ISO 26871:2012

INTERNATIONAL ISO
STANDARD 26871
First edition
2012-12-01
Space systems — Explosive systems
and devices
Systèmes spaciaux — Dispositifs et equipements explosifs
Reference number
ISO 26871:2012(E)
©
ISO 2012

---------------------- Page: 1 ----------------------
ISO 26871:2012(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any
means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the
address below or ISO’s member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 26871:2012(E)

Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, abbreviated terms and symbols . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 5
3.3 Symbols . 7
4 Requirements . 7
4.1 General . 7
4.2 Design . 9
4.3 Mission .13
4.4 Functionality .13
4.5 Safety .14
4.6 Survival and operational conditions .15
4.7 Interface requirements .16
4.8 Mechanical, electrical, and thermal requirements .17
4.9 Materials .22
4.10 Non-explosive components and equipment .22
4.11 Explosive components .27
4.12 Explosively actuated devices .39
4.13 Items external to the flight equipment .43
4.14 Verification .43
4.15 Transport, facilities, handling and storage .48
4.16 In-service .49
4.17 Product assurance .50
4.18 Deliverables .50
Annex A (normative) Loads and factors of safety relationship .53
Annex B (normative) Factors of safety .54
Annex C (informative) Explosive component colour code .56
Annex D (informative) Component qualification test levels .57
Annex E (informative) Product user manual (PUM/UM) — DRD .59
Bibliography .66
© ISO 2012 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 26871:2012(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International
Standards adopted by the technical committees are circulated to the member bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the member bodies
casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 26871 was prepared by Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee
SC 14, Space systems and operations.
iv © ISO 2012 – All rights reserved

---------------------- Page: 4 ----------------------
INTERNATIONAL STANDARD ISO 26871:2012(E)
Space systems — Explosive systems and devices
1 Scope
This International Standard specifies requirements for the use of explosives on spacecraft and other
space products, including launch vehicles. It addresses the aspects of design, analysis, verification,
manufacturing, operations and safety.
NOTE Specific requirements for man-rating are not addressed.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 14300-1, Space systems — Programme management — Part 1: Structuring of a project
ST/SG/AC.10/1, UN Recommendations on the transport of dangerous goods (Model Regulations)
UNO Manual of Tests and Criteria. United Nations, Fifth Edition, 2010
Mil-std 1576, Electroexplosive Subsystem Safety Requirements and Test Methods for Space Systems, USAF, 1992
3 Terms, definitions, abbreviated terms and symbols
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1
actuator
component that performs the moving function of a mechanism
NOTE An actuator can be either an electric motor, or any other mechanical (e.g. spring) or electric component
or part providing the torque or force for the motion of the mechanism.
3.1.2
all-fire level
lowest level of the fire stimulus (including rise time, shape, duration), which results in initiation of a first
element (initiator) within a specific reliability and confidence level as determined by test and analysis
NOTE 1 The stimulus duration shall be compliant with the system.
NOTE 2 It is recommended that the test sequence be carried out at the lowest temperature of the operating range.
NOTE 3 The probability of functioning should be equal to or better than 0,999 at the 95 % confidence level.
3.1.3
armed
condition that allows the probability of a wanted event to be above an agreed limit
© ISO 2012 – All rights reserved 1

---------------------- Page: 5 ----------------------
ISO 26871:2012(E)

3.1.4
cartridge
explosive device designed to produce pressure for performing a mechanical function
NOTE A cartridge is called an initiator if it is the first or only explosive element in an explosive train.
3.1.5
catastrophic failure
failure resulting in loss of life, loss of mission or loss of launch capability
3.1.6
charge
explosive loaded in a cartridge, detonator or separate container for use in a explosive device
3.1.7
component
smallest functional item in a explosive subsystem
3.1.8
deflagration
reaction of combustion through a substance at subsonic velocity in the reacting substance
3.1.9
detonation
chemical decomposition propagating through the explosive at a supersonic velocity such that a shock
wave is generated
3.1.10
detonator
first element whose output is a high-order detonation
NOTE Detonators are generally used to effect detonation transfers within explosive trains.
3.1.11
dud
explosive charge or component that fails to fire or function upon receipt of the prescribed initiating
stimulus, after an external effect (human failure, manufacturing failure, environmental, chemical,
ageing, etc.)
3.1.12
electro-explosive device
explosive cartridge that is electrically actuated
3.1.13
end user
person who, or organization that, actually uses a product
NOTE The end user is not necessarily the owner or buyer.
3.1.14
explosive US
energetic material GB
material which is capable of undergoing an explosion when subjected to heat, impact, friction, detonation
or other suitable initiation
3.1.15
explosive actuator
mechanism that converts the products of explosion into useful mechanical work
3.1.16
explosive component
any discrete item containing an explosive substance
2 © ISO 2012 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 26871:2012(E)

3.1.17
explosive function
any function that uses energy released from explosive substances for its operation
3.1.18
explosive system
collection of all the explosive trains on the spacecraft or launcher system, and the interface aspects
of any on-board computers, launch operation equipment, ground support and test equipment and all
software associated with explosive functions
3.1.19
explosive train
series of explosive components, including initiating and igniting elements, explosive transfer assembly
and explosive actuator, arranged to realise the pyro effect required
3.1.20
extreme envelope
positive margin over the conditions of the qualification envelope
NOTE The device or system design is based on the conditions that define the extreme envelope.
3.1.21
gas generator
explosive device that produces a volume of gas or exothermic output or both
EXAMPLE Pyrotechnic igniters for solid propulsion applications, gas generator for inflatable structures.
3.1.22
initiator
first explosive element in an explosive train which, upon receipt of the proper mechanical, optical or
electrical impulse, produces a deflagrating or detonating action
NOTE 1 The initiator is divided into three categories: 1) igniter, a first element whose output is hot gases and
hot particles (igniters may be initiators for solid or liquid propellant); 2) squib, a first element whose output is
primarily gas and heat (squibs may be initiators for gas generators and igniters or may be cartridges for actuated
devices); 3) detonator, a first element whose output is a high-order detonation (detonators are generally used to
effect detonation transfers within explosive trains).
NOTE 2 The deflagrating or detonating action is transmitted to the elements following in the train.
NOTE 3 Initiators can be electrically (EEDs), optically or mechanically actuated.
3.1.23
launcher
launch vehicle
system used to transport a payload into orbit
3.1.24
lifetime
period over which any properties are required to be within defined limits
3.1.25
lot
batch
group of components produced in homogeneous groups and under uniform conditions
3.1.26
lot acceptance
demonstration by measurement or test that a lot of items meet its requirements
© ISO 2012 – All rights reserved 3

---------------------- Page: 7 ----------------------
ISO 26871:2012(E)

3.1.27
no-fire level
maximal level of input energy with an ignition stimulus (including nominal rise time and shape as required
by the system, but with a 5 min extended duration), to a first element (initiator) at which initiation will
not occur within a specific reliability and confidence level as determined by test and analysis
NOTE 1 It is recommended that the test sequence be carried out at the hottest temperature of the operating range.
NOTE 2 The probability of functioning should be less than or equal to 0,001 at the 95 % confidence level.
NOTE 3 A first element tested at this level shall remain safe and functional and shall guarantee the level of
performances required after the no-fire level test.
3.1.28
operational envelope
set of conditions in which the device or system meets its requirements
3.1.29
packaged charge
explosive material in a closed container
3.1.30
primary explosive
substance or mixture of substances used to initiate a detonation or burning reaction
NOTE In their intended role, these materials are sensitive to a range of thermal, mechanical and electrical
stimuli, including exposures during processing.
3.1.31
pyrotechnic device
device or assembly containing, or actuated by, propellants or explosives, with the exception of large
rocket motors
NOTE Initiators, ignitors, detonators, squibs, safe and arm devices, booster cartridges, pressure cartridges,
separation bolts and nuts, pin pullers, linear separation systems, shaped charges, explosive guillotines, pyrovalves,
detonation transfer assemblies (mild detonating fuse, confined detonating cord, confined detonating fuse, shielded
mild detonating cord, etc.), through-bulkhead initiators, mortars, thrusters, explosive circuit interrupters, and
other similar items.
3.1.32
qualification envelope
positive margin over the conditions of the operational envelope
3.1.33
safe
condition that renders the probability of an unwanted event below an agreed limit
3.1.34
scoop-proof connector
connector shell design in which the male contacts are recessed into the connector body to prevent
mismating damage to pins (especially in blind mating applications)
3.1.35
secondary characteristic
any characteristic other than the function
3.1.36
secondary explosive
substance or mixture which will detonate when initiated by a shock wave, but which normally does not
detonate when heated or ignited
4 © ISO 2012 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 26871:2012(E)

3.1.37
sequential firing
application of the firing pulses to initiators separated in time
3.1.38
spacecraft
satellite or other orbiting vehicle with self-propulsion
3.1.39
space vehicle
any satellite or launch vehicle
3.1.40
success
simultaneous achievement by all characteristics of required performance
3.1.41
sympathetic firing
firing of other explosive devices due to the output of any other
3.1.42
transfer line
linear explosive assembly for propagation of deflagration or detonation
3.1.43
through-bulkhead initiator
TBI
device for transfer of detonating input to detonating or deflagrating output across a hermetically
sealed barrier
3.1.44
user manual
document provided by the supplier to describe all the appropriate rules of operations
3.2 Abbreviated terms
AIT Assembly, integration and test
AIV Assembly, integration and verification
A/N As necessary
CDR Critical design review
DC Direct current
DKP Design key point documentation
DMPL Declared materials and processes list
DRB Delivery review board
DRD Document requirements definition
DSC Differential scanning calorimetric
DTA Differential thermal analysis
EED Electro-explosive device
EMC Electromagnetic compatibility
© ISO 2012 – All rights reserved 5

---------------------- Page: 9 ----------------------
ISO 26871:2012(E)

EMI Electromagnetic interference
ESD Electrostatic discharge
FMECA Failure modes, effects and criticality analysis
FTA Fault tree analysis
FOSU Ultimate design factor of safety
FOSY Yield design factor of safety
GSE Ground support equipment
ICD Interface control document
MEOP Maximum expected operating pressure
MRR Manufacturing readiness review
N/A Not applicable
NC Normally closed
NO Normally open
PDR Preliminary design review
PUM User manual
R Reliability
RAMS Reliability, availability, maintainability, safety
RF Radio frequency
RFP Request for proposal
S/C Spacecraft
SRS Shock response spectrum
TBI Through-bulkhead initiator
TBPM To be provided by manufacturer
TBPU To be provided by user
TGA Thermo-gravimetric analysis
TRR Test readiness review
UM User manual
UNO United Nations Organization
VDC Voltage direct current
VTS Vacuum thermal stability
6 © ISO 2012 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 26871:2012(E)

3.3 Symbols
A Ampere
F Force
F Inertial resistance force
D
F Deliverable output force
L
2
g Standard surface gravity (9,806 65 m/s )
h Drop height (m)
He Helium
I Inertial force
F
I Inertial torque
T
K Explosive factor
E
K Local design factor
LD
K Model factor
M
KMP Margin policy factor
K Project factor
P
KO Kick-off
K Project factor
P
M Mass of drop weight (kg)
scc Square centimetre cubic
T Torque
T Inertial resistance torque
D
T Deliverable output torque
L
V Volt
σ Standard deviation
4 Requirements
4.1 General
4.1.1 Background information
Since an explosive item used for flight can function only once, it can never be fully tested before its
crucial mission operation. The required confidence can only be established indirectly by testing
identical items. Test results and theoretical justification are essential to demonstrate fulfilment of the
requirements. The requirement for repeatability shows that product assurance plays a crucial role in
support of technical aspects.
© ISO 2012 – All rights reserved 7

---------------------- Page: 11 ----------------------
ISO 26871:2012(E)

The need for statistics requires that the explosive components used in an explosive system be tested
and characterized extensively. The variability in components means it is essential that manufacturers
provide customers with proof that the delivered items are identical to those qualified.
Failure or unintentional operation of an explosive item can be catastrophic for the whole mission and
life-threatening. Specific requirements can exist for the items associated with it. As all explosives,
whatever their use, are to be treated in a similar fashion, the same requirements, regulations, practices
and standards need to be applied, which will help to avoid human error.
If there is sufficient data to establish the reliability and confidence level for any given performance
against any given condition, this should be done. Subsequently, all margins should be converted into
standard deviations (σ) and be incorporated into the reliability and confidence analysis.
When viewed from the perspective of a specific project context, the requirements defined in this
International Standard should be tailored to match the genuine requirements of the particular profile
and circumstances of a project.
NOTE 1 Tailoring is a process by which individual requirements of specifications, standards and related
documents are evaluated, and made applicable to a specific project by selection and, in some exceptional cases,
modification of existing or addition of new requirements.
The requirements of this International Standard are drawn from the more detailed specifications of
[1] [3]
AIAA S-113 and ECSS-E-ST-33-11C .
4.1.2 Overview
Being generally applicable, the requirements stated in this section apply throughout and are not repeated
in the sections relating to specific topics.
Explosive systems and devices use energetic materials (explosives, propellants, powder) initiated by
mechanical, electrical, thermal, or optical stimuli, for unique (single-shot) functions, e.g. solid booster
initiation, structure cutting, stage distancing, pressurized venting, stage neutralization, valve opening
or closing, release of solar arrays, antennas, booms, covers and instruments.
The properties of the initiator govern the major part of the behaviour of the system.
The requirements for initiators and their derivatives, such as cartridges and detonators, are defined in
specific requirements related to the specific types.
Properties of explosive components and systems, which cannot be covered by requirements for the
initiators alone, are defined in specific requirements relating to the types of actuator.
Other components of the explosive system, which can be tested and do not need specific requirements,
are subject to the general technical and product assurance requirements. Detailed aspects of these
components are included where they have a significant influence on the success of the system.
Single-shot items can never be tested in advance. Particular care is needed in their development,
qualification, procurement and use, in accordance with the development phases specified in ISO 14300-1.
Safe handling and usage of explosive components are not governed by individual users or the suppliers.
4.1.3 Applicability
This International Standard applies in addition to any existing standards and requirements applicable
to spacecraft or launchers.
4.1.4 Properties
a) The two states of the properties of the explosive system (before firing and after firing) shall be
identified and listed in a specific document for shipper and user.
8 © ISO 2012 – All rights reserved

---------------------- Page: 12 ----------------------
ISO 26871:2012(E)

b) For every explosive component, the function, primary stimulus, unwanted stimuli and secondary
characteristics shall be identified and quantified.
c) Only qualified and lot-accepted items shall be used in flight systems.
d) The properties for the two states of the explosive system (before firing and after firing) referred to
in item a) of this list shall remain stable over time when subjected to external loads or environmental
conditions, within the qualification values.
4.2 Design
4.2.1 General
a) Redundant trains shall be designed such that the first component to fire does not adversely
affect the second.
b) The system lay-out should facilitate the replacement of subsystems or components.
c) Parts of the explosive system and devices identified as critical on the basis of a RAMS analysis shall
be replaceable.
d) Replaceable parts and substitutes shall be listed in the user manual of the explosive system and devices.
4.2.2 Reliability and confidence levels
a) It shall be agreed between the customer and the supplier which performance parameters are to be
defined as mean values with associated standard deviation [see g) below].
b) The explosive system shall achieve the specified properties within defined levels of reliability and
confidence agreed between the customer and the supplier.
NOTE 1 All components are contributors.
NOTE 2 This International Standard specifies critical safety and performance properties.
c) The reliability of components shall be equal to or better than 0,999 with a confidence level equal to
or better than 95 %.
d) The probability of unwanted functioning of components shall be less than or equal to 0,001 with a
confidence level equal to or better than 95 %.
e) The performance characteristics of components at any level of assembly shall be specified at the
specified level of reliability and confidence [see b) above].
f) The safety characteristics of items at any level of assembly shall be specified at the specified level of
reliability and confidence [see c) above].
g) The supplier shall provide documentation, for customer approval, justifying the validity of statistical
methods used to determine the product performances.
4.2.3 Performance
a) Except as specified in b) below, all performances shall be quantified by measurement versus time of
initial, transitional, and final values of the specified properties.
NOTE Specified properties are listed in 4.11 and 4.12.
b) The specified time interval [defined in a)] shall be identified and measured between either
1) a clear reproducible initiation event and the attainment of the performance value, or
© ISO 2012 – All rights reserved 9

---------------------- Page: 13 ----------------------
ISO 26871:2012(E)

2) an initiation event and 90 % of the measured performance value.
c) For performance that cannot be quantified based on measurements, an acceptance procedure shall
be agreed between the supplier and the customer.
d) The basis of the time shall be specified and justified.
4.2.4 Wanted and unwanted response
a) For wanted response, the response of any component, when subjected to the specified minimum
probable stimulus, shall be demonstrated to be more than the specified lower limit agreed between
the customer and the supplier.
b) For unwanted response, the response of any component, when subjected to the specified maximum
possible disturbance, shall be demonstrated to be less than the specified upper limit agreed between
the customer and the supplier.
NOTE This applies to safety and failure.
4.2.5 Dimensioning
4.2.5.1 Strength
The explosive system shall sustain, before, during and after firing:
— the internal loads due to operation, and
— the external loads defined by the user.
NOTE These loads represent the sum of pre-load, static, dynamic, thermal and any other load seen in service.
4.2.5.2 Explosive charge dimensioning
a) The methodology for dimensioning the charge of the explosive devices (using or not the modelling)
shall be justified.
NOTE 1 Dimensioning is done at the worst case (e.g. temperature of the qualification envelope).
b) Design factors and additional factor values defined in this clause shall be agreed with the customer.
c) For determination of the explosive charge, the design factor K shall be used, as defined hereinafter:
K = K × K × K × K
MP E P M
d) A “margin policy factor”, K ; shall be defined, justified and applied in accordance with the
MP
methodology given in Annex A.
NOTE 2 This factor, used to give confidence to the design, covers (non-exhaustive list)
— the lack of knowledge on the failure modes and associated criteria,
— the lack of knowledge on the effect of interaction of loadings, and
— the non-tested zones.
NOTE 3 Justification can be performed based on relevant historical practice and analytical or
experimental means.
NOTE 4 K can have different values according to the technology used for the device (e.g. expanding
MP
tube, cutter, pyrotechnic actuator).
10 © ISO 2012 – All rights reserved

---------------------- Page: 14 ----------------------
ISO 26871:2012(E)

NOTE 5 While going through the design refinement loops, K can be progressively reduced down to 1,0
MP
after justification.
e) When modelling is performed, a “mode
...