Tomasz just out of interest what’s it remove power to? A VSD? I’ve got lots to say on this one 😂

Hi Bachir, in my experience SRS is always the main issue, because if that wrong then so is everything else.

Thanks Tomasz — great points, and yes, it really is a common sense approach. I'll be honest, my position has shifted over the years. I used to be hard-line: full compliance, no compromise. Then I watched what actually happens. Operators get hit with the rekit cost, the upgrade gets shelved. The system that was "non-compliant but operating" just stays "non-compliant and operating" — except now nobody's actively looking at it, because it's been pushed into the too-hard pile. Is that actually safer? Which is why it has to come back to ALARP. The standard is the framework, but ALARP is the test. A pragmatic, risk-prioritised pathway to bring legacy systems into a defensible position is almost always safer than a binary "fully compliant or bust" stance that paralyses the whole programme. You're spot on about the lifecycle point too — if a system's never been through the safety lifecycle, you genuinely don't know what condition it's in. That's where an FSA Stage 4 could be used. Treat it as the diagnostic: pull whatever operational evidence exists — proof tests, demand rates, failure history, maintenance records — reverse-engineer the design assumptions, and let the gap analysis drive the prioritisation you described. Component-by-component, risk-ranked, upgrade where it actually moves the needle. Its a great discussion legacy systems

@Tomasz Barnert I have two sets of templates for a FSMS one set I produced for organisations working on FS projects. This was designed to be integrated into an existing QMS system