A new fault scenario previously unconsidered in the FMEA has driven the need to modify the existing system to protect against the scenario in question

So I’m not sure if you are in nuclear but we assess the fault sequence and dose consequence of the fault and this determines what safety class / SIL level is required to protect against that fault. In this instance a new input is needed to detect the new fault but the output of the system will be the same. (Safe shutdown)

One question to ask is “could you achieve 100%?” for example you may be able to remove components from the system and use a test box so that they can be truely tested 100%. We made a bespoke test kit to fully 100% test the safety relays on one of our systems during proof testing.

@Richard Kelly Good point! I agree that chasing 100% coverage can sometimes introduce unnecessary complexity, especially if components need to be removed, which can introduce additional human error during proof testing. Absolutely don’t do it, if you don’t need too! One of the advantages of achieving close to 100% PTC is that it can sometimes allow the PTI to be extended while still meeting the PFD. This can reduce the frequency of shutdowns, lower maintenance burden over the lifecycle, and reduce plant disruption. It can also increase confidence that hidden dangerous failures are being revealed during testing rather than accumulating over time.