ISO 26871:2020 Space Systems — Explosive Systems and Devices

1. Introduction and Scope

ISO 26871:2020, prepared by ISO/TC 20/SC 14, establishes comprehensive requirements for explosive systems and devices used in space systems. The standard covers the entire lifecycle — from design and materials selection through production, testing, qualification, transport, handling, storage, and in-service monitoring. Space missions depend on pyrotechnic devices for critical functions including stage separation, fairing jettison, spacecraft deployment, valve actuation, and emergency destruction.

A typical launch vehicle contains 50-200 pyrotechnic devices, and a single failure can result in total mission loss. ISO 26871 provides the engineering framework to achieve the extreme reliability (typically 0.999 at 95 % confidence) required for these one-shot, mission-critical components.

The standard applies to all types of explosive components used in space systems: initiators (including NASA-standard initiators, ESA-standard initiators, and NASA standard detonators), cartridges, detonators, through-bulkhead initiators, transfer devices, safe and arm devices, gas generators, shaped charges, expanding tube separation systems, explosive delays, and explosively actuated devices (separation nuts/bolts, pullers, pushers/thrusters, cutters, and pyro-valves).

2. Design and Performance Requirements

2.1 Reliability and Confidence Levels

The standard mandates that explosive devices demonstrate a reliability of 0.999 at 95 % confidence level for mission-critical functions. This extreme requirement drives a comprehensive qualification and lot acceptance testing program using success-run testing (no failures allowed in a statistically determined sample size) or Bruceton staircase methods for sensitivity testing.

Device Category	Key Design Requirements	Critical Parameters
Initiators (EEDs)	No-fire current ≥ 1 A for 5 min; all-fire current ≤ 3.5 A	Bridgewire resistance, insulation resistance, firing time
Detonators	Output must reliably initiate next explosive element	Output energy, output direction, fragmentation
Separation nuts/bolts	Separation shock within specified envelope; no debris generation	Shock response spectrum, preload retention, release time
Pyro-valves	Zero leakage after actuation; no particulate generation	Sealing integrity, actuation time, flow restriction
Shaped charges	Precise linear/annular cutting; minimum stand-off distance	Cutting depth, jet integrity, explosive load

2.2 Debris and Contamination Control

ISO 26871 places stringent requirements on debris generation — a critical concern for space systems where floating debris can damage sensitive instruments or create short circuits. The standard mandates that explosive devices be designed as “debris-free” where possible, with containment features to capture any fragments. Through-bulkhead initiators are specifically designed to contain the plasma and debris within the initiator body while transmitting the shock wave through the bulkhead.

The standard requires that explosive devices include two independent safety barriers between the explosive train and any inadvertent energy source. For electro-explosive devices (EEDs), this typically means a minimum 1 A/5 W no-fire requirement combined with physical isolation of the explosive from the bridgewire until intentional arming.

3. Verification and Qualification Testing

3.1 Qualification and Lot Acceptance

The verification program is divided into three tiers: qualification testing (performed once on a representative sample to validate the design), lot acceptance testing (performed on each production lot to verify manufacturing quality), and incoming inspection (100 % screening of critical parameters). Qualification tests include functional performance over the full temperature range, vibration (random and sinusoidal), thermal vacuum, shock, and accelerated aging. Lot acceptance uses reduced test levels but must include functional firing of a statistically significant sample from each lot.

Test Type	Qualification	Lot Acceptance
Visual inspection	100 %	100 %
Bridgewire resistance	100 %	100 %
Insulation resistance	100 %	100 %
Functional firing (temperature)	Hot/cold/ambient	Ambient (sample)
Vibration	Qualification levels × 1.5	Acceptance levels
Thermal vacuum	4 cycles, extended dwell	1 cycle
Shock	Maximum expected +6 dB	Not required
Accelerated aging	4× design life at elevated temp	Not required

3.2 Transport, Handling, and Storage

The standard dedicates significant attention to logistics safety, recognizing that explosive components face their highest risk during ground operations rather than in flight. Requirements cover transport packaging (compatible with UN/IMO dangerous goods regulations), facility classification (explosion-proof electrical systems, lightning protection, static discharge control), handling procedures (minimum personnel, conductive flooring, grounded equipment), and storage conditions (temperature-controlled, humidity-monitored, segregated by hazard classification).

4. Engineering Design Insights

For pyrotechnic engineers designing space systems, several design principles from ISO 26871 deserve special attention:

Safe and arm device philosophy: The standard requires that safe and arm devices positively isolate the explosive train from initiators during all ground operations, transport, and storage. The device must require at least two independent, intentional actions to move from “safe” to “arm” position, with unambiguous visual indication of the current state. Electrical arming requires a minimum of two separate signals.

Non-explosive component interfaces: Connectors must maintain specified insulation resistance even after exposure to the space environment (vacuum, radiation, thermal cycling). Wiring must be derated to 50 % of rated current capacity. Faraday caps provide RF/EMI shielding for EEDs during ground operations.

Functional redundancy: The standard’s 0.999 reliability requirement at 95 % confidence effectively mandates redundant initiators for all mission-critical functions — typically dual bridgewire initiators or dual-initiator configurations where either device alone can perform the function.

The inclusion of Annex C (explosive component colour code) provides an intuitive visual identification system: red for initiators and detonators, yellow for explosives, blue for safe and arm devices, and green for non-explosive components. This simple coding helps prevent catastrophic misidentification during high-stress ground operations.

5. FAQs

Q1: What is a NASA-standard initiator (NSI)?
The NSI is a specific type of electro-explosive device defined in NASA standards, with established qualification and interface characteristics. ISO 26871 references these standard initiators and defines applicability criteria.

Q2: How is the 0.999 reliability at 95 % confidence demonstrated?
Through success-run testing: for a 0.999 reliability at 95 % confidence, 2,995 successful tests without failure are required (using the binomial distribution). For practical sample sizes, this is achieved through combined evidence from design analysis, similarity, and qualification testing.

Q3: What is a through-bulkhead initiator (TBI)?
A TBI transmits explosive energy through a metal bulkhead without penetrating it — the initiator is mounted on one side and the output on the other side of the bulkhead. This provides hermetic isolation between compartments, critical for hazardous gas containment.

Q4: What are the cleaning requirements for explosive components?
The standard mandates that all components be cleaned to the level specified for the mating spacecraft hardware. For most applications, this means compatibility with molecular contamination limits (typically < 100 ng/cm² non-volatile residue) and particulate cleanliness (ISO 14644 Class 8 or better).