GMP Engineering Manual Edition 04/2008SIMATIC WinCC flexible 2007 Guidelines for Implementing Automation Projects in a GMP Environment simatic hmi s Introduction, Table of Contents Configuring in a GMP Environment 1 2 3 4 5 6 7 8 9 SIMATIC WinCC flexible 2007 GMP Engineering Manual Guidelines for Implementing Automation Projects in a GMP Environment Requirements of Computer Systems in a GMP Environment System Specification System Installation Project settings Creating Application Software Support During Qualification Operation, Maintenance and Servicing System Updates and Migration Index 04/2008 A5E02147610-01 Safety Guidelines This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring to property damage only have no safety alert symbol. The notices shown below are graded according to the degree of danger. ! ! ! Danger indicates that death or severe personal injury will result if proper precautions are not taken. Warning indicates that death or severe personal injury may result if proper precautions are not taken. Caution with a safety alert symbol indicates that minor personal injury can result if proper precautions are not taken. Caution without a safety alert symbol indicates that property damage can result if proper precautions are not taken. Notice indicates that an unintended result or situation can occur if the corresponding notice is not taken into account. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage. Qualified Personnel The device/system may only be set up and used in conjunction with this documentation. Commissioning and operation of a device/system may only be performed by qualified personnel. Within the context of the safety notices in this documentation qualified persons are defined as persons who are authorized to commission, ground and label devices, systems and circuits in accordance with established safety practices and standards. Prescribed Usage Note the following: ! Warning This device and its components may only be used for the applications described in the catalog or the technical description, and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. Correct, reliable operation of the product requires proper transport, storage, positioning and assembly as well as careful operation and maintenance. Trademarks All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions. Siemens AG Industry Automation Postfach 4848 90026 NÜRNBERG GERMANY A5E02147610-01 04/2008 Copyright © Siemens AG 2008 Technical data subject to change Since variance cannot be precluded entirely. servicing and maintenance personnel who use the process control technology in the GMP environment. We welcome any suggestions for improvement and ask that they be sent to the A&D Competence Center Pharma in Karlsruhe (Germany). It describes solutions for implementing automation plans with SIMATIC WinCC flexible in situations where the principles of GMP are mandatory.Introduction Purpose of this manual This manual describes what is required from the pharmaceutical. of the computer system. Practical examples are used to explain the relationship between requirements and implementation. The information in this document is checked regularly for system changes or changes to the regulations of the various organizations and necessary corrections will be included in subsequent issues. project managers and engineers. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 3 . those responsible for control system designs for specific industries. the software and the procedure for configuring SIMATIC WinCC flexible. Required level of knowledge Basic knowledge about SIMATIC WinCC flexible is required to understand this manual. Knowledge of GMP as practiced in the pharmaceutical industry is also an advantage. we cannot guarantee full consistency. We have checked that the contents of this document correspond to the hardware and software described. regulatory viewpoint for Good Manufacturing Practice (GMP environment). Disclaimer of liability This manual is a guideline for system users and engineers for integrating SIMATIC WinCC flexible HMI systems in the GMP environment as it relates to validation while taking 21 CFR Part 11 into account. Intended audience This manual is intended for all plant operators (users). com/automation/ca01. References to other manuals are shown in bold italic. but are also intended to provide an overview of the requirements for configuration and what is required of computer systems in a GMP environment. Recipe. Position in the information landscape The system documentation of the SIMATIC WinCC flexible operator control and monitoring system is an integral part of the SIMATIC WinCC flexible system software. 4 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The appendix to this documentation contains an index. Conventions The following conventions are used in this manual. Refer to the CD-ROM catalog CA01 for detailed information on the compatibility of the individual components. phone: + 49 621 456 3269. Layout of the manual This manual supplements the existing SIMATIC WinCC flexible manuals. You can obtain information about using the WinCC add-ons through the Hotline of the WinCC Competence Center Mannheim. which should make the selection of components easier.siemens. The CD-ROM catalog is available online at: www. The guidelines are useful not only during configuration. Procedures that include numerous tasks are presented in tables and numbered in the order they should be carried out.Introduction Scope of this manual The information in this manual applies to SIMATIC WinCC flexible 2007. All the necessary functions and requirements for hardware and software components are also described. Operating instructions involving only a few steps are indicated by a bullet point (•). PM-Control and PM-OPEN IMPORT. Audit. Archives. More detailed explanations are available in the standard documentation. and the WinCC add-ons PMQUALITY. It is available to every user as online help (HTML help) or as electronic documentation in Acrobat Reader format (PDF): You will find the electronic manuals for SIMATIC WinCC flexible 2007 on CD-ROM as the "SIMATIC HMI Document Collection". recommendations and mandatory specifications that represent the basis for configuration of computer systems. The document explains the laws and guidelines. The use of the hardware and software and how they are configured or programmed to meet the requirements is explained based on examples. The examined components are SIMATIC WinCC flexible (ES/RT) in combination with the options ChangeControl. com/automation/partner A signpost to the documentation of the various SIMATIC products and systems is available at: http://www.com Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 5 .siemens.Introduction Additional support Please contact your local Siemens representative if you have any queries about the products described in this manual.de/simatic-tech-doku-portal You will find the online catalog and order system at: http://mall.com/ If you have questions on the
[email protected]. Germany.siemens.com + 49 721 595 6930 Additional information about the products.com/pharma Training Center We offer courses to help get you started with the SIMATIC WinCC flexible HMI system.automation. • • Phone: Internet: + 49 911 895 3200. You will find information on who to contact at: http://www. http://www. Please contact your regional training center or the central training center in 90327 Nuremberg. please contact the Competence Center Pharma: • • E-mail: Fax: pharma. systems and services from Siemens for the pharmaceutical industry can be found at: http://www. The right documents via our Search function in Product Support. which constantly provides you with up-to-date information on your products.siemens.siemens. where users and experts from all over the world exchange their experiences.siemens. Your local representative for Industry Automation.com/automation/service Service & Support on the Internet In addition to our documentation. Information on field service. we offer our Know-how online on the internet at: http://www.com/automation/service&support Where you will find the following: • • • • • The newsletter. repairs and Consulting. 6 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Introduction Technical Support You can reach the Technical Support for all Industry Automation products • • • Via the Web formula for the Support Request http://www. A forum.com/automation/support-request Phone: Fax: + 49 180 5050 222 + 49 180 5050 223 Additional information about our Technical Support can be found on the Internet pages http://www. ............4.... 20 Configuration Management ........ 33 Use of Third-Party Components ..................................6......1 2.....................................................................................3 1.3......7 2.................2 2.........3.................................. Guidelines and Recommendations ...11 2.......... 22 Changing software modules/typicals .........................................Table of Contents Introduction Table of Contents 1 Configuring in a GMP Environment 1................................................................. 25 Electronic signatures based on biometrics .............. 25 Conventional electronic signatures...................................................3 2....................... 22 Using typicals for programming ..............................................................10.....................................................................................9 2............ 34 Requirements of Computer Systems in a GMP Environment Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 7 ................................................................... 29 Components of the manufacturing log.....................................................................................2 2....10......... 18 19 Hardware Categorization . 22 Access Protection and User Administration ..............................................................................13 3 7 11 Life Cycle Model ........................................................ 29 The uses of electronic batch data....2 2....................1 2.................................................................. 33 Retrieving Archived Data ...........................................1 2.............. 23 Applying access protection to a system ....... 18 Approval and Change Procedure .............1 1...................................................................4 2... 27 Archiving Data .......... 11 Regulations.4 2. 19 Software Categorization ........5 2......4...................... 27 Time Synchronization ........................................... 21 Configuration Control...................................................... 24 Electronic Signatures.................................2 2...... 23 Requirements of user IDs and passwords...............................12 2...................................................................5................................................................2 2............................... 26 Security measures for user IDs / password..11.......................................................................1 2............3 2............ 30 Data Backup ....................................................... 26 Audit Trail........................................................................3 2......... 31 Backup of process data ....1 2.........8 2.....4 2 2....3 2........2 2............2 2.........6 2..................... 16 Responsibilities..................2 1... 30 Requirements of electronic records.......6..................................................................................................................................11...............10 2..5............... 24 Smart cards and biometric systems .....................................................................10....................................................................3 2.............................................. 22 Identifying software modules/typicals ................................ 28 Reporting Batch Data ....... 31 Backup of application software...........................................................................................4...................................10....1 2........................................... 29 Components of batch documentation............ 20 Configuration Identification ....................1 2............................6.................................................................................... 21 Software Creation ...............................5................................................................................ ...... 37 System and Network Security ................. 66 Versioning of configuration elements ..... 42 Image & Partition Creator .................3................................ 44 Installing utilities and drivers............................4............................................................. 60 Time Synchronization ............................................................Table of Contents 3 System Specification 3.................................................1 4..... 36 Hardware specification ........................ 59 Multilingual Projects........................1 4... 46 Setting up users in WinCC flexible .........4.................................... 45 Centralized user administration ....3..........3 8 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 ........................................... 43 Installing SIMATIC WinCC flexible ..............................3........................................................... 38 Engineering.... 49 Security settings with centralized user administration......................... 43 Installing the SIMATIC WinCC flexible options .............4...............2.....................................................2.........5..................6..........2 5.......................5 5....................................................2 5....................... 41 Utilities and Drivers...4 3.................1 3..........4..... 61 Transferring the CPU system time to the HMI device .......................................1 5...1 5.2 5.....................................3 5........ 61 Set time..........................5.................................. 66 Defining configuration elements .............................1 3..........................................................................3 35 Specification of Visualization Hardware ........................................ 67 4 System Installation 4.......................................................................................................................3........................................3 3............. 67 Versioning the application software........................4 4.......3 5........................................5 3............................................1............................... 65 Support for Configuration Management ...................4... 60 SIMATIC NET Settings ............................... 47 Security settings with local user administration .... 44 Setting up User Administration ............................5 4...........................................................................................................1 4......1 3........................4.....2 3..................................... 51 Access Protection with SIMATIC Logon..................3......................................................................................................................................3 4....................................... 62 Transferring the HMI device system time to the CPU ............2 4.......2...................................................................................3................... 42 43 Installing the Operating System..........3.1....... 41 WinCC Premium add-ons ......................4 5...2 4................ 41 Application Software Specifications......................................................................................1 3................... 43 Installing the System Software ...3 3....................1 4.......4..........3........................................6.............................................................4 3......................4 5.................2 3.................................. 39 Runtime software...................................6 3................ 56 59 Project Manager ....................................... 39 Interfacing to higher-level IT systems......4............ 54 Configuration of SIMATIC Logon...............3 5 Project settings 5....... 52 User management in Windows.................1 3....................................... 42 Antivirus tools ................................3.6.. 40 SIMATIC Additional Software ...................................................... 42 Printers / printer drivers ... 45 Local User Administration..............................................................2 4.................................... 45 Setting up user groups in WinCC flexible ....................................5...........3 4.........2 3...... 36 Selecting hardware components ............2 3...................................................................4 4.............................................1 5.......................................... 64 Synchronization of the SIMATIC Logon server ................... 38 Access protection and user administration.............................................................3................................................................................2 4............ 52 Security settings in Windows.............. 38 Specification of Basic Software ...........................................................................3 4....................6 4.................... ............................. 107 Centralized user administration ....................1 8..................................................................10...................9..................................................................... 76 Setting up the Audit Trail .............................10 6....... 105 Backing up the operating system and the application software of an HMI device (panel)....................................................................6 6.....................................7......3 7.......................................4 7..13 71 Creating Process Screens ........................................1 6..........10.................................................. 75 Creating VB Scripts ........................................................................................... 107 Central process value archiving and central alarm management .......7 6.................................... 83 Recording and Archiving Data Electronically.... 104 Backing up application software from the engineering system ..... 125 Software categorization according to the GAMP guide..........................................1 6...................................................12 6................... 125 Qualification of the Application Software ..9............................................ 108 Central recipe control and recipe management ..........10........... 135 Operational Change Control.........................................................2 6..........................................1 7............................ 88 Restricting access to the network drive ................8............9 6................................................7.........7.....1 6.............................................8 6............................................ 109 Interfacing SIMATIC S7 ...... 131 Tracking Configuration Changes ................................................... 123 Qualification of the Visualization Software ................................... 117 121 Qualification Planning .......3 6......................................2 6.................3 6..4................................................................7.......................................................... 140 Index-1 7 Support During Qualification 7...........4 6........................... 99 Backups of System / Application Software ................... Maintenance and Servicing 8..........11 6.................................................. 90 Batch-oriented data recording ...........................3 6................................ 93 Reporting ..................4 6................................................................. 137 139 Updates..................... 72 Setting Access Protection for an Object ............1 6..... Service Packs and Hotfixes ..10....3 7.....................................3 9 System Updates and Migration 9............3 6........ 122 Qualification of the Visualization Hardware ........................ 77 Generating audit trail entries ....................................5 8 Operation............................................1 6.......1 9............................. 107 Central audit trail for multiple WinCC flexible systems...................2 7......................... 135 Restoring the System .......................2 Index Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 9 ................... 129 Checking the Configuration: Versioning and Archiving Projects ..........3............................. 86 Setting up data and alarm logs............................................... 96 Standard reporting .................................. 112 Uninterruptible Power Supply ......1 7.................... 86 Archiving data logs.....2 6.............Table of Contents 6 Creating Application Software 6.................5 6.. 111 WinCC flexible Integrated in STEP 7...................................................................4........... alarm logs and audit trails ........................................................................................9................................. 82 Recipe Management with the Recipe Option ...3.............................................3..... 139 Migration of the Application Software ...................2 7.........................2 6..................................................... 133 135 Diagnostics of Communication Connections .......2 8........ 79 Display of the audit trail ... 106 Interfacing to SIMATIC WinCC...............................2 6........8................................. 125 Qualification of standard software ...................................................... 96 Batch-based reporting ...... 104 Backing up the operating system and SIMATIC WinCC flexible ...4 6................1 6................ 81 Electronic Signature...2 6. Table of Contents 10 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . It is based on the recommendations of the GAMP Guide for Validation of Automated Systems (GAMP 4). based on a defined life cycle. 1.1 Configuring in a GMP Environment The availability of approved specifications.1 Life Cycle Model A central component of Good Engineering Practice (GEP) is the application of a recognized project methodology. Requirements contained in standards. and guidelines should be observed when creating these specifications. The aim is to deliver a solution that meets the relevant requirements and is also cost-effective. It begins with the planning phase of a project and ends with the start of pharmaceutical production following completion of qualification and validation. The figure below shows the development life-cycle model used in this manual. DS). is a prerequisite for the configuration of computer systems in a GMP environment. recommendations. This chapter deals with the most important of these sets of regulations and various specifications (URS. VP Development Life Cycle of Automated Production Plant / Equipment QPP QP PQ VR Development Life Cycle of Computer System QR URS PQ FS IQ DS FAT Module Development Application Development Module Testing System Build Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Te sti ng / SAT Qu ali fic ati on Traceability Matrix OQ if ec Sp ica tio n 11 . such as the User Requirements Specification and Functional Specification. FS. Appendix M1 "Guideline for Validation Planning". Qualification Plan In contrast to the Validation Plan. it is possible to combine the QP and the QPP. also referred to as VMP or MVP) and VPs valid only for individual plants and systems. The Qualification Plan follows a Validation Plan. GAMP 4].Configuring in a GMP Environment Legend for the life cycle model Abbreviation VP QP QPP URS FS DR FAT SAT IQ OQ PQ QR VR Description Validation Plan Qualification Plan Quality and Project Plan User Requirements Specification Functional Specification Design Specification Factory Acceptance Test Site Acceptance Test Installation Qualification Operational Qualification Performance Qualification Qualification Report Validation Report Validation Plan The Validation Plan (VP) specifies the overall strategy and specifies the parties responsible for the validation of a system in its operational environment [PDA. a Qualification Plan (QP) describes the qualification activities in detail. Due to the similar contents of both documents. 12 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . It defines the tests to be performed and indicates the dependencies. a further distinction can be made between a higher-level master document (Validation Master Plan. In the case of complex plants (for example a production line with multiple processes and automation systems). See also GAMP 4. the FS is created by the system supplier. Appendix D1 "Example Procedure for the Production of a URS". being specified. for example. Due to their similar structures and contents. Functional Specification (FS) As a rule. The approved FS serves as the basis for creating detailed specifications. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 13 . The following issues also have to be addressed during the function and design specification phases: • • • • Software structure Programming standards Naming conventions File naming convention User Requirements Specification (URS) The URS describes the requirements the system has to meet from the user point of view. usually by the supplier. the URS is created by the user and describes the requirements which the system has to meet. occasionally in collaboration with the end user. a combination of the QPP and QP is possible. See also GAMP 4. Specification The specification phase starts with the creation of the User Requirements Specification (URS). The functional and design specifications both form the basis for later qualification and validation tests. It is the basis of all other specifications. with document and change control procedures. a Functional Specification (FS) is created. Appendix M6 "Guideline for Quality and Project Planning". based on the URS. It describes in detail the functions of the system. The FS specifies the requirements defined in the URS more precisely at the functional level. As a rule. See also GAMP 4. The subsequent Design Specification (DS) contains detailed requirements related to building the system. The QPP defines the life cycle and integrates not only project phases relevant for validation. but also other organizational relationships (for example different time schedules from the various sections). The URS is not system-specific and is generally created by the system user possibly with the support of the system supplier. Appendix D2 "Example Procedure for the Production of an FS".Configuring in a GMP Environment Quality and Project Plan The Quality and Project Plan (QPP) defines the scope of and procedures relating to project and quality management. Once the URS has been created. See also GAMP 4. parameter list. P&I diagrams. Depending on the project. the hardware to be used. The aim of the FAT is for the customer to accept the system for delivery in its tested state. SAT The Site Acceptance Test (SAT) demonstrates that a computer system works within its target operating environment with interfaces to the instrumentation and plant sections according to the specification. for example). See also GAMP 4. Appendix M8 "Guideline for Project Change Control" and Appendix M10 "Guideline for Document Management". the SAT can be combined with commissioning. tag lists etc. naming conventions. etc. See also GAMP 4. Along with the procedures defined in the QPP and additional guidelines (coding standards.Configuring in a GMP Environment Design Specification (DS) The DS is normally created by the system supplier. FAT Once the system build phase is complete. a Factory Acceptance Test (FAT) is often carried out on the supplier premises and documented. I/O list. 14 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . change management also plays an important role and is intended to allow changes to and deviations from the original specifications to be tracked. It is based on the FS and supplements it with detailed descriptions of. System Build The system is implemented in accordance with the Design Specification during the system build phase. such as • • • • Hardware Design Specification (HDS) including a description of the system configuration Software Module Design Specification (SMDS) for typicals Software Design Specification (SDS) Other documents/elements such as a process tag list. Appendix D3 "Example Procedure for the Production of a Hardware Design Specification" and Appendix D4 "Example Procedure for the Production of Software Design Specifications and Software Module Design Specifications". the IQ and/or OQ. and data backups. This allows any programming errors to be identified and remedied prior to delivery. for example. These parts of the specification may also be spread over several documents. Qualification Report The Qualification Report (QR) summarizes the results of the tests performed. This involves installing the system at the system user premises along with the created application software. Validation Report The validation report (VR) sums up the results of the individual validation steps and confirms the validated status of the system. testing.Configuring in a GMP Environment Test phase / Qualification The FAT is followed by technical commissioning (commissioning phase). The creation of both the Validation Plan and the Validation Report is the responsibility of the customer. In this case. followed by technical commissioning. based on the Qualification Plan. tests and acceptance criteria must be clearly described. the documented FAT / SAT tests become part of the qualification documentation. and qualification. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 15 . The test planning should therefore be created in good time so that it is possible to check whether or not tests undertaken beforehand during FAT or SAT need to be repeated during qualification. To save time and money. The commissioning and qualification phases can follow on from one another or can be combined. When test documents are created. it is recommended that commissioning and qualification activities are coordinated. and confirms that the qualification phases have been completed successfully. but also to the recommendations and guidelines of various organizations.Configuring in a GMP Environment 1. such as the Code of Federal Regulations Title 21 (21 CFR) of the US Food and Drug Administration (FDA) or the EU GMP Guide Annex 11. Guidelines and Recommendations When configuring computer systems in an environment in which validation is mandatory. 16 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . attention should be paid not only to the applicable laws and regulations. or holding of drugs. These are usually based on general guidelines and regulations. packing. electronic signatures Current good manufacturing practice in manufacturing.2 Regulations. regulation Manufacturers and importers of pharmaceutical products for the US market 21 CFR Part 211 US FDA Annex 11 of the EU GMP Guide European Commission Directorate General III European Commission Directorate General III ISPE Guideline Europe Annex 18 of the EU GMP Guide Good Manufacturing Practice for Active Pharmaceutical Ingredients Guideline Europe GAMP 4 GAMP ® 4 Guide for Guide Validation of Automated Systems Validation of Process Control Systems Operation and Maintenance of Validated Systems Worldwide GAMP Good Practice Guide NAMUR NE 71 ISPE NAMUR Recommendat Worldwide ion Recommendat Europe ion Note This manual is based on the requirements of GAMP 4 and US 21 CFR Part 11. processing. general Current good manufacturing practice for finished pharmaceuticals Computerised Systems Regulation / recommenda tion Where applicable Law. Regulation / guideline 21 CFR Part 11 21 CFR Part 210 Author / Title organization US FDA US FDA Electronic records. This Part deals with electronic records and electronic signatures. for example. The GAMP 4 version was published in December 2001. GAMP Good Practice Guide . FDA 21 CFR Part 11 is of particular significance for computer systems (and is known as Part 11). NAMUR Recommendations NAMUR recommendations are field reports compiled by the "User Association of Process Control Technology in Chemical and Pharmaceutical Industries" for their members to use on an optional basis. such as Parts 11. includes recommendations relating to the validation of process control systems. Annex 18 of the EU GMP Guide Annex 18 of the EU GMP Guide deals with good manufacturing practice (GMP) for active pharmaceutical ingredients. An interpretation of Annex 11 can be found in the GAMP 4 Guide for Validation of Automated Systems in the form of an APV (International Association for Pharmaceutical Technology) guideline. and change control of computer systems in the GMP environment. GAMP -Guide for Validation of Automated Systems The GAMP (Good Automated Manufacturing Practice) Guide for Validation of Automated Systems was compiled to be used as a recommendation for suppliers and a guide for the users of automated systems in the pharmaceutical manufacturing industry.Validation of Process Control Systems The GAMP Good Practice Guide supplements the GAMP Guide and covers specific topics in greater detail.Configuring in a GMP Environment Code of Federal Regulations Title 21 (21 CFR). Food and Drugs Code of Federal Regulations Title 21 is made up of different parts. They should not be viewed as standards or guidelines. operation. It is designed to be used as a GMP guide when manufacturing active pharmaceutical ingredients in the context of a suitable quality management system. The NAMUR recommendations below are of particular interest for the configuration and use of computer systems in a GMP environment: • NE 71 "Operation and Maintenance of Validated Systems" Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 17 . 210. The "Good Practice Guide". and 211. Section 5 of Annex 18 deals with process equipment and its use. Annex 11 of the EU GMP Guide Annex 11 of the EU GMP Guide contains 19 points which describe the configuration requirements. Before any changes are carried out they must be described. Since this definition is usually specific for customers and projects and requires a contractual agreement. 18 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . and associated steps (for example. document approval and the transitions between life cycle stages are defined prior to commencement of the project. see also GAMP 4 Appendix M6. This is usually carried out in conjunction with the definition of responsibilities contained in the quality and project plan.4 Approval and Change Procedure When new systems requiring validation are set up or when existing systems requiring validation are changed. Once final approval has been received. validated system are regulated as per the company's change control procedures. If extensive changes are necessary. updating as-built documentation) must be defined.Configuring in a GMP Environment 1.3 Responsibilities Responsibilities for the activities included in the individual life cycle phases must be defined when configuring computer systems in a GMP environment and creating relevant specifications. performing tests. potential consequences must be identified. 1. the top priority is to achieve or retain validated status.1 "Life Cycle Model" is used. Changing validated systems Changes to an existing. as are the defined steps. we recommend that the definition is integrated into the quality and project plan. a life cycle similar to the one described in this manual may be used. Setting up new systems If a new system is set up. A life cycle like the one described in Section 1. the planned change is carried out. standard hardware includes established.2 Requirements of Computer Systems in a GMP Environment This section lists the essential requirements relating to the use of computer systems in a GMP environment. These requirements must be defined in the specification and implemented during configuration. Category 2. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 19 . The hardware categories are listed below: Category 1. customized hardware The structure and functionality of such hardware must be specified and then tested in detail in suitable. commercially-available hardware components. This type of hardware is also subject to the relevant quality and testing mechanisms.1 Hardware Categorization According to GAMP 4 Appendix M4. In general. The requirements of this task are implemented in various functions and described in the following chapters. proof of who has changed or performed what and when they have done it must always be recorded (the "why" is optional). documented tests. The hardware is accepted and documented by means of an IQ test. standard hardware Category 1. 2. hardware components are divided into two hardware categories. Time and effort spent on testing can be reduced by using as much standardized software as possible. When commercially available software packages are used. handling. and delivery of elements Configuration management comprises the following activities: • • • • Configuration identification (what is to be kept under control) Configuration control (how the control is performed) Configuration status report (how the control is documented) Configuration evaluation (how the check is verified) This section describes configuration identification and configuration control. and correct Check storage.2 Software Categorization According to the GAMP Guide for Validation of Automated Systems. This ranges from commercially available software packages that simply need to be installed or configured to freely programmed software. Configuration management involves using administrative and technical procedures in order to: • • • • • Identify and define basic system components and to specify them in general Control changes to and approvals of elements Record and document element statuses and modifications Ensure elements are complete. When software was developed especially for one customer. Customer requirements (such as access protection. Project-specific configurations of configurable software must be additionally specified and then tested in documented tests. 20 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . a detailed software specification must be created. from initial development right through to decommissioning of the system. functional tests of the software but also structural software tests (code reviews) should be performed. the software components of a system are assigned to various software categories.Requirements of Computer Systems in a GMP Environment 2. 2. consistent. the name and version must be described and checked in a documented test. alarms or calculations) must be specified and also tested in documented tests. The effort involved in testing software in the higher categories is considerably greater than for software in the lower categories.3 Configuration Management GAMP 4 defines configuration management as the activity necessary to precisely define an automated system at any point during its life cycle. These configuration elements should be defined at an early stage of system creation to ensure that a complete list of these elements can be created and maintained. The control mechanisms can be described by means of SOPs and should cover the following: • • • • Software versioning Specifications such as programming guidelines. naming conventions. The amount of detail required when defining elements is determined by the requirements of the system and the supplier who is developing the application.Requirements of Computer Systems in a GMP Environment 2. the configuration elements must be versioned.1 Configuration Identification Version and change management is only practical in an appropriate configuration environment. the parts of a computer system that are subject to configuration management shuold be clearly specified. Applicationspecific elements should have a unique ID (name or identification number).2 Configuration Control The maintenance of configuration elements must be checked at regular intervals.3. Safeguarding of the traceability of changes to program codes Unique identification of software and all components contained within Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 21 . Particular attention must be paid to change control and the associated version control. The version must be updated each time a change is made. Archiving and release of individual configuration items should also be taken into account. Versioning To ensure correct change management. For the application software. for example in reviews. Change Control Suitable control mechanisms must be in place during configuration in order to ensure that changes are documented and transparency achieved.MLFB) and version identifier.3. 2. etc. The system should be divided into configuration elements to this end.Siemens therefore identifies every software and hardware package using a unique product code (machine-readable product code . this should be reflected in the module ID.4. Software creation guidelines can be found in the GAMP Guide as well as the relevant standards and recommendations.2.4 Software Creation Certain guidelines should be followed during software creation. a version.Requirements of Computer Systems in a GMP Environment 2.4. these should be reflected in the corresponding module ID.4. category 5 software validation requires the entire range of functions to be checked and a supplier audit to be performed. priority should be given to standardized function blocks (products. and a short description of the module.2 "Software Categorization". for example by a comment.2 Identifying software modules/typicals During software creation the individual software modules should be assigned a unique name. this must be indicated. If changes are made to software modules. As well as incrementing the version identifier. which are then documented in the quality and project plan (GEP idea). If software modules need to be changed. 2. While the validation of lower category software only calls for the software name and version to be checked. 2. To keep the required level of validation work as low as possible.1 Using typicals for programming As seen in Section 2. see also Section 8. in-house standards. the date of the change and the name of the change initiator should also be included in the software module's ID. project standards) during configuration. the amount of validation effort required increases enormously from one GAMP software category to the next. 2.3 Changing software modules/typicals If changes are made to software modules. and a reference to the corresponding change request/order. 22 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Customer-tailored typicals are created from standard function blocks and tested according to design specifications. This can be ensured by using appropriate measures such as mechanical locks and hardware and software for remote access. ! Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 23 .5 Access Protection and User Administration To ensure that computer systems in a GMP environment are secure. but can also protect systems against unauthorized access. Depending on his or her particular field of activities.a description of the configuration can be found in sections 4.Requirements of Computer Systems in a GMP Environment 2.5.1 Applying access protection to a system In general. Access to user administration should only be given to the system owner or to specified employees. 2. a user can be assigned various rights.4. Access-control systems not only deny or permit users access to certain rooms. Note Please note that only authorized persons must be able to access PCs and the system. Electronically recorded data must also be protected against unauthorized access. The logout time should be agreed and defined with the user and noted in the FS. such systems must be equipped with an access-control system. actions that can be executed on a computer system should be protected. An automatic logout function should be installed on the system. Individual users can be granted access authorization in various ways: • • • A combination of unique user ID and password . Users are put into groups which are in turn used to manage user rights.3 and 4. Chip cards together with a password Biometric systems The system owner or an employee (administrator) nominated by the user controls the assignment and management of access rights to ensure that access is suitably restricted. 2 Requirements of user IDs and passwords User ID: The user ID for a system must be of a minimum length agreed with the customer and be unique for the system. Password structure criteria: • • • • • Minimum password length Use of uppercase letters Use of lowercase letters Use of numerals (0-9) Use of special characters To comply with the Windows guidelines for password complexity.5.3 Smart cards and biometric systems Apart from the traditional methods of identification with a user ID and password. Configurations are described in sections 4. When defining passwords. the password structure is defined on a customer-specific basis. at least three of the criteria listed should be used in the password in addition to the minimum length. Generally. such as fingerprint scanners.Requirements of Computer Systems in a GMP Environment 2. 2. Password: A password should usually be a combination of numeric and alphanumeric characters.3 and 4.5. users can also identify themselves with smart cards along with a password/PIN or with biometric systems.4. 24 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . the minimum number of characters and the expiry period for the password should be defined. Note The regulations contained in 21 CFR Part 11.6. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 25 . Each electronic signature must be assigned uniquely to one person and must not be used by any other person. they must be created so that persons executing signatures must identify themselves using at least two identifying components. The exception to this rule is when the owner executes several electronic signatures during one uninterrupted session. when entering data and intervening manually during runtime. This also applies in all cases where a smart card replaces one of the two identification components. one unique identification component (password) is then adequate identification. Electronic signatures are of practical relevance. For the second and subsequent signatures. When owners of signatures want to use their electronic signatures. they must identify themselves with at least two identification components. for example.6 Electronic Signatures An electronic signature is computer-generated information that acts as a legally binding equivalent of a handwritten signature. persons executing signatures need to identify themselves with both identification components only when applying the first signature. in US FDA 21 CFR Part 11. for example. In this case. Electronic signatures can be biometrically based or the system can be set up without biometric features. 2.1 Conventional electronic signatures If electronic signatures are used that are not based on biometrics. must be satisfied in the manufacture of all pharmaceutical products and medical devices intended for the US market. The identification components must be assigned uniquely and must only be used by the actual owner of the signature. and changing recipes.Requirements of Computer Systems in a GMP Environment 2. for example. published by the FDA. be a user ID and a password. approving process actions and data reports. Regulations concerning the use of electronic signatures are defined. These identification components can. no longer secure or compromised Security measures to prevent unauthorized use of a user ID / password and to report any misuse Training of personnel with documented proof of such training 26 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Nevertheless.Requirements of Computer Systems in a GMP Environment 2.6. Note The use of biometric systems is currently considered a secure identification method.6. 2.3 Security measures for user IDs / password The following points should be observed to safeguard the security of electronic signatures when user IDs and passwords are used: • • • • • Uniqueness of the user ID and password Controlled issue of user IDs Cancellation of rights if a user ID or password is lost.2 Electronic signatures based on biometrics An electronic signature based on biometrics must be created in such a way that it can only be used by one person. the expense involved and the reaction times of retina scans). one identification component is adequate. If the person making the signature does so using biometric methods. Possible biometric recognition systems include systems for scanning a fingerprint or the iris of the eye. no fingerprint scans with gloves. there are reservations about the use of biometric identification characteristics in the pharmaceutical industry (for example poor face recognition due to protective clothing covering the face. the audit trail must document all the changes or actions made along with the date and time. mirrored hard disks based on RAID 1). to be able to assign an unequivocal time stamp for archiving messages.7 Audit Trail The audit trail is a system control mechanism that ensures that data entries or modifications can be traced. UTC (Universal Time Coordinated. defined in ISO 8601) is recommended as the time base for saving data.8 Time Synchronization A uniform time reference (including a time zone reference) must be guaranteed within a system. alarms etc.Requirements of Computer Systems in a GMP Environment 2. The audit trail records themselves must be archived for a defined period according to the stipulations of the specification documents. The systems used must ensure adequate data security (for example redundant systems. Typical contents of an audit trail must be recorded and describe the procedures "who changed what and when" (old value/new value). 2. There must be adequate hard disk space to allow the entire Audit Trail to be stored until the next transfer to an external data medium. standby systems. A secure audit trail is particularly important when GMP-relevant electronic records are created. Time synchronization is especially important for archiving data and analyzing problems in a system. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 27 . modified or deleted. In this case. If logged data is migrated or converted. based on legal and commercial requirements An archiving procedure that ensures that data covering the entire storage period can be read back and that allows simple migration of data formats Process values (often in the form of trends). The memory space on a system's data carriers is restricted. audit trails. Part 3. Part 3. etc. PDA 2004. This decision must be founded on a sound and documented risk assessment. Data can be swapped out to external data carriers at regular intervals in order to free up space on these system data carriers. which data will be involved. warnings. the integrity of that data must be safeguarded throughout the entire conversion process.9 Archiving Data Electronic archiving refers to the permanent safekeeping of a computer system electronic data and records in long-term storage.Requirements of Computer Systems in a GMP Environment 2. PDA 2004. messages (alarms. ISPE/PDA 2001. 21 CFR Part 210. other data can be logged for SIMATIC systems. 21 CFR Part 211. Based on predicate rules (EC GMP Guide. which also takes the relevance of the electronic data over the time period it is to be archived into account. 3 1 "Good Practice and Compliance for Electronic Records and Signatures.). etc. Models for Systems Implementation and Evolution". 1 The customer is responsible for defining procedures and controls relating to the safekeeping of electronic data. "Good Practice and Compliance for Electronic Records and Signatures. 2 3 28 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Good Electronic Records Management". in particular. where necessary. The customer should define the following requirements 2: • • • Whether any archiving is even required for the application in question (backup/restore functionality could deviate from the archive functionality) Required archiving duration for the relevant data. Part 1. "Good Practice and Compliance for Electronic Records and Signatures.). the customer must decide how electronic data will be stored and. Models for Systems Implementation and Evolution". and. for example) The batch number and / or the analytical control number and the actual quantities of all constituent materials All relevant processing steps. It records all measurement and control procedures relevant to the process as actual values. including details of any deviation from the manufacturing formula and processing instructions and the signature of the person who authorized the deviation • • • • • Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 29 . It is always based on the relevant parts of the valid manufacturing formula and processing instructions. Correctly created batch documentation is often the only documentary evidence that pharmaceutical manufacturers can provide in the context of product liability. for example analysis) • The manufacturing log (or packaging log) has a central significance here as defined below: • • • • The manufacturing log is always both product-related and batch-related.Requirements of Computer Systems in a GMP Environment 2. It compares these with the specified set point values 2.1 Components of batch documentation The components of batch documentation are as follows: • • Manufacturing formula / processing instructions and manufacturing log Packaging instructions and packaging log (from a pharmaceutical point of view. batch documentation takes on a special significance.2 Components of the manufacturing log Mandatory parts of the manufacturing log include: • • • • Name of the product and number of the produced batch Date and time of commencement. including initials of the person performing them and the results obtained The yields of the relevant interim stages Information on special problems. 2. the person checking the operations (double-check when weighing materials. where applicable. any unusual events and the major equipment used Records of in-process controls. the packaging of the finished medicinal product is part of the manufacturing process) Test instructions and test log (relating to quality checks.10 Reporting Batch Data When producing pharmaceuticals and medical equipment.10.10. significant interim stages and completion of production Name of the person responsible for each stage of production Initials of the operator involved in all significant production steps and. Electronic Signatures): • • The initials and signatures required by the regulations must be implemented as electronic signatures. The entire manufacturing log is created electronically. Since all the requirements listed above need to be completed fully in the case of an electronic manufacturing log and data of several systems (for example.4 Requirements of electronic records When electronic records are used as part of the batch documentation or even as the manufacturing log itself.10. its structure and contents must match the structure and contents of the manufacturing formula / processing instructions. "significant" interim stages and "major" equipment must be defined in advance by the person responsible from a pharmaceutical perspective. Section 4. there are two ways of using electronic records in the documentation of pharmaceutical production: 1.Requirements of Computer Systems in a GMP Environment 2. this definition is often process-specific. 21 CFR Part 11 Electronic Records. As an alternative. Suitable measures must be taken for long-term archiving of the electronic data to be retained and to remain available.3 The uses of electronic batch data Since the term "electronic batch record" (acronym: EBR) is not clearly defined in this context. If an electronic manufacturing log is used. "Relevant" production steps / processes.9. the following additional requirements apply (see also EU GMP Guide. operator comments) often need to be integrated. the manufacturing instructions and log can also be combined in one document • • • • • 30 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Changes to data or deletions must be recorded (Audit Trail).10. The system must be validated. Only authorized persons should be able to enter or change data (access protection). laboratory data. case 1 is often found. The electronic records form part of the batch documentation or 2. 2. During the course of the project the software version should be backed up and documented at defined milestones. of course. partition images) and logged data backups. it is sufficient to only back up the modified part of the application software. 5 Data backups are created on external data carriers. prior to delivery of the system). Here. they should be created after the installation.1 Backup of application software Software backups have to be created following every software change on a system. If parts of the software are modified. If software backups need to be created when changes are made to the software of an existing system or during the installation of a new system. Part 1. ISPE/PDA 2001. however. Complete software backups still have to be created at regular intervals. "Electronic Records and Electronic Signatures Compliance Assessment". 4 "Good Practice and Compliance for Electronic Records and Signatures. data backups are used to create backup copies that allow the system to be restored if the original data or entire system is lost. a distinction is made between software backups (for example application software. and. PDA 2001. The data carrier used should comply with the recommendations of the device manufacturer. Backup procedures must be tested to ensure that data is saved correctly. Backup records should be labeled clearly and intelligibly and dated. particular attention is paid to the storage of data backup media (storage of the copy and original in different locations. prior to the tests involved in the Operational Qualification (OQ). protection from magnetic fields. 5 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 31 .Requirements of Computer Systems in a GMP Environment 2. Good Electronic Records Management". They must document the last valid software version of a system.11. Chris Reid & Barbara Mullendore. such as at the end of the FAT (in other words. Software versions should also be retained in the form of software backups at regular intervals during the creation of new software versions. and elementary damage). once the Installation Qualification (IQ) has been completed. 2.11 Data Backup In contrast to the archiving of electronic data. Software backups of the application software and configuration parameters must be created. when the system is handed over to the user. 4 The backup procedure must include the periodic backup of volatile information to avoid total loss of data due to defective system components or inadvertent deletion of data. When backing up electronic data. The shelf life of the storage medium should be defined (based on manufacturer documentation. e. for example in a fire compartment separate from the system.g. 32 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . A suitable backup strategy must be defined. they should be stored at a different location from the system. To ensure that these are kept safely. based on the frequency with which changes are made to the software. before this period expires.Requirements of Computer Systems in a GMP Environment Labeling software backups According to GAMP 4. software backups should be documented both on the label of the backup medium itself and in a separate report containing the following information: • • • • • • • • • • Creation date System name Software name Software or version name Serial number of backup Reason for the software backup Date of first use Date of backup Date and signature of the person performing the backup Identity of the operator Retaining software backups At least the two most recent software backups should be retained.) and the software backup must be appropriately migrated. for eaxmple by copying it to a new storage medium. Requirements of Computer Systems in a GMP Environment 2. or alarms.1. 2. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 33 . Labeling process data backups According to GAMP 4. such as trends. suitable measures must be taken to ensure data integrity. is not normally stored in "overlapping" versions. should be backed up on external data storage devices at regular intervals.11. in contrast to software.2 Backup of process data The data stored in computer systems. Following system updates. care must be taken that the data transferred to archive prior to the update remains compatible. if available Creation date Date of first usage Consecutive number Date of the data backup Reason for the data backup Identity of the operator Retaining process data backups The same guidelines apply as in the description of backup copies in section 2.12 Retrieving Archived Data Backed up data must be retrievable at all times. measured values. This will minimize the risk of data being lost should a fault occur. data backups should be documented either on the label of the backup or in a separate report containing the following information: • • • • • • • • • System designations Software / data designation Version and/or software/firmware build number. Because process data.11. Note Appendix M2 of GAMP 4 contains detailed instructions on auditing a product supplier. It must be confirmed that such hardware components are compatible.Requirements of Computer Systems in a GMP Environment 2. 34 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . a supplier audit should be performed to check suppliers and their quality management system.13 Use of Third-Party Components If third-party components (hardware and software) specifically tailored to individual customers are used. service provider or solution provider. Compatibility must also be confirmed when standard hardware and software components provided by other manufacturers are used. This also includes the selection of products. the system to be set up and its functionality are defined in as much detail as is required for building the system. In the following schematic. product versions/options. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Te st /Q ua lifi ca ti on Sp o ati ific ec n 35 . the label on the left shows the phase of the specification. and system configurations.3 System Specification During the specification phase for a computer system. System Specification 3. Externally the panels differ in their dimensions and control methods (membrane keyboards. The panels are robust and designed for use directly at the machine. The current panels beginning with the 277 series have an on-board Ethernet port. Another selection criterion is the number of alarms that can be configured with the standard alarm function. The capability for data communication with other applications or other HMI systems is provided by the OPC Server option. however. This limits the selection to the panels beginning with the 270 series. Depending on their configuration.1 Specification of Visualization Hardware Selecting hardware components Siemens offers a range of HMI devices (panels) for machine-level operator monitoring and control of individual machine and even plant units. therefore. Panel PCs are offered in a variety of expansion stages (SIMATIC Panel PC. is the performance. The number is documented in the device manual of the respective panel. SIMOTION Panel PC). A panel PC or a standard PC can be also used as an alternative to a panel. which requires operator interventions to be documented in an audit trail.1. panel PCs have the operating systems Windows XP embedded. work memory and interfaces. To meet the demands for automation projects in a GMP environment. The panels can be supplied with stainless steel frames to comply with the cleaning requirements for sectors such as the food and beverage or pharmaceutical industries. This option is available for the MP 277 panels and higher. 36 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . relate to devices of these classes. The statements made in this manual. touch screen). They differ in features such as their processor configuration. The decisive criterion for selection. S/SQ/D/DQ. Panels are equipped with the Windows CE operating system that is adapted to the performance of the specific panel. only panels that support functions for data archiving can be used. Mobile Panels allow direct operator control of the plant / machine from different locations. Windows 2000 Professional (MUI) or Windows XP Professional (MUI) installed. SINUMERIK Panel PC. An Ethernet connection is required to save the recorded data to a network drive.1 3. in other words. This specification is used later as a test basis for the IQ and OQ. Appendix D3. • • • Hardware overview diagram PC components and/or operator panels Network structure and IT infrastructure (for example domain server) Other hardware specifications are also relevant to the visualization system. you should nevertheless always assign different addresses to the automation stations to prevent incorrect addressing.siemens. for example those of the automation system with CPUs. Note Technical details about the panels and the panel PCs are listed in the current SIMATIC HMI ST80 catalog or can be viewed using the link https://mall.System Specification Note Although it is technically possible to access several automation stations with the same address with the Mobile Panel 277 by changing the connections. Note The information in the hardware overview plan and the naming of the hardware components must be unique.automation. The HDS should. the name of each hardware component may only occur once in the automation system. 3. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 37 .2 Hardware specification The Hardware Design Specification (acronym: HDS) describes the hardware architecture and configuration. I/O cards. for example define the points listed below. The HDS can be formulated as part of the Functional Specification or in a separate document.com and HMI Selection Help under Product Configurators. ! Note Recommendations relating to the required content can be found in GAMP 4. field devices etc.1. OQ). To connect panels to the central user administration with SIMATIC Logon.1.2. see also Section 6. Measures to increase data and information security include. users and access rights can be set up for each panel in the WinCC flexible Engineering System. For notes on virus scanners. It includes a description of the application software. central user administration on one computer is preferable.1 Access protection and user administration Single workstation solution A local user administration with user groups. information can be checked either against the Windows user management of the local computer or another computer in the network. etc. Logon remote access licenses are evaluated collectively.2 System and Network Security To allow the latest options to be implemented. IQ. 3. This requirement is met by the SIMATIC Logon software. the security of data and information plays an important part when planning and setting up networked systems. such as password structure and aging. version number. to meet customer requirements for networked systems and to ensure maximum data protection. as well as a definition of the standard software components used in the system. Integrated solution (distributed systems) In distributed systems with multiple workstations. This description serves as a reference when performing subsequent tests (FAT. which are specified by means of their designation.3. for example: • • • User and access rights concept for visualization.1 "Selecting hardware components".System Specification 3. refer to Section 3. The location of the check can be configured. SAT.3. Security concepts relating to network security and restricted access to network drives. several Logon remote access license packages can be installed to allow the required number of panels to be checked with SIMATIC Logon.3 Specification of Basic Software The Software Design Specification (SDS) describes the architecture and configuration of the software. The SIMATIC WinCC flexible system software can be used as the engineering and runtime software for all HMI devices and panel PCs listed in Section 3. in other words.7. The WinCC flexible Engineering System also provides configuration options for password security.6. additional Logon remote access licenses are required to cover the number of panels involved. SIMATIC Logon is installed on one computer with the Windows XP Professional or 2003 Server operating system. 38 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . for example in a domain. SIMATIC Logon checks that the user ID and password belong together (authentication) based on the user administration of the Windows operating system. 3. 3 Runtime software The basic software for runtime operation is not required for panels because it is already available on them. A rollback is possible at any time. The number of configurable recipes and data records depends on the performance level of the employed panel. 3. Versioning and change control The licensed ChangeControl option expands the range of functions of the engineering software by adding versioning and recording of the history of changes in the project configuration. The WinCC flexible /Recipes option requires a license in combination with the WinCC flexible RT software (for panel PCs.2 Engineering The WinCC flexible engineering software is offered matched to the hardware in various versions reflecting performance levels.System Specification 3. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 39 . Recipe management The recipe management function is integrated in WinCC flexible. Audit trail The licensed WinCC flexible /Audit option is tailored to the requirements of FDA 21 CFR Part 11. Creating a major version (trunk) and minor version (branch) provides a clear overview of the organization of the individual configuration states for WinCC flexible projects. Note The versioning is performed when the Version Trail option is integrated for operation.3. for example). The SIMATIC WinCC flexible Standard engineering software can be used for panels of the 270 / 370 series and the SIMATIC WinCC flexible Advanced engineering software can be used for panels of the 270 / 370 series and for panel PCs or standard PCs. Another feature is the assignment of electronic signatures that can be configured for important operator interventions. made in an accepted reference state for example. Panel PCs and standard PCs require the installation of the licensed SIMATIC WinCC flexible Runtime (RT) software package. which is available with varying a number of Power Tags (external tags). operator interventions in the ongoing process can be recorded in an audit trail in WinCC flexible along with a time stamp and comment. A recipe can be created from several data records. are recorded without gaps and can be traced in the change history.3. Changes in the configuration. Refer to the SIMATIC STEP 7 GMP Engineering manual for more information. Using this option. The WinCC flexible /Archives option requires a license in combination with the WinCC flexible RT software (for panel PCs. multipanels are configured as OPC-XML servers and WinCC flexible RT is configured as an OPC DA server (DCOM). With this option.4 Interfacing to higher-level IT systems The licensed WinCC flexible /OPC Server option is used for data communication with other systems based on OPC (OLE for process control).System Specification Data archiving The data archiving management functionality is integrated in WinCC flexible. for example for process visualization or logging. On a panel. Tags. This option makes recorded data available for OPC clients. 3. for example). individual alarms can be logged line-by-line and alarm logs. the logged data can be stored either on a memory card or on a network drive when available. 40 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Reporting With WinCC flexible. alarm logs and audit trails can be archived.3. The number of logs and entries depends on the performance level of the employed panel. The size of the log depends on the available storage capacity. recipe data and current process values can be output as reports. another essential task of the Software Design Specification (SDS) is to specify the application software. SAT.htm 3. DS).khe. trends. This is then used as a basis for subsequent testing of the application software (FAT. provided that these have not already been adequately defined in the FS.htmhttps://pcs. alarms. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 41 . Appendix D4. etc. P&I.System Specification 3.5 Application Software Specifications As well as defining the standard software components used. The status of these documents (version.com/hmi/html_76/products/software/wincc_addon s/index. parameter list. Module specification. Note To implement functions that are outside the standard range of WinCC flexible. possibly in a separate document. DS) or can exist as a separate document. the Premium add-ons in the current catalog should be given preference.siemens. IQ. The SDS includes the following. Note Additional information relating to the required content is available in GAMP 4.com/index_pcs_7_add_ons-6811. such as a process tag list. The addresses of the relevant contacts for these add-ons are listed in the catalog.1 SIMATIC Additional Software WinCC Premium add-ons The catalog for Premium add-ons for WinCC and WinCC flexible contains additional solutions for certain areas of application.siemens. I/O list. http://www.4.automation. separate documents. Part of this specification usually takes the form of other. for example: • • • • Plant hierarchy Software structure Archiving.4 3. etc. release) must be unequivocal as with the other specification documents (URS. The SDS can be integrated in other specification documents (FS. OQ). FS. automation.6. Such stipulations should be laid down in an SOP.com/). the following settings should be observed: • • • The real-time search is one of the most important functions.6. e. modify. the Image & Partition Creator can also be used to create. during maintenance cycles. A manual search should not be executed in process mode. If virus scanners are used. Backed-up contents of hard disks can also be copied back to devices with an identical configuration. as it significantly limits system performance in process mode.2 Antivirus tools The use of virus scanners on panel PCs and standard PCs in process mode with WinCC flexible is permitted.siemens. 3.1 Utilities and Drivers Printers / printer drivers A list of printers recommended for the panels is available on the Internet. For more information about selecting and configuring virus scanners and updating them. It can be performed at regular intervals. Note The created images are used to restore the installed system.3 Image & Partition Creator The optional "SIMATIC PC/PG Image & Partition Creator" software allows users to make data backups of hard disk content of panel PCs or standard PCs. Points to note about connecting up the printers are also included in this list. 3. This list can be viewed under the entry ID 11376409 (http://support. refer to the WinCC flexible readme files. 42 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The time-controlled search must be deactivated.g. The link is included in the WinCC flexible Information System under Performance features > Recommended printers. It is sufficient. however.System Specification 3. to only check incoming data traffic. Backing up system and application software means that the system can be restored quickly.6 3.6. This simplifies replacement of computers or expansion of systems. Apart from creating hard disk images. and delete hard disk partitions. but not to back up online data. 4. Windows 2000 Professional MUI (multi-language) or Windows XP Professional MUI operating system. For detailed information about installation. The installation is performed on a SIMATIC programming device / PC or on a standard PC. WinCC flexible provides images for upgrading the firmware.4 4. For more information. the WinCC flexible Advanced Engineering System is suitable for panel PCs / standard PCs.1 System Installation Installing the Operating System The SIMATIC panels and SIMATIC panel PCs differ in regard to the software installation for HMI devices. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 43 . however. Select the user-defined installation to integrate WinCC flexible in the STEP 7 system. Each component requires a license. The engineering system is offered in a variety of expansion stages. STEP 7 integration is only offered if you have already installed STEP 7 on the system. Note If the installed MS Windows CE version of the SIMATIC panel does not correspond to the version required by the WinCC flexible system software. refer to the WinCC flexible Information System > Getting Started > Installation Instructions > Installation > Installing WinCC flexible. Minimal or User-defined as the setup type. The Standard installation installs all WinCC flexible components. The WinCC flexible Standard or Advanced Engineering System is suitable for panels of the 270 series and higher. integrated in a panel and does not require a license.2. The runtime software is.2 4. SIMATIC panels SIMATIC panels are preinstalled with the MS Windows CE operating system.1 Installing the System Software Installing SIMATIC WinCC flexible The WinCC flexible system software is integrated in the engineering system and runtime components. refer to the WinCC flexible Information System > Transfer of Operating Systems. You can also choose from a variety of optional user interface languages. SIMATIC panel PCs SIMATIC panel PCs are supplied with a preinstalled Windows XP embedded. You can select Standard. License key for WinCC flexible option / ChangeControl Logs Recipes Audit OPC server Panel . The project created with the engineering software is compiled and transferred to the panel./. No No Yes Yes WinCC flexible RT . 44 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 ./. With panel PCs and standard PCs. Refer to the latest HMI catalog ST80 for details. a printer can be connected to a USB port or a PROFINET port. 4. No additional runtime software is required for the panel. This means that the printer must be integrated in the network via a DNS server or print server.System Installation You can also integrate WinCC flexible in STEP 7 at a later point in time. Yes Yes Yes Yes WinCC flexible ES Yes . it is advisable to use the standard printer drivers integrated in the operating system because these drivers have been tested (including continuous duty tests). The following table provides an overview of the licenses for WinCC flexible options. 4. .2./. a network printer must be addressable with a printer name. .2 Installing the SIMATIC WinCC flexible options The options available for expanding the functions of WinCC flexible are already contained in the WinCC flexible engineering software and can be configured or activated as required. The procedure is described in the WinCC flexible Information System. With Windows CE based HMI devices. Panel PCs or standard PCs used as HMI stations require the installation of the WinCC flexible RT software and a license key to run a configured WinCC flexible project.2./. License keys for panels are transferred to the panel via the Engineering System. Note When using Windows CE based HMI devices././. it is not possible to address a network printer using the IP address. The licenses differ as to whether an option is used on a panel or in WinCC flexible RT. .3 Installing utilities and drivers Depending on the panel type. The project can then be started for runtime operation. Access to the operator command level on panels or panel PCs can either be controlled by a local or central user administration. The Runtime security settings provide configuration options including password security and duration of validity. Apart from the SIMATIC Logon license.2 Centralized user administration The SIMATIC Logon software allows for setup of a centralized user administration. SIMATIC Logon must also be installed and licensed on these devices. buttons etc. they automatically have all the operator rights of the assigned user group. When a user logs on at a panel.3 Setting up User Administration An automated system is safeguarded against unauthorized access by activating access protection that restricts access at the operator command level and configuration level. If panel PCs with the Windows XP/2000 operating systems are used as the HMI devices.5 "Access Protection and User Administration").1 Local User Administration For local user administration. SIMATIC Logon checks that the user ID and password belong together and match the user administration of the selected computer. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 45 .System Installation 4.) must be set up according to the specifications in the URS and the FS. user groups and users should be made at the beginning of configuration. With both user administration variants. user groups are created and specific operator rights assigned to the individual groups. The settings for password security are made in the local security policies of this Windows operating system. When SIMATIC Logon is configured. The user groups are created with the same names in the local user administration and are assigned the appropriate operator rights there. Access protection is an essential requirement in the pharmaceuticals sector (see "21 CFR Part 11" and "Annex 11 of the EC GMP Guide" in Section 2. All the required user groups and users are created in the Windows operating system on this computer. 4. a Logon remote access license is necessary for each of the panel workstations. The difference between local and central user administration is in the administration of the individual users. as well as to backup copies and logs. one computer in the network is selected as the central logon computer (for example a domain). SIMATIC Logon is installed on one computer in the network. this data is transferred to the panel with the project. Note The definitions of the authorizations. input boxes. not only the user groups with assigned operator rights are created in the WinCC flexible Engineering System but also all required users.3.3. When users log on. All the permissions for working with the visualization user interface (faceplates. 4. System Installation Note When using centralized user administration. 4. application-specific control authorizations and assigned to existing user groups. 46 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The operator control of the process during operation can be defined as individual.3. it is advisable to set up local users to allow emergency operation. See below for more detailed information.3 Setting up user groups in WinCC flexible User groups are set up in the Runtime user administration > Groups editor. Note Point to note when using centralized user administration: Remember that the user groups created in WinCC flexible have the same names as the user groups in the Windows operating system of the computer configured as the logon computer in SIMATIC Logon (for example domain).System Installation This configuration takes place for both a local and a centralized user administration.3. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 47 . the users authorized for process control are created under Runtime user administration > Users and assigned to a user group.4 Setting up users in WinCC flexible Users in local user administration In local user administration. 4. The authorization for process control is regulated by the authorizations assigned to the group. 48 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Both successful and failed logons are recorded in the audit trail.System Installation Users in centralized user administration: With centralized user administration. Note In WinCC flexible. The user therefore has the operator control rights that have been enabled for this user group in WinCC flexible. Each user created must be removed from the users group in the Windows “user management”. The users user group is created as default in both WinCC flexible and the Windows user administration. These are required if the Ethernet connection to the logon computer is interrupted at the time of logon. Note A user logged on centrally can control the process even when the Ethernet connection is interrupted. When a user logs on at the panel. The settings in the WinCC flexible Runtime security settings only apply to the emergency user. when necessary also with electronic signature. the user is created temporarily on the panel and assigned to the user group in WinCC flexible with the same name as in the Windows operating system. SIMATIC Logon checks the logon via Ethernet connection. If the logon is successful. Individual attempted logons are also logged in the SIMATIC Logon Eventlog Viewer. a user can only be assigned to one user group. SIMATIC Logon checks that the user ID and password match via Ethernet connection. the users are created in the Windows user administration of the logon computer and assigned to the appropriate user group. Only emergency users are created directly in the WinCC flexible user administration. security measures can be defined for password aging and password security.5 Security settings with local user administration The security settings for password security for local user administration are configured in the WinCC flexible Engineering System in the Runtime user administration > Runtime security settings editor. the emergency users can log on using the local user administration. FS or DS). The settings are made according to the stipulations in the specification (URS. 4. emergency users should only be created in the local user administration.3. Available functions: Functions for password aging: • • • Number of days the password will remain valid Password generation (how many times a password can be repeated) Days for warning of the expiration of the password Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 49 .System Installation The schematic shows an example of user administration on a panel with centralized user administration. This ensures that these users are available only in an emergency situation. The user Paul Smith is created temporarily on the panel and is assigned to the Tablettier_Operator user group. Note To distinguish between a central logon and an emergency logon. For locally created users. If the Ethernet connection is interrupted. To prevent passwords and user settings on the local HMI device from being overwritten when new settings are transferred. deselect the Overwrite password list check box. Note Changes to the user administration are performed offline in the engineering system and are therefore not automatically updated. To administer the local users and to change passwords. the User view object is integrated in a process picture. refer to the WinCC flexible Information System under Working with WinCC flexible > User administration > Elements and basic settings > Runtime security settings.System Installation Functions for password security: • • • At least one special character At least one number Password length For detailed information. Changes made while the process is running take effect immediately. 50 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . System Installation 4. Password changes are recorded both in the audit trail and in the SIMATIC Logon Eventlog Viewer. Note The User view object that can be integrated in a process screen shows the user logged on centrally via SIMATIC Logon during runtime.3. Here. the port number 16389 (default) and the name of a domain or workgroup must be specified.6 Security settings with centralized user administration The participation in centralized user administration with SIMATIC Logon is also enabled in the Runtime user administration > Runtime security settings editor by selecting the Enable SIMATIC Logon check box. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 51 . The server name or IP address (if this is specified in absolute form). Changes made while the process is running take effect immediately. For more detailed information. Encrypted transfer is possible. Changing the password on the logon computer is organized by SIMATIC Logon. The new password is checked to make sure that it meets the set Windows security policy on the logon computer. users can change their passwords. refer to the WinCC flexible Information System under Working with WinCC flexible > User administration > Working with the user administration > Managing users on the server > Central user administration using SIMATIC Logon. they are made available to the other computers in the system. the computer acting as server of the workgroup must be specified. 52 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . a panel PC with WinCC flexible Runtime can. the choice is often a separate computer that is used only for user administration. for example. domains can be set up with several domain servers.4 4. be considered if the operating system requirements for SIMATIC Logon are met. Windows workgroup If a computer is a member of a Windows workgroup.4. To increase availability.1 Access Protection with SIMATIC Logon User management in Windows The user management of SIMATIC Logon uses the mechanisms of the Windows operating system. the user ID and password (here: password) are entered.System Installation 4. All user data are created and managed on this server. Emergency users can be set up locally for emergency operation. The central administration of groups and users on the domain server allows all computers that belong to the domain access to the groups and users. To improve performance. From here. The user can only be assigned to one user group. When selecting the server. however. On the panel. the advantages of the group and user management can be used in conjunction with SIMATIC Logon. This means that there are two user management options under Windows: Windows domains If a domain server is used in the working environment. System Installation Creating user groups and users The users and groups are configured according to the specification in the user management of Windows. After logging in during runtime. The following schematic shows an example of the assignment of users to user groups. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 53 . the operator has precisely the rights required to operate the plant as assigned to the relevant user group in WinCC flexible. 54 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Specifies the minimum time that a password must be used. Specifies the maximum time that a password may be used before it must be changed. Password must meet When it is activated. The following screenshot shows the Password policies dialog box. Password policies For the monitoring mechanisms of the password policies of Windows. The settings shown are examples. FS or DS) must be made. special characters Minimum password length Maximum password age Minimum password age Specifies the minimum number of characters a password must contain. a-z lowercase letters 3. etc. The following security settings of the password policies are relevant and must be configured in the operating system. A-Z uppercase letters 2. 1. the previously specified settings (URS. !. Guideline Enforce password history Description of the security setting Specifies the number of unique new passwords that must be used for a user account before an old password can be used again.2 Security settings in Windows General security settings can be configured in the Windows operating system with Start menu > Settings > Control Panel > Administrative Tools > Local Security Policy.System Installation 4.4. the password must contain at least complexity three of the four following categories: requirements.%.$. 0-9 numeric characters 4. the account remains locked out until it is unlocked by the administrator. audit policies. Account lockout duration Specifies how long an account remains locked out before the lockout is canceled automatically. The monitored events are stored in the event viewer in the security log and are available for investigation. The following security settings in the account lockout policies are relevant and must be configured. Reset account lockout counter after The following screenshot shows the Account lockout policies dialog box. This is the recommended setting. Specifies whether or not the individual events of account management are audited (creating or changing a user account.System Installation Account lockout policies For the monitoring mechanisms of the account lockout policy of Windows. changing or setting passwords). or trust policies Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 55 . Guideline Description of the security setting Account lockout threshold Specifies the number of failed attempted logons before the user account is locked out. Guideline Audit logon attempts Audit account management Audit logon events Audit policy change Description of the security setting Specifies whether or not the instance of a user logging on to a computer is audited. the settings as specified in the URS or FS must be made. Determines whether each instance of a user should be audited when logging on or off on a computer. Specifies how long it takes in minutes before the account lockout counter is reset following failed logon attempts. If the value 0 is set. Audit policies The following settings must be made in the audit policies of Windows to generate a recording (Audit Trail) of attempted logons. Determines whether to audit every incidence of a change to user rights assignment policies. 4.3 Configuration of SIMATIC Logon When SIMATIC Logon is installed. 56 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . ! Note After installing Windows. and audit policy. The following settings are made in the General tab: 1.4. To do this. The settings must be checked and adapted to the requirements of the current project. Note To monitor the logon activity. default parameters are set for the password policy. account lockout policy.System Installation Computer management is opened with the following menu command: Start > Settings > Control Panel > Administrative Tools > Local Security Settings. All users assigned to this group have permission to configure SIMATIC Logon. the required settings must be made in the audit policy of the local policies of Windows. Further information Additional information on setting up Windows workgroups and Windows domains can be found in the operating system help of Microsoft Windows or in the appropriate Windows manual. the difference compared with local time is shown after the sign. Activation of the date / time display according to ISO 8601 The time stamp is then displayed in the Eventlog Viewer in the following format: CCYY-MM-DD hh:mm:ss ±hh:mm The first part is the universal time coordinated (UTC). go to Start > SIMATIC > SIMATIC Logon and open the Configure SIMATIC Logon dialog. Selection of the language in which the dialog user interface is displayed 2. the user group with the name "Logon_Administrator" is created automatically in Windows. The name of the domain or workgroup server must be entered. the user specifies whether the information relating to groups and users relates to a Windows domain or a Windows workgroup server.System Installation If this option is not selected. 4. Activation of a default user in a default group to be logged on after the user logoff (either by the user or automatically by the system). the time stamp is shown in the local computer time. 3. Reminder of a password change with the number of days before expiration Note The default group and a default user functionalities and the password change in the future are not supported in WinCC flexible. ! In the Working environment tab. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 57 . The period expires when there is no operator activity. In the Automatic logoff tab.System Installation In the Logon device tab. for example by fingerprint. ! Note The "Use SIMATIC Logon automatic logoff" functionality is implemented for WinCC flexible by setting a time period for the Admin user. If a logoff time with the value 0 is entered for the Admin default user. This means that the user logged on centrally is logged off when the period expires. the user is not automatically logged off. the user specifies whether the logon is via the keyboard. the user specifies whether automatic logoff is used. the screen keypad can be enabled for the logon. smart card or other procedure such as biometric user identification. At the same time. 58 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Functions supported by the HMI device are offered for the configuration. We recommend you begin configuration with the HMI device that requires the least amount of work. Multiple HMI devices and even different device types can be configure in a project. The integrated copy function enables you to duplicate the configuration for an HMI device and transfer it to other HMI devices. Process-relevant data are recorded in data logs and visualized with trend graphics. Special editors are available for the different configuration tasks. This will reduce the error rate and the work needed for configuration and validation. Access to the process is organized with user groups and users in the user administration. Functions that are not supported by another device type are hidden and listed in the output window. graphical process screens are created with the WinCC flexible engineering software for operator control and monitoring of machines and plants.1 Project Manager All configuration information is saved in a project directory assigned to the project. Alarms and meaningful alarm texts indicate the operational and error states of the production process. The configuration depends on the type of HMI device specified when the project is created. This has the advantage of allowing multiple HMI devices that are employed for plant operation to be managed in a single project. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 59 .5 Project settings User interfaces in the form of interactive. 5. It contains a variety of the terms used in automation in several languages.3 SIMATIC NET Settings SIMATIC NET is used for industrial communication.Project settings 5. are centrally collected for all HMI devices in the Project Texts editor. A custom dictionary can be maintained to ensure a uniform vocabulary within the project. refer to WinCC flexible Information System > Installation Notes > Scope of Delivery. recipes. The keyboard layout corresponds to the language of the installed operating system. Note WinCC flexible provides an on-screen keyboard. alarms. For more information. The configured texts in process screens. 60 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The export/import function enables you to export the texts for translation in the form of an Excel table and then import them back into the project. A separate column is created for each project language. which is displayed for text input on touch panels. SIMATIC NET provides the communication drivers for connecting WinCC flexible RT to the automation level via PROFIBUS or Industrial Ethernet. 5.2 Multilingual Projects WinCC flexible supports the creation of multilingual projects. etc. The integrated system dictionary provides additional support for configuring multilingual projects. The requirements of time synchronization must be described in the specification. The PLC and the HMI device trigger defined interactions based on the evaluation of stored data. does not have the same level of accuracy as time synchronization since message frames and script runtimes are included. 5. Area pointers are parameter fields from which WinCC flexible RT obtains information about the location and size of data areas in the PLC. however.automation. "Set time-of-day". Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 61 . During communication. the PLC and the HMI device alternately access these data areas for read and write operations. Direct time synchronization between WinCC flexible and the automation system is not available. The area pointers reside in PLC memory. Their addresses are configured in the "Area pointers" dialog of the "Connections" editor. the time can either be set on the automation system or on the HMI device. Time synchronization to a standard time is desirable. This entry describes setting the time of day from the automation system to the panel and vice versa in detail. The time master must be defined within the system.4.Project settings 5.com/). Instead. but not mandatory.siemens. Note The procedure for setting the time of day between a panel and STEP 7 is documented in detail in entry ID 24104104 (http://support.4 Time Synchronization All time synchronization activities depend on the requirements of the project. A uniform time reference must be guaranteed when archiving data and analyzing problems in a plant.1 Set time Setting the time of day is performed via an area pointer in WinCC flexible. 62 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . This can be achieved by transferring the OB start time. The system time of the controller is transferred to the defined tag of the type DATE_AND_TIME in a one second cycle.4.2 Transferring the CPU system time to the HMI device Creating the "Date/time PLC" data area in the data block A data area consisting of a "DATE_AND_TIME" tag and four "BYTE" reserves is defined in the automation system. We recommend organizing this data area in a structure (UDT).Project settings 5. Display of the daylight saving time must be enabled or disabled manually in the Control Panel in the Date / Time object using the Daylight savings time currently in effect check box. A description of the procedure can be found under entry ID 26961516 (http://support. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 63 .siemens. The update period of the system time on the HMI device synchronized to the current system time of the CPU is specified with the acquisition cycle.com). The automation system is the time master. The connection to the Date/time PLC area pointer is selected in the Area Pointer tab of the For all connections table and linked to the data area in the PLC. Changing between daylight saving and standard time Automatic switchover between daylight-saving and standard time is not currently supported on the panels. An alternative for switching over between daylight-saving and standard time is to set the switchover points using a process picture.Project settings Setting up the "Date/time PLC" area pointer in WinCC flexible The time of day is read cyclically from the automation system using this area pointer and set on the HMI device.automation. The table of configured connections is opened with Communication > Connection. 4. Select the connection to the desired automation system with the menu command Communication > Connection.3 Transferring the HMI device system time to the CPU The Date/time area pointer is used to transfer the system time of the HMI device to the CPU in WinCC flexible. the "job mailbox" area pointer is linked to a data word in the "For each connection" table. Setting the time of day is handled by control job "41" in WinCC flexible. The automation system cyclically writes the value 41 (BCD coded) in the defined data word to set the time of day. You will find additional information on setting the time in the SIMATIC S7 GMP Engineering manual. WinCC flexible resets the value to 0 as soon as the job mailbox has been processed. To transfer job mailboxes. The "Date/time area pointer is enabled in the "Area Pointer" tab of the "For each connection" table and linked to the intended data area in the automation system. 64 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Project settings 5. This means operator input from these clients is no longer possible. Time synchronization in a Windows workgroup The time of day can be synchronized in a Windows workgroup.Project settings 5.4. GMP) and synchronizes the system time of the components such as HMI devices and automation systems connected via Ethernet.de/siclock. Note The time on the clients in the domain is synchronized using Microsoft system services of the Windows operating systems. This is prevented by denying the client logon to the domain. (Additional information is available on the Internet at http://siemens-edm. If a time difference of five minutes is exceeded between the domain and clients. and the automation system are operated in a Windows domain. SICLOCK can once again be used.o. To set the time on the domain server. for example with SICLOCK as the time master. the operating system assumes that an attacker has decrypted the logon. (see above) If the time in the network is inaccurate.html) Time Synchronization in a Windows Domain If SIMATIC Logon. clients may be rejected in the domain. the HMI devices. SICLOCK receives the current time via an external time source (DCF.4 Synchronization of the SIMATIC Logon server The time-of-day synchronization of SIMATIC Logon depends on the environment (Windows workgroup or domain) in which SIMATIC Logon is operated. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 65 . the domain server acts as time master. and it must be possible for these to be identified using a unique designation and version number and for them to be distinguished from the previous version. Any updates for the operating system are obtained in the WinCC flexible Engineering System. which are defined by and documented with their type designation.1 Defining configuration elements In terms of hardware.Project settings 5. the system first has to be split into configuration elements. version number. standard components are usually used. The individual configuration elements into which the application software should be split cannot be defined for all cases as it differs depending on different customer requirements and system characteristics. Below is a description of examples and options for versioning in WinCC flexible: 66 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . etc.5. See also Section 2.5 Support for Configuration Management Configuration of an automated system consists of various hardware and software components. Just like the hardware. etc. the (nonconfigured) system software SIMATIC WinCC flexible Engineering System with its libraries. for example. these may be standard components or specially tailored user components.1 "Hardware Categorization". the current system configuration should be available and clearly arranged at all times. version number. the WinCC flexible Engineering System should be used to check whether updates are available to the panel operating system. WinCC flexible PC Runtime and Premium add-ons. the standard components include. To achieve this. In keeping with configuration management according to GAMP 4. The application software is configured and/or programmed on the basis of standard software. In the software. The procedure for the steps described below is part of the configuration management and must be described in a SOP that is binding for all persons involved in the project. The use of customer-specific hardware requires more effort. When commissioning. these are defined and documented with designation. The Windows CE operating system is preinstalled on the panels when shipped. 5. refer to Section 2.2 includes examples of how individual software elements can be versioned. The following data is specified for the versioning of the application software: • • • • Name Date Version number Comment on the change The change is described in greater detail in the relevant change request. for example: "The main version is set to 1.0 following the FAT and to 2.5.4 "Checking the Configuration" Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 67 . the issuing of version numbers and a procedure for change control must be defined in the instructions etc. Note Section 5.0 following commissioning. all configuration elements should be maintained following a defined procedure for configuration management.3 and for general information on this topic to GAMP 4. when versioning is to take place.Project settings 5. The procedure for changes made to a plant in runtime must always be coordinated with the plant user. see Section 8. for configuring the application software.5. and whether a main version or sub version is to be incremented. 5.3 Versioning the application software The project guidelines must define which elements are to be versioned. From when the application is first created. Section 7.5." Whether the main version or the sub version is to be changed can also depend on the scope or effect of the change in question. See also Section 7.2.11. For additional information on monitoring the configuration in WinCC flexible.7 and the corresponding appendix M9. All other changes are reflected by incrementing the sub version.2 Versioning of configuration elements While the version ID of standard software cannot be changed by the user / configuration engineers. Note The Change Control options includes a change control that records every change in the configuration with time stamp. 68 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . data for versioning can be maintained by specifying a versioning ID. name and change date as shown in the schematic below. to make application-specific evaluations. Runtime scripting is a programming interface with which parts of the project data can be accessed in runtime.Project settings Versioning a screen object A text describing the screen can be entered in the properties of the screen object in Properties > Help Text. It is advisable to maintain a history in the scripts indicating any changes made. The history can be entered in the script as a comment before the code or in Properties > Comment. In this text box. for example. These can be used to perform many tasks in Runtime without needing any programming skills. user and object-dependent configuration differences. Runtime scripting can be used to solve more complex problems. Versioning VB scripts WinCC flexible provides predefined system functions for common configuration tasks. The following screenshot shows an example of the footer of a report layout with version ID. The screenshot shows the history in the comment box for the script. The version ID must be kept up-to-date as specified in the SOP for configuration management. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 69 . Versioning reports A static text box for the manual entry of a version number can be inserted either in the report header or footer. The version ID must be kept up-to-date as specified in the SOP for configuration management.Project settings The screenshot shows the history as a comment before the start of the code. Project settings 70 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Te st /Q ua lifi ca ti on Sp o ati ific ec n 71 . The configuration of the automation level in a GMP environment is not described here. In the schematic below. the markers in the lower part indicate the phase of system creation.6 Creating Application Software This chapter explains the configuration of SIMATIC WinCC flexible in a GMP environment based on examples. All application-specific objects should be stored in the project library so that the objects are saved with the project and changes are entered in the change log of the ChangeControl option. Graphics The Graphics area in the toolbox contains a comprehensive collection of graphics and symbols for graphically editing screens. Navigation is performed with the integrated. The screen resolution.. for example) Using the WinCC flexible screen navigation with a navigation bar Hierarchical screen navigation is created in the form of a tree in the WinCC flexible screen navigation. global library Libraries are a collection of screen object templates. The library objects can be inserted in a screen with drag-and-drop and adapted as required. a combination of a graphics program and tool for process visualization. measuring equipment. Graphic objects such as machines and plant components. 72 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The appropriate device layout in the screen depends on the selected HMI device. Function keys are also shown if the configured HMI device features them. if they are available on the HMI device Creation of buttons for screen selection (in the template. can be configured in a template. project library. operator control elements and buildings are thematically organized. • • • Screen selection via function keys.Creating Application Software 6. The WinCC flexible engineering software package includes system libraries with configured operator control elements. The basic design. such as the company name. Project libraries are only available within a library and are saved together with the project data.1 Creating Process Screens Process screens are configured in the WinCC flexible screen editor. color depth. This template forms the basis for the process screens. A global library is stored independent of project data in a separate file with the extension *. Global libraries are available for all projects. configurable navigation bar. Screen navigation Configuration of screen navigation for selecting screens is necessary in projects consisting of multiple screens. fonts and available objects also depend on the device type. The objects are inserted into the process screen using drag-and-drop. buttons for screen selection. Various methods can be used for this. etc. You can also create customized project libraries and several global libraries. Symbol library. faceplates and graphics.wlf. Static and dynamic objects are provided in a toolbar to design screens. logo. The library objects can be used repeatedly without having to be configured again. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 73 .Creating Application Software Example of the navigation bar Faceplates in conjunction with structure tags The faceplates functionality in WinCC flexible allows object-oriented configuration. Once the individual objects are assembled in groups. Faceplates are automatically saved in the project library and are therefore available throughout the project. They can also be stored in a global library to make them available outside the project. only the object properties and events used for the dynamic characteristics of the faceplate are specified in a configuration dialog as an interface to the process. A faceplate is a group of selected objects assembled and configured for a specific application and used for operator control and monitoring of a process unit such as a motor. The colored connection lines indicate the object properties and events that form the interface to the outside for the dynamic characteristics. speed. This structure contains the structure elements. can also be programmed. The "Motor" structure was created as an example in the faceplate configuration dialog in the figure above. When the faceplate is inserted in a process screen. A tag of the type "Motor" is created for each relevant motor with the menu command Communication > Tags. The structure elements are connected directly to the externally oriented object properties in the configuration dialog for the faceplate. the corresponding tag of the "Motor" type is specified and the motor name is adapted. motor on etc. 74 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . temperature. Structures can be configured both internally and in connection with the SIMATIC S7 300/400 automation system. which are executed solely in the faceplate. VB scripts. Faceplates are given dynamic characteristics using structures that assemble several tags of differing type.Creating Application Software The figure shows the objects in the faceplate on the right and the interface of faceplate configured for the specific application on the left. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 75 . select the relevant object in the process screen (the "Copy" button in the figure) and specify an authorization for controlling the object in the Properties > Security area (the "Administration" authorization in the figure).Creating Application Software 6. To do this. objects subject to control can be associated with an authorization.2 Setting Access Protection for an Object Once access protection has been set up with user groups and users. Writing VB scripts offers numerous possibilities for implementing application-specific functionality. You can use VB scripts to solve more complex tasks. The procedure for creating Category 5 software is as follows: 1. The system functions (the setting of a bit. Specification of the inputs and outputs used 4. Note Selections of the predefined system functions as well as the permitted set of commands depend on the HMI device employed. As a result of this configuration. 6. VB scripts are programs written by the user that belong to the Category 5 software. 76 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . This type of software is developed to meet customer-specific demands not covered by standard functions.Creating Application Software Care must be taken to ensure that access protection is configured for all objects requiring an electronic signature.3 Creating VB Scripts WinCC flexible provides predefined system functions for typical configuration tasks. the predefined system functions can be used in a script together with instructions and conditions in a code based on Visual Basic Script. Specification of the block for operator control and monitoring Note The creation of custom software (GAMP Category 5) should be kept to a minimum since it increases the effort needed for testing and validation considerably. A change can be made in the I/O box only when a user with appropriate permissions is logged on. For example. Creation of a functional description for the software 2. Access to the WinCC flexible object model is available using scripts. the logon dialog is displayed automatically if no user is logged on. Specification of the function blocks used 3. for example) can be linked to a screen object in a function list without requiring advanced programming skills. The /Audit option requires a separate license key for HMI devices and WinCC flexible RT.Creating Application Software 6. Regulated project is selected centrally in the GMP settings. Audit trail The audit trail is configured as a log in the Archive editor and GMP-relevant activities are recorded in runtime. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 77 .4 Setting up the Audit Trail The WinCC flexible / Audit option is offered especially for use in GMP-relevant production plants. The range of functions in the /Audit option is described in the following: Project setting When a project is created. This option expands the range of functions in the WinCC flexible system software to ensure that the project conforms to FDA 21 CFR Part 11. changing. etc. moving the logs to a network drive) If no storage space is available. etc. The checksum is generated with an integrated algorithm and ensures that any manipulation can be detected. Certain system functions A list of the GMP-relevant system functions is available in the WinCC flexible Information System > Options > Audit > Working with Audit > Logging system functions • • • • • • Additional information is available in the WinCC flexible Information System under Options > Audit > Basic principles > Logging concept of the audit trail. If there is not enough space at the storage location. Alarm system Alarms requiring acknowledgment. For more detailed information on configuring the audit trail. GMP-relevant actions can no longer be performed. failed logon attempts. failure of the USP when the uninterruptible power supply option is used (see also section 6. ! 78 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . suitable actions an be configured under the events. loading data records. etc. The following entries are automatically saved in the audit trail: • Runtime sequence Runtime start / stop. project information. (for example. critical and configuring a reaction in the function list.13) User administration User logon/logoff. refer to the WinCC flexible Information System > Options > Audit. The file name and storage location are defined during configuration. acknowledgment attempts Archiving operations Starting. saving. stopping. Note The Force function must be deactivated in the GMP environment so that all operator actions can be recorded in the audit trail. opening.Creating Application Software The audit trail is always a file in CSV format with a checksum. closing of a log. generating a notification message. Change values of GMP-relevant tags by the user For GMP-relevant recipes Creating. We recommend evaluating the events Little free space and Little free space. Creating Application Software 6. NotifyUserAction system function With the integrated NotifyUserAction system function.1 Generating audit trail entries When the /Audit option is used. see also Section 6.4. Selecting GMP relevant causes a changed tag value to be entered in the audit trail automatically. The change can either be linked to a mandatory comment or an electronic signature. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 79 . the audit trail can record specific user actions that would otherwise not be entered.5 "Electronic Signature". such as activation of a button. GMP Settings. the properties of tags are extended by the entry. Details are described in the section 6. changing and saving recipe data records Downloading/uploading a data record from/to the controller Electronic signature for transferring recipe data Electronic signature for saving recipe data 80 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . See also the section Electronic signature The system function can be integrated in an application-specific script. The following figure shows a script that executes the "NotifyUserAction" system function and specifies the "Batch started" text in the description in connection with the batch name that is read from the "BatchName" tag. GMP settings can be configured in the properties for the recipes. • • • • Creating. Recipe configuration When the Recipe option is used in connection with the Audit option. When the check boxes are activated. This text is always entered in the audit trail. ! Note Once again. for example to form a variable description of the performed action.Creating Application Software The acknowledgement type and comment properties can be configured. care must be taken that the control of the object (here a button) is protected by operator permissions. The description is stored in a text that comments the operator action.6 "Recipe Management with the Recipe ". the following actions made to the recipe are commented with entries in the audit trail. The complete entry in the audit trail depends on the rest of the configuration. This means that a logon is forced if no user is logged on and only a user with suitable rights can provide the electronic signature. The moved file can then be opened with the Audit Viewer.7. While the file is closed to allow it to be copied. System functions are available for this action that can. The indicator is red if manipulation has occurred. Additional details about the Audit Viewer are documented in the WinCC flexible Information System and in the help system for the Audit Viewer. To avoid manipulation of the audit trail files.exe application that is available in the WinCC flexible 2007 Runtime folder after the WinCC flexible system software has been installed.Creating Application Software 6. see also Section 6.4. This is available in the WinCC flexible system software package. the Windows directory can be protected from unauthorized access using Windows tools. The Audit Viewer can be installed on any PC with a Windows operating system. copied or moved to another directory and then opened again. The audit trail file is opened during process operation to record the relevant entries. for example. The checksum generated for each entry by an integrated algorithm is evaluated for this.2 Display of the audit trail The WinCC Audit Viewer application is used to display the audit trail on a PC. be linked to a button. The checksum can also be verified with the HMIChecklogIntegrity.3 "Restricting access to the network drive". the file must be closed. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 81 . The green indicator in the "Data Validity Indicator" area shows that the file has not been manipulated. To be viewed with the Audit Viewer. no GMP-relevant operator activity is possible on the panel.exe application. The WinCC flexible Information System > Getting Started > Getting Started Options > Using Audit > Evaluating Audit Trails with DOS Program describes how to launch the HMIChecklogIntegrity. a comment must be entered in addition to the electronic signature when a tag value is changed. the dialog shown above is also displayed for the entry of a password. The "NotifyUserAction" system function is another way of generating an audit trail. Note Operator input to an object that causes a change in a GMP-relevant tag value must be protected using operator permission. The selection made for the confirmation type is "Electronic signature". If a "mandatory comment" is selected. The following screenshot shows a section of the audit trail with an entry for electronic signature. This ensures that only a user with suitable permissions can perform the action. This means that when the system function executes.Creating Application Software 6. a dialog box opens in which the password of the logged-on user is queried.1 "Generating audit trail entries". 82 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . See also section 6. If there the value of the tag is changed during operation.5 Electronic Signature The electronic signature is set in the GMP settings for the tag.4. A recipe consists of several data records in which the various values for the individual recipe entries are stored. For production plants operating in an environment requiring GMP. such as machine parameters or production data.6 Recipe Management with the Recipe Option The Recipe option for panels requires no license. are collected in a recipe. These two variants are presented below: Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 83 . the GMP settings can be set during the configuration of the recipes in the WinCC flexible system software.4.1 "Generating audit trail entries". see also Section 6. Either a separate recipe screen can be configured or the "recipe view" object can be integrated in a process screen to process or display the recipe data on the panel or in WinCC flexible RT.Creating Application Software 6. This option does require a license when WinCC flexible RT is used on a PC. The recipes along with the corresponding recipe entries are created and managed in the "Recipes" editor. The number of recipes is based on the HMI device type. Associated records. The following alternative methods are used to generate the data records: • • • • Recipe data is entered in the engineering system and transferred with the complete project data Recipe data is entered during ongoing operation Records are read in ongoing operation following the teach-in mode on a machine Recipe data is imported from a CSV file The method selected for creating the data records depends on the conditions of the production plant. This can prevent the tag values from being directly written to the controller.Creating Application Software Recipe view The recipe view is integrated as an object in a process screen. 84 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . all changes are commented in the audit trail with old value and new value. user ID. When GMP-relevance is selected for the process tags linked to the IO fields. The transfer to the PLC is performed separately with the Transfer button and must be confirmed with an electronic signature when the GMP property is set. A recipe view action in ongoing operation generates entries in the audit trail when the GMP settings have been selected as described above and the Audit option is enabled. The transfer is recorded in the audit trail with a time stamp. The transfer of the IO field data to a data record is controlled with the "Synchronize" button in the recipe view. recipe and record name as well as a comment by the user. To use the recipe view to simply display data. value changes can be made in IO fields configured in the recipe screen in addition to the recipe view object. The following data are saved in the audit trail: • • • • • • Time stamp User ID Recipe name Record name Performed action User comment Note Data changed in a data record are not entered in the audit trail with the old value and new value. the operation during ongoing operation can be disabled and the status bar and buttons can be hidden. There are numerous options for configuring the display window and window characteristics in the object properties. To nevertheless log changes to a record in the audit trail. user. GMP-relevance is selected for the linked process tags. can be included as additional parameters. The version. The boxes for displaying these parameters should be set up so that they cannot be written by direct input (read-only attribute). Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 85 . For this. Delete. is performed via buttons. Save. for example. The parameters should be supplied with values only from scripts. Transfer to automation system as well as Log.4. either the system functions for recipe management integrated in WinCC flexible are called or customized application-specific scripts are attached in the button properties. new value. date and time of the change and release of the recipe. The organization of the data records.1) This causes each changed value to be recorded in the audit trail with the old value. (See also section 6. time stamp and user. This means. the version can be incremented by a user-defined algorithm. such as Create new. etc.Creating Application Software Recipe screen The recipe values are entered via I/O fields.. 4 "Setting up the Audit Trail"). (see also Section 6. The operator actions can be tracked and logged in the audit trail. for example with trend graphics in the process screens. alarm logs and audit trails") • Configure the data log All tags in the project are created with Communication > Tags object. 6.Creating Application Software 6. The data log and the archiving cycling are specified for the tags that are to be archived.7 Recording and Archiving Data Electronically To acquire production-relevant data. storage location etc. The /Audit option is required to record an audit trail (see Section 6. The configuration is performed with the following tasks: • Creating and configuring one or more data logs Specification of general settings such as name. The data log stores the contents of selected tags with time stamps in a defined cycle. data logs and alarm logs are created in WinCC flexible. 86 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .2 "Archiving data logs. especially for production plants operating in the GMP environment. continuous process values. • The archived values can be visualized.7.7. Data logs Data logs are used to acquire production-relevant. log size.1 Setting up data and alarm logs It is highly important to provide full quality verification relating to production data. The time stamp of the message is set by the PLC. Messages are lost if they are shorter than the acquisition cycle. Analog alarm type The HMI device monitors the limits of a tag and triggers an alarm if a tag violates a high or low limit. the SFCs Alarm_S/SQ and Alarm_D/DQ are used on the SIMATIC S7 controller.Creating Application Software Alarm logs Alarms are configured to detect events and states that occur in the process.2 "Local data archiving“. the acquisition cycle. size of the log. Alarm number type The PLC transfers an alarm number (and any associated alarm text) to display an alarm. The time stamp of the alarm is set by the HMI device. the time stamp is recorded by the PLC when the alarm occurs and is passed to the HMI device. storage location. The time stamp of the alarm is set by the HMI device. The following configuration steps are required to set up alarm logs: • Create and configure one or more alarm logs Make general settings such as the name. bus runtime and processing time are contained in the time stamp. The following alarm types can be selected when configuring alarms: • Discrete alarm type An alarm is triggered by the PLC due to a bit change in a tag. WinCC flexible also generates system events for displaying specific system states of the HMI device or PLC.3).7. Log the alarms of an alarm class An alarm log can be assigned to each alarm class A detailed description of the configuration of alarm logs is available in the WinCC flexible Information System under Working with alarms > Alarm logging.7. This requires that alarms are configured in STEP 7 in the ALARM_S/SQ/D/DQ alarm block. • • ! Note Protect the network drive shared for data backup by assigning access authorizations (see Section 6. Refer to the relevant CPU manuals and the block descriptions in the SIMATIC STEP 7 online help for information on restrictions relating to the system resources for simultaneously pending alarms. With the alarm number type. With the alarm number type. etc. • • Notes on the time stamping With the discrete alarm and analog alarm types.. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 87 . see also Section 6. data and alarm logs can also be saved in database format (ODBC). 88 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .3). When all segments are filled. The logs can be saved in a CSV file on panels. a configured function list can be executed (see section 6. Logs with system events that depend on the fill level. Note A plant-specific archiving concept (URS. the oldest segment is deleted.7. the entries are stored in defined segments. The storage capacity of the storage location (such as a CF card) must be taken into consideration when configuring the number of log entries. We recommend logging data locally on a memory card and then backing it up at regular intervals to a network drive (see also section 6. alarm logs and audit trails The configuration of the log type for alarm and data logs specifies the reaction when a log is full: • • • • Circular log. On PCs. FS) must be developed for plants operating in an environment requiring GMP. If the available space falls below this limit.Creating Application Software 6.7. a system event is triggered when a defined fill level is reached. Log with execution of system functions when log is full The size of the data or alarm log depends on the length of individual entries and the number of entries. the oldest entries are deleted Segmented circular log. A minimum amount of free disk space is defined as the limit for the storage location (memory card or network drive). This is set by the number of data records.2 Archiving data logs.5 "Electronic Signature“). The audit trail is configured as an endless log and is always written to a file in CSV format. 3 describes how the directories on the network drive are protected against unauthorized access. Before being transferred. The access protection is regulated in the respective database system. The panel is connected to a network via Ethernet for this. Data saved as a database can be read again with a database system via an ODBC driver.siemens.Creating Application Software Local data archiving The data can be logged locally on a panel using a memory card. see also Section 6. The next Section 6. the logs are closed and then opened again when the transfer is completed. Transfer of the logs can be triggered.7.3. Any log events that occur in the meantime are buffered. The steps necessary for establishing a network connection are described in detail in entry ID 13336639 (http://support. The access protection for the folder in which the CSV files are stored is configured under Properties > Security Settings for the folder in the Windows Explorer. An Ethernet connection is required to save the log data to another storage medium. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 89 . Detailed information is available in the WinCC flexible Information System.automation.com/). for example with a button that calls the integrated ArchiveLogFile system function. Backing up logs A network drive in a local network can be specified for data backup of locally stored data and alarm logs as well as the audit trail.7. The panel logs on to the network under this name. Note A panel can only access network devices in the same subnet. If the panel is associated with a domain. is created on the PC on which the shared network drive is located. the domain name must also be specified.7.3 Restricting access to the network drive The records are archived by WinCC flexible in the form of CSV files. such as "Panel". (In Windows XP under Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Groups) 90 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The following procedure is recommended for this: A panel name with password is specified in the Identification tab of the network settings. however. The CSV format offers no data security options for protection against unauthorized user access. the folder containing the files from the panel must be suitably protected.Creating Application Software 6. A new user group. To ensure that the records are protected from unauthorized access. The access protection for the folder is set in the Security tab of the shared network drive’s properties. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 91 . The Panel group requires Full access for HMI device "mp1" to be able to create the CSV files in the folders.Creating Application Software A new user is created with the panel name under Users. This is added to the newly created user group. With these settings.Creating Application Software Users assigned to the "User group have read-only and no write access. only the "Panel" user group has “write” access for the folder. 92 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Write access can be denied for users in the "Administrators" group. 2 “Batch-based reporting”. only the security settings for this subfolder need to be set.Creating Application Software Note The security settings do not have to be set directly on the network drive. • • • Exporting in database format Exporting in HTML format Exporting in XML format Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 93 . 6. PM-QUALITY provides various ActiveX controls for displaying the recorded or current batch data. For more detailed information on PM-QUALITY.7. These controls can be integrated in a process screen in WinCC flexible PC RT. PM-QUALITY offers several methods for archiving logged batch data. PM-QUALITY is installed on a standard or panel PC (check the operating system) that is connected to the panel via Ethernet. refer to section 6. Note The security settings shown were made with the NTFS file system in the Windows XP Professional operating system.4 Batch-oriented data recording The WinCC PM-QUALITY add-on can be used for batch-based acquisition of batch data in small to medium-sized plants. PM-QUALITY can be installed on the same PC together with WinCC flexible RT. If the log data is stored in a subfolder of the network drive.8. 94 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Creating Application Software Only completed batches can be archived. The records must first be exported to a local hard disk. PM-QUALITY checks if the completed batch is ready for export in the current acquisition cycle. By selecting the check box "Close and log batch automatically" in the Project Settings > Defaults dialog. locked or reported as completed. no changes or additions can be made in the batch data following the automatic export. for example to the long-term archive server. can be configured with "Following action". The batch was aborted. when: • • The batch was completed manually or automatically. subsequent manipulation of the records can be prevented by assigning appropriate rights to the drive (read-only). For export in HTML format or XML format. Automatic export of a batch is performed only once. Transferring the batch data to an external drive. A batch has the status closed. The batch is selected in the batch selection dialog and the view is started on screen using a button in the toolbar. The tool is included in the PM-QUALITY package. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 95 .Creating Application Software The Export View tool is used to view batch data in the database format. The following data can be documented: • • • • Alarms immediately when they occur Alarms from the alarm buffer Alarms from the alarm log Recipes The options for data output depend on the performance of the HMI device and the licensing in PC RT.8 6. Numerous objects are available to design a report. header and footers as well as one or more sheets of data. back sheet. For more detailed information on designing reports. the Print alarms object is inserted in a report page. Recipes entered in the WinCC flexible recipe system can also be output as a report on a printer. alarms can be output as reports on a printer.Creating Application Software 6. 96 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . This division allows reports to be created with a cover sheet.8. Alarm logging To report alarms.1 Reporting Standard reporting In WinCC flexible. Reports editor The Reports editor is divided into different areas. for example static objects such as texts and graphic elements and dynamic objects such as I/O boxes that allow current tag contents to be documented at the time of printing. The documentation of alarms and recipes is handled using special objects. The object properties define which alarms are reported. layouts with suitable contents are configured in the Reports editor. refer to the WinCC flexible Information System under Working with WinCC flexible > Working with reports. To print out reports. Report output The configured reports can be output event-driven or cyclically. the alarms from the alarm buffer are reported. the user can decide whether to print a specific recipe or all recipes. The start and end of the range are transferred in tags of the type date / time. the alarms are printed from the assigned alarm log. the Recipe view object is inserted from the toolbox window in a report page. It is also possible to make the selection according to alarm classes. To be able to assign alarms to a specific production sequence. This is available only for panels that have the alarm logging function. a variable output range can be specified. Recipe output To document recipes created in the WinCC flexible recipe system.Creating Application Software Either alarm events or alarm log can be selected as the source for alarms. The display options are set in the object properties. linked to an operator input object in a process screen. At the same time. If alarm log is selected. a specific data record of a selected recipe can be output. for example. When selecting the recipe. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 97 . An event-controlled display is. If alarm events is selected. Creating Application Software Cyclic display regardless of the screen is configured in the scheduler. 98 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . It is possible to select not only time cycles but also the alarm buffer overflow event in the scheduler as the criterion for printout. the alarm buffer can be printed out and then deleted with the system function DeleteAlarmBuffer in the toolbar. If a critical status occurs in the fill-level of the alarm buffer. The report layouts for printing the batch data can be customized in the Report Editor application. This involves defining trend templates in which the values and the form of the trend graphic are specified. alarm events. The records are assigned to a specific batch. The dynamic objects are configured for the specific plant beforehand in the Topology Manager application.8. etc. The recording of the production-relevant records begins with the Batch start signal and ends with the Batch end signal. phase sections. audit trail entries. You can also display comparable trends with values from different batches. A tabular horizontal or vertical display style can be selected. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 99 . snapshots. Tag logging values are shown in the form of trend curves. The dynamic objects include batch header data.Creating Application Software 6. Static objects for report designs and dynamic objects for displaying the batch data are listed in the highlighted area at the lower left. tag logging values. The name of the batch can be configured and it can be called back up again with the batch name.2 Batch-based reporting The WinCC add-on PM-QUALITY can be used for batch-oriented reporting. An OPC station. which organize the import of the CSV files at the end of the batch. are always created in the PM-SERVER to acquire alarms and audit trail entries. A variety of alarm logs are created in the PM-SERVER. 100 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Text import stations. in which the tags from the WinCC flexible project are imported. is configured in PM-SERVER for exchanging tags. The entries of the CSV files are archived as alarms in these logs.Creating Application Software The PM-SERVER application functions as the interface between WinCC flexible and PM-QUALITY. It is contained in the PM-QUALITY program package. The PM-SERVER can also import records from multiple HMI devices with different WinCC flexible projects. Note You can find detailed descriptions about the configuration in the online help for PM-SERVER and PM-QUALITY. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 101 .Creating Application Software The tag values read into the PM-SERVER and the configured alarm logs are further processed in the PM-QUALITY application and put together according to the requirements of the batch-based reporting. Input boxes are then displayed in the batch report in which the user name. Either the configurations in PM-SERVER or the Windows user management (when the SIMATIC Logon software is used) can be used to verify the user name. 102 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Creating Application Software VB scripts can be inserted into the report layout to release batches per electronic signature. user ID and a comment can be entered. user ID and password. Creating Application Software The Release report button adds the electronic signature to the report data as a snapshot and the status is set from draft to original. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 103 . The Version Trail software can also be used to back up a SIMATIC STEP 7 project with an integrated WinCC flexible project. the project is handled and saved with the tools of the SIMATIC Manager. Note The WinCC flexible project must be closed for moving the project data. backup copies of the software versions must be made at regular intervals during the configuration phase.Creating Application Software 6. associated with the project is generated.9.1 Backing up application software from the engineering system Backing up project data in the engineering system When a WinCC flexible project is saved.ldf. WinCC flexible project.hmi. Version Trail backs up the project data structured under main and sub version as a compressed file. 104 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . For more detailed information. Instead. 6.9 Backups of System / Application Software In order to be able to fall back on software that has been created. Shared moving / copying in the Windows file system is allowed for creating the data backup. the records are saved in the project database with the file extension *. etc. the log file. *_log. It is also recommended that a backup / image be made of the system partition of the engineering system containing the operating system. refer to the GMP manual for SIMATIC STEP 7. At the same time. Note Projects which are a component part of a SIMATIC STEP 7 project cannot be moved or copied in Windows Explorer in order to ensure data consistency. These two files should not be separated. SIMATIC WinCC flexible system software. 2 Backing up the operating system and SIMATIC WinCC flexible The backup of the operating system and the WinCC flexible installation should be made as a hard disk image. for example. MOD. for example in the registry. network backup).Creating Application Software 6. Such images can be used to restore the PC to its original status relatively easily (WinCC flexible Engineering System and / or WinCC flexible RT). user administration. The hardware configuration of the PC should therefore be adequately documented. CD. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 105 . ! Note An image can only be copied back to a PC with identical hardware. differ from PC to PC. Images of individual partitions cannot be exchanged between PCs because various settings. Note The backup of the application software and the backup of the operating system with and without SIMATIC WinCC flexible should be stored on external media (for example. Note in this regard that the image is written to a free partition. DVD. WinCC flexible options and WinCC add-ons Create an image of the installed PC with SIMATIC WinCC flexible including all projects • • Procedure for creating an image Several applications are available for creating an image. Which images are advisable • Create an image of the operating system installation with all drivers and all settings relating to the network. SIMATIC PC/PG Image & Partition Creator. etc. without SIMATIC WinCC flexible Create an image of the installed PC with SIMATIC WinCC flexible.9. Creating Application Software 6.9.3 Backing up the operating system and the application software of an HMI device (panel) The ProSave application is available for backing up the project and operating system data on an HMI device (panel). ProSave is included in the WinCC flexible system software package. The application is integrated in the WinCC flexible engineering system. This allows you to quickly perform commissioning again, for example, after replacing a HMI device. Backup A backup from the panel to a *.psb file in the specified destination directory is generated with the menu command Project > Transfer > Backup. For detailed information on the backup procedure, refer to the WinCC Information System under Utilities for service and development > ProSave > Data backup. Note License keys on the panel are not backed up. The license keys must be saved beforehand using the Automation License Manager application. ! 106 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Creating Application Software 6.10 Interfacing to SIMATIC WinCC Both the SIMATIC WinCC system software and the WinCC flexible system software can be used in a distributed system. A connection for exchanging tag contents between the two systems is established via the OPC DA channel. 6.10.1 Centralized user administration SIMATIC Logon allows user administration to be organized centrally. The SIMATIC Logon server can be installed on the WinCC computer and licensed for the number of connected panels. What information does Section 4.3.2 “Centralized user administration” contain? 6.10.2 Central audit trail for multiple WinCC flexible systems Audit trail logs generated by the individual panels or WinCC flexible RT as circular logs can be transferred to the database of WinCC Alarm Logging with the PMOPEN IMPORT WinCC add-on. The audit trail is evaluated in terms of operator input alarms that indicate a tag value change and system events. All alarms are entered in WinCC Alarm Logging as operator input alarms with the alarm number of the WinCC default operator input alarm (12508141). The original time stamps are retained. Operator input alarms for value changes are entered in WinCC Alarm Logging with the old and new values. To allow the CSV files to be imported, a folder is defined on the WinCC server / single workstation system on which PM-OPEN IMPORT is installed for each WinCC flexible system and the audit trail can be moved to this folder either manually or cyclically. PM-OPEN IMPORT monitors the directories using Windows tools. This means that as soon as a directory contains a CSV file, PM-OPEN IMPORT starts to read in the data. Further information on configuring PM-OPEN IMPORT is available in the online help of the WinCC Premium add-ons. The WinCC alarm control can integrate the display of audit trail entries in a WinCC screen filtered according to operator input alarms and system events. The WinCC add-on PM-QUALITY is another alternative with which the audit trail of several panels can be merged. PM-QUALITY acquires the production-relevant process values and alarms batch-oriented. On completion of the batch, data, alarm and audit trail logs generated by WinCC flexible while the batch was running are moved to a network drive either manually or automatically. From there, the data is read into the PM-QUALITY database and is available for evaluation and display. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 107 Creating Application Software 6.10.3 Central process value archiving and central alarm management Data and alarm logs generated in WinCC flexible as circular logs in CSV format can be evaluated with the WinCC add-on PM-OPEN IMPORT and transferred to the WinCC logs. Data from the data logs is entered in the WinCC Tag Logging logs and contents of the alarm logs are entered in WinCC Alarm Logging. See also Section 6.10.2 "Central audit trail for multiple WinCC flexible systems" Further information on configuring PM-OPEN IMPORT is available in the online help of the WinCC Premium add-ons. 108 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 recipes require an electronic signature before they can be released for production. PM-CONTROL supports the requirements of the FDA in article 21 CFR Part 11. "Standard" and "Professional" variants. scalable production quantity and the time of production can be specified. Operator input in the recipe system. for example creating. The integrated order control allows flexible handling of production orders in which the recipe. The software package is divided into three applications: • • • Topology manager for mapping the process cell topology. Recipe system for creating and managing recipes / products Order planning and order control. modifying. creating the required parameters and configuring the interface to the automation level.4 Central recipe control and recipe management The WinCC add-on PM-CONTROL is an alternative to the recipes option in WinCC flexible. old value and new value. user ID. production location. PM-CONTROL is a batch-oriented parameter control for recipe/product data management. assignment and management of production orders To achieve a cost-effective solution for both simple and more complex tasks. deleting recipes can be protected from unauthorized access using different authorizations. The recipe data is recorded in an Audit Trail from the point in time at which it is created. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 109 .10.Creating Application Software 6. The Audit Trail can be printed out or exported to an XML file. PMCONTROL is available in the "Compact". Every recipe change is recorded along with time stamp. The implemented rollback function allows an older recipe version to be restored. After they have been created. PM-CONTROL provides ActiveX controls that can be integrated in a process screen in WinCC flexible RT. in turn. 110 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . During processing. PM-CONTROL is installed on a computer with a Windows operating system. has an electronic signature. either automatically when requested by the automation level or manually with the required user rights. The processing of the orders is started. for example. This can. Tags are connected to panels using OPC XML and to WinCC flexible RT using OPC DA.Creating Application Software Only fully signed recipes can be included in an order by the order control. Additional information on configuring PM-CONTROL is available in the online help of the WinCC Premium add-ons. The structure of PM-CONTROL allows central recipe data storage and order control for several WinCC flexible systems. be the WinCC flexible computer or a panel PC with a full operating system. To display recipe data and job management. only data from signed orders can be loaded on the automation system. Each scheduled order. The tags are created with Communication > Tags. The SIMATIC S7 300/400 driver is used in the figure above.11 Interfacing SIMATIC S7 A physical connection is first required for the data communication between WinCC flexible and the automation systems. The tags form the data interface between the automation system and WinCC flexible project. A communication connection suitable for the hardware being used is created in SIMATIC WinCC flexible under Communication > Connection. All editors configured in WinCC flexible read/write values of the tags.Creating Application Software 6. Internal tags without process connection and external tags with process connection can be configured for an existing connection. Numerous drivers are listed for selection in the Communication driver column. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 111 . WinCC flexible is launched from the SIMATIC Manager to configure the operator control and monitoring system. Advantages of the integration: • • • Central overview in the tree topology of the SIMATIC Manager Central overview in the symbol table of the SIMATIC Manager Central connection overview of all participating components via NetPro Integration procedure You can integrate WinCC flexible in STEP 7 in a variety of ways and means. the WinCC flexible project is processed through the SIMATIC Manager. When the integration is completed. select the File > Integrate in STEP 7 menu in WinCC flexible. the "WinCC flexible Engineering System" software package is installed automatically with the support for integration. Existing STEP 7 projects can be selected for integration. The "Integration in STEP 7" option must be enabled for a customized installation. 112 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Subsequent integration WinCC flexible projects can also be integrated in a STEP 7 project at a later point in time. With this variant.12 WinCC flexible Integrated in STEP 7 As part of the Totally Integrated Automation (TIA) concept. Installation sequence When the STEP 7 basic system is already installed on the system. the WinCC flexible project is integrated in a STEP 7 project.Creating Application Software 6. To do this. The tree therefore offers a central overview of the configured objects in the entire automation solution. The WinCC flexible engineering system is automatically opened for handling the WinCC flexible objects. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 113 .Creating Application Software Central overview in the tree Screens and objects of the WinCC flexible project are integrated as objects in the tree of the SIMATIC Manager. Double-clicking on the Tags object in the right-hand window starts the WinCC flexible Engineering System and opens the tag table. local data. The connection to the symbol table of the SIMATIC Manager is made in the Symbol column. are defined with symbolic names and comments in the symbol editor. Configuration of the tag interface The following figure shows the symbol editor of the SIMATIC Manager. The content of the selected block or the symbol table for selecting the address are listed in the right area. The Tags object is shown under the Communication object for the HMI device in the SIMATIC Manager. The symbol editor is the interface for the tag connection in the WinCC flexible engineering system.Creating Application Software Central tag management The integration in the STEP 7 basic software provides a decisive advantage in that it allows tags to be centrally created and maintained in the symbol table of the SIMATIC Manager. data blocks. All external tags. bit memories. etc. The tags for operator control and monitoring are created there. Doubleclicking on the Symbol column opens the connection to the SIMATIC Manager. You can navigate to the Symbols table or to the DB data blocks in the tree. 114 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . function blocks. Motor) under the data type are mapped to the corresponding data area in a data block. The offset to configured tags is derived from the structure definition. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 115 . These tags can be linked to a faceplate. for example. Note You cannot connect to a structure (instance of a UDT) in a STEP 7 data block.Creating Application Software Tags in WinCC flexible assigned to a structure (e.g. Individual elements in a structure required as tags in the screens are entered as individual tags in the tag table. MPI.. such as Ethernet. etc. Even the configuration of several subnets are supported by NetPro.Creating Application Software Central communication connection overview All network connections of the STEP 7 project are clearly displayed and can be configured in the NetPro editor. 116 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . are displayed in different colors. which is opened in the SIMATIC Manager with the menu command Options > Configure Network. This also includes the network connections of the integrated HMI operator stations. More detailed information on the topic of integrating WinCC flexible is documented in the WinCC flexible Information System. the hardware configuration for the HMI device must be checked and may have to be adapted. NetPro shows the stations and HMI devices with modules and interfaces that are specified in the hardware configuration of the STEP 7 project. Note When a WinCC flexible project is later integrated in a STEP 7 project. The hardware configuration is performed in the HW Config editor. The various network types. Profibus DP. Systems with high priority are: • • Programmable controller WinCC flexible HMIs Field devices. can continue to be recorded during power failures. UPS without serial port A UPS without a serial port is connected to the PLC. More detailed information is documented in the operating instructions for the panel.Creating Application Software 6. for example. This guarantees output voltage at all times without interference voltage. Some UPS systems offer monitoring of the line voltage in addition to buffering the power supply from the line. which usually have relatively high power consumption. To do this. it is important to include the systems for logging records in the buffering. The system operator needs to be consulted in regard to the design of the UPS. which should be specified in the URS. This should be based on the process category and selected in consultation with the system user. FS. If the power supply from the line fails. The UPS signals the power failure to the connected PLC with a digital signal. the battery of the UPS takes over the power supply. The driver for detecting and configuring the UPS is included in WinCC flexible and is installed on the HMI device through ProSave or the WinCC flexible Engineering System with the menu command Project > Transfer > Options (Uninterruptible Power Supply (UPS)). the PLC changes a tag to which the "Exit runtime" function is configured in WinCC flexible. Another selection criterion is the priority of the systems. The serial connection is used with a "SITOP DC-USV Module A" device. The following points must be considered in this regard: • • • Power consumption of the systems to be supplied Power of the UPS Desired duration of UPS buffering The power consumption of the systems to be buffered determine the size of the UPS. UPS system on panel The following options are available for connecting a UPS: • UPS with serial port A UPS with a serial port is connected directly to the HMI device. or DS. The time at which the power failure occurred should also be recorded. When the power supply from the line resumes. The PLC program must then signal the HMI device that runtime must be terminated. • • Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 117 . In any case. can be included in the buffering.13 Uninterruptible Power Supply An uninterruptible power supply (UPS) is a system for buffering the line voltage. the power supply from the UPS battery ceases and the battery begins to recharge. UPS systems are necessary so that process and audit trail data. depending on the performance capacity of the UPS. 2.18 of class 2) operate in a similar way to standby UPS systems.20 of UPS class 3) are standby or offline UPS systems.2. These have been specified by the International Engineering Consortium (IEC) under the product standard IEC 62040-3 by the European Union under EN 50091-3: Standby or offline UPS The simplest and least expensive UPS systems (according to IEC 62040-3. • • • Configuration of power failure alarms Specification of the time to elapse before the PC is shut down Specification of the duration of UPS buffering The automation system must be programmed so that the system is brought to a safe state after a specified buffer time in the event of a power failure. Due to varying requirements of individual devices. This software is installed and configured on the PC-based computer of the visualization system. Network-interactive UPS Network-interactive UPS systems (according to IEC 62040-3. They only protect against power failure and transient voltage fluctuations and peaks. They protect against power failure and transient voltage peaks and can continually compensate for voltage fluctuations using filters. They do not compensate for undervoltage or overvoltage.Creating Application Software UPS system on panel PC The use of UPS systems is a factor in the software installation. three classes have been established for the UPS context. Offline UPS systems automatically switch to battery mode when undervoltage or overvoltage occurs. 118 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . 16 of Class 1) are considered real power generators that continuously generate their own line voltage.Creating Application Software Online UPS Double conversion or online UPS systems (according to IEC 62040-3. The battery is charged at the same time.siemens. This means connected consumers are continuously supplied with line voltage without restrictions.2. A description of the quality requirement of the UPS can be found in entry ID 17241008.automation. See also (http://support.com/). Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 119 . Note Siemens provides SITOP UPS for an uninterruptible power supply. Creating Application Software 120 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Te st /Q ua lifi ca ti on Sp o ati ific ec n 121 . DS) and that all specified requirements have been met. executes. Various standard functionalities of SIMATIC WinCC flexible can be used as support in qualification during IQ and OQ. the markers in the right-hand part indicate the phase of test / qualification of the system. FS. In the schematic below. and finally evaluates all the activities necessary for this. The qualification describes.7 Support During Qualification The aim of qualification is to provide documented proof that the system was set up according to specifications (URS. structural (code review) or functional (black box test) 122 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . but also the complexity of the component to be tested. The following are defined: • • Procedures for the individual tests Test methods. various test phases are specified. basic qualification activities are defined at a very early stage of the project and fleshed out in detail during the subsequent specification phases. e.Support During Qualification 7. simulation) Note The work involved in testing should reflect not only the results of the risk analysis. Therefore. DS) are compiled. The following details are defined at the outset of the project: • • • Parties responsible for planning and performing tests and approving their results Scope of tests in relation to the individual test phases Test environment (test structure.1 Qualification Planning In defining a project life cycle.g. The individual tests are planned in detail at the same time as the system specifications (FS. printers.Support During Qualification 7. Visual inspection can be carried out at the same time. etc. The components of the employed servers and clients. monitor resolution. interfaces to third-party systems etc. The PC passport can be printed and used to verify the qualification (IQ/OQ) of the installed PC hardware. The so-called PC passport is useful for the qualification. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 123 . This includes: • • • Order number of the employed PC hardware Additionally installed hardware components (additional network adapters. Note The PC passport is written manually.) Check for the configured network addresses. the PC hardware used must be qualified. The PC passport should list all installed hardware and software components. installation location etc. etc. Some PC manufacturers provide a utility for automatic detection of the hardware information. order number.2 Qualification of the Visualization Hardware The design specification of the installed hardware is used to set up the system according to detailed specifications and adherence to these specifications should be verified during the subsequent system tests. A check is necessary to ensure that the specifications of the hardware design specification were implemented. The design specification describes all hardware used with information such as the serial number. are listed below. Qualification of the PC hardware being used If PCs are used as HMI devices. The panel type and version as well as added memory cards or network adapters need to be inspected for the hardware qualification.Support During Qualification Qualification of the panels being used The panels are preconfigured with the MS Windows CE operating system. 124 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The panel version can be read with Control Panel > OP on the panel. The network configuration can be displayed with Control Panel > Network. Support During Qualification 7.3 7.3.1 Qualification of the Visualization Software Software categorization according to the GAMP guide According to the GAMP guide, the software components of a system are assigned to one of five software categories for the purpose of validating automated systems. In terms of a computer system, this means that the individual software components require different degrees of effort for specification and testing depending on their software category. While an computer system as a whole is assigned to category 4 or even 5, the individual standard components to be installed (without configuration) can be considered as belonging to category 3 in terms of effort. The configuration part based on installed products, libraries, function blocks etc. then corresponds to category 4. If "free code" is then programmed as well, this corresponds to category 5 and involves significantly more effort for specification and testing. 7.3.2 Qualification of standard software During qualification of the standard software used, checks are made to verify whether or not the installed software meets the requirements of the specifications. These checks vary depending on the HMI device. These include: • • • Operating system SIMATIC WinCC flexible standard software Options / Add-ons (editors, standard screens, global symbol library) Note Screenshots and printouts from tools such as those described below can be used to verify the qualification (IQ/OQ) and to document that the requirements defined in the specification have been met. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 125 Support During Qualification Operating system Panel: (Windows CE operating system and WinCC flexible RT software are installed) The installed software can be verified by operating system functions. The information can be found in Control Panel > System. The version of the operating system is displayed here. PC: • • • • Operating system SIMATIC WinCC flexible PC RT software SIMATIC WinCC add-ons (for example PM-QUALITY, PM-CONTROL) Standard libraries The installed software can be verified by operating system functions. The information can be found in Control Panel > Add or Remove Programs. All installed software components are displayed here. A screenshot can be printed and used for the qualification (IQ/OQ). 126 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Support During Qualification System programs of SIMATIC WinCC flexible In an environment requiring GMP, documentation must be produced for every PC used as an HMI device describing the installed software packages (operating system, SIMATIC products, additional applications) with version and license. Detailed documentation of the installed SIMATIC software can be found in Programs > SIMATIC > Product notes > Installed software. Information about the installed software and the products, options, etc., can also be called up from the WinCC flexible Engineering System. To do this, select the menu command Options > Version Management > Installed Software in WinCC flexible. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 127 Select the partition in the left area of the Explorer bar to select the licenses for display. HMI device) and on the panel. select the menu command Programs > SIMATIC > License Management to open the Automation License Manager. 128 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . A connection must be made to the Automation License Manager to display the licenses on the panel.Support During Qualification Installed licenses of SIMATIC WinCC flexible The Automation License Manager program provides information on the licenses installed on the PC (Engineering System. The installed licenses are listed in the right area. This can be done either by selecting the menu command Project > Transfer > License Key in the WinCC flexible Engineering System or the menu command Edit > Connect Target System > Connect HMI Device in the Automation License Manager application when it is operated stand-alone. To obtain the information. 3.) Checking process tag names Checking the visualization structure (P&I representation) Checking the operator input philosophy (access control.Support During Qualification 7. graphs Checking time synchronization Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 129 . user rights) Checking logging concepts (circular logs. MES systems etc. These test descriptions must be created individually for the software design specifications. unit. As a minimum. group rights. Test descriptions (for example for FAT/SAT) must be agreed with the user and generated. completed. interlocks.) Software module test (typical test) Check of the communication to other nodes (third-party controllers. checks are necessary to ensure that the requirements of the software design specification were implemented. the following must be checked and tested and can be used as a reference for the qualification: • • • • • • • • • • • • • • • Checking the name of the application software Checking the plant hierarchy (process cell. equipment module.) Checking all inputs and outputs Checking all control modules (control-loop level) Checking all equipment phases and equipment operations (equipment phases) Checking the relationships between modes (MANUAL/AUTOMATIC switchovers. start. long-term alarm lists) Checking the alarm concept Checking trends. single control element.3 Qualification of the Application Software During qualification of the application software. etc. aborting. held. running. etc. This documentation provides support during qualification of the application software. 130 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 .Support During Qualification Reports on the application software The entire application software created with the WinCC flexible Engineering System or selected parts of it can be printed out as part of the documentation. The comments for the version projects should be as descriptive as possible to help you later assign the version projects to the corresponding automation stations. The new version states are stored under the object Version Management > Project Versions.Support During Qualification 7. the project from which the new version is to be created must be open. Note The project is always versioned in its entirety.4 Checking the Configuration: Versioning and Archiving Projects Versioning projects with "ChangeControl" WinCC flexible projects not integrated in STEP 7 are versioned with the versioning function of the ChangeControl option. To create a new project version. This includes all configured HMI devices. For example.g. A project version is a copy of a project at a defined point in time. the comments can contain information about the reason for the logging. FAT. Note We recommend only the trunk for versioning with the ChangeControl option to ensure you are always working with the latest version of the project. The various HMI devices in the project therefore always have the same project version. A new version is saved on a new branch when the current project version is not the highest one on the trunk or branch. The saved project version contains the entire project engineering. It makes sense to increment versions only for specific events or major changes (e. objects and the change log. for example at the beginning of a qualification phase or after a change has been made to the application software. A new project version is saved on the trunk when the current version is the highest one on the trunk. etc. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 131 . To register a separate project version for each HMI device. a project containing exactly one HMI device is created and then saved in the versioning. SAT). Support During Qualification 132 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . Double-click Version Management > Change Log in the project window to open the change log. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 133 . You should check whether the change log is actually needed during development or whether it is only required for changes made to an accepted project. You can enable and disable the change log with the menu command Options > Version Management. the time changes are made and supplements this information with automatic comments. for example. the change log is closed and saved with the project version. advanced project phase without gaps. This documents changes to a specific. regardless of the user or the changes made.Support During Qualification 7. The change log displays configuration changes made in the project. all changes to a project version. It records who changes specific objects and object properties. All changes to the project configuration data are logged.5 Tracking Configuration Changes The change log is enabled to record changes between two versions of a project. Note To open the change log of an older project version. first open the required project version in version management. Note The activated change log places a load on the performance of the system and increases the data volume in the project. When a new project version is created. The change log is always activated only for a specific project. A new change log is activated for the new project version. The name of the user logged on in Windows is recorded. Support During Qualification 134 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 8 8.1 Operation, Maintenance and Servicing Diagnostics of Communication Connections System events supported in WinCC flexible in the diagnostics of communications connections. The HMI device or the PLC triggers a system event if a certain system status or an error occurs in one of the devices or during communication between the devices. The following system events are generated: • • HMI system events depending on the HMI device type System alarms by the PLC A system event consists of a number and the event text. The event text can also include system tags that specify the cause of the error messages in greater detail. Device-specific HMI system events are listed in the manual of the relevant HMI device. The system events that can be generated and a description of the possible causes are listed in the WinCC flexible Information System under Working with WinCC flexible > Reference > System alarms. 8.2 Operational Change Control It is essential that all changes made to validated, operational plants are planned in consultation with the plant user, documented, and only performed and tested once they have been approved. Changes in the WinCC flexible project should not generally be made during ongoing operation. The effects of the changes to other parts of a WinCC flexible application and the resulting tests must be specified as the basis of a risk assessment and documented. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 135 Operation, Maintenance and Servicing The following sections describe how to make changes to a WinCC project during operation based on examples. 1. Initiation and approval of change specification by plant user 2. Description of the software change (e.g. FS) 3. Back up of the current WinCC flexible project 4. Implementation of software change based on the new version The Change Control option records changes in the engineering in a change log. Versions of the project software are also managed. 5. Test of changes including documentation (e.g. FAT) 6. Back up of the modified WinCC project with versioning 136 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 documentation) must be saved at the defined point. To retrieve the data. The backed up data (medium) and all the materials needed for the restoration (basic system. Restoring the operating system and installed software The operating system and installed software are restored by loading the corresponding images (see Section 6. Restoring application software with WinCC flexible PC Runtime How application software is restored on the PC / panel PC depends on the available backup. upgrades and hot fixes also installed. the installation has to be run again from scratch. the corresponding backup status is selected and the action started using the De-archive button.1 "Backing up application software from the engineering system" • • Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 137 . Maintenance and Servicing 8. loading software.9.3 Restoring the System The procedure described in this section should enable the end user to restore the WinCC flexible system after a disaster.9 “Backups of System / Application Software"). The documentation that contains descriptions of the installed software and the updates. in case the backup was created this way Retrieving data from a manually created backup version Manually backed up WinCC flexible application software is copied back. Disasters are taken to mean the following cases: • • • Damage to the operating system or installed programs Damage to the system configuration data or configuration data Loss or damage to runtime data The system is restored using the saved data. • Retrieving data using the Version Trail software (STEP 7 project) Version Trail lists all backup statuses with major and minor version and time stamp. There must be a Disaster Recovery Plan which must be checked on a regular basis. Retrieving via the Software “ProSave”. If a PC with an identical configuration is not available. The instructions provided by the relevant tool manufacturer should be followed. Adhere to the installation sequence described in section 1.Operation. see Section 6. can be used to qualify the software. An image can only be restored on a PC with identical hardware. including any existing license keys. Maintenance and Servicing Restoring the runtime data Runtime data such as the content of the circular buffers of tags and alarm logs not yet transferred to a network drive may be lost if a disaster occurs. such as a CF card. Note For Windows CE devices.Operation. 138 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . The extent of the data loss can be minimized by transferring the data regularly to archives. Restoring the application software for a panel A panel is completely reloaded by restoring the operating system and project data. refer to the appropriate device manuals. a backup/restore can be performed by backing up the data directly from the device to an external storage medium. For additional information. A restore is transferred to the panel with the menu command Project > Transfer > Restore. Note All existing records on the panel are deleted. automation. Similar to the description found in Section 8. operational plant are agreed with the user.siemens. Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 139 .9 9. An update such as this represents a system change. the following may be relevant: • • • • • • Process screens / objects / alarm system and process value logging in function and display Interfaces Effects during download System performance Documentation (specifications) Qualification tests to be repeated or performed for the first time Note The SIMATIC Customer Support at http://support. based on the risk assessment Approve/reject the change (in accordance with defined responsibilities) Update technical documentation Execute the change in accordance with manufacturer documentation (as the plant has been released for it) Document the activities performed Qualification: Carry out and document the necessary tests • • • • • • • In considering possible influences.2. which must be planned and executed in accordance with the applicable change procedure.1 System Updates and Migration Updates. this roughly translates to the following steps: • • Describe the planned change Effects on functions / plant units / documentation inclusion of the system description of the new and modified functions in the readme file/release notes Assess risks Define the tests which need to be performed to obtain validated status. Service Packs and Hotfixes It is essential that system software updates for a validated.com provides support for software updates and project migration. In this context. defined plant stoppages (usually as brief as possible). The validation effort is decided in consultation with the plant operator. Migration often means changing from another system to SIMATIC. possible checkpoints are mainly the activities required for migration of the project data and the new functions available in WinCC flexible.2 Migration of the Application Software Due to obsolete system components that are no longer supported. 140 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 . such as the basis which is already installed and on which the migration is to take place. etc.System Updates and Migration 9. A customized migration strategy is designed. Note The situations in which migration or conversion of the project data becomes necessary are described in the WinCC flexible Information System of the new WinCC flexible version in the section Readme > Migration. When migrating internally within SIMATIC. migration means the change to a later technical generation or a change of system to another technical basis. the topic of migration is becoming more and more important. taking the necessary qualification measures into account and based on the relevant general conditions. Even when changing to a higher version within the WinCC flexible system software. it may be necessary to migrate or convert the data of the project created with an earlier version. .......................................13 G GAMP...54 PM-Quality............11 Local data logging ........................................................................................19 Graphics ................17 NotifyUserAction system function..........................................................operating system and SIMATIC WinCC flexible .................................... 31 Batch data...... 14 FDA..................................................59 E Electronic signature ...... 29 Batch documentation ..........................42 Project Manager ........................................... 21..................................... 105 Backing up logs........................ 24 I Interfacing SIMATIC S7............... 76 M Maintenance.............. 27..................................................................16 Functional Specification..............................................................................60 N NAMUR ................................ 17 GAMP Good Practice Guide................................ 29 Biometric systems.... 16.............................................................................. 104 Archiving ... 86 Design Specification ............................................... 21 Configuration Management......................59 Project settings.............................. 28.................................... 133.................................................................... 87 Application software backup ............................................ 93.......... 45.......................................40 L Life cycle model.......................................................43 Password..............79 D Data logging................................................................19 B Backing up ...29 Migration...............................................................55 C Change control.......... 14 P Panel PCs ......................................................................................... 24........72 H Hardware categorization....................... 16 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 Index-1 ...................................... 77 Audit trail .. 23........................................................Index A Access security ......... 33 Backup............................................ 73 FAT ........................................................89 Logon monitoring...16.......................... 131 Creating process screens ............... 99 Printer driver.................................................................................................................................................... 55 Alarm logs .................... 77 FDA 21 CFR Part 11 ................................................................... 31.......... 135 Manufacturing log ........ 52 Access security ...................... 135 Configuration control..... 25 Engineering................ 20......................................................................... 39............................. 90 Account Lockout Policies ........setting up ..................... 75 Access security ...................................................... 39....................................................................................................... 40 Data logs.................................................................... 26 Password Policies ......................... 21 Configuration identification................................. 72 Creating scripts ............... 140 Multilingual projects ......... 39 EU GMP Guide ...... 89 Backing up process data. 17 F Faceplates in conjunction with structure tags ...... 131 Audit trail ..........................17 GMP requirements ............................ 111 Interfacing to higher-level IT systems .........43 Panels ........ ............................ 27............. 125 Qualification plan . 15 Quality and project plan ............... 123 Qualification of the visualization software ........34 Time synchronization. 80 Recipe management...................13 S SAT.......... 139 User administration ................Index Q Qualification .......................................46 User ID ....................................................................... 85 Recipe view .............................. 54 Setting up data and alarm logs ...... 39 U Uninterruptible power supply ........................ 26 User Requirements Specification ...............12 Validation report ................................ 60 Smart card ........................................................... 131 Index-2 Guidelines for Implementing Automation Projects in a GMP Environment A5E02147610-01 ............................ 117 Updates............................................... 49........................ 86 SIMATIC NET ..................... 84 Reporting .............................. 72 Security Settings ....... service packs.................................................................................. 24 V Validation plan................ hotfixes ......... 45 User groups...............................................................Project ....................... 13... project library.......... global library ..............22 R Recipe configuration ........... 24........... 33 Runtime software ............................. 14 Screen navigation ....................................... 21.... 51...................................... 12 Qualification report............................ 29..... 18 Software categorization ........... 23................................................................................................................ 39 Versioning ............................ 20.....15 Versioning ............................... 61 Typicals ..............................................................14 T Third-party components.......... 125 Specification ......... 39 Recipe screen ................................................................. 13.......................... 15 Qualification of the visualization hardware......................72 System creation........ 35 Symbol library............................................................. 40 Retrieving archived data .........................
[email protected] www.com/simatic-wincc-flexible .A5E02147610-01 Siemens Aktiengesellschaft Automation and Drives Competence Center Pharmaceuticals 76181 KARLSRUHE GERMANY pharma.siemens.