This paper reviews the attributes and challenges of applying the functional failure concept and the use of Best-Estimate Plus Uncertainty methods in evaluating protective systems in the risk space. As an illustrative example, the paper uses the case of the effectiveness of CANada Deuterium Uranium (CANDU) reactor shutdown systems. A risk-informed formulation is first introduced for estimation of a reasonable limit for functional failure probability using the Swiss Cheese model. In the real application, there are several challenges in realistically estimating probabilities of exceeding a prescribed design or regulatory limit. Key challenges discussed in this critical review include the use of complex, computationally intensive predictive models; modeling completeness; assumptions about input distributions; validation; separation of uncertainties; and selection of statistical model and algorithms. The use of hybrid deterministic-probabilistic methods may address these challenges to a certain extent.