hello support1@lima.co.uk , when upgrading there is no impact in authentications completed previously to the upgrade as the NAD are the ones that retain the session , the impact will be only in the newest authentication request coming from your NADs towards the nodes that have the PSN persona enabled.
In the scenario of split upgrade , you are correct in your statement as one PSN node can handle new radius request while another PSN is being upgraded , the key here is that you need to have redundancy configured within the NADS and point them towards the PSNs , the NAD will mark one server as dead as it will be unavailable while upgrading , so it can forward the radius traffic towards the server that is not being upgraded , and then mark as alive again to that server when the upgrade has finished , refer to the following documentation
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217509-upgrade-ise-with-full-upgrade-method.html#anc6
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-3/configuration_guide/sec/b_173_sec_9300_cg/configuring_aaa_dead-server_detection.html
Let me know if that helped you .