This is a great question, and I've been also searching for the best answer for a long time. It directly addresses the practical aspects of functional safety, the one that the end user of the SIS system faces. Mission time is always a parameter that must align with the expectations of the installation owner and their safety management policy. If you ask them, you will find that similar issues occur in other areas of the facility—after all, other components like mechanical devices, pipelines, etc. also wear out and need to be replaced after some time. Let me give you an example from my country: currently, refineries are striving to extend the time between shutdowns to 4–5 years. As a result, most Proof Tests must also be carried out within such a time interval. Therefore, in the SRS we usually set the Mission Time to 16 or 20 years, which corresponds to 4 full production cycles. These are the values I use for my PFDavg calculations in most cases.

@Tom Atkinson From my experience such plants don't have also hazard identification like HAZOP done, or it was done very long time ago. They have a lack of up to date SIF documentation, etc. The best solution here is to prepare and conduct a functional safety audit which will show the best way and will force the company to prepare an appropriate plan of next actions like: fresh HAZOP study or update existing, SIF list update, SIL requirements determination and partially SRS preparation. Many things changed at site since this old SIS was implemented in most cases. Having this set of data is a great background to making a decision - what we will do with old system - new, modernization, partial modernization? This is path I proposed many times and it's working.