planning, while the execution and
reporting is conducted bottom up. In addition, the verification control and close-out is conducted in
parallel to the entire process.
The verification process activities are incrementally performed at various levels and in different stages,
and utilizing a combination of the different verification methods as described in the following clause
5.2.
5.2 Verification planning
5.2.1 Verification approach
5.2.1.1 General
ECSS-E-ST-10-02C clause 5.2.1 specifies that:
a. The customer shall define the project requirements, verification objectives and constraints
affecting the supplier verification process.
Note: For example, ground segment characteristics, launch service, envisaged end
to end tests involving several suppliers. The usual general objectives are
listed in clause 4.1.1 “Verification objectives”.
b. The requirements specified in 5.2.2.1a shall always include those of the technical
specification
c. The supplier shall define the verification approach by conducting the following steps:
1. Identify and agree with the customer the set of requirements to be subject of the
verification process;
14
---------------------- Page: 16 ----------------------
kSIST-TP FprCEN/CLC/TR 17603-10-02:2021
FprCEN/CLC/TR 17603-10-02:2020 (E)
2. Select the methods and levels of verification, associated model philosophy and
verification tools;
3. Identify the stages and events in which the verification is implemented.
d. The verification approach shall be defined by the supplier in the Verification Plan (VP) for
approval by the customer prior to implementation.
e. For each requirement to be verified, the verification strategy shall be defined in terms of the
combination of the selected verification methods for the different verification levels at the
applicable verification stages in the initial issue of the Verification Control Document
(VCD also called verification matrix (see Annex B), for approval by the customer.
To reach the verification objectives a verification approach is defined in phases A and B of the project
by analyzing the requirements to be verified, taking into account:
a. design peculiarities and constraints,
b. qualification status of candidate solutions (product category),
c. availability and maturity of verification tools,
d. verification (including test) methodologies,
e. programmatic constraints, and
f. cost and schedule.
The requirement criticality, in terms of technical and programmatic impacts on the verification
implementation, should be assessed by the involvement of the verification team in the requirement
definition process during phases A and B, since it drives the verification strategy.
The verification approach should allow:
a. To ensure the definition of correct verification criteria for each requirement by participating in
the preparation of product specifications.
b. To assess the impact that verification has on the design (e.g. modularity, testability, and
accessibility).
c. To ensure a coherent approach to verification implementation throughout the various levels
avoiding duplication of activities.
d. To ensure early verification of critical items to reduce the risks of late failure identification.
e. To ensure the coverage of the interface verification.
f. To optimize the design and use of ground support equipment, simulators, test tools and test
software (e.g. re-use between levels, stages and models).
g. To optimize the use of test facilities.
h. To plan for feedback to the verification activity from the commissioning results in case of multi-
mission projects or recurring products.
i. To consider innovative solutions that can reduce overall verification costs.
j. To provide visibility and objective evidence of veri
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.