In theory, the PLC and programming software compiler have been pre-certified, and have diagnostics and error checking built in to ensure that the PLC does what the program says to do, up to a given reliability value. In AB land, my understanding is that the safety CPU itself has one reliability value (good for SIL2) and another reliability value in conjunction with the safety partner (crosschecking/reliability/diagnostics get it to SIL3). This is what you would use for sistema evaluation, regardless of the programming that happens inside of the PLC.
At least in Siemensland, profisafe has enough errorchecking built in that networking is considered a negligible enough source of error that it can be ignored in the safety reliability calc; I assume the same is true for CIP safety, but I have no experience there. HOWEVER, network architecture can have an influence on reaction time, so keep that in mind for those calcs.
However, you still need validation/system test afterwards to prove that the program in the system actually does what it was it was intended to, which is very different from the system reliability itself.