@Richard Kelly I believe the question was from the angle of sometimes one would want to claim prior use but when their field data has say only 20,000 hours of operation and they want to go Prior Use other than SIL certification route, an aspect I believe many would prefer especially when dealing with Final Elements. IMO, I think this is where using a Bayesian update may help in conjuction with say the OREDA data.. in any case, as more field data is availed, the “prior” becomes negligible as site data dominates the calculation!

@Richard Kelly I just went down a rabbit hole on this one. I had not come across the Siemens virtual failsafe PLC yet, but I am aware of the CODESYS Virtual Safe Control, certified up to SIL 3 since I have been tinkering abit with the CODESYS platform. The key benefit I see with these “virtual things” is the decoupling of safety logic from physical controllers, enabling greater flexibility, scalability, and alignment with virtualized or edge-based architectures. That said, I would expect the main challenge to sit in the safety lifecycle rather than the logic itself, particularly in validating the virtual runtime environment, host OS, time determinism, and deployment architecture as part of the overall safety case, as these layers effectively become part of the safety system…but hey, more bucks for software fuctional safety specialists right 😉

@Richard Kelly many are not ready. Personally, I still do not know how TUV SUD certified the CODESYS Virtual Safety PLC, it would be interesting if anyone in this playbook was part of the process, they can share some insights on the procedure and how to handle any uncertainties…

@Iyan Putra, I may not have fully understood your question, but in simple terms, mission time is the operational period defined by the asset owner, typically aligned with major plant turnarounds, over which a safety function is expected to operate without a full system overhaul. It is distinct from the useful life of individual components, which may require replacement within that period. You have mentioned “parameters by Exida” so I believe you understand that mission time directly affects PFDavg because proof testing is never perfect. Dangerous failures that are not detected during testing accumulate over the entire mission time, not just between proof tests. As a result, a longer mission time increases PFDavg and can effectively reduce the achieved SIL if not properly managed. For this reason, the selected mission time must be consistent with achievable proof test intervals and test coverage. This is likely why @Richard Kelly raised a question earlier. An excessively long mission time can make the target SIL unattainable without impractically short or intrusive testing. For your project, ask the customer to define their major overhaul cycle, then clearly demonstrate how the chosen mission time, together with a realistic testing strategy, impacts long-term PFDavg and SIL compliance. If there is resistance, remain calm if the client is stubborn… On a side note, how do they not have an SRS, is this a legacy plant?

Mentee