@Anth Gunn https://www.gambica.org.uk/static/uploaded/9a36b58d-9b1b-4665-ba154a9df43d77a0.pdf

I’ve always found this a great guide

Hi @Iyan Putra I've finally managed to get some advice on this question so this answer isnt all me its not something I actually have a massive amount of experience with 😁 The 1oo2D formula in IEC 61508-6 Annex B.3.2.2.4 (the one @Dmitry Kosianchik GOST figures show) is itself a Markov-derived closed form. It's a Taylor-series reduction of the exact Kolmogorov solution, built under the simplifying assumptions listed in B.3.1 — which is exactly why PTC and MT don't show up in it. The standard never extended the PTC treatment to 1oo2D; it only worked that extension for plain 1oo2, in B.3.2.5. So your instinct that you need to go back to the underlying Markov chain to get a realistic PFDavg (with PTC and beta handled explicitly) is correct, not a workaround. The literature you're after is already in the standard — Annex B.5.1–B.5.2 of 61508-6:2010 (the section right after the tables Dmitry posted). It derives the whole thing from first principles: 1. Define your states — for 1oo2D that's finer-grained than 1oo2: both channels good, A-down-detected (running 1oo1 via the comparator), B-down-detected, both-detected→safe, A-down-undetected, B-down-undetected, CCF. 2. Build the transition rate matrix [M] from λDU, λDD, λSD, μ=1/MRT, μDD=1/MTTR, the channel comparison efficiency K, and β/βD. 3. Solve the Kolmogorov forward equation dP(t)/dt = [M]P(t) → P(t) = e^(t[M])P(0). 4. Because proof tests are discrete events, not continuous, you need the multiphase model (Fig. B.24/B.29): split the timeline at each test, and use a linking matrix [L] to reset state probabilities at each boundary — that's literally a discrete-time Markov process bridged between phases. 5. Sum the probabilities of unavailable states to get U(t), then integrate: PFDavg(T) = (1/T)Σ qk·MCTk(T) (the Mean Cumulated Time method). 6. To bring PTC in explicitly: split each undetected-failure branch into a "caught at next proof test" path (weighted by PTC) and a "survives to next real demand" path (weighted by 1-PTC), exactly as B.3.2.5 does for 1oo2 — you're just adding that same branching to the 1oo2D chain instead of the 2-state 1oo2 one. MT (mission/demand time) is that same T2 from B.3.2.5 — it's the exposure window for the (1-PTC) fraction, the time a missed fault sits undetected until a real demand reveals it. 7. Beyond the standard itself: ISA-TR84.00.02-2002 (in 61508-6's bibliography) runs the same Markov methodology with more worked architectures including 1oo2D. Rausand's Reliability of Safety-Critical Systems (Wiley) has a full chapter deriving these chains by hand. SINTEF's PDS Method handbook treats PTC and beta inside a Markov-consistent framework specifically for SIS — that's probably your closest match for backing the calc.

Hi Bachir, in my experience SRS is always the main issue, because if that wrong then so is everything else.