ISO/DIS 23041:2026(en)

ISO/TC 20/SC 14

Secretariat: ANSI

Date: 2025-12-17

Space systems - Mission definition and execution of space activities - Requirements for spacecraft owners

© ISO 2026

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword 1

Introduction 2

1. Scope 3

2. Normative references 3

3. Terms and definitions 3

4. Symbols and abbreviated terms 3

5. Basic understanding 4

5.1 Definition of the owner and its variation 4

5.2 Recognition of the state of the orbital environment and of the global framework for the safe and long-term sustainability of space activitiess 5

5.3 Assumptions of business lifecycle model 5

6. Managemental requirements 7

6.1 General requirements 7

6.1.1 Managemental activities 7

6.1.2 Managemental organization and responsible individual 7

6.2 Traditional program management 7

6.2.1 General 7

6.2.2 Quality and reliability assurance management 7

6.2.3 Configuration control 7

6.3 Safety management 7

6.4 Risk management against on-orbital threats 7

6.4.1 General 7

6.4.2 Space weather 8

6.4.3 Collision with catalogued objects 8

6.4.4 Impact of undetectable space object 9

6.4.5 Unintended harm to space assets or on-ground communities 10

6.5 Information system safety and security control 10

6.5.1 Policy of information system safety and security control 10

6.5.2 Procedure of safety and security control 10

6.6 Protection against cyber-attacks. 11

6.7 Management to reduce misunderstandings and mistrust for posing threats to other entities 11

6.8 Comprehensive assuring the long-term sustainability of space activities 12

7. Spacecraft owner’s activities along the life cycle 13

7.1 General 13

7.2 Input to Phase 0 “mission requirement proposal” 14

7.2.1 General 14

7.2.2 Proposal of General Mission requirements 14

7.2.3 Constraints/conditions 14

7.2.4 Reliability requirements 16

7.2.5 Spacecraft operability 16

7.3 Phase 0 Mission Requirement Analysis and definition 17

7.3.1 General work in Phase 0 17

7.3.2 Mission requirement analysis report 17

7.3.3 Definition of Mission Requirements 18

7.3.4 Clarification of the specific conditions of the mission requirements 19

7.3.5 Operation concept (Informative) 20

7.3.6 Requirement to the Ground Segments 20

7.3.7 Requirement to a launch vehicle, and other considerations 20

7.4 Pre-Phase A Mission Analysis Phase (Feasibility study) 23

7.4.1 General activities 23

7.4.2 Mission Analysis 23

7.5 Phase A Feasibility Phase (Conceptual Design) 25

7.5.1 Works in Phase A 25

7.5.2 Spacecraft Functional and technical specifications 26

7.5.3 Managemental strategy 26

7.5.4 Spacecraft Operation Concept 26

7.5.5 Requirements for Ground Segment 26

7.5.6 System Requirement Review (SRR) 27

7.6 Phase B Definition Phase /Part 1 System definition 28

7.6.1 Works in Phase B/Part 1 28

7.6.2 Development Technical Specifications for Spacecraft System 28

7.6.3 Draft Spacecraft Mission/Bus Operation Plan 28

7.6.4 Development Technical Specifications for Tracking Control Ground Segment 28

7.6.5 Development Technical Specifications for Mission Operation Ground Segment 28

7.6.6 System Requirement Review (SRR) 28

7.6.7 Preparation for selecting a design and manufacturer if the owner outsources those work 28

7.7 Design and manufacturing of space systems according to owner’s specifications. 29

7.7.1 General 29

7.7.2 Supplemental discussion for design 29

7.7.3 Traditional management requirements 32

7.7.4 Supplemental requirements for risk reduction against various threats 32

7.7.5 Supplemental requirements for documentation 32

7.8 Operation Phase E/ Part 1 Launch vehicle launch-site operation and injection into the planned orbit 34

7.8.1 Selecting a launch service provider 34

7.8.2 Launch collision avoidance 34

7.8.3 Launch readiness review 34

7.9 Operation Phase E/ Part 2 Initial Operation 34

7.9.1 Check-out in initial orbit in the case of large constellation 34

7.9.2 Ordinal early operation 34

7.10 Operation Phase E/ Part 3 Mission Operation 34

7.10.1 Selection of operator 34

7.10.2 Spacecraft bus operation 34

7.10.3 Mission operation 34

7.10.4 Monitoring critical parameters, actions in case of off-nominal cases 35

7.11 Phase F Disposal 35

7.11.1 Determination of mission termination including coordination with stakeholders 35

7.11.2 Re-confirmation of disposal orbit and disposal sequence 35

7.11.3 Conduct controlled re-entry and confirmation of its result. 36

7.11.4 Disposal of spacecraft of large constellation. 36

7.12 Phase G Post Operation Review 36

7.12.1 General 36

7.12.2 Mission Completion Report 36

7.12.3 Updating Lessons learned 36

Annex A Uncrewed spacecraft operability 37

A.0 Introduction 37

A.0.2 Spacecraft operation 37

A.0.3 Spacecraft operability 37

A.0.4 Conventions 38

A.0.5 Guidelines for applicability 38

A.1 Scope 39

A.2 Normative references 39

A.3 Terms and definitions 39

A.3.1 General terms 39

A.3.2 Other terms 40

A.4 Abbreviated terms 44

A.5 Autonomy levels 44

A.6 General requirements 45

A.6.1 Observability 45

A.6.2 Commandability 45

A.6.3 Compatibility 46

A.6.4 Security 46

A.6.5 Safety 46

A.6.6 Flexibility 46

A.6.7 Efficiency 47

A.6.8 Testability 47

A.6.9 Applicability matrix 47

A.7 Detailed requirements 47

A.7.1 Spacecraft observability requirements 47

A.7.1.1 Telemetry design 47

A.7.1.2 Telemetry timing information 49

A.7.1.3 Diagnostic mode 49

A.7.2 Spacecraft commandability requirements 49

A.7.2.1 Telecommand design 49

A.7.2.2 Critical telecommands 50

A.7.2.3 Control of autonomous functions 50

A.7.2.4 Telecommand transmission and distribution 51

A.7.2.5 Telecommand verification 51

A.7.3 Memory management 51

A.7.4 On-board processing functions 52

A.7.4.1 Control loops 52

A.7.4.2 On-board monitoring 52

A.7.4.3 On-board operations scheduling 52

A.7.4.4 On-board operations procedures 53

A.7.4.5 On-board storage and retrieval 53

A.7.4.6 Mission management 53

A.7.4.7 On-board fault management 54

A.7.5 Equipment/subsystem-specific requirements 56

A.7.5.1 On-board processors and software 56

A.7.5.2 Power supply and consumption 57

A.7.5.3 Telemetry, tracking and command (TT&C) 57

A.7.5.4 Attitude and orbit control 58

A.7.5.5 Mechanisms 58

A.7.5.6 Thermal control 58

Supplement A for Annex A (informative) Mission constants 60

Annex B Uncrewed spacecraft operational procedures 61

B.1 Scope 61

B.2 Normative references 61

B.3 Terms and definitions 61

B.4 Symbols and abbreviated terms 62

B.5 Documentation 63

Annex C Normative reference 86

Bibliography (TBD) 91

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity, or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO [had/had not] received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 20, space system and operation, Subcommittee SC 14, space systems and operation.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

Over the past two decades, various efforts have been undertaken by the United Nations and other organizations to ensure the long-term sustainability of space activities.

From the perspective of design and operation to mitigate debris generation, the “IADC Space Debris Mitigation Guidelines”, the “United Nations (UN) Space Debris Mitigation Guidelines”, ISO 24113^[27]:2023 “Space Debris Mitigation Requirement”, etc. have been published.

Since 2007, on top of efforts to avoid the intentional destruction of orbital objects, other efforts have been made to establish Transparency and Confidence-building Measures (TCBM) for improving cooperation in space, and on reducing the risks of misunderstanding, mistrust, and miscalculations among nations.. In 2013 the “UN Group of Governmental Experts on TCBM in Outer Space Activities”^[B-5]

In 2010, the Scientific and Technical Subcommittee set the agenda of the long-term sustainability of outer space, and in 2016, the first set of "Guidelines for the Long-Term Sustainability of outer space activities"^[B-4] was agreed. Initially, there was no clear common understanding regarding the specific content of this LTS project, but gradually, led by the United States, the major aim was cleared that one of the major intentions is to create the world framework for the collision avoidance. The current activities relating STM seems to concentrate on collision avoidance.

Throughout above history, various international guidelines and rules have been developed, but in order to ensure their implementation, the responsible behaviour of the owners of spacecraft, who are the main actors of space activities, is essential. The owners are responsible for planning, developing, and completing space activities. Responsible behaviour by the owners is therefore important. What makes the compliance with the international guidelines feasible is the owner's determination and funding. And it is the owner’s community that enjoys the benefits of LTS.

This standard can be seen as a high-level standard that covers all phases of a development lifecycle of spacecraft, from mission proposal to operation and disposal. A few other ISO/TC20/SC14 standards focus on some very specific aspects, but no other general comprehensive operational standard exists. In addition, no other document is providing guidance on phases such as mission requirements proposal or definition of system requirements, which are the responsibility of the owner.

Since this first edition has absorbed ISO 14950^[19] :2023“Space systems-Unmanned spacecraft operability” in Annex A, it cancels and replaces ISO 14950^[19] :2023.

The aim of this standard is therefore to provide requirements for the works conducted by owners throughout the life cycle of space activities and to promote proper space activities”

Space systems - Mission definition and execution of space activities - Requirements for spacecraft owners

This standard defines requirements for owners of spacecraft (including constellation of spacecraft) applicable during the lifecycle of a project, to ensure the sustainable space activities. Activities include those conducted during proposing mission requirements, defining mission requirements, developing operational plans, defining technical specifications, designing/manufacturing/operating space systems and ground segments, launching space systems, operating missions, and decommissioning space systems.

In line with this standard, owners shall ensure that their spacecraft is safe from hazards posed by the natural space environment, objects in orbit, lack of quality and reliability, and intentional attacks, as far as possible, in order to ensure the successful completion of the mission of their spacecraft. and, conversely, that the owner's systems do not pose a threat to the orbital environment, space assets, people on the ground, or ground facilities.

NOTE In this document, the entity that plans and promotes space activities using spacecraft, and conducts space business or research projects, is called as an “owner of spacecraft ” or simply “owner”. In other words, it is an entity who possess the spacecraft systems operating in the Earth orbit, conducting launching the spacecraft into the orbit, operating the ground support systems to control spacecraft and exchange the data with them, and running business applying the results of space activities. This STD is applicable even if the entity would conduct those activities indirectly under the contracts with designer and manufacturer, launching service provider, operator of the spacecraft or the ground facilities for its housekeeping and/or mission operation, data processing operators for their business.

The documents listed in Annex C are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

No terms and definitions are listed in this document.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

3.1

TBD

TBD

In this standard, the entity that plans and promotes space activities using spacecraft, and conducts space business or research projects, is called as an owner.

The following Cases A to C are typically considered as the owner's business development patterns, although there may be more contractual arrangements in conducting space business. In any case, the owner will basically be liable to external parties for all aspects of this project/business unless there are other contractual arrangements for liability. Table 1 shows the typical patterns of the relating entities.

a) Case A: The owner will define mission requirements, determine specifications for spacecraft and ground segments, develop or procure them, conduct launch operation or outsource launch services, manage mission/bus operations, decommissioning operations, and post mission review after completion of operations of each spacecraft mission and set of constellations.

b) Case B: The owner may purchase spacecraft commercially with providing the technical specifications, and borrow existing ground equipment, and outsource the launch service. Basically, the owner will be responsible for all aspects of the project and business to external parties.

c) Case C: The owner will carry out mainly "definition of mission requirements" and "sales activities based on the data or data transfer service operations". Hardware development, manufacturing, launch service, spacecraft operations will be outsourced. The owner conducts reviews or inspections at each development phase or before delivery.

“NOTE : In this standard, the “operator” is used as a very narrow meaning as an entity that conduct controlling of the spacecraft for the mission operation and housekeeping operation, including the orbit and attitude control (for mission operation, collision avoidance, disposal operation, other contingency operation, etc.), thermal control, electric control and commanding, communication and tracking control, and on ground mission data translation to the owner or other data collection centres. This “operator” is different from so-called business operator who run the space business totally, etc.

Table 1 — Several patterns of business models of “spacecraft owner”

The owners, regardless to whether government agencies, non-governmental organizations, or joint agencies of several countries, should recognise the state of the orbital environment and of the global framework for the safe and long-term sustainability of space activities.

The owners should conduct space activities under the following recognition.

(1) The owners should conduct space activities only for peaceful purposes.

NOTE According to the UN Outer Space Treaty, the states, as States Parties to the treaty, assure the peaceful purpose of the national activities in the outer space activities. And the activities of non-governmental entities in outer space, should require authorization and continuing supervision by the appropriate State Party to the treaty.

(2) The owners should recognize the “Sustainability (LTS) Guidelines''. The Guidelines include the suggestions for the adequate measures against the threats of orbital collision, natural environment, generation of debris, RF interference, etc.

NOTE The UN Guidelines are thrown to generally “states and international intergovernmental organizations”, but depending on the guidelines, commercial entities are given them directory, namely, the guidelines for data sharing are given to “operators and other appropriate entities”, for conjunction assessment are given to “spacecraft operators and conjunction assessment service providers”, etc. In those cases, this standard is standing on the position that commercial entities should comply with them regardless of the existence of the domestic legal framework.

(3) The owners should pay attention to the “Transparency and Confidence Building Measures (TCBM)” and promote the communication and coordination among nations, to avoid misunderstanding for their space activities that may pose a sense of threat to other entities or nation.

(4) The owners should accept the financial burden, as far as financially and technically feasible, necessary to ensure, to the maximum extent possible, that the space activity does not pose a threat to the orbital environment, other space assets, as well as land assets and humanity.

(5) The owners should recognize that if a spacecraft is vulnerable to space weather, orbital objects, meteoroids, or intentional attacks, it will negatively contribute to the deterioration of the orbital environment, and the owner should incorporate counter measures to prevent it, as far as possible.

(6) Regarding the value of the mission, the owner should evaluate whether or not it is worth using the congested orbital environment from the perspective of the contribution to public safety and improvement of social convenience. The owners should understand that this is no longer the time to occupy the useful orbital environment as a common asset of humankind, for self-satisfaction.

Depending on the magnitude or characteristics of business, owner will select one of various lifecycle models to ensure the mission assurance, QA assurance, project review system that could control the inter departments in the entity and contractors, etc.

In this document, various requirements are presented on the condition that a typical lifecycle model illustrated in Figure 1 and 2, and the existing ISO program management standards, are applied.

Figure 1 — Lifecycle of the spacecraft activities up to Phase D
(This STD starts from “Input to Phase 0” and MDR not mentioned in the other existing STDs.)

Figure 2 — Lifecycle of the spacecraft activities from Phase E up to the completion of project

In developing the technical requirement or specifications, the owner shall define the policies in each managemental activity and mention in the technical specifications.

The owner shall assemble in its organization a department to control managemental activities, and assign a responsible individual for them, or shall require the contractors to do so.

The owner shall conduct, and shall require the contractors to conduct, the managemental activities for quality, reliability and configuration with referring the existing program management standards.

The ISO standards and technical specification, for the program management area have been published, as shown in Annex C. (from [1] to [12] )

The owner shall conduct quality and reliability assurance (almost a synonym of dependability, maintainability and availability assurance) activities through reviewing design and manufacturing process, vendor control, inspection of merchandise, verification, validation, and qualification.

Relevant ISO standards are ISO 15865^[20]:2022, ISO 27025^[11]:2023, ISO 23460^[9]:2023, ISO 18667 ^[4]:2023 and ISO 20188.

The owner shall conduct configuration control to guarantee the compliance between technical specifications and the final product, thorough the works of the definition of specifications, of controlling the structure of all the elements, of controlling technical changes of specifications, drawings and procedures, and of recognising the latest version for all the structuring elements and assuring to select the latest version.

Relevant ISO standards are ISO 21886^[7]:2019.

The owner shall conduct directory, and shall require the contractors to conduct, managemental activities for system safety, ground safety, and flight safety with referring the existing relevant standards.

Relevant ISO standards are ISO 14620-1^[13]:2018, ISO 14620-2^[14]:2025, ISO 14620-3^[15]:2021, ISO 27875^[16]:2019 and ISO 21740^[17]:2025.

NOTE For the ground safety from the re-entering objects, not only the national government but also the commercial launch service providers and spacecraft owners are also taking into consideration UN ^“Convention on international liability for damage caused by space objects” ^[B-2]. If the system contains the nuclear energy sources “Principles relevant to the use of nuclear power sources in outer space”^[B-3].

The owner shall conduct directory, and shall require the contractors to conduct, risk assessment against designated hazards and threats. It includes hazard identification, assessment of likelihood and consequences, and design for risk reduction measures and operational remediations according to the risk magnitude.

NOTE Hazards and threats will include threats due to space weather (including solar activities, etc. mentioned in 6.6.2), collision with catalogued objects(mentioned in 6.6.3), impact of undetectable debris (mentioned in 6.6.4), other unintended harm to space assets or ground communities (mentioned in 6.6.5).

The ISO standards for the program management area have been published, as shown in Annex C. (from [1] to [12] to be defined by the next stage) and, ISO 17666^[55]:2025 and ISO 11231^[56]:2019 are concerned.

Hazardous factors will include the influence of space weather, collision with catalogued objects, impact of small orbital objects, accidental break-ups, accidental operation termination, etc.

The owner shall identify the vulnerable points for each environmental factor in the planned system and prepare applicable standards (concerning the environment models, failure preventive design, and operation standards, etc.) in their systems engineering framework. Those standards will be reflected in the design specifications and operational guidelines to be applied in design.

NOTE 1 Regarding the natural space environment, ISO/TC20/SC14 has not published enough standards but issued some standards indicated in Annex C from [31] to [47]. Historically, factors relating with space weather have caused failures.

a) Electrostatic discharge due to internal charging and surface charging

b) Cosmic rays, solar particle events, SEU due to South Atlantic Anomaly,

c) Solar proton event, total radiation dose, etc.

d) Solar mass ejection and induced geomagnetic storm or increased density of atmosphere,

NOTE 2 Since ISO/TC20/SC14 has not developed enough design standards, other domestic standards, regional standards may be applied. Owners may develop standards especially for their specific technical areas required for their unique mission. Or contractor’s standards may be accepted as far as owners review and accept to apply.

Definition of the design and operation measures for collision avoidance

The owner shall clearly define the design and operation measures for collision avoidance in the technical specifications and the Mission/Bus Operation Plan. Detail can be known in the ISO 9490^[116] : and ISO 23705^[117]: , as shown in Annex C.

Design of function of the collision avoidance manoeuvre and allocation of propellant

In terms of spacecraft hardware design, the requirement for the function of the collision avoidance manoeuvre and the allocation of propellant for collision avoidance manoeuvre shall be reflected in the technical specifications.

NOTE 1: The operation procedures are written in the above ISO standards, including typically;

1) registration of injection into orbit, a plan of orbital change manoeuvres,

2) acquiring the support of STC (Space Traffic Coordination) service provider,

3) assignment of contact point for coordination for collision avoidance,

4) periodical monitoring and conjunction assessment,

5) receiving the notification of conjunction, or alert for collision,

6) coordination with the owner of approaching spacecraft, including sharing the ephemeris data,

7) development of collision avoidance plan (and “return to operation orbit plan”) and execution.

NOTE 2: Generally, a space object with a diameter of 10 cm is considered to be the threshold that cause the catastrophic fragmentation of a spacecraft. The critical mass of spacecraft that cause catastrophic break-up with a solid aluminium sphere with a diameter of 10 cm is that weighing about 2,000 kg. More precisely, ISO 16126 "Space systems - Survivability of uncrewed spacecraft against space debris and meteorite impacts for space debris mitigation purposes"/Appendix C determines the relationship between "mass of the spacecraft" and "critical diameter of debris causing catastrophic fragmentation" (See Figure 3). Such analytical methods should be used to determine the critical diameter.

Figure 3 — Mass of spacecraft vs the critical diameter of solid aluminium sphere that causes break-up

NOTE 3: As we see that the UN LTS Guidelines puts emphasise this aspect and have recommendation of from B.1 to B.5, other world guidelines and standards have requirements for collision avoidance operation.

NOTE 4: Except the collision between small objects, collision among system-level objects have found once in 2007. Since then, the collision avoidance operations, performed by many entities, have contributing on avoiding such incidents, and further collision incidents have not been found so far. However, the number of system-level objects will surpass the number of fragments within a few years, the collision among large constellation or collision with traditional stand-alone spacecraft will be large risk factors.

NOTE 5: There is big issue that there are no reliable flux models for the debris and meteoroid, particularly today’s mass increase in orbit due to existing and being planned large constellation programs.

That means, each owner needs to prepare the flux model, for their planned orbital region. Yet such model can certainly not predict accurately the evolution of the space environment up to the end of design life.

Even smaller objects that cannot be catalogued could cause critical damage that may lead to loss of functions, if they would impact equipment necessary for these functions. Even with a size of 1 mm, there are vulnerable parts. Depending on the expected probability of collisions and severity of damage, owners shall develop technical specifications to include protection shielding or redundant circuit designs, especially for elements critical to maintaining critical mission equipment and housekeeping functions.

NOTE 1: ISO/TC20/SC14 provides evaluation procedures in ISO 16126^[57]:2024 “Space systems — Survivability of unmanned spacecraft against space debris and meteoroid impacts for the purpose of space debris mitigation”.

Typical measures to minimise the damage caused by collision of tiny debris includes;

1) selecting critical components that prevent mission operation and disposal operation,

2) checking the vulnerability of critical components, including the protection effect of neighbouring components,

3) confirming mode of collision, such as impact velocity, impact angle, impact probability according to the debris mass,

4) confirming damage mode according to the characteristics of impact mode,

5) analysing the probability of failures due to impact.

NOTE 2: There is big issue that there are no reliable models for flux of the debris and meteoroid, particularly today’s mass increase in orbit due to existing and being planned large constellation programs. It is relatively feasible for catalogued object, but difficult for tiny objects that will penetrate the components, or cause rupture of high-pressure vessels.

Mitigation of generation of space debris

The measures to mitigate debris generation during the design, operation, and disposal of spacecraft are defined in ISO 24113^[27]:2023. In order to be compliant with ISO 24113^[27]:2023, 8.2 the owner shall develop a Debris Mitigation Plan and submit it with a Technical Specifications according to 7.6.2. (Ref. Format of SDMP in ISO TR 18146^[28]:2020: Space systems — Space debris mitigation design and operation guidelines for spacecraft).

Apparent magnitude of spacecraft

Particularly the owners of the large constellation shall control the apparent magnitude of their spacecraft, during operational phases, and after disposal, if possible. to limit disruptions to the astronomy and naked-eye observing communities. The feasible measures are [See detail in ISO TS 6434^[26]:2024]

NOTE 2 in TS 6434^[26]:2024: The design can minimize the impact on astronomy using mechanisms (e.g., deployable visors), vehicle orientations, shutters, and/or operating characteristics to reduce the overall reflectivity of the spacecraft. The necessity of such techniques depends on orbit altitude, reflectance of surface components, overall surface area, and flight attitude rules.

In order to ensure safety of information systems (including facilities, computer systems, terminals, data recording media, communication cables, etc.) against the hazards (natural disasters, failures and degradation, accidents, intentional tampering, eavesdropping, etc.), spacecraft owners shall develop, and shall require contractors to develop, a policy for safety and security control for physical, technical, and human aspects.

The owner shall identify the damage caused by hazards, and the routes of risk propagation, and take measures in terms of facilities, technology, and access control to counter them.

NOTE 1: The controlled information system will guard the computer systems, facilities, relating peoples, media, and all layers of network protocol to protect the spacecraft, its drawings and relating documents, production/testing facilities, etc. from destruction, theft, wiretapping, and falsification of information.

NOTE 2: One of the points that the “information system safety” differs from the “cyber security” is at least the former includes the threats due to unintentional factors such as the natural disaster like earthquake, the unintentional fire events, malfunctions due to miss operation or degradation of components of facilities. The latter is caused by ill intended purposes.

Besides the security control for theft, wiretapping, and falsification of information system mentioned in 6.5, the owner shall develop and shall require the contractors to develop a policy to prevent attacks to on-orbit spacecraft. The owner shall develop, and shall require the contractors to develop the procedures to identify the vulnerability, invent design and operation procedure, monitor the abnormal situation, etc.

NOTE 1: Above will include the measures to prevent loss of orbit and attitude control function, unintentional data transmission, unintentional self-damaging, unintentional attack to other assets.

NOTE 2: Works will include, as examples, security control in designing phase, strict design for data inlet line, design measures to protect from the physical attack with lazar or electromagnetic wave, procurement control of parts (rejection of microchips with backdoor, etc.), and monitoring of employee.

NOTE 3: There are many references for guidelines as followings for the protection from cyber-attack.

a) ISO/IEC 27032^[50]:2023, Cybersecurity - Guidelines for Internet security

b) ISO/IEC TR 27103^[51]:2018, Information technology - Security techniques - Cybersecurity and ISO and IEC Standards

c) ISO 20517^[52]:2024, "Cybersecurity management guidelines" (from SC14/WGS)

d) ISO 21324^[53]:2016, "Space data link security protocol" (from CCSDS)

e) ISO 19389^[54]:2014, Space data and information transfer systems - Conjunction data message /Annex C

f) NIST SP800-171^[B-6] established by the National Institute of Standards and Technology (NIST)

NOTE Traditional security has focused on the idea of "preventive defence" against cyber-attacks, but NIST SP 800-171 specifies requirements for cyber-attacks, encompassing "identification, prevention, detection, response, and recovery" based on the premise of attacks and intrusions.

g) US DoD's "Cyber security Reciprocity Playbook"^[B-7]

On the other hand, there is concern that the current guidelines limit the types of attacks on the transmission and reception of information related to software, communications, data, etc. Depending on the type of attack (equipment level, facility/equipment level, technology level, access control level, etc.), measures such as detecting and removing microchips with backdoors, sealing wiring within the launch site, and eliminating malicious actors will be necessary. In addition, in terms of the propagation of damage, the damage would be unimaginable if control of a space system were to be lost.

NOTE 4: Each entity may prepare a contingency plan that considers the above threat modes, detection of abnormalities, propagation of damage, preparation of emergency measures, and a system for formulating permanent measures.

The owner shall try to reduce misunderstanding, mistrust and miscalculations regarding the space activities, and shall refrain from planning any acts that pose a sense of threat to other entities.

NOTE 1: Typically, the concepts of the Transparency and Confidence Building Measures (TCBM) is written in the Report of the Group of Governmental Experts (GGE) on TCBM in Outer Space in Outer Space Activities that was endorsed by the UN General Assembly at its 68th session in late 2013, and other documents discussed in the UN. Ideal concrete measures will include (1) to regularly publish space activity plans and their objectives, (2) to make research status and facilities and equipment public, (3) to publish in advance or refrain from implementing action plans that may be particularly misleading, and (4) to immediately publicize any incidents, accidents, or malfunctions that may be misunderstood as potentially threatening and to gain sympathy for emergency measures. Although those activities are conducted by the national governments, but at least above (4) may be better to be in mind of the owners for the benefit among space users.

NOTE 2: The most typical missions to avoid are those whose mission objectives raise concerns that they are not peaceful purposes.

NOTE 3: The actions such as intentional destructions even if that is planned for encouraging demise during re-entry, laser reflections for communications, or on-orbit capturing for disposal or retrieval, radio-magnetic interference etc. are better to be conducted with precautions and information of justification in advance not to provide threat to other entities.

The “UN Guidelines for the Long-term Sustainability of Outer Space Activities of the Committee on the Peaceful Uses of Outer Space”/part II/Section B shows the basic understanding and suggestions for space activities.

Owners should consider all factors, including those mentioned above, such as hazards within the program, hazards that threaten the program, and hazards that the program poses to other organizations and assets, and strive to ensure the long-term sustainability of space activities. If the characteristics of the program of the owner has specific threats and risks not included in above mentioned factors, the owner should recognise them and should take measures.

NOTE 1 The large constellation programs have the specific threats and risks that is mentioned in TS 6434[26]:2024.

NOTE 2 The major actor to keep compliance with the UN LTS Guidelines are the government of nation or international organization, but the owner of commercial space activities are expected to bear in mind the clauses of B.1, B.2, B.3 and B.4 of the Guidelines that are relating to the collision avoidance, and B.6 relating to space weather, B.8 relating to space debris, and B.9 relating to re-entry.

In this clause the works along the lifecycle are allocated in the following five categories.

(1) Owner-directed activities

This category presents what the owner would do as essential work including a) Mission proposal, analysis, and definition, b) Definition of system requirements for the spacecraft and its ground support segments, and preparation of technical specifications, c) Development of the concept of operations,

(2) Design and Manufacturing of the spacecraft and ground facilities

This category includes the works to develop space systems and its ground support systems to realize owner’s mission plan. If the owner procures the systems, owners work will be limited to bidding, contract, review, and supervision for the contractor’s activities.

(3) Launching spacecraft by launch vehicle

There are small number of cases where owner conduct launching their spacecraft by themselves, but usually, owners will conduct it under the contract with a launch service provider. In such case, the owner will select a launch service provider and supervise their work.

(4) Spacecraft operation, acquisition, and use of mission data

(5) Evaluation of the project after the completion of spacecraft operations

Figure 4 shows the baseline for above categories.

Figure 4 — Typical life cycle model and review process, and allocation of responsibilities along the owner, design/manufacturer and operator

The owner shall produce a “Mission Proposal” that presents a general mission requirements including the purpose and outline of the proposed mission, the constraints and preconditions associated with realization of the mission, and reliability requirements. The results will be an input to the Mission Requirements Analysis Phase (Phase 0).

The owner shall clarify the following matters, including the purpose of the mission, the outline of the mission, and the social benefits to be obtained. (See 8.1 for details)

(1) Purpose of the mission (Earth observation, astronomical observation, planetary exploration, weather/communication/broadcasting/positioning services, orbital environment utilization experiment, space technology demonstration, etc.)

(2) Contents of information or services to be acquired (earth observation items, other celestial body exploration items, content of services provided, content of experiments, content of technology to be demonstrated)

(3) Design life and subsequent spacecraft Mission/Bus Operation Plan

(4) Benefits to be obtained, improvements to be made in comparison with the current situation, benefit recipients, organizations, and society (service providers, stakeholders, ripple effects),

(5) Fund size, financing, and profit forecast

(6) Achievement of the owner's commitment to consider the world frame works, such as the UN treaties, UN LTS Guidelines, etc., to assure the safe and the long-term sustainability of the space activities.

(7) Technical, economic, and social factors that pose risks to the realization of the mission

(8) The scale of the spacecraft, new technology, prospects for acquiring ground infrastructure, service provision systems, and data receiving equipment necessary for operation.

(9) Organizations that require cooperation and their feasibility.

Basic constraint in terms of the long-term sustainability and the peaceful use of space

spacecraft owners shall not conduct operations posing uncontrolled adverse effect on human society on the ground, orbital environment, other human assets in orbit.

[1] Missions that inject and spread too many uncontrollable objects that are risky when they would impact to inhabitable orbital assets and would remain in orbit longer than 25 years.

NOTE This requirement was derived from reflection on the Westford experiment.

[2] Missions involving on-orbit destruction prohibited by ISO 24113^[27]:2023

[3] Missions that project laser beams in an uncontrolled manner

[4] Missions with the intent of destroying or seizing the property of others

[5] RF emissions that impose hazards to other space assets or ground activities.

Constraints and conditions necessary for mission requirements analysis and definition

The owner shall clarify the constraints and conditions necessary for mission requirements analysis and definition, including the items identified in 7.2.2 (6), (7), (8), and (9), if necessary, and register them as project management documents.

The project management documents clarify and share them in the project as design and development materials. When the design is based on conditions assumed without confirmation or conditions that have not yet been determined, risk recognition and identification shall be managed, and recognition shared.

NOTE : Because the constraints imposed on the system vary widely depending on the control method, function, and performance of the system/subsystem/device, it is not possible to clarify everything at this phase. It also includes effects resulting from system design. Here, it is sufficient to carry out as much as necessary for system requirements analysis.

Relevant items include at least the following:

(1) Main project and external constraints to consider

(a) Project management constraints (budget, schedule, specification of onboard equipment, status of other projects, reliability requirements, etc.)

(b) Constraints from the launch vehicle (if the launch method is specified) (size/shape (constraints on allowable envelope area), allowable mass, rocket interface, launch timing, injection orbit, orbit injection conditions, launch site environmental/safety regulations, etc.)

(c) Development environment (analysis/manufacturing/testing facilities, etc.)

(d) Operational environment (ground stations, ground support facilities, etc.)

(e) Regulations (domestic laws such as the High-Pressure Gas and Explosives Control Act, international regulations such as the Space Act [See 5.2], radio frequency management regulations, domestic and international export control regulations, industrial standards, internal standards and regulations, etc.)

(2) Main space environmental factors to consider

(a) Launch environment

(b) Cosmic radiation, solar wind, magnetic storms (including electrostatic discharges and atmospheric changes induced by them)

(c) Sunlight

(d) Plasma

(e) Upper atmosphere, atomic oxygen

(f) Earth (planet, satellite)

(g) Space dust, meteoroids, space debris

(h) Vacuum environment

(i) Zero gravity/weightlessness

(j) Electromagnetic interference from onboard equipment and electromagnetic interference from another spacecraft.

(k) Disturbance/perturbation

(3) Main constraints imposed on the system by mission requirements and mission equipment to be considered with considering the reliability defined in 7.2.1.4 and operability defined in 7.2.1.5.

(a) Pointing performance requirements

(b) Alignment accuracy requirements

(c) Field of view requirements (including obstruction avoidance field of view)

(d) Radio interference avoidance request

(e) Thermal conditions

(f) Shape and structural characteristics

(g) Mass

(h) Flexible structure characteristics, disturbance transfer characteristics

(i) Expansion and separation structure

(j) Power requirements

(k) Electromagnetic compatibility (EMC/EMI)

(l) Output data request

(m) Telemetry, command requests

(n) Lifetime requirements

The owner shall establish reliability requirements mainly to guarantee the following items. For this area, ISO 27025^[11]:2023, ISO 23460^[9]:2023 and TS 18667^[4]:2023 have been published, as shown in Annex C..

(1) Mission life and survivability

(2) Continuity of mission operations

(3) Restorability and time until restoration when a problem occurs

NOTE :To guarantee the above in more detailed aspects, adding to above mentioned ISO standards, the following items are controlled with a part of the systems engineering framework in the entity.

(a) Design procedures for structural, electrical, and other design methods and safety factors that guarantee the quality and reliability,

(b) Management procedure using reliability design parameters such as useful life management and cumulative fatigue

(c) Environmental design standards, verification standards, model philosophy, and certification standards.

(d) Optimal circuit design based on reliability prediction values calculated from equipment/component failure rates, etc.

(e) Validation procedures for circuit design using FMEA, FDIR, etc., identification of failure sources, and counter measures.

(f) Procedures for periodical health check, malfunction symptom detection measures, and off nominal procedures in the event of an abnormality.

The owner shall assure the operability of a spacecraft. Here, the operability is, as defined in Annex A, a feature of the spacecraft itself that enables a specified ground segment comprising hardware, software, personnel, and procedures, to operate the space segment during the complete mission lifetime of the spacecraft, by using a minimum of resources, while maximizing the quality, quantity, and availability (or timeliness of delivery) of mission products, without compromising spacecraft safety.

NOTE General requirements including observability, commandability, compatibility, security, safety, flexibility, efficiency and testability, and detailed requirement for the following are defined in Annex A.

a) Spacecraft observability requirements

b) Spacecraft commandability requirements

c) Memory management

d) On-board processing functions

e) Equipment/subsystem-specific requirements

The owner shall compile the following information as input to the mission requirements analysis work performed in Phase 0 for the proposed mission, compiles it into a "mission proposal," and submits it to the Mission Definition Review (MDR).

(1) Mission requirements analysis report

(2) Mission requirement definition

(3) Operation concept

(4) Requests for the ground segment

(5) Requirements or constraints on the launch vehicle

NOTE  

The primary purpose of the Mission Requirement Analysis and Definition Phase is the analysis and definition of mission requirements. The owner defines mission requirement with comprehensively evaluating the necessity of the mission, its impact on society, the feasibility under financial, technical, legal, ethical, time, and other constraints, and negative impact on the orbital environment.

From the perspective of LTS, the owner cares to ensure that the mission objective itself does not become excessively vulnerable to deterioration of the orbital environment or collisions. Furthermore, the owner shall take consideration to environmental conservation for the long-term sustainability of space activities.

Debris countermeasures that have a significant impact on the definition of system specifications for space systems are determined in this phase.

The physical and functional requirements necessary to realize mission requirements will be allocated to spacecraft systems, ground facilities, launch vehicles, and operational plans.

The owner compiles above result into a Combined Mission Requirements and submit to the Mission Definition Review (MDR).

The Owner shall coordinate the mission proposal with interested parties, including external stakeholders, shall analyse its validity, and create a "Mission Requirements Analysis Report" that includes the following contents:

(1) Mission requirements analysis report (Informative)

a) Mission concept

If the mission is constellation program that consists of large number of spacecraft, particularly when more than 100 spacecraft will be operated simultaneously, the compliance with the specific standards for constellation (TS 6434^[26]:2024, etc.) shall be assured.

b) Purpose, significance/value, and uniqueness of the mission

c) Current system feasibility study results

— Study of mission orbit, if being planned in the crowded orbit region, it shall be considered with the interference with existing and planned spacecraft, particularly large constellations or having large eccentricity crossing crowded region. If this is a large constellation it is mandatory study.

— Study of system architecture (system configuration, block diagram, etc.)

— Basic principles of the mission section and key technologies, design study/prototype status

— Mission concept and technology maturity status (Refer ISO 16290^[58]:2024 “Definition of the Technology Readiness Levels (TRL) and their criteria of assessment”)

d) Estimated cost (including total cost and annual spread (approximate))

e) Development plan including development policy (including the entire life cycle of mission definition phase/project preparation phase/project execution phase)

f) Draft procurement policy/plan in line with estimated cost

g) Risk reduction action plan until project transition (mission definition phase/project preparation stage) including issuance of space debris mitigation measures plan, collision avoidance operation plan, and re-entry risk reduction plan.

h) Mission definition phase activity plan

— Activities (activities to improve the significance and value of the mission, system feasibility study activities, risk reduction activities for critical technical elements)

— Schedule

— Financial plan (including annual development)

— Implementation system

i) Risk reduction measures and prospects for ensuring system feasibility after implementing activities in the mission definition phase. It is desirable that risk reduction measures include methods for dealing with potential harm predictions and damage predictions related to the following:

— Activities which may conflict with space safety and sustainability

— Quality and reliability assurance policy, security policy,

i) Model philosophy, validation strategy

ii) Effective range of existing design standards and analysis tools

iii) Parts strategy

iv) Cyber-attack countermeasure policy

— Securing ground segments related to operations and missions.

j) Request for accelerated proposal (funding, its action plan and reasons)

(2) Perspectives and criteria for evaluation and selection (Informative)

The evaluation and selection criteria for pre-project candidates for the mission definition phase are as follows.

a) Significance and value of the mission (compatibility with management strategy, degree of contribution to the safety and security of international and local communities)

b) Violation of the rights of other countries, concerns about the long-term sustainability of space activities, violations of transparency and confidence-building measures, consideration of the magnitude of the burden on other space assets, people and assets on the ground, and ways to reduce the burden.

c) Technical feasibility of the mission/bus operations.

d) Validity of activity plans and results of the mission definition phase

e) In the case of continuing missions, changes in the significance and value of the mission, evaluation of obsolescence, and continuity of effectiveness.

The owner shall produce a Draft “Mission Requirements” reflecting the results of the mission requirements analysis and shall include it in the Total System Requirements (including requirement for spacecraft, ground segments and launch service).

NOTE The following works are included.

Mission objectives are realized by the processes that starts with the definition of the mission objective, consider multiple mission concepts to achieve this, make various trades in terms of the degree of mission achievement, the size, cost, and development risk of the ground system and spacecraft system required for this, and end up with clarification of the design requirements of the overall system to achieve this.

In this phase 0 “Mission Requirement Analysis and definition”, the mission objectives are defined, and in the following Pre-Phase A “Mission Analysis Phase (Feasibility study)”, the mission analysis would be conducted to induce to the orbit and system design.

The following process will be taken.

(1) Defining the mission objectives

The first process in analysing/designing a space mission is to define the mission objectives. At this stage it is important to clarify the necessity of the mission itself. The final selection of missions is carried out in a feedback manner as a result of the consideration in the subsequent process, so at the first stage it is important to clarify the necessity of the mission. At the same time as the process of defining the mission objectives, the constraints on achieving the mission (launch means, cost, etc.) are clarified. The ultimate output of this process is a definition the mission objectives and quantifying constraints as much as possible.

(2) Mission realization

Several proposals for a mission objectives to achieve the mission outputs defined above are considered. Trade-offs are made between the proposals considered. Trade-offs are made from the perspective of achieving more mission results with fewer resources. At the same time, the key items that greatly affect the success of the mission, such as orbit selection, are identified.

(3) Mission Evaluation

Evaluate the key items identified above from the perspective of performance and cost to consider mission feasibility. Based on the results of the evaluation, determine the baseline of the mission concept to realize the mission requirements, or reconsider the mission definition and mission specifics as necessary.

(4) Definition of requirements

Based on the above baseline, the design requirements for the spacecraft system are defined. Also, requirements are allocated to each element (subsystem) that constitutes the spacecraft system. Even at this stage, previous processes may be reconsidered if necessary.

The specific conditions of the mission requirements shall be clarified for the following mission analysis and orbit design conducted in the next phase.

NOTE  

Typically, the conditions of the mission requirements, that may be nominated as key items, are provided for the following mission analysis.

(1) Field of view analysis

(2) Pointing analysis

(3) Sunshine/Shade Analysis

(4) Observation coverage analysis

(5) Communication coverage analysis

(6) Visibility analysis

(7) Launch Window Analysis

(8) Orbital transfer (Earth orbit)

(9) Orbital life (Earth orbit)

(10) Orbit maintenance (Earth orbit)

(11) Deorbit

(12) Formation flight

(13) Constellation design

(14) Rendezvous orbit

(15) Orbital transfer (interplanetary)

(17) Orbital maintenance (Lagrange point)

(1) Necessity and purpose of the operational concept

The operation concept consists of the “mission operation concept” and the “bus operation concept”. To convey the operation concept to the system design work, the operation concept shall be clarified at an early stage with the agreement of the relevant organizations. The operation concept, that would pose a large impact on system design and mission/bus operation plans after the “Preliminary Design Phase”, shall be clarified and created as baseline document for “comprehensive system requirements”, “spacecraft system technical specifications”, “ground segment technical specifications”, and “mission/bus operation plans”. A formal "mission/bus operation plan" will be established in subsequent phases to reflect the design constraints of the spacecraft system.

(2) Mission operation concept

The “Mission Operation Concept” relates to the activities necessary to provide information and services during mission execution. Mission, in general, will cover a wide range of areas. Missions, such as "observation (Earth observation, astronomical observation)", "space environment measurement", "exploration (planetary exploration, etc.)", "communications / broadcasting /navigation services", "space environment/micro-gravity environment utilization", "space technology experiments and demonstrations" are included. In addition, the segments include ground systems related to the spacecraft mission execution (referred to as the "mission operation ground segment" in this document), as well as "information processing and distribution systems" and "service providing systems" for mission users.

Since above concept differs greatly depending on the nature of the mission to provide standard guidelines, so they are not covered in this standard.

(3) Bus operation concept

The “Bus Operation Concept” includes the operation of the Spacecraft Bus Department, which manages spacecraft operations and enables mission execution activities, and the operation of “Tracking Control Ground Segment”, which enables the exchange of tracking control data, measurement data, and commands. The “Bus Operation Concept'' provides the basic assumptions of the Preliminary Design.

NOTE: Detail can be seen in ISO 14771^[18]:2018 “Space systems — Unmanned mission operations concepts — Guidelines for defining and assessing concept products”.

Requirement to the Tracking Control Ground Segment

Interface requirements among spacecraft, Tracking Control Ground Segment, and Mission/Bus Operation Plan shall be developed. (TBD)

Requirement to the Mission Operation Ground Segment

Function/performance/interface requirements among spacecraft, Mission Control Ground Segment, and Mission/Bus Operation Plan shall be developed. (TBD)

General requirements for launch system

There may be the several cases of relation between the owner and a launch service provider. Namely, (1) Case-A: The launch service can be conducted as a part of the spacecraft owner’s business, (2) Case-B: Launch vehicle is already designated according to the existing national policy or defined space program, (3) Case-C: A launch service provider will be selected through the international trade competition with the launch service specifications provided by the owner.

Followings are under the assumption of Case-C.

The owner shall identify the requirements for launch service to realize mission requirements, and assess the other conditions potentially pose inconvenience to launch operation. Following aspects are to be considered:

a) Launch performance, function, cost, etc

b) Interface with launch vehicle and launch facilities

c) Interface with launch site facilities

d) Geographical and geopolitical conditions

Launch performance, function, cost, etc.

When selecting a launch vehicle, the launch capacity, functions, costs, and other compatibility with the launch vehicle shall be considered based on information contained in the launch vehicle's user's manual, etc., on the condition that the capability of the launch vehicle includes not only to deliver the payload into the planned orbit, but also to carry out appropriate disposal measures.

Interface with the launch vehicle and launch facilities.

The owner shall confirm the interface requirements between spacecraft and launch vehicle system (including launch vehicle, assembling facility and launch pad) as far as feasible in this phase.

The owner shall provide following interface requirements cleared in this phase.

a) Geometrical interface

b) Mechanical, Electrical and RF/Electromagnetic interface

c) Induced environment and load limitations (e.g. vibration induced by launch environment and excessive static load due to acceleration)

d) Coupled load analysis,

e) Launch preparation operations and facilities

The ISO standards for the interface control with launch vehicle and launch facilities area have been published, particularly, ISO 14303^[102], ISO 17401^[103], ISO 15862^[104], ISO 15863^[105], ISO 19971^[106] and ISO 26869^[107] are concerned. as shown in Annex C. (from [102] to [107])

Interface with launch site

The owner shall provide the interface requirements between spacecraft and facilities in the launch site as far as feasible in this phase.

NOTE 1: As an example of building and facilities, requirements for geometric capacity, and cleanliness for operations such as spacecraft assembly, checkout, propellant loading, and encapsulation into fairings must be met.

NOTE 2: ISO 17689^[65]:2023 can be applied for the following terms.

a) Effectiveness of facilities and equipment capable of carrying out launch site maintenance work (geometric capacity of the facility and spacecraft assembly, checkout, propellant loading, fairing enclosure, building cleanliness requirements)

b) Feasibility of transportation and delivery methods,

c) Employee work safety and life safety.

Geographical and geopolitical conditions

The owner shall assess the geographical and geopolitical conditions to ensure they would not pose serious potential problems at this phase, and in particular:

a) Advantages of latitude and longitude from the perspective of mission trajectory and flight safety,

b) Climate and weather issues (extreme ambient temperature, frequent occurrence of storms, etc.),

c) Extreme limitations on range safety, flight safety, and electromagnetic interference

d) Political stability

e) Anticipated obstacles regarding domestic national laws in launching country dealing with high pressure gases, propellants and pyrotechnics.

Monitoring capability during ascent and separation

The owner should require a real-time monitoring capability within the fairing to verify its safety while it is exposed to the launch environment and while it is separated from the vehicle.

Collision avoidance with crewed space systems

The owner should require the launch collision avoidance between at least payload and the crewed space systems (Ref. ISO 21740^[17]:2025). Furthermore, it is desirable to avoid collision with payload and catalogued assets (or catalogued objects, if possible) until the payloads will be registered by the space surveillance system.

Combined System Requirements

The owner shall submit an “integrated system requirements document” that includes Mission Requirements Analysis report (7.2.2.2), Mission Requirements (7.2.2.4 (2)), Bus Operational Concept (7.2.2.4 (3)), requirements for ground segment (7.2.2.5), and requirements for the launch vehicle (7.2.2.6.1). shall be developed and submitted to Mission Definition Review (MDR).

Mission Definition Review (MDR)

The owner shall hold the Mission Definition Review (MDR) examines the contents of the Combined System Requirements, confirms that the allocation of functions between the proposed spacecraft, launch vehicle, and ground system is appropriate, and defines the mission.

NOTE : To ensure an LTS perspective, the following will also be assessed:

a) Mission objectives and operational activities do not degrade the orbital environment.

b) The mission does not raise international concerns from a Transparency and Confidence Building Measures (TCBM) perspective, such as intentional destruction.

c) The mission trajectory is planned to take into consideration the distribution of debris. (If the basic structure is too large or the deployed structure is too large, it is necessary to consider the collision rate with the constellation spacecraft group or other spacecraft and its own problems.)

This phase consists of an initial definition of the mission and of a preliminary assessment of the concepts needed for consideration in the feasibility phase.

This phase results in:

a) the identification and the characterization of the mission.

b) an initial evaluation of needed performance, risks, requirements, and objectives, e.g. dependability and safety.

c) an initial assessment of the manufacturing and operational constraints, including environmental conditions.

d) the identification of possible solutions with the associated critical issues, considering the lessons learned from current space programmes,

e) an initial evaluation of the elements of the programme (organization, cost, schedules).

The owner shall summarise the results of these activities in a transition phase 0 to phase A document including a provisional functional specification (FS) which serves as the basis of the decision to initiate the feasibility phase.

To clarify system requirements, it is necessary to perform mission analysis (or as a method related to mission trajectory analysis and design) using the assumptions and constraints set in the analysis and definition of mission requirements as input.

The specific conditions of the mission requirements shall be clarified for the following mission analysis and orbit design.

NOTE: Typically, the following mission analysis will be conducted.

(1) Field of view analysis

Field of view analysis is performed to confirm that the field of view (observation, calibration) of the sensor and the field of view of the spacecraft bus system satisfy the (orbital) operational requirements of each mission.

(2) Pointing analysis

Pointing analysis clarifies the pointing accuracy required to realize the observation requirements and allocates the required accuracy to each pointing error factor. As a result, the requirements for orbit determination accuracy, orbit keeping accuracy, etc. are determined.

(3) Sunshine/Shade Analysis

Sunshine/Shade analysis is calculated from the boundary area of ​​sunlight and shadow and its time progression based on the positional relationship between the sun, Earth (the moon, planets, etc. must also be considered) and the spacecraft or observation target.

In addition, lunar eclipse and planetary occultation, in which the observation target in an astronomical observation mission is hidden by the moon or other planets, can be analysed by changing the target celestial body using the same method.

(4) Observation coverage analysis

Observation coverage analysis is performed to confirm/evaluate the achievability of observations against the mission requirements.

For earth-oriented spacecraft, based on the field of view of the main sensor, the distance between adjacent orbits determined by the orbit altitude, and the swath and side lap margins on the Earth's surface are used to confirm whether the entire globe is observed without gaps.

For solar-asynchronous orbits, the evaluation is performed taking into account the observation conditions (such as the solar inclination at the observation point).

(5) Communication coverage analysis

The communication coverage analysis determines the line margin (reception level, C/N, etc.) in the target area, compares it with the coverage requirements, and analyses/evaluates the communication link establishment area related to the communication mission.

(6) Visibility analysis

The visibility analysis determines the geometric visibility (horizon, 5-degree elevation constraint, skyline, etc.) and RF visibility (considering antenna pattern, tracking ability, etc.) from the positional relationship between the ground station and the spacecraft. The method is the same for visibility between spacecraft (relay spacecraft, constellations, etc.), except that the ground station is replaced with a spacecraft. If the conditions are complex, it may be solved by simulation.

(7) Launch Window Analysis

In launch window analysis, constraints on the launch window are set according to the spacecraft mission requirements, and the time period during which launch is possible is clarified.

In the case of geostationary spacecraft, the constraints are set based on the constraints of on-orbit operations until insertion into geostationary orbit, while in the case of low orbits, particularly sun-synchronous orbits, the constraints are set based on the local time conditions for the descending node crossing.

(8) Orbital transfer (Earth orbit)

The orbital transfer requirements for each mission from low-orbit spacecraft to geostationary spacecraft and the specific methods for implementing them (operations and ΔV requirements) are shown.

In the case of low-earth orbit satellites, this includes the correction of orbit injection errors, and in the case of geostationary satellites, this includes orbital transfer from a transfer orbit to geostationary orbit.

(9) Orbital life (Earth orbit)

The dominant factor in the life of a low-orbit Earth orbit spacecraft is the balance between the orbital altitude reduction due to atmospheric resistance and the amount of propellant carried to maintain the orbit against that. Here, the effect of altitude reduction on the orbital life is shown in relation to an atmospheric model.

(10) Orbit maintenance (Earth orbit)

For low-orbit spacecraft, the concept, ΔV amount, and operation of altitude maintenance due to atmospheric resistance, altitude maintenance operation frequency from geosynchronous (recurrent) requirements, and orbit inclination operation from sun synchronous requirements are shown.

For geostationary spacecraft, the factors, ΔV machine, and maintenance operation of geostationary position maintenance (east-west, north-south control) are shown.

(11) Deorbit

In order to protect the orbital environment of Earth orbit spacecraft, spacecraft are required to deorbit after the mission is completed.

This section explains the specific criteria for deorbit, the required ΔV amount, and its operation.

(12) Formation flight

The characteristics of formation flight missions that focus on the relative orbits of multiple spacecraft, their orbit plans, and the requirements imposed on orbit maintenance are summarized.

The formation construction method, the orbital mechanics to be considered in formation operation, the relative distance and speed measurement and acceleration amount for formation maintenance, and the operation method are described.

(13) Constellation design

A constellation is a collection of multiple spacecraft distributed in space with the intention of working together to achieve a common goal. We perform observation coverage analysis and communication coverage analysis for this collection to determine the number of spacecraft, spacecraft altitude, number of orbital planes, orbital inclination, spacecraft phase angle difference between each orbital plane, eccentricity, etc.

We also show the concept and operation method of constellation maintenance.

(14) Rendezvous orbit

We describe the constraints to be considered in the design of rendezvous orbits, their priorities, interrelationships, the concept of the operation phase in orbit design, and the specific orbit design method for each phase.

(15) Orbital transfer (interplanetary)

We specifically organize and show the orbital design method for lunar and planetary exploration according to each phase, from the rocket separation orbit around the Earth, through the parking orbit, transfer orbit, and insertion into the operation orbit.

We also describe orbital transfer using low thrust (electric propulsion).

(16) Orbital transfer (Lagrange point)

We summarize the transition to and orbital maintenance of Lagrange points and halo/Lissajous orbits. Since the dynamics of Lagrange points differ between linear and equilateral triangle solutions, we show how to design Lagrange point orbits based on mission requirements for each. In addition, there are halo and Lissajous orbits at the L1 and L2 points, and we also describe the characteristics of each.

We also show specific methods for inserting into each Lagrange point orbit (orbital transfer).

(17) Orbital maintenance (Lagrange point)

We summarize the orbital maintenance methods for orbits around Lagrange points. For linear solutions (L1, L2) and equilateral triangle solutions (L4, L5), we summarize the disturbance factors for the orbit, show the specific method for calculating the disturbance amount, and show the disturbance correction V and its orbital maintenance operation method.

In the Feasibility Phase, with exploring the various possible concepts to meet the defined objectives (performance, cost, schedule), the requirements for realizing the defined mission shall be allocated to the spacecraft system, operational procedures, ground segments, and launch vehicle segment.

NOTE 1 : During this phase followings are produced:

— the function tree.

— the user’s objectives being formally defined in a reference functional specification and a preliminary issue of the technical specification at the system level.

— the presentation of each concept examined in a pre-design associated with a financial proposal (costs and schedules) for the definition phase.

— the estimation of technical and manufacturing feasibility and the emphasis on the critical elements of each concept (performance, risks, costs, schedules, technical and support costs).

NOTE 2: The results of this work will be compiled into preliminary “Functional and technical specification” for the spacecraft and ground segments, requirements for launch vehicle segment, and the Operation Concept. They are submitted to the Preliminary Requirements Review (PRR).

NOTE 3: The preliminary “Functional and technical specification” will be developed into development specifications in the next phase.

NOTE 4: The Operation Concept will be established as Mission/Bus Operation Plan in the Phase C or D.

NOTE 5: ISO 21351^[6]:2025 “Functional and technical specifications” introduces the purpose of functional specifications and technical specifications, the process of establishing them, the contents of technical requirements, etc.

The owner shall produce the requirements for the spacecraft system into a preliminary “Functional and technical specification”, including managemental requirements.

NOTE: The purpose and description are written in ISO 21351^[6]:2025:“Space systems-Functional and technical specification” /Clause 4.

Besides those detail description, it can be explained as follows.

(a) Functional specification

As mentioned in 7.3.6.9, the owner considers various concepts to meet the goals defined in the MDR (performance, cost, schedule) and develops functional requirements to realize the defined mission. It is assigned to components within the spacecraft system, operational procedures, and ground segments. (For example, for the function of moving in a three-dimensional world, there are options such as land transportation, sea transportation, and air transportation.) Functional specification includes a function tree, cost and schedule, feasibility, etc., and provides options for achieving the purpose. It specifies a function. It is necessary that the functional requirements with the result of trade-off among the multiple options are described.

(b) Technical specification

There can be multiple options for physical specifications that satisfy the defined functions. The following requirements are converted into preliminary technical specifications by considering several related factors. In addition to applicability to mission requirements, ISO 21351^[6]:2025/Clause 6 also includes the following requirements:

1) Interface requirements (physical, thermal, electrical, and protocol-related interfaces)

2) Environmental resistance requirements (natural environment, induced environment, etc.)

3) Physical interface

4) Operational requirements

5) Product assurance, etc.

In addition to the above, the owner must consider the following regarding the external impact of the designed spacecraft.

a) Do not cause environmental deterioration, such as by releasing parts, materials, or products to the outside.

b) Do not cause damage to other spacecraft (EMI, laser radiation, etc.)

c) Not to have extreme vulnerability against attacks from outside.

d) There is no element that could be misunderstood as an action contrary to TCBM.

In developing the technical requirement or specifications, the owner shall remind of the necessity of managemental activities mentioned in 6.1.2, as most of them are required according to the mission requirement analysis works. And policies in each field of works shall be mentioned in the technical specifications.

The owner shall produce the requirements for the operation into an Operation Concept.

Tracking Control Ground Segment Requirements

The owner shall produce the requirements for the Tracking Control Ground Segment into a draft technical specification.

Mission Operation Ground Segment Requirements

The owner shall produce the requirements for the Mission Operation Ground Segment into a draft technical specification.

The owner shall submit above preliminary “Functional and technical specification”, operation concept, and the Requirements for Ground Segment to System Requirement Review.

In the system definition phase, the owner shall establish the development specifications for spacecraft and ground segment and submits them to the System Requirement Review (SRR). In addition, drafting the corresponding draft operational plan will be initiated.

The owner shall produce the Spacecraft Development Specifications, which include not only physical and but also managemental specifications.

In the case of the outsourcing of design and manufacturing, all the documents and relating parts shall be cleared. Essential documents are defined in Annex C.

The owner shall initiate to produce a draft Mission/Bus Operation Plan based on the Operation Concept to publish it during Phase C or D.

The owner shall produce the Development Specifications for Tracking Control Ground Segment corresponding (including other bus operations excluding mission specific operation) to Operation Concept (for housekeeping operation or bus operation) or the draft Mission/Bus Operation Plan.

The owner shall produce the Development Specifications for Mission Operation Ground Segment corresponding to Mission Operation Concept or the draft Mission/Bus Operation Plan.

The owner shall submit above Development Specifications and draft Mission/Bus Operation Plan to the System Requirement Review and publish once it is authorized.

In the case that the owner outsources the design and manufacturing of the spacecraft and the ground support segment, the owner shall provide followings to biding as a constriction to the contract.

a) owner's commitment to international agreements (See 5.2) and clarify its position to the world.

b) technical specifications (the operational concept, the draft Mission/Bus Operation Plan, the requirement for documentation essential for operation, the debris mitigation plan, and the re-entry safety management plan, etc. shall be included or attached as the condition of the contract.)

c) NOTE The documents essential for operation includes the operating procedures, the drawings, and emergency procedure such as an off-nominal procedures. response plans, the integrated specifications combined with technical specifications of the ground segment and launch vehicle to clarify the allocation of functions between the launch vehicle and ground segments.

The owner shall conduct directory or shall order the contractors to conduct design and manufacture the spacecraft to comply with the technical specifications and other plans.

NOTE The basic works in the design and manufacturing related stages, following keyworks will be conducted. Since the works in these stages are described in the existing Program Management standards, just supplemental requirements and information are given in 7.3.

(1) Phase B Definition Phase /Part 2 Preliminary Design

a) Function Design of spacecraft

b) Draft Spacecraft Mission/Bus Operation Plan

c) Tracking Control Ground Segment functional design

d) Mission Operation Ground Segment functional design

e) Interface control (Launch vehicle, ground segments, etc.)

f) Preliminary Design Review (PDR)

(2) Phase C Critical Design Phase

a) Physical Design of spacecraft

b) Spacecraft Mission/Bus Operation Plan

c) Interface control (Launch vehicle, ground segments, etc.)

d) Preparation of operation control document (Satellite Operation Handbook, etc.)

e) Tracking Control Ground Segment physical design

f) Mission Operation Ground Segment physical design

g) Critical Design Review (CDR)

(3) Phase D Manufacturing and Verification (and Production & Validation)

a) Physical Design Drawings, production process, manufacturing, verification

b) Spacecraft Mission/Bus Operation Plan

c) Spacecraft Operation Procedures

d) Tracking Control Ground Segment construction and verification

e) Mission Operation Ground Segment construction and verification

f) Qualification Review

g) Operation Training

(4) Phase E Part 1 Delivery and Launch site operation for spacecraft

a) Launch site pre-launch operation

b) Keeping operation log for “operation life limited items”

The owner shall apply, or shall provide the contractors with, standardized design procedures which have been authorized through the historical demonstrations. Otherwise, in the case that it is conducted under contract, the owner designates the applicable standards in the technical specifications or accept to apply the standards that are registered in the contractor’s systems engineering framework.

NOTE ISO/TC20/SC14 has developed various design related standards and technical specifications, but the current situation is presented as followings. (Followings will be summarized by the CD voting.)

(1) System design, mission design, or orbit design area

Thear are no general standards for system design, mission design or orbit design applied in from Phase 0 to Phase B. Those vulnerabilities may be compensated with 7.2.

However, following standards and technical specifications can be applicable for specific areas of the large constellation and small satellite.

a) TS 6434^[26]:2024: Design, testing and operation of a large constellation of spacecraft

b) TS 20991^[48]:2021: Requirements for small spacecraft

From the aspect of system design, following aspects are needed but there are not enough standards in ISO.

(1) Mass allocation for on-board component and other materials, and controlling mass property

(2) Propellant allocation for the initial operation, mission operation, maintenance to keep the designated mission orbit, transfer to sleeping mode and returning operation from it, collision avoidance and returning manoeuvres, etc.

(3) Electric resource allocation

(4) Allocation of communication resources,

(2) Electric and electronical design area

There are standards for Electric and electronical design area.

a) ISO 18197^[59]: Space based services requirements for centimetre class positioning

b) ISO 14302^[60]: Electromagnetic compatibility requirements

c) ISO 15387^[61]: Single-junction solar cells - Measurements and calibration procedures

d) ISO 17546^[62]: Lithium-ion battery for space vehicles - Design and verification requirements

e) ISO 20891^[63]: Space batteries - Guidelines for in-flight health assessment of Li-ion batteries

f) ISO 20780^[64]: Fiber optic components - Design and verification requirements

g) ISO 20930^[65]: Calibration requirements for satellite-based passive microwave sensors

h) TS 2591^[66]: Space-based services for a high accuracy positioning system with safety requirements

(3) Mechanical design

There are following ISO standards for Electric and electronical design area.

a) ISO 22010^[67]: Mass properties control

b) ISO 14622^[68]: Structural design - Loads and induced environment

c) ISO 16454^[69]: Structural design - Stress analysis requirements

d) ISO 21347^[70]: Structural design - Fracture and damage control for spaceflight structures

e) ISO 10786^[71]: Structural components and assemblies

f) ISO 14623^[72]: Pressure vessels and pressurized structures - Design and operation

g) ISO 24638^[73]: Pressure components and pressure system integration

h) ISO 21648^[74]: Flywheel module design and test

i) ISO 10785^[75]: Bellows - Design and operation

j) ISO 26871^[76]: Explosive systems and devices

k) ISO 23835^[77]: Space systems - Mechanism design and verification

l) ISO 21442^[78]: Space systems - General requirements for control engineering

(4) Thermal control

There are no standards for thermal design area.

(5) Propulsion sub-system

There are no standards for design of the propulsion system.

(6) Parts program area

There are standards for electric and electronical parts design area.

a) ISO 14621-1^[79]: Electrical, electronic, and electromagnetic (EEE) parts - Parts management

b) ISO 14621-2^[80]: EE parts - Control program requirements

c) ISO 18257^[81]: Semiconductor integrated circuits for space applications - Design req.

(7) Material area

There are the standards relating to “Space unique materials and evaluation technology” and “Material Safety and compatibility”.

a) ISO 10830^[82]: Non-destructive testing - Method of automatic ultrasonic inspection of graphite ingot for solid rocket motor

b) ISO 16378^[83]: Measurements of thermo-optical properties of thermal control materials

c) ISO 16691^[84]: Thermal control coatings for spacecraft - General requirements

d) ISO 23129^[85]: Thermal control coatings for spacecraft - Atomic oxygen protective coatings on polyimide film

e) ISO 24564^[86]: Space systems - Adhesives - General requirements

f) ISO 23230^[87]: Space systems - Paints and varnishes - Processes, procedures, and requirements for coating materials and coatings

g) ISO 16697^[88]: Safety and compatibility of materials - Method to determine the flammability thresholds of materials

h) ISO 22538-1~6 Oxygen safety -

— Part 1^[89]: Hazards analysis for oxygen components and systems

— Part 2^[90]: Selection of metallic materials for oxygen components and systems

— Part 3^[91]: Selection of non-metallic materials for oxygen components and systems

— Part 4^[92]: Design of oxygen components and system

— Part 5^[93]: Operational and emergency procedures

— Part 6^[94]: Facility planning and implementation

i) ISO 14624-1~7 Safety and compatibility of materials -

— Part 1^[95]: Test method for upward flammability of materials

— Part 2^[69]: Test method for electrical wires and accessories

— Part 3^[97]: Test method for off-gassed products from materials and assembled articles

— Part 4^[98]: Test method for flammability of materials in gaseous oxygen

— Part 5^[99]: Test method for determination of the reactivity of materials with aerospace hypergolic propellants

— Part 6^[100]: Test method for determining the reactivity of processing materials with aerospace fluids

— Part 7^[101]: Test method for determining the permeability and penetration of materials to aerospace fluids

(8) Interface control area

a) ISO 14303^[102]: Launch-vehicle-to-spacecraft interfaces

b) ISO 17401^[103]: Spacecraft interface requirements document for launch services

c) ISO 15862^[104]: LV-SC flight environment requirements for telemetry data processing

d) ISO 15863^[105]: Spacecraft to launch vehicle interface control document

e) ISO 19971^[106]: Spacecraft and launch vehicle Combined Mission/Bus Operation Plan (COP) at launch site - General format

f) ISO 26869^[107]: Small auxiliary spacecraft (SASC) to launch vehicle interface control document

g) ISO 17689^[108]: Interface control documents between ground technological equipment, launch site systems and launch vehicle with payload

h) ISO 11892^[109]: Subsystems/units to spacecraft interface control document

i) ISO 22772^[110]: Requirements of launch vehicle (LV) to electrical ground support equipment (EGSE) interfaces

(9) Ground facilities & equipment, and ground transportation areas

a) ISO 14625^[111]: Ground support equipment for use at launch, landing, or retrieval sites — General requirements

b) ISO 15389^[112]: Flight to ground umbilicals

c) ISO 16458^[113]:2023: Unmanned spacecraft transportation - General requirements

d) ISO 20892^[114]: Launch complex - Modernization process: General requirements

e) ISO 18322^[115]: General quality and safety requirements for space test centres

The owner shall identify the standards for reliability, quality, configuration, and safety for the design and manufacturing entities.

The owner shall develop the counter measures for the suspected threats, as written in 6.4, with studying the risk reduction design and operation, and establishing counter measures.

NOTE The study for the counter measures are typically proceeded through following steps. (TBD)

a) Identification of threats and vulnerable points,

b) Assessment of damage propagation

c) Study the detection measures for risk realization,

d) First aid and corrective action

The owner shall prepare the documents defined in Figure 5 and Annex B in detail by the time of delivery.

Also, for the debris mitigation area, ISO TR 18146^[28]:2020 shows the detail document list as shown in Table 2.

Those documents are important as standard means to facilitate the sharing and exchange of beneficial information among organizations (the spacecraft manufacturer, the mission equipment supplier, the customer or the spacecraft operation centre) and their involvement with space operations and support.

These documents also provide a common interface to simplify space operations planning and reduce the effort needed to learn and deal with new space programmes and support organizations.

Figure 5 — Documents tree of spacecraft operational procedures

Table 2 — Operational procedures relating to debris mitigation measures.

In the case to have contract for launching the spacecraft into the planned orbit with a launch service provider, the owner shall select a provider that complies with requirements written in 7.2.2.6.

There are following ISO standards relating to launch site activities.

a) ISO 26870^[22]:2022: Launch pad and integration site operational documents

b) ISO 22108^[30]:2022: Non-flight items in flight hardware - Identification and control

The owner shall coordinate with the launch service provider to assure human safety in terms of collision avoidance. ISO 21740^[17]:2025 will show the detail.

The owner shall join the launch readiness review to coordinate to proceed to further steps.

For large constellations spacecraft, measures regarding checkout orbit is described in TS 6434^[26]:2024. 5.3.2, so as that reduce the orbital lifetime even in case that the spacecraft would loss of function.

Besides the large constellation, the owner shall apply following standards for the early operation.

ISO 10784-1^[23]:2022 Early operations - Part 1: Spacecraft initialization and commissioning

ISO 10784-2^[24] :2022 Early operations -Part 2: Initialization plan

ISO 10784-3^[25] :2022 Early operations -Part 3: Commissioning report

If the owner outsources the operation practice to an expertise entity, the owner shall transfer the Mission/Bus Operation Plan and other documents defined in 7.3.5 and Annex B.

The owner shall conduct bus operation, to sustain mission part operation, according to the Space operation handbook which is produced during the critical design phase, The Space operation handbook is accompanied with Satellite Operation Handbook, Satellite Flight Control Procedure, Ground Segment Control Procedure, and Network Operation Manual as mentioned in 7.3.5, and more detail in Annex B /B.5.2),

The owner shall conduct mission operation according to the Mission Operation Plan, which is produced during the critical design phase. There are no further mentioning for mission operations, since the contents of mission operations are varied according to the mission characteristics.

Periodical monitoring

The owner/operator shall periodically monitor the critical parameter to assure the safe operation.

Contingency action

Once a symptom of off-nominal situation would be detected, the contingency action according to the “Space segment contingency procedures” defined in B 5.2.6, shall be conducted, particularly to assure prevention of break-up or proper disposal actions.

Periodical diagnosis of critical components

The owner/operator shall regularly conduct diagnose critical components according to pre-defined procedure.

Sharing information of hazardous situation to the world

If the owner/operator would recognize the hazardous situation, such as catastrophic break-up, for the other human assets, they shall send public warning.

Collision avoidance operation

The owner/operator shall avoid collision according to 6.4.3, and the “Conjunction and collision risk assessment procedure” and “Collision avoidance operation procedure” written in ISO 23705^[117]: .

Decision of mission extension beyond the design life

The decision to extend the operating life beyond the design life shall be made after:

a) Understanding that, from the standpoint of spacecraft design and manufacturing, availability is basically not guaranteed if the operational period is extended beyond the qualified design life.

b) Ensuring that “Operation Life Limited Items” (OLI) have sufficient residual service life. (In the case that the extension of operation life is potentially expected, the operation log of OLI, including ground operation history, should be managed in advance to keep track of the remaining life.)

c) Ensuring that sufficient resources, such as propellant, necessary for disposal operations are guaranteed.

d) Evaluating the degradation, wear-out and performance degradation of critical components.

e) Confirming that no abnormality is found in the health diagnosis of important items.

f) Confirming that there are no further problems with defective products that occur during operation.

The owner/operator shall determine the mission termination timely to assure safe disposal actions. The owner/operator shall coordinate with relative customer of mission service and other stakeholders for the termination in advance.

The disposal plan (including 7.3.5 “Procedure for re-estimation of orbital lifetime of disposal orbit”, “Disposal sequence” written in 7.3.5/Table 2) shall be reconfirmed and updated according to the latest condition (orbital characteristics, residual of propellants, hardware conditions, etc.).

NOTE For the case of controlled re-entry, see 7.5.3.3.

In the case the controlled re-entry is planned

a) The “Controlled re-entry operation procedure” and “Procedure for prediction of atmospheric density and pressure” (7.3.5/Table 2) shall be updated.

b) The condition of the “Control re-entry segment” (Annex B/B.5.2.3.7) to support command and monitoring for successful re-entry” shall be confirmed.

c) The re-entry segment information, such as operation time sequence, re-entry trajectory, expected landing zone shall be shared, and notification to related organization or countries shall be done.

d) Notification to related country shall be provided according to the “Procedures for notification of re-entry and potential impact on the ground” (7.3.5/Table 2).

Disposal measures for large constellations are defined in ISO TS 6434^[26]:2024, 5.2.4 and 5.5.

After the completion of each mission operation, the owner shall evaluate the history of design/manufacturing, operation, disposal action, and outcome from the mission operation.

The owner shall evaluate and assess the space activities in terms of following aspect, for examples.

a) Review the outcome of the mission activities comparing to the mission plan.

b) Review the technical data of bus modules to find the adequacy of drawings and manufacturing/operation procedures.

c) Review the history of failures and results of corrective actions taken during operations to confirm the necessity of improvement of drawings or manufacturing/operation procedures not to repeat similar problems,

d) Review any symptoms of unexpected degradation to find potential problems for useful life or storage life,

e) Acquisition of data of the suspected damages caused by impact of space objects to improve the methodologies to obtain better probability of impact, and

f) Updating the statistical value of probability of successful disposal for constellation program or standard bus (platform), etc.

At least following intelligence should be registered and be provided to the following projects.

a) Failure report including failure analysis and proper corrective actions,

b) Updated probability of successful disposal

1. 
    
   
   Uncrewed spacecraft operability

A.0   Introduction

A.0.2   Spacecraft operation

The operation of a spacecraft is an activity performed from a mission control centre in order to:

a) ensure availability of mission and science products/services or data;

b) carry out routine housekeeping operations;

c) recover from on-board contingencies;

d) manage on-board resources in order to maximize the provision of products/services and the mission lifetime.

A.0.3   Spacecraft operability

The operability is a feature of the spacecraft itself that enables a specified ground segment comprising hardware, software, personnel, and procedures, to operate the space segment during the complete mission lifetime of the spacecraft, by using a minimum of resources, while maximizing the quality, quantity, and availability (or timeliness of delivery) of mission products, without compromising spacecraft safety. The key factors that determine the operability of a spacecraft are:

a) the ability to control the spacecraft in any nominal or non-nominal scenario in order to maintain the mission availability;

a) the capability to manage on-board resources and to maximize the mission lifetime;

b) the extent to which its operations are routine and non-hazardous, thus minimizing ground segment resources for all operations including fault avoidance and correction;

c) the flexibility of the design for spacecraft reconfiguration, including software, in orbit;

d) the reliability of operations and robustness against human error;

e) the simplicity of the space and ground segment required to fulfil the mission requirements and respect the mission constraints;

f) the autonomous capability of the space systems;

g) the complexity and interdependence of the flight system.

Spacecraft operability can be quantified by the following measures:

— the capability to detect abnormal trends or status and the speed of reconfiguration back to an operational mission to minimize duration of outage;

— the number of staff required to operate the spacecraft during the operational phase and to maintain the ground segment;

— the qualification level of staff required to perform operations;

— the quantity and complexity of mission-specific knowledge required to perform operations.

Spacecraft operability is an input to total life cycle cost. Increased operability will, in general, decrease operations and maintenance costs but increase development costs. Thus, specific operability goals should be determined by careful balancing of costs, risks, and schedules for both procurement and operations/maintenance.

The key objectives of this International Standard are:

— to ensure that a spacecraft operates in a safe and cost-effective manner and may be operated with an optimized workload;

— to facilitate and/or enhance the tasks of preparation for, execution and evaluation of, spacecraft check-out and mission operations activities;

— to facilitate the tasks of spacecraft prime contractors when preparing a proposal in answer to an international request for proposal (RFP).

This International Standard is written in such a way that technological advances will not invalidate the International Standard. Thus, this International Standard is not project or machine specific.

The operation of the space segment to meet mission-specific requirements is outside the scope of this International Standard.

A.0.4   Conventions

Requirements are identified by an acronym, which indicates the nature/grouping of the requirement, followed by a serial number, and appear in bold type (e.g. OBSERV-0010). The serial number comprises four digits starting at 0010 and is incremented by 10 to facilitate configuration control for later versions of the document. Where a major requirement is broken down into subsidiary requirements, the serial number is extended to reflect this structure (e.g. TEST-1010.1 would represent the first sub-requirement of requirement 1 relating to testability). General operability requirements are numbered in the range 0010 to 0999, while detailed operability requirements are numbered in the range 1010 to 1999.

Some of the detailed operability requirements in Clause 6 are only relevant for a given level of on-board autonomy. In such cases, the corresponding autonomy level (as defined in Clause 4), is indicated as a super-script following the requirement ID. For example, FAULT-1100^C3.

Some requirements introduce quantities for which values cannot be defined across the board but will need to be defined on a mission-by-mission basis (e.g. time intervals, response times, etc.). These are termed mission constants and are identified within this International Standard in “<>” (for example, <TC_VERIF_DELAY>) and, where appropriate, typical values may be indicated. These mission constants are also summarised, for information only, in Supplement A.

A.0.5   Guidelines for applicability

This International Standard specifies a set of general operability requirements and a set of detailed operability requirements. Many of the detailed operability requirements apply to specific on-board functions. The general operability requirements are intended to be applicable to spacecraft missions of all classes (i.e. science, telecommunications, meteorology, Earth observation, geostationary, low-Earth orbiting and interplanetary).

The steps for designing a new mission are normally:

h) the mission constraints are identified (e. g. design constraints, cost constraints);

i) the mission operations concept is developed, including the level of on-board autonomy for routine and contingency operations;

j) the spacecraft is designed, based on a) and b) above.

The applicability of the detailed requirements in this International Standard should be determined during step a). As indicated above, some of the detailed requirements are only applicable to a given level of autonomy.

During step c), the mission operations concept and the applicability of the detailed requirements may be iterated.

• 1. Scope

This International Standard defines the essential properties pertaining to the operation of uncrewed spacecraft and defines requirements and guidelines for spacecraft on-board functions in order to enable a specified ground segment to operate the spacecraft in any nominal or predefined contingency situation.

• 1. Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 14620-1^[13]:2018, Space systems — Safety requirements — System safety

• 1. Terms and definitions

For the purposes of this document, the following terms and definitions apply.

• • 1. General terms

A.3.1.1

commandability

ability of the ground to safely control and configure all the equipment and software on-board the spacecraft as required for the execution of the nominal mission, for failure identification and recovery, for performance assessment and for system maintenance subsequent to performance change and system degradation

A.3.1.2

compatibility

extent to which the design of the space segment conforms with the existing ground segment infrastructure (if any) and with existing operational practices

A.3.1.3

efficiency

optimum distribution of tasks between the ground and space segments taking into account cost, complexity, technology and reliability

A.3.1.4

flexibility

capacity to configure and make optimum use of

— existing on-board functions,

— space-Earth communications links,

— any redundancy built into the design in order to meet reliability targets,

as well as the capacity to optimize mission products according to the mission events

A.3.1.5

observability

ability to acquire operationally significant information for physical and logical parameters on-board the spacecraft

Note 1 to entry: This information is delivered to the ground through the telemetry channel and/or made available to on-board processors.

Note 2 to entry: The definition of observable parameters is a key requirement for operating spacecraft, monitoring the behaviour of all on-board systems, performing diagnosis of anomalies, and collecting sufficient information for feedback into ground-based models.

A.3.1.6

operation

〈spacecraft〉 activity performed from a mission control centre

Note 1 to entry: See the Introduction, 0.1, for further details defining spacecraft operation.

A.3.1.7

operability

〈spacecraft〉 feature of the spacecraft itself that enables a specified ground segment to operate the space segment during the complete mission lifetime of the spacecraft

Note 1 to entry: See the Introduction, 0.2, for further details defining spacecraft operability.

A.3.1.8

safety

extent of on-board protection against failure and the provision of fail-safe modes of operation

A.3.1.9

security

extent of on-board protection against unauthorized access to on-board telecommand functions, jamming of the telecommand channel, or corruption of the telecommand data, unauthorized access to telemetry data, or the corruption of these data

A.3.1.10

testability

capability and ease with which the functions of the spacecraft and its interfaces and compatibility with ground systems can be verified and validated

Note 1 to entry: In particular, this relates to functions that do not form part of the current operational chains (i.e. redundant functions).

• • 1. Other terms

A.3.2.1

application process

on-board element capable of generating telemetry source data and receiving telecommand data

Note 1 to entry: An application process can be implemented in software, firmware, or hardware. There are no restrictions on the mapping between application processes and the usual functional subdivision of a spacecraft into subsystems and payloads. In a relatively simple spacecraft, there can be a centralized application process that provides a number of “dumb” platform subsystems and payloads with collection of housekeeping data, the distribution of device commands, on-board scheduling, on-board monitoring, etc. In a more complex spacecraft, each subsystem and payload might be served by its own independent application process. A given processor can host one or several application processes. However, it is also possible that a given application process could be distributed across two or more processors.

A.3.2.2

autonomy

extent to which a spacecraft can handle nominal and/or contingency operations without ground intervention

A.3.2.3

chain

set of hardware and/or software units that operate together to achieve a given function

EXAMPLE An attitude and orbit-control-subsystem (AOCS) processor and its software and a set of AOCS sensors and actuators together constitute an AOCS chain.

A.3.2.4

control loop

mechanisms to maintain a parameter or a set of parameters within prescribed limits

Note 1 to entry: A control loop normally consists of a set of measurements and responses (commands) related according to a function, algorithm, or set of rules.

A.3.2.5

device telecommand

telecommand that is routed to and executed by on-board hardware

EXAMPLE A relay switching telecommand or a telecommand to load an on-board register.

A.3.2.6

ground segment

all ground facilities and personnel involved in the preparation and/or execution of mission operations

A.3.2.7

high level telemetry

telemetry processed from the low-level telemetry by an on-board application process

A.3.2.8

low level telemetry

elementary readable on-board information

EXAMPLE Register readout or relay status.

A.3.2.9

memory

any on-board memory area, whether main memory or storage memory, such as disk, tape, or bubble-memory

A.3.2.10

mission management

on-board functionality that allows a mission to undertake routine operations highly autonomously with the minimum of ground intervention

A.3.2.11

mission manager

on-board function that supervises (or performs) the system-level mission management activities

Note 1 to entry: Future autonomy concepts foresee a distributed on-board “control authority” that is able to manage functions at both system-level and subsystem-level.

Note 2 to entry: Within this concept, the mission manager supervises the execution of high-level instructions from the ground expressed as mission goals.

Note 3 to entry: The mission manager performs all the system-level functions, while subsystem (and payload) managers perform the subsystem-level functions.

A.3.2.12

no ground contact

period of time during a mission when ground contact is not possible due to the unavailability of the telecommand/telemetry links

NOTE The reasons for this unavailability can include:

a) predictable events such as:

1) non-permanent visibility due to spacecraft orbit characteristics combined with radio frequency coverage of telemetry and telecommand links;

2) time-shared access to the spacecraft;

b) unpredictable events such as:

1) spacecraft attitude de-pointing;

2) on-board failure of the telemetry and telecommand links;

3) ground station failure/unavailability;

4) link budget degradation.

A.3.2.13

on-board fault management

on-board functionality that allows the detection and management of on-board failures without ground intervention

Note 1 to entry: The primary objective of on-board fault management is to ensure the survival of the spacecraft.

Note 2 to entry: Where possible without hazard to the spacecraft, and within the mission constraints, on-board fault management shall maintain payload operations.

Note 3 to entry: In addition, on-board fault management should assist in rapid diagnosis and subsequent reconfiguration back to an optimal operational status.

A.3.2.14

on-board monitoring

set of processing functions that is applied to a set of on-board parameters

Note 1 to entry: These functions can include limit/status/delta checking, the evaluation of statistics, including minimum and maximum values over a time interval, etc.

Note 2 to entry: Detected events or evaluation results are sent to ground.

Note 3 to entry: The scope of the function can be even wider, e.g. to include the triggering of on-board actions in response to detected events.

A.3.2.15

on-board operations scheduling

capability for controlling and executing commands that were loaded in advance from the ground

Note 1 to entry: In its simplest form, the on-board operations schedule stores time-tagged commands loaded from the ground and releases them to the destination application process when their on-board time is reached, but with no feedback being generated by the destination application process.

A.3.2.16

on-board operations procedure

simple operations procedure that can be controlled from the ground (loaded, edited, started, stopped, etc.) or can be invoked by the occurrence of a predefined on-board event

Note 1 to entry: In its simplest implementation, an operations procedure can consist of a sequence of low-level commands, historically referred to as a macro-command.

A.3.2.17

parameter

elementary data item on-board

Note 1 to entry: A parameter has a unique interpretation.

A.3.2.18

parameter validity

conditions that determine whether the interpretation of a given telemetry parameter is meaningful

EXAMPLE The angular output of a gyro may only have a valid engineering meaning if the power to the gyro is “on” while at other times, the output may be random, or at best should not be relied upon.

Note 1 to entry: Such a parameter is deemed conditionally valid, with its validity determined from the power status.

A.3.2.19

protection system

on-board function (implemented either in hardware or software) that is provided to monitor sensor or logic readings and based on their output, either direct or processed, to:

— prevent the propagation of the failure at equipment or system level; or

— reconfigure the spacecraft system or subsystem into a “safe” configuration

Note 1 to entry: Subsequent analysis and recovery action will normally be performed by the ground station.

A.3.2.20

space segment

those elements of the overall mission system that are operated in outer space

A.3.2.21

spacecraft

all subsystems (sometimes called the platform, the service module or the bus) plus any experiment or payload elements (sometimes called the payload module)

A.3.2.22

spacecraft status

all the information necessary to assess the operational status of the spacecraft at a given time

EXAMPLE All the information needed to determine all the criteria driving operational decisions.

A.3.2.23

subsystem

any combination of units within the spacecraft platform that fulfils a well-defined and usually self-contained set of on-board functions

A.3.2.24

survival mode

non-operational, temporary and safe-life mode of a spacecraft, defined to avoid its loss in case of contingency (catastrophic or critical failure, aggressive environment, etc.)

A.3.2.25

telecommand criticality

importance of a telecommand in terms of the nature and significance of its on-board effect

Note 1 to entry: Telecommand criticality levels are categorized as Levels A to D as defined in A.3.2.25.1 to A.3.2.25.4.

A.3.2.25.1

Level A

forbidden telecommand

telecommand that is not expected to be used for nominal or foreseeable contingency operations, that is included for unforeseen contingency operations, and that could cause irreversible damage if executed at the wrong time or in the wrong configuration

A.3.2.25.2

Level B

critical telecommand

telecommand that, if executed at the wrong time or in the wrong configuration, could cause irreversible loss or damage for the mission (i.e. endanger the achievement of the primary mission objectives)

A.3.2.25.3

Level C

vital telecommand

telecommand that is not a critical telecommand but is essential to the success of the mission and, if sent at the wrong time, could cause momentary loss of the mission

A.3.2.25.4

Level D

all the remaining commands

A.3.2.26

telecommand function

operationally self-contained control action that can comprise or invoke one or more lower-level control actions

• 1. Abbreviated terms

• 1. Autonomy levels

Tables 1 and 2 identify a number of autonomy levels for routine and contingency operations in terms of the corresponding on-board autonomous capabilities.

It should be noted that different autonomy levels may be implemented for routine and contingency operations (i.e. the implementation of Level n for routine operations does not necessarily imply the implementation of the same Level n for contingency operations).

The mission operations concept will dictate the choice of autonomy levels and the design of autonomous functions for a given mission. This decision and design process should consider complexity implications on the space and ground segments and should be optimized at the overall mission operations system level with respect to mission return, risk, and cost. Typical factors to be taken into account will include:

— mission product availability requirements;

— propagation delay (where applicable);

— ground station coverage;

— potential communications outages due to orbital events (e.g. solar conjunction periods);

— ground segment availability (considering potential failures and scheduled maintenance operations).

In general, the spacecraft will not be required to maintain its autonomy indefinitely, but rather for a defined minimum interval of time, <AUT_DUR>, which may have a different value for routine and contingency operations. In determining the value of this parameter (these parameters) for a given mission, due consideration should be given to such factors as:

— the maximum period of “no ground contact” during different mission phases, for spacecraft with intermittent ground coverage;

— the maximum period of ground segment outages, either predictable (e.g. scheduled maintenance operations) or non-predictable (e.g. recovery from failures);

— the reaction time for the ground to respond to on-board anomalies (anomaly-dependent).

Table A.1 — Autonomy levels for routine operations

Table A.2 — Autonomy levels for contingency operations

• 1. General requirements
     1. Observability

• • 1. Commandability

• • 1. Compatibility

• • 1. Security

• • 1. Safety

The safety activities related to the following safety requirements shall be performed in accordance with ISO 14620-1^[13]:2018.

• • 1. Flexibility

• • 1. Efficiency

• • 1. Testability

• • 1. Applicability matrix

An applicability matrix shall be issued by either the spacecraft procuring or supplying organisation, stating whether each requirement shall be applicable. For requirements that are not applicable, a justification shall be supplied.

• 1. Detailed requirements
     1. Spacecraft observability requirements
        1. Telemetry design

• • • 1. Telemetry timing information

• • • 1. Diagnostic mode

• • 1. Spacecraft commandability requirements
       1. Telecommand design

• • • 1. Critical telecommands

The definition of telecommand criticality levels is given in 3.2.25.

• • • 1. Control of autonomous functions

• • • 1. Telecommand transmission and distribution

• • • 1. Telecommand verification

• • 1. Memory management

• • 1. On-board processing functions
       1. Control loops

• • • 1. On-board monitoring

• • • 1. On-board operations scheduling

• • • 1. On-board operations procedures

• • • 1. On-board storage and retrieval

• • • 1. Mission management

• • • 1. On-board fault management

The primary purpose of on-board monitoring is to reduce the necessity for continuously transmitting all the low-level housekeeping data to the ground or for the ground to be continuously available to monitor these data.

• • 1. Equipment/subsystem-specific requirements
       1. On-board processors and software

• • • 1. Power supply and consumption

• • • 1. Telemetry, tracking and command (TT&C)

• • • 1. Attitude and orbit control

• • • 1. Mechanisms

• • • 1. Thermal control

Supplement A for Annex A
(informative)

Mission constants

The mission constants identified within the body of this International Standard are summarized in this annex for informative purposes.

1. 
    
   
   Uncrewed spacecraft operational procedures
   1. Scope

This document establishes standards, current guidelines and uniform procedures to minimize duplication of effort between the customer, the agency, participating nations and the emerging commercial space community. This document provides recommended practices for the development of space operations and support documentation, which should facilitate the sharing and exchange of beneficial information between organizations involved with space operations. This document establishes a common interface to simplify space operations planning and reduce the effort needed to learn and work with new space programmes and support organizations.

• 1. Normative references

There are no normative references in this document.

• 1. Terms and definitions

B.3.1

abbreviated checklist

comprehensive list of items and time schedule of tasks to be done that are needed to check each step-by-step task at the telemetry/command (TLM/CMD) console and at the network console

B.3.2

acquiring agency

organization that is planning and managing the development and acquisition contracts for the space system, understands the engineering and technical aspects of the system’s operation and acts as a provider of particular equipment if necessary

B.3.3

developing agency

organization that develops the spacecraft and operation system under contract to the acquiring agency

Note 1 to entry: One organization may constitute more than one of these agencies.

B.3.4

mission segment

ground system that consists of the facilities of mission data acquisition and processing

B.3.5

operations agency

agency responsible for the operations and maintenance of the space systems and organization to which the operations crew members belong

B.3.6

operations crew members

personnel who will be using the operations handbook to support space systems

B.3.7

separate and distinctive checklist

list that contains information to compensate the part of the operation facilities peculiar to the operations agency

B.3.8

spacecraft operation handbook

handbook that includes information needed for normal and contingent TLM/CMD operations

B.3.9

tracking control segment

ground system consisting of the facilities of spacecraft tracking, ranging and telemetry (TLM) monitor and command (CMD) control

Note 1 to entry: The launch segment includes the pre-launch segment, the spacecraft segment includes the mission segment, and the ground segment includes the facilities and operations handbook.

B.3.10

space system operation

operation that contains launch segment operation, spacecraft segment operation and tracking control segment operation

Note 1 to entry: The launch segment operation includes pre-launch segment operation, and the spacecraft segment operation includes the mission phase segment and the post-mission phase segment.

• 1. Symbols and abbreviated terms

• 1. Documentation
     1. General preparation
        1. General

Unless otherwise specified, the operation handbook and checklists shall include a reproducible copy in a digital format specified by the acquiring agency. If the magnitude of the information to be included in the operation handbook is such that a single volume is not practical, then more than one volume may be used to provide the material. The operation handbook shall contain a revision record when the document is changed or revised.

• • • 1. Arrangement of material

The document shall contain a main table of contents. At the beginning of each clause, there shall be a subsidiary clause table of contents. The clause table of contents shall include the page number and title of each sub clause or major subject headings.

When classified or proprietary information (needed for operation handbook) is involved, the same principles established for the treatment of the main table of contents shall be followed. The main table of contents shall contain numbers and titles of clauses with their initial page numbers but shall not contain any classified or proprietary information.

EXAMPLE Operation crew members sometimes need detailed classified or proprietary design information of spacecraft for troubleshooting.

Space operation handbooks are normally unclassified. If the space system classification guide identifies the subjects as classified by the space systems operation crew members requirements, in accordance with current classification standards and for these classified subjects, the operation agency shall prepare a separate classified handbook or a classified supplement of the basic handbook.

The heading of the first or introductory paragraph of each clause shall be general in nature to facilitate including information concerning the main subject. Subordinate headings shall be definitive and identify the principal item that needs to be covered.

Wherever practical, text shall be simplified and decreased in quantity using complementary artwork. All technical matter shall be written so that it is understandable by all personnel who are expected to use the handbook.

• • • 1. Illustration

The operation handbook shall contain the following illustrations:

a) general illustrations depicting the space system configuration.

b) illustrations to show clearly the layout of the space operations centre, including separate　emergency/contingency facilities where applicable;

c) sufficient other illustrations and diagrams to show the major panels, cabinets, consoles, related equipment, etc. that the space operations crew personnel will use for operations.

d) sufficient diagrams, charts, schematics, etc. to depict the function, control and interrelationship of significant space system equipment.

Abbreviations, symbols, reference designations and colour coding references used in the space operations handbook shall also be specified, where applicable.

• • 1. Space operation handbook
       1. General

The space operation handbook shall provide the following:

a) General description of the space system giving the purpose, main features and particulars of the space system and supporting facilities [satellite segment, structure (STR), attitude and orbit control subsystem (AOCS), thermal control subsystem (TCS), tracking, telemetry and command subsystem (TTC), power subsystem (PS), payload communications subsystem and payload subsystem]; and a ground segment description giving both general and detailed information, including electrical power subsystem, environmental control subsystem, auxiliary equipment, communications, pre-launch segment, launch segment and mission life segment.

b) Operating functions giving general information, including the process and functional explanations, operations centre security procedures, changeover procedures, status and fault monitoring, activity coordination procedures, safety procedures, operations centre inspections and system test procedures, communications equipment procedures, ground system procedures, mission planning procedures, mission execution procedures and post-mission procedures including de-orbit and re-entry.

c) Mission operating procedures giving detailed information and defining individual and crew responsibilities.

d) Segment contingency procedures giving troubleshooting guidelines and remedial actions.

e) Operating limitations giving a description of specific limitations.

f) Ground segment emergency procedures giving detailed emergency operations procedures and corrective action.

g) Crew duties and responsibilities giving the individual positions and duties required during nominal and off-nominal operations.

h) Vocabulary giving technical terms, definitions, acronyms and abbreviations.

• • • 1. Overview
         1. Front material

Front material shall include the bulleted list items in Figure B.1. The cover/title page, list of effective pages, verification status sheets, table of contents, list of illustrations and list of tables shall be like the format of this recommended practice with details for preparation at the discretion of the acquiring agency.

NOTE The list of effective pages contains the revision of each page and revised date; the verification status sheets contain the stage of the document (i.e. WD, CD, review) and approved date.

The foreword shall discuss the various aspects of the operation handbook. Such discussion shall include the scope of the operation handbook and indicate the technical proficiency expected of the various space operations crew personnel. The foreword shall also indicate special interest items, e.g. new development items and critical operation items.

• • • • 1. Requirements for clauses

Each operation handbook shall include the clauses listed in Figure B.1. Additional clauses may be added if required. If a clause is not applicable, the title of that clause shall appear on the last page of the previous clause along with a notation that the clause is not applicable or that information will appear when it becomes available. The title of the clause shall appear in the main table of contents with an appropriate notation.

As appropriate, each clause shall have separate sub-clauses for information pertaining to satellite support during:

a) pre-launch period.

b) launch early orbit.

c) operations in nominal mode.

d) operations in degraded mode (period when the satellite is no longer fully operational but is still on orbit); and

e) post-mission phase (satellite end-of-life process).

The format for the presentation of the text, the amplified procedures and the abbreviated checklists shall be at the discretion of the acquiring agency. The format shall present the crew procedures in a simple, concise and understandable layout, consistent with space system requirements. For systems using digitized technical data, the visual template and the text shall be formatted so the screen presentation will be identical to the printed data.

If the operations agency does not require a printed page of the visual display, the visual display format shall comply with the style and format of a printed page. Each page of the emergency procedures clause shall have dialogue box and icon markings on all pages. An example is shown in Figure B.2.

Warning marks “1” and contingent check segments “2” shall be selected by the operation agency.

Where possible, amplified procedures and checklists developed for a particular space system shall be standardized.

Figure B.1 — Standard sequence for space operation handbook

Key

1 warning marks

2 contingent check segments

Figure B.2 — Visual display page of an emergency procedure

• • • 1. Space system description (Clause 1 of handbook).
         1. General

Clause 1 shall consist of a system description and a description of supporting facilities designed for general orientation. The narrative shall state the purpose and describe the main features and leading particulars for the space system.

The descriptions of system and supporting facilities shall contain sufficient detail to provide a single source handbook of general system information. Illustrations shall clarify a particular system or reduce the verbiage necessary for explanation and aid in understanding the system. Clause 1 shall consist of several sub-clauses: satellite segment description, ground segment description, pre-launch segment description, launch segment description and the mission life segment (including the post-mission phase and the reduced operation phase).

The satellite developing agency (i.e. satellite manufacturer) shall provide the documentation including the above-mentioned descriptions, i.e. satellite on-orbit operational handbook (SOOH) and satellite operation procedure (SOP). By extracting the needed information from SOOH and other sources, the operation agency shall provide FCPs (see example in Table A.2).

• • • • 1. Satellite segment

General

A general description of the satellite segment shall include the following subsystems: structure; attitude and orbit control; propulsion; thermal control; tracking, telemetry and command; power; payload/mission communication; payload; and OBDH. Subsequent clauses shall describe in greater detail the subsystems peculiar to that satellite segment. Such information shall include a general discussion of satellite segment operations to include a description of major subsystems. The description shall be of sufficient detail to provide an understanding of the purpose and function of the subsystems, their relation to overall system operations and such additional information to enable the crew member to understand subsystem functions peculiar to the overall system. Highly complex satellite segments may require a stand-alone satellite segment operations handbook. Illustrations shall be used to simplify the explanation of system interrelation and component function. Separate appendices or handbooks shall describe, as needed, each of the satellite segment subsystems, depending on the volume of the telemetry and command material provided.

Structure subsystem (STR)

The STR information shall include a description of the structural components with dimensions and particular data concerning component locations, plus the location of other subsystems, if necessary, to afford a better understanding of the satellite construction.

Attitude and orbit control subsystem (AOCS)

The AOCS information shall include a brief description of the purpose and type of attitude control and give a more detailed description of the components and their respective functions, including sensor unit, regulator unit and actuator unit (which includes the thrusting unit). Illustrations shall be used to simplify the explanation of system interrelations and component functions.

If the actuators of AOCS are allocated functions to conduct collision avoidance, disposal manoeuvres, depletion of residual fluids, or controlled re-entry, this shall be described in the AOCS information.

Propulsion subsystem

The propulsion subsystem information shall include a description of the purpose and type of engine or motor and provide a detailed description of the components and relation with any AOCS actuators. Illustrations shall be used to simplify the explanation of system interrelations and component functions.

Thermal control subsystem (TCS)

The TCS information shall include a description of the environmental control systems, list the type of controls employed (i.e. active or passive) and give sufficient detail on the operations and configuration of the environmental control components to provide an understanding of system operations. Illustrations shall be used to simplify the explanation of system interrelations and component functions (e.g. heater, radiator).

Tracking, telemetry and command subsystem (TTC)

The TTC information shall include a description of the antenna unit, radio frequency (RF) unit, tracking and ranging unit, base band (BB) unit/telemetry (TLM) command (CMD) and control systems, command groups, individual command sequences and type and individual telemetry data. The TTC shall give sufficient detail on operations and configuration of command-and-control components to provide understanding of the system operations. Illustrations shall be used to simplify the explanation of system interrelations and component functions.

Power subsystem (PS)

The PS information shall include a description of the power system, distribution system, storage system, power control and sufficient detail on operations and configuration of power system components to provide an understanding of the system operations. Illustrations shall be used to simplify the explanation of system interrelations and component functions.

Payload/mission communication subsystem

The payload/mission communication subsystem information shall include a description of the payload/mission communication subsystem (antenna unit, RF unit) and its function with operational configuration.

Payload subsystem

The payload subsystem information shall include a description of the payload subsystem, mission sensors, data formatting, data recording and data playback control processors. Sufficient detail on operations and configuration of payload subsystem components shall provide an understanding of system operations. Illustrations shall explain the simplified system interrelations and component functions.

Onboard data handling unit (OBDH)

The OBDH information shall include a description and configuration of the OBC and OBS that provides an understanding of system operations and the following functions:

a) TTC, payload data handling (i.e. data formatting for packet/de-packet).

b) satellite attitude data processing (i.e. satellite attitude error check and regulation).

c) FDIR for satellite safety and survivability (i.e. error source detection and recovery; prevents drain on satellite electronic power resource, satellite attitude missing); and

d) automatic, autonomous and robotic data processing for payload mission operation.

e) The illustrations shall explain the simplified system interrelations of each function and related subsystems.

• • • • 1. Ground segment

General

A general description of the ground segment (which includes facilities and operations handbook) shall include the physical layout, with location and function of mission data processing, data archive, telemetry data processing, radar subsystems, ground sensors, recorder subsystems, security, personnel access and power systems. Detailed discussions shall include the data processor, data storage, telemetry processor, data switching, external interfaces, antenna/array, transmitter, receiver and associated support equipment required for system configuration as they support space operations crew member operations. Highly complex ground systems can require a stand-alone ground system operations manual. Illustrations shall explain the simplified system interrelations and component functions.

The ground segment developing agency (i.e. ground segment manufacturer) shall provide the ground segment operational manuals (see Table A.3) and the operation agency shall provide the ground segment procedures (GSP, see Tables A.3 and A.4), operation agency’s operation crew and/or operation teams.

Electrical power subsystem

A description of the electrical power subsystem shall include normal, standby, emergency and uninterruptible power sources, with a description of distribution components, switch gear and power-generating equipment.

Environmental control subsystem

A description of the environmental control subsystem shall include the environmental control subsystem for the space operations centre and equipment areas, and a general description of the heating and ventilating equipment and associated maintenance support equipment. A description shall include the equipment interface with the alarm and detector system.

Auxiliary equipment

A description of the auxiliary equipment shall include equipment that is required by the operator to perform other subsystem functions, such as fire detection/suppression, environmental sensing and security detection.

Communications

A description of the communications systems shall include, but not be limited to, higher authority, payload communication control and payload data process, tracking, telemetry and command control, secure/non-secure voice, secure/non-secure data, multiplexing/de-multiplexing systems and inter-site, intercom and administrative communications systems. A description shall address any crew activity regarding normal, emergency, or malfunction operations in the applicable clause. Highly complex communications systems can require a stand-alone communications system operations handbook. Illustrations shall explain simplified system interrelations and component functions.

• • • • 1. Pre-launch segment

The pre-launch segment shall provide information consistent with what operations personnel need to know for the type of pre-launch phase support needed. Information shall also include the ground segment schedule, the work with an overview of the pre-launch event sequence and the constraints resulting from the pre-launch ground segment test (i.e. data system test with database verification) and the interface test between space segments (i.e. radio frequency and base band compatibility test and the data interface test).

• • • • 1. Launch segment

The launch segment shall provide information consistent with what operations personnel need to know for the type of launch and early orbit phase (LEOP) support needed. Information shall also include an overview of the launch sequence plus telemetry, boost phase programmed events and other launch phase items as appropriate. If information that was provided to workers in the preceding sub-clauses concerning satellite segment and ground segment is changed during the launch phase, those changes shall be identified in this clause as appropriate.

• • • • 1. Mission life segment

The mission life segment shall describe the in-orbit test (IOT) phase, the mission phase and post-mission phase operations. In the mission phase the operations agency executes every mission duty operation and in the post-mission phase the operations agency executes degraded mode operations and end-of –life operation. This clause shall provide information consistent with what operations personnel need to know for the type of mission phase support and post-mission phase support needed. If post-mission phase support is to be provided, information shall include an overview of the post-mission operation with operation items and time limits.

• • • • 1. Control re-entry segment

If the satellite is disposed by controlled re-entry, a ground facility for command and monitoring for successful re-entry shall be allocated. The operator shall provide re-entry segment information, such as operation time sequence, re-entry trajectory, expected landing zone, and notification to related organization or countries.

• • • 1. Space system operating functions (Clause 2 of handbook)
         1. General

The space system operating functions clause shall emphasize the process required to bring the system to full operational capability, status monitoring, alarm/anomaly response by the limit check defined in the database system (DB), mission planning, mission execution by the event go/no-go judgement by SOE and post-mission activity through LEOP, IOT, mission and post-mission phase.

In the IOT phase, the developing agency and operating agency shall check the on-orbit performance and function of bus equipment and mission equipment. After the check, the developing agency shall hand over satellite operation to the operating agency.

Clause 2 shall contain a functional explanation of the mission and contingency, i.e. SOOH Vol. Two shall contain data needed for the space segment (see Table A.1, satellite nominal and contingent operation description in LEOP, IOT and control for initial acquiring mission orbit) and emergency procedures contained in other clauses (in the ground segment) of the handbook. Flow diagrams shall support text as needed. The functional description shall include the following, as applicable:

a) when the procedure shall start and terminate.

b) where the procedure shall activate, e.g. rack, console, or other location.

c) the time usually required for the system to complete a function.

d) what is accomplished by the procedure.

e) prerequisites for procedure execution.

f) procedure peculiarities, if any.

g) when it is possible (or prohibited) to accomplish the procedure; and

h) identification of the crew interface and actions required to operate the function.

Where possible, common titles shall identify crew procedures common to all space systems (i.e. complex entry and exit, crew changeover briefings, activity co-ordination briefings). Amplified procedures shall tell who, what, when, where why and how. Most procedures in Clause 2 and in Clause 3 shall be in checklist format.

• • • • 1. Operations centre security procedure

Amplified security procedures shall include functions accomplished by the relief crew and duty crew necessary for personnel identification, classified inventory, check of warning devices (if applicable) and specified equipment, as applicable to the space system.

• • • • 1. Changeover procedure

Crew changeover procedures and briefings shall facilitate the assumption of duties by the relief crew. These procedures shall include briefings and procedures that will enable both the duty crew and the relief crew to review, examine and determine the system status during the course of the changeover. Procedures and briefings shall include material which assists in accomplishing an effective crew changeover.

• • • • 1. Status and fault monitoring

With regard to SOE event processing and satellite health status, space system status and fault monitoring received at the space operations centre can be presented by console indications, printouts and alarms. For abnormal indications, the operator shall receive instructions on the best method of prioritizing crew actions and reacting to the indications. Instructions shall provide clear directions for the space operations crew member to understand and react to these stimuli and to be able to perform normal, emergency, and malfunction procedures to isolate the condition and maintain maximum space system capability. SOE (see Table A.1) describes the sequence of procedures with the timing constraints in order to realize an operation and refers to the FCP and GCP to be executed. In order to perform status and fault monitoring, each agency shall require the following:

a) checking and recording of the deviations from the reference and reporting of its influence.

b) selection of the report format of the status data card/characteristics sheet; and

c) maintenance of the DB value (see Table A.3) by the operating agency after the review by the developing agency to obtain the appropriate reference.

• • • • 1. Activity coordination procedure

Activity coordination procedures shall include information required by space operations crew members to accomplish their duty assignments. Information shall advise space operations crew members of scheduled activities, operational and maintenance support tasks, emergency procedures and administrative matters. An activity coordination briefing shall be held before operating the system equipment or performing any on-site maintenance or servicing task. The purpose of an activity coordination briefing is to ensure that safe and correct procedures are followed during the performance of any function involving on-site equipment. It is the responsibility of the briefing official to ensure that personnel are thoroughly briefed on all aspects of the activity to be conducted. This briefing shall include, but not be restricted to, communications and normal, malfunction, emergency and contingency procedures in progress or anticipated.

• • • • 1. Safety procedure

The safety procedures shall include rules for evacuation of the operation crew and on-site safety briefings for visiting personnel. The procedures shall include information sufficient in scope to advise visiting personnel of existing site hazards, alert procedures, hazardous operations scheduled or in progress and danger areas. The procedures shall describe the escort/visitor relationship, location of safety equipment, reaction to announced emergency conditions and communications procedures.

• • • • 1. Operations centre inspections and system test procedures

Inspections and system test procedures shall provide the space operations crew during alert with a verification of system capability and system status. The extent and complexity of these procedures shall depend on the particular space system. In each case, the amplified procedures in this clause and applicable corresponding abbreviated checklist shall contain complete verification procedures for determining system capability and system status. System test procedures shall augment the verification of system status and enhance the ability of the space operations crew member to isolate problems and restore the space system to full operational posture. If deemed necessary by the acquiring agency, an abbreviated checklist shall include these procedures.

The operations handbook shall include verification/inspection procedures performed by persons other than space operations crew members.

Equipment status verified by crew personnel during the verification/inspection shall include mission-essential equipment. Verification/inspection procedures for equipment requiring less frequent status verification shall be in other space system technical orders.

• • • • 1. Communications equipment procedure

Communications equipment procedures shall include the descriptions of activities required to inspect, start up, initialize and operate equipment and to perform diagnostic tests. These procedures shall also include requirements for isolating communications equipment from space system equipment. Either the operations agency or the acquiring agency may request a stand-alone operation handbook for complex or highly integrated communications equipment.

• • • • 1. Ground system procedure

The ground system procedures shall include the descriptions of activities required to inspect, start up, initialize, configure and operate equipment and to perform diagnostic tests. These procedures also include the requirements for isolating ground systems from communications equipment. Either the operations agency or the acquiring agency may request a stand-alone operations handbook for complex or highly integrated ground systems. The ground system procedures include a ground segment nominal operation procedure and contingency procedure that includes error finding, identifying and isolating the most probable system malfunctions that could occur during mission operations and recovery functions including switching to a redundant system corresponding to the style of their ground segment.

• • • • 1. Mission planning procedure

Mission planning procedures shall include the necessary actions to be performed by the space operations crew to achieve the long- and short-term mission planning necessary to accomplish all mission requirements including nominal, collision avoidance and disposal operations. Amplified procedures and the applicable corresponding abbreviated checklist shall contain sufficient detail to ensure all aspects of mission planning are accomplished.

• • • • 1. Mission execution procedure

Mission execution procedures shall contain mission execution requirements to be accomplished by space operations crew personnel. These procedures shall be in sufficient detail to direct space operations crew personnel in accomplishing mission execution of space assets. These procedures shall include the methods needed to identify and correct system anomalies.

• • • • 1. Post-mission procedure

Post-mission procedures shall contain post-mission requirements to be accomplished by space operations crew personnel. These procedures shall be in sufficient detail to direct space operations crew personnel in accomplishing shut-down, de-orbit / re-entry and reporting procedures (if applicable to the space system).

• • • 1. Mission operating procedure (Clause 3 of handbook)

Mission operating procedures shall contain detailed information for satellite and related ground segment operation required by the space operations crew in the performance of normal and contingent operational duties. It shall include briefings and procedures to be conducted during normal and contingent case duty shift, mission planning, mission execution, post-mission, training operations, mission verification and such other operations as may be applicable or specifically required by the acquiring, operations, or owner agency (e.g. SOOH Vol. Eight describes nominal and contingent mission operation and related ground facility).

Clause 3 shall consist of normal and contingent operational briefings and procedures required of space operations crew personnel during the course of a duty shift. The procedures shall identify requirements from the point of crew arrival on-site, during daily or recurring tasks and until crew departure following completion of the duty shift.

Operational procedures shall define individual and crew responsibilities and provide amplified procedures sufficient to ensure complete, accurate and timely accomplishment of these functions. This clause shall contain simplified procedures, such as operations centre security. This clause shall explain complex or lengthy procedures in amplified procedures format.

The contents of Clause 3 shall include those crew briefings and procedures required to determine system status, maintain operational capability, execute mission, conduct post-mission operations and ensure secure operations.

• • • 1. Space segment contingency procedure (Clause 4 of handbook)

The contingency procedure shall primarily make it possible to establish whether a contingency originates from the space segment or ground segment. After any necessary troubleshooting operation (making clear the error source in space or in the ground segment), the operating agency shall isolate the error source and recover satellite capability.

Space segment contingency procedures shall enable a space operations crew to identify and isolate the most probable system malfunctions that could occur during mission operations. These procedures shall include troubleshooting guidelines for internal and external problems (solar flares, interference for Earth sensor unit, noise figure of thermal noise to ground tracking antenna, etc.). Those systems that have redundant or backup equipment shall provide the required procedures to maintain the operational status of the system. Clause 4 shall contain remedial actions by the direction of the acquiring agency. For ease of reference, malfunctions shall be listed by subsystem and in order of impact on space operations or on operational mission status. See Table A.1, Vol. 2: Satellite nominal and contingent operation description in LEOP, IOT (includes control for initial acquiring mission orbit).

Clause 4 shall contain information for the identification, isolation and correction of system malfunctions that occur. It shall include space system operations crew procedures. The information shall be of sufficient scope to include corrective procedures for abnormal conditions (induced by internal and/or external conditions) and shall be in sufficient detail to enable crew personnel to accomplish appropriate procedures using authorized technical data or under the direction of the competent technical authority (system engineers, command post, etc.). Malfunction identification procedures shall be developed for ready reference to a particular malfunctioning system and the malfunction indication within that system. The procedures shall be as direct and simple as possible, consistent with the action necessary to remedy the malfunction. The information shall indicate the effect of the malfunction on the system, probable cause and corrective action. In Clause 4, the space system shall present standardized malfunction analysis procedures insofar as possible.

During nominal operations, residual propellant shall be monitored periodically. If it cannot be guaranteed that there is sufficient propellant to conduct the planned disposal operation, the operator shall proceed to disposal operations.

• • • 1. Operating limitation (Clause 5 of handbook)

Operating limitations shall contain those limitations that impose a restriction, affect system accuracy or otherwise adversely affect system operations or system capability.

Clause 5 shall contain operating limitations imposed as a result of system configuration, operational consideration and environmental restrictions, as applicable. It shall include a description of each specific limitation and its application to the space system. In discussing limitations, applicable tables and graphs shall be included, as needed. A classified supplement to the operations handbook shall include operational limitations of a classified nature.

• • • 1. Ground segment emergency procedure (Clause 6 of handbook)

Ground segment emergency procedures shall specify the procedures to be followed in meeting emergencies that might reasonably occur. These procedures shall limit those emergency conditions, personnel actions and safety factors that could reasonably reduce the possibility of personnel injury or safety rule violations. Clause 6 shall include required crew reactions to correct or contain emergency conditions or prohibit crew actions in accordance with established directives. Clause 6 shall clearly define safety hazards, emergency operational procedures and emergency situations to ensure crew recognition of an emergency condition occurring during any phase of space operations.

Clause 6 shall limit those space operations crew emergency procedures necessary to ensure safe recovery in the event of a critical malfunction or emergency condition occurring during mission operations. If appropriate, procedures shall include information prohibiting certain crew actions which, if accomplished, would violate established space system safety directives. Information shall be included to enable crew members to recognize a hazardous condition and take appropriate action.

Clause 6 shall include procedures designed for crew identification of emergency conditions, corrective action, and emergency operations procedures. Additional safety information may be included; it shall be restricted to items of personnel safety (i.e. high voltages, high pressures and environmental hazards) but shall not include items of a purely first-aid nature.

Clause 6 shall include textual material, amplified procedures and an abbreviated checklist for emergencies that the crew can normally expect to encounter during duty shifts or maintenance activity. The amplified procedures shall include sufficient textual material to define the immediate effect the emergency condition will have on system capability and actions that are within the crew’s capability to restore mission effectiveness. Clause 6 shall include procedures, as applicable to the space system, for use during a fire or overheat situation, hazard situation, security system violations, or space system safety violations.

• • • 1. Crew duties and responsibilities (Clause 7 of handbook)

Clause 7 shall specify those crew positions and duties required to operate space systems during the nominal and off-nominal operations that are required by each operating agency corresponding to the style of their ground segment. It shall include the title, duties, and responsibilities of individual space operations crew positions. It shall include information furnished by the operations agency and shall contain no information for which engineering responsibility could become an issue.

• • • 1. Vocabulary (Clause 8 of handbook)

As needed, the operations handbook shall contain a vocabulary list. The vocabulary list shall include technical terms, definitions, acronyms, symbols and abbreviations used in the handbook and shall be arranged in alphabetical order.

A naming convention shall facilitate simple and correct access and use as standard, throughout a satellite project avoiding error and saving time (i.e. same name or mnemonic in all the documentation from the manufacturer to the operator and in compliance with the database).

• • 1. Classified material/document

The format, content and revision of the classified space operations material shall be identical to the unclassified space operations material that it supports. Arrangement and presentation of classified data shall be in accordance with the applicable requirements established for the unclassified handbook and such additional requirements as determined by the acquiring agency. A foreword shall cover the scope and content of the classified handbook.

The acquiring agency shall plan to publish a classified and unclassified handbook only when necessary. Both handbooks shall be completely cross-referenced to one another. The method of referencing shall be identical in that the title pages and tables of contents shall reference one another.

• • 1. Abbreviated checklists and step-by-step procedures
       1. Abbreviated checklist

The abbreviated checklist applies when the acquiring or operations agency specifies separate abbreviated checklists. Under the supervision of the acquiring agency, the contractor and the owner and/or operations agency shall jointly prepare abbreviated checklists for use with space operations systems. The owner shall verify the checklist procedures prior to final publication. Unless authorized, preliminary procedures should not be published to support operational requirements of the owner agency. Checklists shall contain only that information necessary to safely and effectively accomplish the required task. The checklist shall show only what to do and when to do it, not how to do the work. The checklist shall also include the identification of the amplified procedure from which the checklist is derived. The owner shall prepare an abbreviated operations checklist when one or more of the following conditions exist:

a) communication between individuals is necessary to control or monitor task progression.

b) there is potential damage to, or degradation of, equipment that would reduce operational readiness or adversely affect mission capability.

c) there is potential injury to personnel unless prescribed procedures are followed; and

d) the task is critical to mission accomplishment.

Checklist data shall include instructions that duplicate, in abbreviated form, the corresponding actions contained in the amplified procedures. The data shall consist of a step-by-step format and shall be limited to the material necessary to accomplish the action. The data shall have a triple-column format: crew duty position performing the step in the first column; step number in the second column; and actions to be performed in the third column. Placard information and responses shall be printed in upper case letters or figures (e.g. COMMUNICATIONS LINK OUT). Step-by-step presentations need not consist of complete sentences. Leaders, e.g. SATELLITE CONTROL CONSOLE, shall be inserted between columns on the left side of the page.

References to applicable operations or maintenance manual clauses and sub-clauses required to correct a malfunction or continue a mission operation shall be listed immediately following the task. Inclusion of such additional data shall be limited to information that is essential to accomplishing the tasks.

The reverse side of checklist pages that are intentionally left blank shall not contain a statement to that effect. Numbers of the blank pages shall appear on the preceding page immediately following that page number and separated by a slash (/).

EXAMPLE 317/318, 318 being the blank page.

When a page numbering sequence is broken as a result of pages being deleted because of a change, the list of effective pages shall reflect the update. A statement indicating the deletions shall be placed in the bottom margin of the preceding page or the top margin of the following page to show the reason for the break in page number continuity. The statement shall be in the following form: “All data on Page XX deleted.” When changes to a function within the emergency procedures checklist result in addition or deletion of steps within the function, the revised and reissued entire function shall avoid any break in sequential page or step numbering and prevent any pages or major portions of any page within the function from being blank.

Acquiring agencies shall ensure that inclusion of special notices is kept to an absolute minimum consistent with procedural requirements. When included, warnings, cautions and notes shall precede the action to which they refer.

• • • 1. Step-by-step procedure

In lieu of separate abbreviated checklists, the step-by-step procedures used by space operations crews shall be available for lengthy or critical procedures or both. The contractor and the owner and/or operations agency shall jointly determine which procedures are step-by-step. Step-by-step procedures shall contain only that information necessary to accomplish the required task safely and effectively. The step-by-step procedures shall have the following characteristics.

a) Each step-by-step procedure shall start at the top of a page.

b) Step-by-step procedure titles shall be at either the top or bottom of each page.

c) All illustrations shall appear at the end of the clause to which they apply.

d) Narrative procedures shall appear at the beginning of the appropriate clauses, and the step-by-step procedures shall follow sequentially.

e) Each step of the procedure shall be numbered. There shall be no lettered sub-steps in the step-by-step procedures.

f) Procedures shall consist of numbered clauses.

g) Introductory text (lead-in clauses) shall not be included in step-by-step procedures but shall appear in the appropriate clause.

h) Lead-in statements referring to particular items of equipment or alternative actions shall be underlined.

i) Where lead-in statements reference nomenclature and steps, the nomenclature shall appear first, and applicable steps shall follow.

j) Amplification of steps shall be included only when necessary.

k) Information applying to several steps shall appear as a note or lead sentence, as applicable.

l) Step-by-step procedural steps shall contain actions to be checked, observed, or verified and arranged in order of performance.

m) Applicable cautions and warnings pertaining to personnel injury or equipment damage shall be included in the procedure.

n) Prior to final publication, step-by-step procedures shall be verified.

A separate and distinctive checklist shall be prepared that covers appropriate emergency-amplified procedures and mission continuation procedures as contained in Clause B.4. The emergency procedures checklist shall be restricted to those crew procedures required to safeguard the equipment, prevent injury to personnel, or continue mission functions involving hazardous conditions or operations. Pages within this checklist shall have the same format as the normal procedure’s checklist (see examples in Tables SB.1, SB.2 and SB.3).

Supplement A of Annex B
(informative)

The operational documentation tree and procedure

SA.1   General

This Supplement A lists the kinds of operational handbook that include the description, and the process used for space segment satellite operation and ground segment operation.

The satellite-developing agency (i.e. satellite manufacturer) provides the documentation [i.e. satellite operational handbook (see example in Table SA.1)], which is often a descriptive documentation of the satellite and also provides input for FCPs (see example in Table SA.2), and which is written and qualified by the operation agency’s operation crew and/or operation teams.

The ground-segment-developing agency (i.e. ground segment manufacturer) provides the documentation of ground segment operational manuals and GCPs (see Tables SA.3 and SA.4), which are written by the operation agency’s operation crew and/or operation teams.

SA.2   Configuration of operational document

The operational documents needed for space segment satellite operation and ground segment operation include the four handbooks/manuals shown in Figure SA.1 and Tables SA.1 to SA.4.

Figure SA.1 — Example 1: The operational handbook tree — JAXA case

SA.3   Elements

The following abbreviations and acronyms are used in Tables SA.1 to SA.3.

Table SA.1 — Example 2: Satellite operational handbook Satellite operational handbook

Table SA.2— Example 3: Satellite flight control procedure (FCP) (manual)

Table SA.3 — Example 4: Ground segment control procedure (GCP) (manual)

Table SA.4 — Example 5: Network operation manual

Supplement B of Annex B
(informative)

Mission checklist (MCL)

SB.1   General

This Supplement B lists the procedures used to exchange administrative and technical information for the satellite operation among organizations.

The MCL is a series of steps used to conduct satellite operations in each visible pass between the following: NASA–JAXA, NOAA–JAXA, ESA–JAXA, CNES–JAXA and CEE–JAXA.

SB.2   Configuration of MCL

The MCL corresponds to the transmission protocol and type of data to be transmitted, as shown in Figure SB.1 and Tables SB.1 to SB.3.

SB.3   Elements

The following abbreviations and acronyms are used in this Supplement B.

Figure SB.1 — JAXA–NASA JPL/GDS case

Table SB.1 — Example 1: Step-by-step operation procedure: MC L/X.25

Table SB.2 — Example 2: Step-by-step operation procedure: MCL/TCP/IP

Table SB.3 — Example 3: Step-by-step operation procedure: SOE/SOP

The procedure of event ID 5A in MCL is replaced by this SOE/SOP in Example 1 and Example 2.

1. 
    
   
   Normative reference

The documents listed in Annex C are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated reference es, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

Bibliography (TBD)

[B-1] “Treaty on principles governing the activities of states in the exploration and use of outer space, including the moon and other celestial bodies”, Resolution adopted by the General Assembly 21st session, 2222, 19th December 1966,

[B-2] “Convention on international liability for damage caused by space objects”, Resolution adopted by the General Assembly 26^th session, 2777, 29 November 1971,

[B-3] “Principles relevant to the use of nuclear power sources in outer space”, Resolution adopted by the General Assembly 47th session, agenda item 72, A/RES/47/68, 23 February 1993,

[B-4] “Guidelines for the long-term sustainability of outer space activities”, Resolution adopted by the COPUOS (Committee on the Peaceful Uses of Outer Space), 62^nd session, 2019,

[B-5] “The report of the Group of Governmental Experts on Transparency and Confidence-Building Measures in Outer Space Activities”, was transmit to the General Assembly, 68^th session, agenda item 99, 29 July 2013,

[B-6] NIST SP800-171, revision 3, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, May 2024, by the National Institute of Standards and Technology (NIST),

[URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r3.pdf]

[B-7] US DoD's "Cyber security Reciprocity Playbook", US Department of Defense, Office of prepublication and security review, 15 May 2024.

[URL:https://dodcio.defense.gov/Portals/0/Documents/Library/(U)%202024-01-02%20DoD%20Cybersecurity%20Reciprocity%20Playbook.pdf]