GMP Engineering Manual - · PDF fileThis manual is intended for all plant operators, those responsible for industry-specific system con-cepts, project managers and programmers,

GMP Engineering Manual

SIMATICSIMATIC WinCC (TIA) V11Guidelines for Implementing Automation Projects in a GMP Environment

09/2012Edition

Answers for industry.

C

M

Y

CM

MY

CY

CMY

K

WinCC_GMP_U1_EN.ai 1 14.09.2012 12:27:00WinCC_GMP_U1_EN.ai 1 14.09.2012 12:27:00

SIMATIC

SIMATIC WinCC (TIA) V11GMP Engineering Manual

Guidelines for Implementing Automation Projects in a GMP Environment

09/2012 A5E31420596-AA

Introduction

Configuring in a GMP Environ-ment

1

Requirements for Computer Sys-tems in a GMP Environment

2

System Specification

3

System Installation and Basic Configuration

4

Project Settings and Definitions

5

Configuration for WinCC RT Pro-fessional

6

Configuration for WinCC Comfort / WinCC RT Advanced

7

Support for Verification

8

Operation, Maintenance and Ser-vicing

9

System Updates and Migration

10

Siemens AG Industry Sector I IA VSS Pharma 76187 Karlsruhe GERMANY

A5E31420596-AA Ⓟ 10/2012 Technical data subject to change

Copyright © Siemens-AG 2012. All rights reserved

Legal information Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens products Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and main-tenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and soft-ware described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual 09/2012, A5E31420596-AA 3

Introduction

Purpose of the manual

This manual describes what is required, from the pharmaceutical, regulatory viewpoint in Good Manufacturing Practice (short: GMP view), of a computer system, its software, and the pro-cedure for configuring such a system. The relationship between the requirements and implementa-tion is explained based on practical examples.

Target groups

This manual is intended for all plant operators, those responsible for industry-specific system con-cepts, project managers and programmers, servicing and maintenance personnel who use the automation and process control technology in the GMP environment.

Basic knowledge required

Basic knowledge of SIMATIC WinCC is required to understand this manual. GMP knowledge as practiced in the pharmaceutical industry is also beneficial.

Disclaimer

This manual is a guide for system users and project engineers for integrating SIMATIC WinCC in the GMP environment, with regard to validation, also taking into account the specific requirements of international regulatory bodies and organizations, such as 21 CFR Part 11.

We have verified that the contents of this document correspond to the hardware and software de-scribed. However, since deviations cannot be precluded entirely, we cannot guarantee full consis-tency. The information in this document is checked regularly for system changes or changes to the regulations of the various organizations and necessary corrections will be included in subsequent issues. We welcome any suggestions for improvement, which can be directed to the I IA VSS Pharma in Karlsruhe (Germany).

Introduction

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual 4 09/2012, A5E31420596-AA

Validity of the manual

The information in this manual has been evaluated for SIMATIC WinCC (TIA Portal) V11 SP2 and is exemplary for the components

• Server/client system configured with the engineering software SIMATIC WinCC Professional

• Panel TP1200, configured with the engineering software SIMATIC WinCC Comfort

with the option WinCC Recipes, WinCC WebNavigator and WinCC Audit as well as WinCC Pre-mium Add-ons PM-CONTROL, PM-QUALITY, and PM-OPEN IMPORT. Information regarding the exact compatibility between the various components is contained in the catalog CA 01.

The catalog can be found on the Internet at www.siemens.com/automation/ca01. A list relating to the compatibility of different product versions is available at http://support.automation.siemens.com/DE/view/de/21927773.

Any questions about the compatibility of the Premium Add-ons for SIMATIC WinCC should be ad-dressed directly to the suppliers, see http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/wincc-addons/Pages/Default.aspx.

Position in the information landscape

The system documentation of the SIMATIC WinCC (TIA Portal) control and monitoring system is an integral part of the system software. It is available to the every user as online help (HTML help) or as electronic documentation in PDF format.

This manual supplements the existing SIMATIC WinCC manuals. The guidelines herein are not only useful during configuration, they also provide an overview of the requirements for configuration and what is expected of computer systems in a GMP environment.

Structure of this manual

The regulations and guidelines, recommendations and mandatory specifications are explained, that provide the basis for configuration of computer systems.

All the necessary functions and requirements for hardware and software components are also de-scribed; this should make the selection of components easier.

Based on examples, the use of hardware and software is explained and how they are configured or programmed to meet the requirements. Further explanations can be found in the standard docu-mentation.

http://www.siemens.com/automation/ca01�

http://support.automation.siemens.com/DE/view/en/21927773�

http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/wincc-addons/Pages/Default.aspx�

http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/wincc-addons/Pages/Default.aspx�

Introduction


Additional support

Contact your local Siemens representative and offices if you have any questions about the prod-ucts mentioned in this manual and do not find the right answers.

Find your contact partner at: http://www.siemens.com/automation/partner

You can access technical documentation for various SIMATIC products and systems at: http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manual-overview/tech-doc-hmi/Pages/Default.aspx

The online catalog and the online ordering system are available at: http://mall.automation.siemens.com/

For questions about this manual, please contact I IA VSS Pharma: Email: [email protected]

You can find additional information about the products, systems and services from Siemens for the pharmaceutical industry at http://www.siemens.com/pharma

Training centers

We offer various courses to help you get started with SIMATIC WinCC (TIA Portal). Please contact your regional training center or the central training center in 90327 Nuremberg, Germany.

Internet: http://www.sitrain.com

Technical support

You can contact the Technical Support for all I IA&DT products using the web form for Support Re-quest: http://www.siemens.com/automation/support-request

as well as the Center of Competence for WinCC in Mannheim for the mentioned WinCC Premium Add-ons at Email: [email protected]

You will find more information about our technical support on the Internet at http://www.siemens.com/automation/service&support

For example:

• FAQs, technical manuals, etc. under “Product Support”

• Examples of applications, performance, etc. under “Applications and Tools”

http://www.siemens.com/automation/partner�

http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manual-overview/tech-doc-hmi/Pages/Default.aspx�

http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manual-overview/tech-doc-hmi/Pages/Default.aspx�

http://mall.automation.siemens.com/�

mailto:[email protected]�

http://www.siemens.com/pharma�

http://www.sitrain.com/�

http://www.siemens.com/automation/support-request�

mailto:[email protected]�

http://www.siemens.com/automation/service&support�

Introduction


Online service & support

In addition to our documentation, we offer our comprehensive knowledge base online at:

http://www.siemens.com/automation/service

You will find the following under "Services"

• The newsletter that provides you with latest information relating to your product

• The right documents for you, using our Service & Support search engine

• A bulletin board in which users and specialists worldwide exchange their know-how

• Your local Siemens representative

• Information about on-site services, repairs, spare parts, and lots more

http://www.siemens.com/automation/service�


Table of Contents

1 Configuring in a GMP Environment.........................................................................................................11 1.1 Regulations and guidelines.....................................................................................................11 1.2 Life cycle model ......................................................................................................................12 1.3 Responsibilities .......................................................................................................................13 1.4 Approval and change procedure.............................................................................................13 1.5 Risk-based approach..............................................................................................................13

2 Requirements for Computer Systems in a GMP Environment .............................................................15 2.1 Categorization of hardware and software...............................................................................15 2.2 Test effort depending on the categorization ...........................................................................15 2.3 Change and configuration management ................................................................................16 2.4 Software creation....................................................................................................................16 2.5 Access control and user administration..................................................................................17 2.5.1 Application of access control to a system...............................................................................17 2.5.2 Requirements for user IDs and passwords ............................................................................17 2.6 Requirements for electronic records.......................................................................................18 2.7 Electronic signatures...............................................................................................................18 2.8 Audit trail .................................................................................................................................19 2.9 Reporting batch data ..............................................................................................................19 2.10 Archiving data .........................................................................................................................19 2.11 Data backup............................................................................................................................20 2.12 Retrieving archived data .........................................................................................................20 2.13 Time synchronization..............................................................................................................20 2.14 Use of third-party components................................................................................................20

3 System Specification ................................................................................................................................21 3.1 Selection and specification of the hardware ...........................................................................22 3.1.1 Selecting the hardware components ......................................................................................22 3.1.2 Hardware specification ...........................................................................................................23 3.2 Security of the plant network ..................................................................................................23 3.3 Specification of the basic software .........................................................................................24 3.3.1 Basic software for user administration....................................................................................25 3.3.2 Basic software engineering.....................................................................................................26 3.3.3 Basic software operating level ................................................................................................27 3.3.4 Data archiving .........................................................................................................................28 3.3.5 Report generation / reporting..................................................................................................29 3.4 Specification of the application software.................................................................................29 3.5 SIMATIC additional software ..................................................................................................30 3.5.1 WinCC Premium Add-ons.......................................................................................................30 3.5.2 Interfaces to process data ......................................................................................................32 3.5.3 Connection to host systems....................................................................................................33 3.6 Utilities and drivers..................................................................................................................34 3.6.1 Printer driver ...........................................................................................................................34 3.6.2 Virus scanner ..........................................................................................................................34 3.6.3 Image & partition tools ............................................................................................................34

Table of Contents


4 System Installation and Basic Configuration.........................................................................................35 4.1 Installation of the operating system ........................................................................................35 4.2 Installation of SIMATIC components ......................................................................................36 4.2.1 Installation of the SIMATIC WinCC engineering software ......................................................36 4.2.2 Installation of the SIMATIC WinCC RT runtime software .......................................................36 4.2.3 Options for SIMATIC WinCC ..................................................................................................37 4.2.4 Setting up long-term archiving ................................................................................................37 4.3 Setting up user administration ................................................................................................38 4.3.1 User administration with SIMATIC Logon...............................................................................38 4.3.2 Security settings in Windows ..................................................................................................39 4.3.3 Configuration of SIMATIC Logon............................................................................................40 4.3.4 User administration without SIMATIC Logon..........................................................................42 4.3.5 Local SIMATIC user groups....................................................................................................44 4.4 Administration of user rights ...................................................................................................45 4.5 Access control at the operating system level..........................................................................46 4.5.1 Startup characteristics ............................................................................................................46 4.5.2 Blocking the operating system level during ongoing operation ..............................................49 4.6 Data and information security .................................................................................................51

5 Project Settings and Definitions ..............................................................................................................53 5.1 Project setup ...........................................................................................................................53 5.1.1 Creating a new project ............................................................................................................53 5.1.2 Migration of existing projects ..................................................................................................54 5.1.3 Working with multi-language projects .....................................................................................54 5.1.4 HMI device wizard...................................................................................................................55 5.1.5 GMP project setting in the Audit option ..................................................................................55 5.2 Object-oriented configuration..................................................................................................56 5.2.1 Master copies and types .........................................................................................................56 5.2.2 Faceplates...............................................................................................................................57 5.2.3 Screen window........................................................................................................................57 5.2.4 User data type.........................................................................................................................57 5.2.5 Project functions in the form of scripts....................................................................................58 5.2.6 Libraries ..................................................................................................................................58 5.3 Time synchronization ..............................................................................................................59 5.3.1 Concepts for WinCC RT Professional ....................................................................................59 5.3.2 Concepts for panels and HMI devices with WinCC RT Advanced .........................................60 5.3.3 Time stamping.........................................................................................................................62 5.4 Configuration management.....................................................................................................63 5.5 Versioning application software ..............................................................................................64 5.5.1 Versioning of screens .............................................................................................................64 5.5.2 Versioning of faceplates..........................................................................................................66 5.5.3 Versioning of VB / C scripts ....................................................................................................67 5.5.4 Versioning of reports...............................................................................................................68

6 Configuration for WinCC RT Professional..............................................................................................69 6.1 Creating the graphic user interface.........................................................................................69 6.2 Creating operator input alarms ...............................................................................................70 6.3 User-specific functions and scripts .........................................................................................73 6.4 Audit trail .................................................................................................................................75 6.5 Configuration for electronic signature .....................................................................................78 6.6 Recipe control .........................................................................................................................78 6.6.1 WinCC option"Recipes" ..........................................................................................................78 6.6.2 WinCC Premium Add-on PM-CONTROL ...............................................................................79

Table of Contents


6.7 Electronic recording and archiving of data .............................................................................80 6.7.1 Specifying the data to be archived..........................................................................................80 6.7.2 Recording and archiving .........................................................................................................81 6.7.3 Archiving batch data with PM-QUALITY.................................................................................82 6.7.4 Increased availability for data archiving..................................................................................83 6.8 Reporting ................................................................................................................................83 6.8.1 Reporting of process and production data..............................................................................83 6.8.2 Batch-based reporting with PM-QUALITY..............................................................................84 6.9 Monitoring the system.............................................................................................................86 6.9.1 Diagnostics of communication connections............................................................................86 6.9.2 Memory space view ................................................................................................................86 6.10 Data communication with the plant control level ....................................................................87 6.11 Connection to Web client........................................................................................................88 6.11.1 Setting the user rights on the WinCC server ..........................................................................88 6.11.2 Remote access via the network..............................................................................................89 6.11.3 Web access for data display...................................................................................................91 6.12 Interfaces to SIMATIC WinCC ................................................................................................92 6.12.1 Connection from SIMATIC S7 ................................................................................................92 6.12.2 Connection to other components and third-party suppliers....................................................93

7 Configuration for WinCC Comfort / WinCC RT Advanced ....................................................................95 7.1 Creating the graphic user interface.........................................................................................95 7.2 Creating operator input alarms ...............................................................................................95 7.3 User-specific functions and scripts .........................................................................................98 7.4 Audit trail .................................................................................................................................98 7.5 Configuration for electronic signature ...................................................................................101 7.6 Recipe control .......................................................................................................................102 7.6.1 WinCC option "Recipes" .......................................................................................................102 7.6.2 WinCC Premium Add-on PM-CONTROL .............................................................................104 7.7 Electronic recording and archiving of data ...........................................................................104 7.7.1 Specifying the data to be archived........................................................................................104 7.7.2 Recording and archiving .......................................................................................................105 7.7.3 Archiving batch data with PM-QUALITY...............................................................................106 7.7.4 Connection to a network drive with access control...............................................................107 7.8 Reporting ..............................................................................................................................109 7.8.1 Output of process and production data.................................................................................109 7.8.2 Batch-based reporting with PM-QUALITY............................................................................110 7.9 Monitoring the system...........................................................................................................111 7.9.1 Diagnostics of the communication link..................................................................................111 7.10 Interfaces ..............................................................................................................................112 7.10.1 Connection from SIMATIC S7 ..............................................................................................112 7.10.2 Connection to other components and third-party suppliers..................................................112 7.10.3 Connection to SIMATIC WinCC RT Professional.................................................................112

8 Support for Verification ..........................................................................................................................115 8.1 Test planning ........................................................................................................................116 8.2 Verification of hardware ........................................................................................................116 8.3 Verification of software .........................................................................................................118 8.3.1 Software categorization according to GAMP Guide .............................................................118 8.3.2 Verification of software products...........................................................................................119 8.3.3 Verification of the application software .................................................................................122 8.4 Documentation of the project data........................................................................................122 8.5 Configuration control.............................................................................................................125 8.5.1 Project versioning .................................................................................................................125

Table of Contents


8.5.2 Change control of the configuration data..............................................................................125 8.6 Backing up the operating system and SIMATIC WinCC ......................................................126

9 Operation, Maintenance and Servicing .................................................................................................127 9.1 Operation and monitoring .....................................................................................................127 9.2 Operational change control...................................................................................................127 9.3 System restoration ................................................................................................................128 9.4 Uninterruptible power supply (UPS) .....................................................................................129

10 System Updates and Migration..............................................................................................................131 10.1 Updates of system software..................................................................................................131 10.2 Migration of the application software ....................................................................................132

Index ...................................................................................................................................................................133


1 Configuring in a GMP Environment

As a prerequisite for configuring computer systems in the GMP environment, approved specifica-tions must be available. Requirements contained in standards, recommendations, and guidelines must be followed during the preparation of these specifications as well as during the implementa-tion and operation of computer systems. This chapter deals with the most important sets of regula-tions and explains some of the basic ideas.

1.1 Regulations and guidelines The regulations, guidelines and recommendations of various national and international authorities and organizations must be observed when configuring computer systems requiring validation in the GMP environment. Where computer systems are involved, the following are of particular signifi-cance:

Name (author)

Title Scope

21 CFR Part 11

(U.S. Food and Drug Administra-tion, FDA)

Electronic Records, Electronic Signatures

Law/regulation for manufacturers and im-porters of pharmaceutical products for the U.S. market

Annex 11 of the EU GMP Guide-lines

(European Commission)

Computerised systems Binding directive within the European Union for implementation into relevant national legislation

GAMP5

(ISPE)

A Risk-Based Approach to Compliant GxP Computerized Systems

Guideline with worldwide validity as recom-mendation

Configuring in a GMP Environment


1.2 Life cycle model A central component of Good Engineering Practice (GEP) is the application of a recognized project methodology, based on a defined life cycle. The aim is to deliver a solution known as the risk-based approach that meets the relevant requirements.

GAMP5 approach

The following figure shows the general approach of GAMP5 for the development of computerized systems. It begins with the planning phase of a project and ends with the start of pharmaceutical production following completion of the tests and reports.

The lifecycle approach illustrated here is known as the generic model in GAMP5. With this as the basis, we will introduce several examples of lifecycle models for a variety of "critical" systems with different stages of specification and verification phases.

Once production has started, the system lifecycle continues until decommissioning.

Siemens Validation Manual

Based on the recommendations of the GAMP Guide, Siemens has produced a "Validation Manual". This provides internal project teams with general information and concrete templates to help spec-ify the validation strategy for a project. There are templates not only for project planning documents but also for system specification and test documentation. In contrast to this GMP Manual, the Sie-mens Validation Manual is for internal Siemens use only.



1.3 Responsibilities Responsibilities for the activities included in the individual life cycle phases must be defined when configuring computer systems in a GMP environment and creating relevant specifications. As this definition is usually laid down specific to a customer and project, and requires a contractual agree-ment, it is recommended to integrate the definition into the Quality and Project Plan.

See also

• GAMP5 Guide, Appendix M6 "Supplier Quality and Project Planning"

1.4 Approval and change procedure When new systems requiring validation are set up or when existing systems requiring validation are changed, a top priority is to achieve and maintain the validated status, which means ensuring the traceability of the steps undertaken.

Before setting up or modifying a system, it is therefore necessary to plan, document and obtain the customer’s approval of the pending steps in terms of functionality and time.

1.5 Risk-based approach Both the U.S. agency FDA ("Pharmaceutical cGMPs for the 21st Century Initiative", 2004) and the industry association ISPE/GAMP ("GAMP5" Guide, 2008) recommend a risk-based approach to the validation of systems. This means that whether and to what extent a system should be vali-dated depends on its complexity and its influence on the product quality.




2 Requirements for Computer Systems in a GMP En-vironment

This chapter describes the essential requirements an automated system in the GMP environment must meet regarding the use of computerized systems. These requirements must be defined in the specification and implemented during configuration. In case of subsequent changes or interven-tions in the system, reliable evidence must be provided at all times, regarding who, at what time, and what was changed or implemented. The requirements for this task are implemented in various functions and described in the following chapters.

Note

This chapter describes the general requirements for computerized systems. How to meet these requirements with a specific system is dealt with starting at chapter 3.

2.1 Categorization of hardware and software

Hardware categorization

According to the GAMP Guide, hardware components of a system fall into two categories "standard hardware components" (category 1) and "custom built hardware components" (category 2).

Software categorization

According to the GAMP Guide, the software components of a system are divided into various soft-ware categories. These range from commercially available and preconfigured "standard" software products that are only installed to configured software products and customized applications ("pro-grammed software").

2.2 Test effort depending on the categorization The effort involved in validation (specification and testing) is much greater when using configured and, in particular, customized products compared to the effort for standard products (hardware and/or software). The overall effort for validation can therefore be significantly reduced by exten-sive use of standard products.

Requirements for Computer Systems in a GMP Environment


2.3 Change and configuration management All the controlled elements of a system should be identified by name and version and any changes made to them should be checked. The transition from project phase to the operational procedure should be decided in good time.

The procedure includes, for example:

• Identification of the elements affected

• Identification of the elements by name and version number

• Change control

• Control of the configuration (storage, release, etc.)

• Periodic checks of the configuration

See also

• GAMP5 Guide, Appendix M8 "Project Change and Configuration Management"

2.4 Software creation Certain guidelines must be followed during software creation and documented in the Quality and Project Plan (according to Good Engineering Practice, short GEP). Guidelines for software creation can be found in the GAMP Guide as well as the relevant standards and recommendations.

Use of type/instance concepts and copy templates

While the validation of standard software only calls for the software name and version to be checked, customized software validation requires the entire range of functions to be checked and a supplier audit to be performed.

Therefore, to keep validation work to a minimum, preference should be given to standardized blocks during configuration (products, in-house standards, project standards). From these, custom-ized types and templates are created and tested according to the design specifications.

Identification of software modules / types / copy templates

During software creation the individual software modules must be assigned a unique name, a ver-sion, and a brief description of the module.

Changes to software modules / types / copy templates

Changes to software modules should be appropriately documented. Apart from incrementing the version identifier, the date and the name of the person performing the change should be recorded, when applicable with a reference to the corresponding change request/order.



2.5 Access control and user administration To ensure the security of computer systems in the GMP environment, such systems should be equipped with an access control system. In addition to physical access control, access control sys-tems protect computer systems against unauthorized access. Users are assembled into groups, which are then used to manage user permissions. Individual users can be granted access authori-zation in various ways:

• Combination of unique user ID and password, see also chapter 2.5.2 "Requirements for user IDs and passwords"

• Smart cards together with a password

• Evaluation of biometrics

2.5.1 Application of access control to a system

In general, actions that can be performed on a computer system must be protected against unau-thorized access. Depending on a user’s particular field of activities, a user can be assigned various permissions. Access to user administration should only be given to the system owner or to a very limited number of employees. Furthermore, it is absolutely essential that unauthorized access to electronically recorded data is prevented.

The use of an automatic logout function is advisable and provides additional access protection. This does not, however, absolve the user from the general responsibility of logging off when leav-ing the system. The automatic logout time should be agreed with the user and defined in the speci-fication.

Note

Only authorized persons should be allowed access to PCs or to the computer system. This can be supported by appropriate measures such as mechanical locking and through the use of hardware and software for remote access.

2.5.2 Requirements for user IDs and passwords

User ID

The user ID for a system must be of a minimum length defined by the customer and be unique within the system.

Password

When defining passwords, a minimum number of characters and the expiry period for the password should be defined. In general, a password should comprise a combination of characters that meet the minimum length requirement as well as at least three of the criteria listed below.

• Use of uppercase letters

• Use of lowercase letters

• Use of numerals (0-9)

• Use of special characters

The configuration is described in chapter 4.3 "Setting up user administration".



2.6 Requirements for electronic records The following requirements additionally apply to the use of electronic records for relevant data:

• The system must be validated.

• Only authorized persons must be able to enter or change data (access control).

• Changes to data or deletions must be recorded (audit trail).

• Relevant electronic records for long-term archiving must be stored securely and kept available for their retention period.

• The initials and signatures required by the regulations must be implemented as electronic sig-natures.

• "Relevant" production steps/processes, "significant" interim stages, and "major" equipment must be defined in advance by the person responsible from a pharmaceutical perspective. This definition is often process-specific.

• If an electronic manufacturing report is used, its structure and contents must match the struc-ture and contents of the manufacturing formula / processing instructions. As an alternative, the manufacturing instructions and report can also be combined in one document.

See also

• EU GMP Guidelines chapter 4.9 and Annex 11

• 21 CFR Part 11 "Electronic Records, Electronic Signatures", U.S. FDA

2.7 Electronic signatures Electronic signatures are computer-generated information, which acts as the legally binding equiva-lent of a handwritten signatures.

Regulations concerning the use of electronic signatures are defined, for example, in US FDA 21 CFR Part 11.

Electronic signatures are relevant in practice, for example, for manual data inputs and operator in-terventions during runtime, approval of process actions and data reports, and changes to recipes.

Each electronic signature must be uniquely assigned to one person and must not be used by any other person.

Note

During the production of all drugs and medical devices which enter the U.S. market, the FDA regu-lations must be met; this also refers to 21 CFR Part 11 with respect to electronic signatures.

Conventional electronic signatures

If electronic signatures are used that are not based on biometrics, they must be created so that persons executing signatures must identify themselves using at least two identifying components. This also applies in all cases where a smart card replaces one of the two identification compo-nents. These identification components can, for example, be a user ID and a password. The identification components must be assigned uniquely and must only be used by the actual owner of the signa-ture.



Electronic signatures based on biometrics

An electronic signature based on biometrics must be created in such a way that it can only be used by one person. If the person making the signature does so using biometric methods, one identifica-tion component is adequate.

Biometric characteristics include fingerprints, iris structure, etc.

2.8 Audit trail The audit trail is a control mechanism of the system that allows all data entered or modified to be traced back to the original data. A secure audit trail is particularly important when GMP-relevant electronic records are created, modified or deleted.

Such an audit trail must document all the changes or actions made along with the date and time. The typical content of an audit trail describes who changed what and when (old value / new value), as an option it may also include "why".

2.9 Reporting batch data In the production of pharmaceuticals and medical equipment, batch documentation takes on a spe-cial significance. For a pharmaceutical manufacturer, methodically created batch documentation is often the only documented evidence within the framework of product liability.

The components of batch documentation are as follows:

• Manufacturing formula / processing instructions and manufacturing report

• Packaging instructions and packaging list (the packaging of the finished product is part of the production process from a pharmaceutical perspective)

• Test instructions and test report (relating to quality checks, for example analysis)

Central importance is assigned to the concept of the manufacturing report (or packaging report), which is defined as follows:

• The manufacturing report is always both product-related and batch-related

• It is always based on the relevant parts of the valid manufacturing formula and processing in-structions

• It contains all process-relevant measurement and control processes as actual values

• It also contains deviations from the specified set points.

2.10 Archiving data Archiving (electronic) is defined as the permanent storage of electronic data and records on a long-term storage.

The customer is responsible for defining procedures and controls for the storage of electronic data.

Based on predicate rules (EU GMP Guidelines, 21 CFR Part 210/211, etc.), the customer must de-cide how electronic data will be retained and, in particular, which data are involved. This decision should be based on a justified and documented risk assessment that takes into account the signifi-cance of the electronic records over the retention period.

If the archived data are migrated or converted, the integrity of the data must be assured throughout the entire conversion process.1

1 "Good Practice and Compliance for Electronic Records and Signatures. Part 3, Models for Systems Implementation and Evolution". PDA 2004



2.11 Data backup In contrast to the archiving of electronic data, data backups are used to create backup copies, which ensure system restoration in case of original data loss or system failure.

The backup procedure must include the periodic backup of non-retentive information in order to avoid total loss of the data if system components fail or if data is accidentally deleted. Backup pro-cedures must be tested to ensure that data is saved correctly. Backup records should be labeled clearly and intelligibly, and dated.2

Data backups are created on external data carriers. The data media used should comply with the recommendations of the device manufacturer.

When backing up electronic data, the following distinctions are made

• Backup of the installation, for example partition image

• Backup of the application

• Backup of archive data, for example process data

Here, particular attention is paid to the storage of data backup media (storage of the copy and original in different locations, protection from magnetic fields, and elementary damage).

2.12 Retrieving archived data Archived/backed up data must be retrievable at all times. When a system update/migration is per-formed, the compatibility of the archived data must be considered before the update.

2.13 Time synchronization A uniform time reference (including a time zone reference) must be guaranteed within a system, to be able to assign an unequivocal time stamp for archiving messages, alarms etc.

Time synchronization is especially important for archiving data and analysis of faults. UTC (Univer-sal Time Coordinated, see also ISO 8601) is recommended as the time base for saving data. The time stamp of alarms and values can be displayed in local time with a reference to daylight saving / standard time.

2.14 Use of third-party components When third-party components (hardware and software) are used, their compatibility to other com-ponents in use must be verified. If components specifically "tailored" (customized) to individual pro-jects are used, a supplier audit should be considered in order to check the supplier and their quality management system.

See also

• GAMP5 Guide, Appendix M2 "Supplier Assessment"

2 "Electronic Records and Electronic Signatures Assessment". Chris Reid & Barbara Mullendore, PDA 2001


3 System Specification

During the specification phase for a computer system, the system to be built and its functionality are defined in as much detail as is required for implementation.

Specifications not only represent the basis for a structured and traceable configuration but are – particularly in the GMP environment – an essential reference for final verification of the system.

The specification covers the selection of products, product variants, options, and system configura-tions, as well as the application software.

The overall specification can be devided, for example, into:

• Functional specification (FS) in response to User Requirements Specification (URS)

• Hardware (and network) Design Specification (HDS)

• Software Design Specification (SDS)

• HMI Design Specification



3.1 Selection and specification of the hardware For the operation and monitoring simple as well as more complex production processes and manu-facturing operations, various system characteristics of local HMI devices including multiple-station system with server/client are used:

• Single-station system with complete control and monitoring of a production process through lo-cal HMI devices (comfort or multi-panel), panel PC or standard PC

• Multiple-station system consisting of operator terminals (WinCC clients) and a WinCC server that supplies the WinCC clients with data

3.1.1 Selecting the hardware components

The choice of hardware components should be weighed against the requirements. These require-ments can be functional characteristics, but also include aspects such as local conditions, compati-ble software, or data security.

For example, when designing the system corresponding class RAID systems should be used, es-pecially for PC components with critical functions. This increases system availability and data secu-rity.

With respect to the selection of panels, an Ethernet connection is recommended for saving the data on a network drive.

The effort required for the specification and the testing is greatly reduced by using system-tested hardware components and system constellations.

For specific requirements on the machine level of production plants (such as in the food and bev-erage or the pharmaceutical industry), Siemens offers highly robust panels and panel PCs with touch screens and stainless steel fronts.

If an HMI device is also intended for operator actions, the (regulatory!) requirements pertaining to the recording of these actions must be considered when selecting the hardware components.

Recommendation

We recommend the use of approved hardware from the current SIMATIC HMI Catalog ST 80 be-cause it has been verified for compatibility in the test system from Siemens.

Basic Panels / Micro Panels

Comfort Panels,Mobile Panels, 277-377 Panels & Multi Panels

SCADA based in PC Panel PCs, Standard PCs

Operator device and

software com

ponent WWiinnCCCC RRuunnttiimmee AAddvvaanncceedd

WWiinnCCCC RRuunnttiimmee PPrrooffeessssiioonnaall

IInntteeggrraatteedd rruunnttiimmee mmoodduullee



3.1.2 Hardware specification

The Hardware (and network) Design Specification (acronym: HDS) describes the hardware archi-tecture and configuration. The HDS should, for example define the points listed below. This is used later as a test basis for the verification.

• Hardware layout plan and network structure

• PC components for server and client

• Automation system with CPUs, I/O cards, field devices, etc.

The HDS can be recorded in the Functional Specification or in a separate document.

Note

The requirements in the hardware layout plan and the designation of hardware components must be unique.

See also

• GAMP5 Guide, Appendix D3 "Configuration and Design"

3.2 Security of the plant network In order to meet current customer needs regarding networked systems and to always ensure maximum data security, data and information security is of great importance when establishing a network of systems.

Measures for increasing data and system security

SIMATIC offers several ways to increase data and information security and therefore the security of a production line. These include:

• Central user administration, staggered user groups and user permissions

• Security concepts regarding network security and restricted access to network drives

• SIMATIC Security Control (SSC), in combination with WinCC RT Professional

• SIMATIC NET SCALANCE-S Firewall and VPN modules

For further information see also

• Chapter 4.6 "Data and information security"

• Subject "Industrial Security" in the Online Support under ID 50203404

• Manual "Security Concept PCS 7 and WinCC" in Online Support under ID 60119725

http://support.automation.siemens.com/�




3.3 Specification of the basic software The software specification describes not only the application software but also the standard soft-ware components used in the system, for example by specifying the name, version number etc.

The components of commercially available standard software include the components of automa-tion software and third-party software such as operating system, Adobe Reader, MS Office, etc.

Note

This software specification serves as an acceptance criterion during subsequent tests (FAT, SAT, IQ, OQ), see also 8.3 "Verification of software".

The SIMATIC WinCC (TIA Portal) software consists of engineering and runtime components (Run-time) for HMI devices of varying sizes. The corresponding runtime components run on their corre-sponding hardware. This is configured and programmed in the engineering interface.

The technical functions for WinCC Professional and WinCC Comfort/Advanced are described separately in chapter 6 of this manual since the functions and applications to control on-site equip-ment (panels) are in some cases significantly different from those in a SCADA environment (Su-pervisory Control and Data Acquisition).

Hardware and software requirements and choice of operating system

Information on releases of various WinCC options and options with the operating systems (32-bit and 64-bit) are included in the catalog and

• Online Support under ID 56899318

• Compatibility tool https://support.automation.siemens.com/kompatool/pages

• Online help, readme file

The security updates and "Critical Updates" provided by Microsoft for the Windows operating sys-tem are tested by Siemens for compatibility with SIMATIC software and released, see reference chapter 10.1 "Updates of system software".

Basic components of SIMATIC WinCC Comfort / Advanced / Professional

Designation Brief description Availability

Comf Adv Prof

Graphics Editor for producing graphics X X X

HMI Tags Tag management X X X

User administration Administration of users X X X

HMI Alarms Alarm logging X X X

Logs Logging of process values X X* X

Recipes Preparation of recipes X X* X

Reports Production of reports X X X


https://support.automation.siemens.com/kompatool/pages�



Additional SIMATIC components


Comf Adv Prof

SIMATIC Logon Connection to Windows user administration - - X

SIMATIC Logon Remote Access

Connection of panels in a central user admini-stration with SIMATIC Logon

X* X* -

WinCC Audit for SIMATIC Panels / Runtime Advanced

Recording operator actions X* X* -**

WinCC Server Servers in a server/client structure - - X*

WinCC Client Client in a server/client structure - - X*

WinCC WebNavigator View of the data and operation of process screens via web

- - X*

WinCC DataMonitor View of the data via a browser - - X*

* = This component requires an additional license

** = Audit trail can be implemented by configuration, see chapter 6.4 "Audit trail".

3.3.1 Basic software for user administration

A key requirement particularly in a GMP environment is the access control of the system. This is the only way to ensure safe operation and compliance with the regulations (U.S. 21 CFR Part 11 and EU GMP Guidelines Annex 11).

Unauthorized access to both the control and monitoring system as well as the file system and di-rectory structures in the operating system must be prevented. This requires an corresponding plan:

• Definition of user groups with different authorization levels for operation and maintenance

• Definition of users and assignment to the user groups

• Establishing a customized system structure and disk storage, including authorizations

In a single-station system or a distributed system with multiple HMI devices (also in combination with panels), users can be centrally managed on a computer in a workgroup or domain.

SIMATIC Logon supports a user administration system based on Windows mechanisms that can be used both in workgroup and in a Windows domain. Information on installation and configuration of SIMATIC Logon is contained in chapter 4.3 "Setting up user administration" and in the Engineer-ing Manual SIMATIC Logon.

The user administration must be set up locally on each panel (see chapter 4.3.4 "User administra-tion without SIMATIC Logon") for local HMI devices without any network connection.



3.3.2 Basic software engineering

The TIA Portal is the common engineering interface for the HMI devices and the automation level. The WinCC Comfort and WinCC Advanced and WinCC Professional options are available for the configuration of the HMI devices that are suitable for the GMP environment. The required version depends on the type of HMI device being used starting with the panel and industry PCs up to the standard PC.

The respective engineering system contains all the basic functions for engineering the HMI de-vices. The Project Navigator is the central component from which all devices belonging to the pro-ject are managed. The editors to configure the various functions in each HMI device are opened in the project navigator. Copy functions ease the adoption of configured data into other HMI devices.

Tag management In the TIA Portal, automation systems and HMI devices are created in a project. Inputs and outputs are maintained in a separate tag table for each controller (PLC). The HMI devices receive a proc-ess driver connection by which external HMI tags are linked to the PLC tags in the PLC tag tables. Tag management is done exclusively in the PLC. Corrections are transmitted into the project data of the HMI devices after compilation. This ensures that consistency of the tags is maintained throughout the project.

Libraries The Project Library serves as a deposit of the configured data. Configured WinCC objects like complete graphics, graphic elements, control objects, variables, messages and lots more can be saved in the project library and used several times in the HMI devices. A cross-project data storage is given by the Global Library.

Basic Panels / Micro Panels

Comfort Panels,Mobile Panels, 277-377 Panels & Multi Panels

SCADA based in PC Panel PCs, Standard PCs

WinCC Comfort

WinCC Professional 512, 4K, max. PowerTags

WinCC Advanced

WinCC Basic

Engineerin

g

component

Operator device and

software com

ponent



Export / import of project data The WinCC engineering system has an export / import interface. Alarms, recipe data sets, text lists, tags and project texts can be exported and re-used in another project. An export generates either XLSX or CSV files, which can be edited using the standard software Microsoft Excel and imported back into the project.

3.3.3 Basic software operating level

The runtime software (RT) is used to control and monitor the production process. The following sections discuss the functions for recording and displaying runtime data.

Alarms

Many alarms occur in a plant. These are all of varying importance. To guide the user, even in criti-cal situations, the alarms of the project are arranged in alarm classes. These and a concept for alarm acknowledgment should be defined at the beginning of the project with the plant manager.

Note

With the functionality display suppression in the WinCC RT Professional runtime software, the display of selected alarms can be suppressed, e.g. in the startup phases. The alarms are still re-corded in the WinCC alarm log. For additional information please see the TIA Portal Information System.

Use of this functionality is the responsibility of the system operator and should therefore be coor-dinated with him.

Archives

In a regulated environment relevant production and quality data must be kept sometimes for 5, 10 or more years. This data must be defined, stored safely and placed in external archives according to data volume or time period. A process should be implemented to define the corresponding data and archive components. See also chapters 3.3.4 "Data archiving" and 6.7 “Electronic recording and archiving of data” or 7.7 “Electronic recording and archiving of data”.

The WinCC RT Professional runtime software can also archive process values in compressed form in compressed archives.

Recipes

A system should be developed to structure the recipes if recipe data or equipment data records are required for ongoing operation. The individual recipe elements can be freely defined for each rec-ipe. A variety of data sets can be stored for a recipe. The number depends on the selected HMI device.



Audit trail

Operational input and changes to GMP-relevant data must be documented with time stamp, user ID, old value and new value in the form of an audit trail. This can be configured according to the re-spective values and is stored in the alarm history (WinCC RT Professional).

The audit option fulfills the required functionality of an audit trail, see chapter 5.1.5 "GMP project setting in the Audit option" especially for panels and runtime software WinCC RT Advanced.

Note

Categorization even makes sense in the specification phase to facilitate the overview and review of GMP-relevant inputs, values and changes in plant operation. The plant operator should be able to name the GMP-critical values and define them in advance.

3.3.4 Data archiving

Tag values, operator alarms and the audit trail can be archived. The scope and method of archiving depends on the hardware used in the HMI device and the runtime software.

Archiving for panels and WinCC RT Advanced

The archives can be stored on the local system, and moved or copied to a network drive if there is a network connection. A memory card is used for local data archiving with panels. The archive size is dependent on the available space.

Archiving with WinCC RT Professional

Configuration options for archiving in the basic package of the WinCC RT Professional runtime software are included in server/client structures. A configuration for transfer to another computer is set in addition to archive size and segment change. Options for long-term archiving are mentioned in chapter 4.2.4 "Setting up long-term archiving.

The option WinCC DataMonitor can be used to view the data.

Batch-oriented archiving

The WinCC Premium Add-on PM-QUALITY is available For batch-based acquisition and archiving of production data such as process values and alarms, see chapter 6.7.3 "Archiving batch data with PM-QUALITY" and chapter 7.7.3 “Archiving batch data with PM-QUALITY”.



3.3.5 Report generation / reporting

Reports of alarms and process values

Alarms, recipes and current process values can be printed out in report form once they have been defined in the report editor. WinCC RT Professional provides further options for reporting, such as the generation of log data in graphs or in tables.

Depending on the system, output to the printer is managed either in the task scheduler or by print job. At the same time, a cyclical or event-dependent starting point is specified.

Batch-based reporting

The WinCC Premium Add-on PM-QUALITY is available for a batch-based reporting of the recorded data, see chapter 6.8.2 "Batch-based reporting with PM-QUALITY" and chapter 7.8.2 “Batch-based reporting with PM-QUALITY”.

3.4 Specification of the application software In addition to defining the hardware (chapter 3.1 "Selection and specification of the hardware") and the standard software components (chapter 3.3 "Specification of the basic software"), the specifica-tion of the application software is an essential part of the Design Specification. This is used later as an acceptance criterion for the verification system (FAT, SAT, IQ, OQ) in addition to the functional specification.

The Design Specification may consist of one or more documents. Additional, separate documents are often added as supplements, e.g. process tag list, I/O list, parameter list, P & ID, etc. The status of these documents (version, release) must be defined just as clearly as the other specifica-tion documents (URS, FS , DS).

See also

• GAMP5 Guide, Appendix D3 "Configuration and Design"

The overall Design Specification can be devided, for example, as follows:

System specification (general) • System structure, PC profiles

• User administration, definition of user groups, users, permissions, local users, configuration of SIMATIC Logon, WinCC user administration, etc.

• Printer configuration

• Archive configuration (archives, archiving cycles)

• Interfaces (S7 connections, OPC, discrete I/O processing)



HMI design specification

The following aspects are specified for the user interface:

• Screen layout and navigation

• Plant screens, unit screens, detailed screens of interfaces

• Operating level, possibly access authorizations

• Screen hierarchy

• Screen resolution, screen cycles

• Block icons, used graphic elements

• Alarm capability, alarm classes, priorities, display

Software design specification • General information such as project name, libraries, plant hierarchy

• Template and module specification in a separate document if necessary

• Reaction to power failure and restart

• Time synchronization, master and slave definitions

• Description of exceptional circumstances for safe plant operation

• Emergency off characteristics

3.5 SIMATIC additional software

3.5.1 WinCC Premium Add-ons

This manual introduces the following WinCC Premium Add-ons:


Comf Adv Prof

PM CONTROL Recipe data management and job scheduling X* X X

PM-QUALITY Batch-based recording of data and reporting X* X X

PM-OPEN IMPORT Importing process data X X X

* For data communication, panels can be linked via an Ethernet connection to the Premium Add-ons which are installed on a separate PC.

The WinCC Premium Add-ons are enabled with separate licenses.

Batch-based control with PM-CONTROL The WinCC Premium Add-on PM-CONTROL is a batch-based parameter control for recipe/product data management. The integrated order control allows flexible handling of production orders in which the recipe, production location, scalable production quantity and the time of production can be specified.

The software package is divided into three applications:

• Topology manager for mapping the process cell topology, creating the required parameters and configuring the connection to the automation level

• Recipe system for creating and managing recipes / products

• Order planning and order control, assignment and management of production orders



To achieve a cost-effective solution for both simple and more complex tasks, PM-CONTROL is available in the "Compact", "Standard" and "Professional" variants.

The use of SIMATIC Logon as a central user administration can be enabled in the PM-CONTROL.

Batch-based reporting with PM-QUALITY

The data recorded in WinCC Premium Add-on PM-QUALITY can be displayed as a trend (process values), printed out from a printer in report form or exported per HTML file, XML file or in database format.

The software package includes the following applications:

• Topology Manager for mapping the plant topology and specifying the production data to be ac-quired

• Report Editor for creating the report layout for the acquired data and displaying batch reports on the screen

• Data Logging, runtime component for acquiring data

• Data View and various ActiveX controls for displaying the batch data

• Data Center, for merging the batch data (only in the redundant version)

Apart from the automatic acquisition of the configured batch data, manually entered values, for ex-ample laboratory values can be added to a batch report later. If the batch report is transferred to the archive automatically due to the set export option, no more changes can be made to the report if the "Complete automatically" option is set.

It is also possible to use a script in WinCC to configure an electronic signature of the batch reports by the logged-on user and with it the manual assignment of the batch status (released / locked).



Batch-based archiving with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY is used for batch-based acquisition of production-relevant data such as process values and alarms.

The acquired batch data can be automatically exported in database format, in HTML format and/or in XML format either on the local system or to a computer in the network. To view the exported batch data in a database format, the PM-QUALITY application Data View (PM-QUALITY client) is used.

Importing archives with PM-OPEN IMPORT

With PM-OPEN IMPORT process data (data and alarm logs) and operator actions (audit trail), which are logged by panels and HMI devices with WinCC RT Advanced in CSV format, are trans-ferred to the databases of WinCC RT Professional. This enables a distributed system with multiple HMI devices to group and archive data centrally. The trend/table view and alarm view controls in WinCC Runtime are used for displaying the data.

3.5.2 Interfaces to process data

WinCC WebNavigator

Remote access to the WinCC project data is set up with the WinCC Web Navigator in combination with the WinCC RT Professional runtime software. To view the process screens, users with the necessary rights must authenticate themselves using their password. The details are checked by SIMATIC Logon. Operation of the process screens is subject to access control, which is defined in the WinCC project user administration.

See also

• Online Support ID 49516052 "Documenting operator actions via the WebNavigator"

WinCC DataMonitor

WinCC Data Monitor is a dedicated display and analysis system for process data from WinCC and data from the WinCC long-term archive server. WinCC DataMonitor provides a number of analysis tools for interactive data display and analysis of current process values and historical data:

• Excel workbooks

• Published reports

• Trends and alarms

• Process screens

• Web center




3.5.3 Connection to host systems

The options for connection to host systems depend on the HMI device used.

Panels and single-station system interfaces with WinCC RT Advanced

Process values for visualization and archiving can be provided for an OPC client in a data commu-nication based on OPC (OLE for process control). For this purpose, panels can be configured as an OPC XML server and single-station systems with WinCC Advanced as an OPC DA server (DCOM).

Interfaces from the SCADA system to host systems

Standardized access with OPC and OLE DB from computer systems of the operational and com-pany management level to computer systems at the process level is integrated in WinCC Profes-sional. WinCC Professional provides access to the following process data:

• Interrupts and Events (alarms), OPC A&E, read and write (acknowledgments only) access

• Process value logs (trends), OPC HDA, read and write access

• Process tags (states), OPC DA, read and write access data communication via DCOM

• Process tags, OPC XML DA, read and write access via web service

• Process values and process value logs, OPC UA (Unified Architecture), read and write access The data communication is handled based on the TCP/IP protocol with exchange of digital cer-tificates.

• All archive data, WinCC OLE DB, read-only access



3.6 Utilities and drivers

3.6.1 Printer driver

For panel PCs and standard PCs, we recommend using the printer driver integrated in the operat-ing system and approved for WinCC. No guarantee for proper operation of the system is assumed if other drivers are used.

Printout from local printers or network printers is possible for panels. Hard copies or reports can be printed on a network printer. Line printing of alarms is only possible on a local printer.

A list of approved printers and required settings for the panels are compiled in the product support at:

• Online Support ID 11376409 "Printers for SIMATIC HMI Panels"

3.6.2 Virus scanner

The use of virus scanners on panel PCs and standard PCs is enabled in the process mode. The approved virus scanners can be accessed via the compatibility tool in the product support. https://support.automation.siemens.com/kompatool/pages

The following settings must be observed when using virus scanners:

• The real-time search is one of the most important functions. However, it is sufficient to examine the incoming data traffic.

• Scheduled scans must be disabled because they restrict the performance of the system con-siderably during process operation.

• Manual search may not be performed during the process operation. It can be performed at regular intervals, for example, during maintenance intervals.

These arrangements should be defined in the specification and/or optionally in a work instruction from the IT department in charge.

3.6.3 Image & partition tools

Optional "Imaging" and "Partitioning" software allows you to create a backup of the entire content of a hard drive, the so-called image or the partitioning of hard drives. A quick restoration of the sys-tem is possible with the system and user software in the backup image. Backed up hard drive con-tents can be copied to compatible devices. This facilitates the process of exchanging computers.

The "SIMATIC Image and Partition Creator (IPC)" provided by Siemens is a software package that can be used to accomplish these tasks. This is even possible without separate installation through direct use from CD or USB FlashDrive. Administration skills are needed for this process.

Note

The created images are used to restore the installed system, but not to secure online data.


https://support.automation.siemens.com/kompatool/pages�


4 System Installation and Basic Configuration

SIMATIC WinCC (TIA Portal) consists of the engineering software and runtime software for corre-sponding HMI devices.

Engineering software

SIMATIC WinCC (TIA Portal) engineering software is the common engineering interface for PLC programming and visualization. It is staggered according to the performance range the HMI de-vices:

• WinCC Comfort for all panels

• WinCC Advanced in addition to panels also for single-station PC systems

• WinCC Professional also for multiple-station systems with server-client structure

Runtime software for HMI devices

The respective runtime software is required for the visualization on each HMI device:

• Integrated runtime module for the panels

• WinCC RT Advanced for panel PC and standard PC

• WinCC RT Professional for complex plants and client-server systems

Runtime software is activated with a license key except for the panels.

4.1 Installation of the operating system Control panels come with the preinstalled Microsoft Windows CE operating system and corre-sponding runtime software.

Note

The engineering system provides updates for the operating system if the MS Windows CE version installed on the panel does not correspond to the version level of the project data. For additional information, refer to the TIA Portal Information System > Operating system update.

Panel PCs are available in various levels of configuration with the operating system installed. The hardware and operating system requirements of the SIMATIC HMI software must be considered when using standard PCs.

Details can be found in the current catalog, ST 80.

Current information on the operating system and installation can be found in the "Installation" sec-tion of the of the TIA Portal Information System.

Note

The computer name must adhere to the naming convention of the SIMATIC software application. You should read the information in the respective installation instructions and readme files of the SIMATIC software to be installed on the computer, e.g. SIMATIC Net.

The computer name may no longer be changed after the WinCC RT Professional software is in-stalled. This would require a complete re-installation of the runtime software.



4.2 Installation of SIMATIC components

4.2.1 Installation of the SIMATIC WinCC engineering software

The engineering software is installed on a SIMATIC programming device (PG) or PC or a standard PC and is used to set up the TIA Portal. The variants of the engineering software is activated through the appropriate license.

The TIA Portal acts as a central engineering interface. Project data is created for one or more dif-ferent types of HMI devices. After compiling, the project data is transferred to the respective HMI device. Thereafter, the project can be started for ongoing operation.

4.2.2 Installation of the SIMATIC WinCC RT runtime software

Panels and panel PCs are available as complete systems with pre-installed and licensed WinCC RT.

WinCC RT must be installed and licensed separately on each operator control and monitoring component for server/client systems or standard PCs.

Additional licenses are required for other options that are used.

During installation of the runtime software, default settings in the Windows operating system are automatically adapted to the requirements of the software. The required settings are displayed on the screen during the installation and can be saved in RTF format and printed. The software instal-lation continues after the settings are confirmed.

Note

WinCC RT Professional is customarily enabled for operation in a domain or workgroup. Domain-group policies and domain restrictions can hinder the installation. In this case, remove the com-puter from the domain prior to installation. After the installation, the computer can be returned to the domain if the group policies and restrictions do not prevent operation of the WinCC software.

SIMATIC Security Control During installation of the WinCC RT Advanced and WinCC RT Professional runtime software, de-fault settings in the Windows operating system are automatically adapted to the requirements of the software. The required settings in the operating system are managed in the SIMATIC Security Control Application for WinCC RT Professional. After installation, the application can be opened with Start > Programs > Siemens Automation > Security Control at which time the changed setting are clearly displayed. An option for saving and printing is provided.

The following settings are configured for specific functions:

• Security-related registry entries

• Configuration of the Windows Firewall exceptions list

• DCOM settings (Distributed Component Object Model) only for WinCC RT Professional



SIMATIC Security Control is restarted automatically, if following an installation of WinCC options, other settings in the Windows operating system are required, such as for the WinCC Web Naviga-tor.

Note

If the WinCC computer is incorporated into a different working environment (domain or work-group), the settings must be re-configured by SIMATIC Security Control.

See also

• TIA Portal information system "Installation instructions"

4.2.3 Options for SIMATIC WinCC

The options for the HMI devices do not require an additional license and can be configured in the engineering software. The license is required on the respective HMI device so that the configured option is operational.

Licenses are supplied on USB sticks and transferred to the HMI device using the "Automation Li-cense Manager" tool. For panels, the license is transferred via the engineering system, the Auto-mation License Manager or ProSave. The procedure is described in the information system.

The WinCC Premium Add-ons described here, are installed after WinCC Runtime software and then licensed with Hardlock dongles as standard.

4.2.4 Setting up long-term archiving

For long-term archiving of process values, alarm and audit trail logs, the log data can be moved to a network drive, to another computer or outsourced. Here, the required (and only the required!) ac-cess authorization must be set up.

The task scheduler or an event for copying or moving the logs can be configured, see chapter 7.7 "Electronic recording and archiving of data" for panels and HMI devices with WinCC RT Advanced.

In addition to the archives, a backup is configured, in which the file size and time period of the out-sourcing to a network drive or other computer can be defined, see chapter 6.7 "Electronic recording and archiving of data" for HMI devices with WinCC RT Professional.



4.3 Setting up user administration An essential requirement for safe and compliant operation of an automated production line is con-trolling access to the system. This includes both accessing the operating level and the configura-tion level as well as accessing backups and archives. A user-based logon and logout for operator actions is therefore one of the basic functionalities for meeting this requirement.

Users are assigned to different user groups according to their tasks when organizing operator au-thorizations. In the project data for each HMI device, the user groups with the same names are as-signed authorizations for the individual operator actions.

Access authorizations and settings, such as password length, complexity and period of validity can and should be appropriately configured to increase password security.

All permissions for working with the visualization user interface (faceplates, input boxes, buttons etc.) must be set up according to the specifications.

4.3.1 User administration with SIMATIC Logon

Administration of user rights using SIMATIC Logon is based on the mechanisms of the Windows operating system. The users and groups are configured according to the specification in the user administration of Windows.

The following steps need to be done, when setting up the user administration based on SIMATIC Logon

• Set up the user groups and users in Windows

• Install and set up SIMATIC Logon

• Security settings in Windows, see chapter 4.3.2 “Security settings in Windows”

• Administration of user rights for each HMI device

Then, configure the access control for the user interface:

• Assignment of permissions in the visualization interface (input boxes, control buttons, screen window)

• Setup of access rights in PM-CONTROL or PM-QUALITY if the WinCC Premium Add-ons are used

Note

The structure and authorizations of the user groups should be defined in the specification at the start of the project and implemented in the early engineering phase.

Note

For distributed systems (in combination with panels) or single-station systems with WinCC RT Professional, we recommend the implementation of user administration based on SIMATIC Logon and MS Windows Administration.

User administration is set up locally for local HMI devices without any network connection. Users and their user group assignment are then only known locally.



Both Windows user administration options are available here, centralized administration in a do-main structure or in a workgroup with a central logon server.

See also

• Operating system help of MS Windows or the appropriate Windows manual (for setting up Windows workgroups and the domain)

• TIA Portal information system "visualizing processes" (configuring user administration)

• SIMATIC HMI, Process Visualization System WinCC V6, Security Concept WinCC, chapter 4 "User and Access Management in WinCC and Integration in Windows Management"

Windows domain

The one-time administration of the groups and users on the domain server enables all computers in the domain access to group membership.

Note

When using multiple domain servers or when there are redundant servers, the domain structure ensures that users will still be able to perform operations and/or log on even if one domain server fails.

Windows workgroup

All user data is created and managed on the server of a workgroup. SIMATIC Logon compares the logon data with the user administration data on this server and then provides the logon information to the other computers in the workgroup.

4.3.2 Security settings in Windows

When using SIMATIC Logon, the administrator configures the following security settings in Win-dows under "Control Panel > Administrative Tools > Local Security Policy > Security Settings and Local Policy":

• Password policies such as complexity, password length, password aging

• Account lockout policies

• Audit policies

Note

After installing Windows, default parameters are set for the password policy, account lockout pol-icy and audit policy. These settings must be checked and modified according to the applicable project requirements.

See also

• Chapter 4.5.2 "Blocking the operating system level during ongoing operation"



4.3.3 Configuration of SIMATIC Logon

SIMATIC Logon verifies the accuracy of the user's computer logon data in the central user admini-stration and transmits the successful logon information to the respective HMI device. User logon for the operation of WinCC options and Premium Add-ons can be included in the SIMATIC Logon veri-fication process.

Note

In case the logon server is unavailable during a network interruption, the local user administration becomes active instead of the central one. To control the plant and the process safety, a local user and a local user group with limited operating rights should be created for emergency opera-tion since.

Note

Events such as a successful and failed logon/logout procedure or password changes are stored in the EventLog database of SIMATIC Logon as well as in the WinCC alarm system.

See also

• Chapter 4.4 "Administration of user rights"

• Chapter 6.4.3 in the manual "Safety Concept", Online-Support ID 60119725




The use of SIMATIC Logon is activated in the "Runtime Settings > User Administration".

The base settings of SIMATIC Logon are carried out in the "Configure SIMATIC Logon" dialog box. The settings are described in the configuration manual SIMATIC Logon and include, for example:

• The logon of a "default user" after user logout

• Logon server ("working environment")

• Automatic logout with SIMATIC Logon

Note

No "auto-logoff" may be activated at the operating system level, otherwise the user interface will be completely closed.

Furthermore, the activation of a screen saver is in combination with SIMATIC Logon is not al-lowed.



4.3.4 User administration without SIMATIC Logon

The users and user groups are managed locally for panels or single-station systems (WinCC RT Advanced). The requirements for access control are met through appropriate configuration.



The password settings, such as password, account lockout and monitoring policy are then defined in the local user administration of the HMI device, see the following figure.



4.3.5 Local SIMATIC user groups

WinCC Professional supports the Windows authorization model. Power users rights at the operat-ing system level are required as a minimum and the Windows user must be a member of several SIMATIC groups in order to create and start the WinCC user interface. Therefore, the following lo-cal groups are automatically set up during the installation of the runtime software. These may not be changed or deleted!

• SIMATIC TIA Engineer

• SIMATIC HMI

• SIMATIC HMI CS

• SIMATIC HMI VIEWER

A logical separation of computer access authorizations is achieved by differentiating between the administrator and power user (plant operator) at the Windows level logon.

• WinCC Professional automatically manages the security settings and release authorizations for the project data. The access rights depend on the configuration in the WinCC user administra-tion and are verified by the runtime software, see chapter 4.4 "Administration of user rights".

See also

• WinCC Readme file

• Chapter 4.3.2 "Security settings in Windows" applies here as well

Note

The defined users and user groups must be made members of the corresponding authorized SIMATIC user groups.



4.4 Administration of user rights Regardless of whether a user adminstration with SIMATIC Logon or a local user administration for a single-station system (Advanced panel or RT) without SIMATIC Logon is used, the user rights for operation are defined in the project data of the HMI device.

The user rights are generally assigned to the user groups. For this purpose, the required user groups with the same names (if necessary) as the user groups in Windows (SIMATIC Logon) are created in the project data.

The following procedure must be followed for this:

• Open the project data for the HMI device in the TIA Portal (engineering system)

• Open the user administration with the tab "Users groups"

• Create group(s)

• Assign authorizations for each group

The user rights are assigned via the WinCC user groups in the project data. Members of the "Op-erator" group, for example, are then assigned the corresponding rights to operate in the WinCC user administration.



4.5 Access control at the operating system level The operating system user in the background logged on to the WinCC Runtime should have power user rights and not administrator rights. These rights are required to create and start the WinCC user interface. This ensures that only WinCC has access to the database. Operating system ac-cess to the SQL database is therefore not be possible.

Access to the operating system level is not necessary and usually not required for the plant opera-tor when logged on to WinCC. Therefore, additional configuration settings (startup characteristics, blocking the operating system level) must be carried out. These settings avoid unauthorized access from the process mode of SIMATIC WinCC to sensitive data of the operating system.

Note

Access to the operating system level should be reserved exclusively for administrators or technical service personnel.

4.5.1 Startup characteristics

Automatic startup is configured including the activation of the user interface for safe start of the HMI device. This is how access to the operating system level is prevented during startup.

Automatic logon (auto-logon) in the Windows operating system is described in the Online Support under ID 23598260 in an example for SIMATIC IPCs.

The configuration of the automatic start of the user interface is different for each of the various HMI devices.




Automatic start for HMI devices with WinCC RT Professional

Automatic startup is organized in the application WinCC RT Start. This is opened with Start > Pro-grams > Siemens Automation > Runtime Systems.

The specified project is automatically activated at computer startup if the "Autostart" property is ac-tivated. The "Allow “Cancel” during activation" property should not be selected, so that the project start will not be interrupted.

Those editors which are required ongoing operation are activated in "Runtime Settings > Services". Other applications that should be started automatically, such as the Premium Add-ons PM-CONTROL or PM-QUALITY, are added under "Additional Tasks / Applications".



Automatic start for HMI devices with WinCC RT Advanced

Automatic startup is organized in the application WinCC RT Loader (HMILoad.exe). This is opened with Start > Programs > Siemens Automation > Runtime Systems.

The project with the project path that should start automatically is specified under "Settings". The automatic start of the project data is delayed for the number of seconds indicated in the "Wait" box after the operating system starts up.

A link must still be established to the application HMILoad.exe (C:\Programme\Siemens\Automation\WinCC RT Advanced) in the autostart of the operating sys-tem.

Automatic startup for panels

The runtime loader automatically starts at panel startup. The project data is activated after the set time delay. The delay time can be configured in the Control Panel under Transfer> Directories. We recommend setting the value equal to 0, so that the project data is activated immediately.

Note

After commissioning, the "Remote Control" property in the Control Panel under "Transfer" should be disabled so that accidental automatic transfer from the engineering system is prevented.



4.5.2 Blocking the operating system level during ongoing operation

Configuration settings in WinCC Professional

The Windows keyboard is deactivated under "Keyboard" in the runtime settings to prevent access to the operating system during process mode.

See also

• TIA Portal information system



Configuration settings in WinCC Advanced

Access to the operating system during the process mode is prevented if task switching is disabled in the runtime settings under "General".

Note

A button in the user interface is commonly used to deactivate the ongoing operations. This button can only be actuated with the corresponding authorization, which then provides access to the op-erating system.

Preventing system access in object programming

Make sure that no objects are used in the user interface that permit access to the Windows file sys-tem or to executable programs. This risk exists, for example, with OLE objects, Internet links, online help system etc.

Configuration settings in Windows

The Keep the taskbar on top of other windows setting must be disabled in Windows.

In addition, attention must be paid that any HOT-KEY assignments are deactivated. Some graphics cards also provide keyboard shortcuts to influence the properties of the graphics card. Some of them might enable access to the operating system or influence WinCC operation.



4.6 Data and information security In a regulated environment production, processes and recorded data are checked and safely stored to ensure that product quality can be proven. Safe handling of data is a basic requirement for compliant operation.

Relevant production data and operator input must be stored in accordance with national and inter-national regulations for many years. Therefore, data and information security has many facets, some of which are explained here.

Definition of a suitable system structure • User administration, see chapter 4.3 "Setting up user administration"

• Planning of data storage as well as the input and output devices

• Secure storage of sensitive data with redundancy and access control, see chapter 4.6 "Data and information security"

• Use of antivirus software, see chapter 3.6.2 "Virus scanner"

• Defined startup characteristics and operation of the user interface, see chapter 4.5 "Access control at the operating system level"

Organizational measures • Planning and assigning the necessary access rights

• Supplemented by codes of behavior, such as handling of USB sticks

• Work instructions for archiving, retrieval and possibly data migration

Adaptation of the operating system settings

During installation of the WinCC RT Advanced and WinCC RT Professional runtime software, de-fault settings in the Windows operating system with SIMATIC Security Control are automatically adapted to the requirements of the software.

See also

• Chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software"

SIMATIC NET SCALANCE S

The SCALANCE S security modules form the core of the innovative safety concept from Siemens that protects networks and data. The protective function of SCALANCE S works in such a way that all traffic to and from the cell is monitored.

With a combination of different security measures such as firewall, NAT/NAPT routers and VPN (Virtual Private Network) over IPsec tunnels, the SCALANCE S security modules protect individual devices or even entire automation cells from:

• Data espionage

• Data manipulation

• Unauthorized access



See also

• Manuals of the SCALANCE family

• Comprehensive information about "Industrial Security" in the Online Support under ID 50203404

• Online Support ID 22376747 "Protecting an automation cell using Firewall" and the document attached there

• Online Support ID 22056713 "Security with IPsec-secured VPN tunnel and the document at-tached there





5 Project Settings and Definitions

Projects are used to organize the storage of data and programs resulting from the creation of an automation solution. The data that makes up a project includes the following:

• Configuration data on the hardware structure and parameter assignment data for modules

• Project engineering data for communication over networks

• Configuration data for the automation and HMI devices

The central data management ensures that consistency between automation and visualization is sustained. Once created, data is available in all editors, changes or corrections are automatically updated throughout the project.

The customer-specific operator process control and monitoring is variable in design. A large part of the application software is configured here and extended functionality can be added with the aid of scripts.

5.1 Project setup

5.1.1 Creating a new project

The TIA Portal is started for creating a new project. The TIA Portal offers two views, the portal view and the project view, which can be switched.

• Select the entry "Create new project" in the portal view

• Enter your project name and path or accept the proposed settings.

• Click the "Create" button.

The next steps are listed in the TIA Portal.

• Configure a device. This selects one by one the controller and HMI units that are required for your automation solu-tion. Network and connections can be configured.

• Write PLC program The programs are created for the single controllers.

• Configure an HMI screen The visualization projected for the individual HMI devices.



A wizard assists each implementation process and opens the project view at a suitable point.

5.1.2 Migration of existing projects

Projects from previous automation solutions can be migrated to the TIA Portal.

See also

• General procedure for migration chapter 10 "System Updates and Migration"

• Chapter 4 in the manual "TIA Portal", Online Support ID 53385672

• TIA information system > Migrating projects

• Guide migration of WinCC Flex 2008 SP2, Online Support ID 58857225

• Migration guide for Comfort Panels, Online Support ID 49752044

5.1.3 Working with multi-language projects

The following project texts can be managed in multiple languages:

• Alarm texts

• Button labels

• Operator relevant texts

• Display names of recipes

• Text lists

• etc.

See also

• Chapter 7.2.7 in the manual "TIA Portal", Online Support ID 53385672

• TIA Portal information system > Edit project > Working with multilingual texts





5.1.4 HMI device wizard

A base structure for the visualization interface of an HMI device is created with the support of the HMI device wizard. When adding SIMATIC panels to a project, the wizard starts automatically; for HMI devices based on a PC system the wizard can be started manually.

The HMI device wizard guides you through a series of dialogs for creating the basic structure. The basic structure consists of a base screen with a toolbar, title bar, alarm line and various system screens for diagnostic purposes. Project-specific, empty plant screens can be added, so that these are already taken into account when selecting the screen. In addition, the screen background color, the screen resolution, and the company-specific logo are defined.

5.1.5 GMP project setting in the Audit option

The WinCC (TIA Portal) Audit for panels or RT Advanced option is provided especially for the GMP environment. The option includes following functions:

• Creating operator input alarms

• Creating an audit trails

• The "NotifyUserAction" system function

• Entering of electronic signatures

• Data archiving with checksum

• Identification of recipes as "GMP-relevant"

• Documenting the audit trail

The GMP setting is activated at the start of the configuration in the runtime editor settings. Then, the above functions are activated and can be configured, see chapters 7.2 “Creating operator input alarms”, 7.4 “Audit trail” and 7.5 “Configuration for electronic signature”.



5.2 Object-oriented configuration Objects are graphical elements used for designing project screens. These objects include "base objects" (line, circle, text box, etc.), "elements" (I/O box, button, etc.), "controls" and also graphics (pipes, pumps, etc.).

By storing configured objects and object groups in libraries, they can be used repeatedly. The en-gineering in the TIA Portal has 2 libraries:

• Project library

• Global library

The objects stored there are available to all similar type HMI devices in the project ("Project Li-brary") or in other projects ("Global Library").

One user data type is preferred for dynamization of faceplates and screen windows. It bundles various tag types in a user-defined data structure for a process unit such as a motor. User data types are stored in the project library and are available throughout the project.

The object-oriented configuration is useful for:

• Configured objects and object groups

• Faceplates

• Screen window

• User data types

• Project functions

See also

• TIA Portal information system

• System manual "TIA Portal", chapter 9.1.2 "Working with objects", Online Support ID 53385672

Note

Configured objects or groups of objects are created one-time for the particular application and then tested with the client before they are copied to the configuration or instantiated.

5.2.1 Master copies and types

Each of the libraries mentioned above contain two folders named "Types" and "Master copies". Li-brary objects can be created or used either as a master copy or as a type.

As a master copy, a configured object group is moved into master copy area of the project library and can be used repeatedly in the project. Changes to the master copy are not transferred to the copies previously created. Master copies can also be stored in a global library for use in other pro-jects.

Faceplates and user data types are stored under types which are then integrated into the project data as an instance.

A distinction is made between the Panel / RT or RT Advanced Professional device families when the configured objects are stored under “types”. The objects can only be reused in the same vari-ant.




5.2.2 Faceplates

A faceplate consists of a grouping of objects which are tailored to the special requirements of the plant with respect graphic representation and dynamization. The object properties and events, which are used to dynamize the faceplate, are individually defined in the faceplate editor. User data types are recommended for connecting the interface to the process screens.

A faceplate is created as a type in the project library. A copy can be saved in the comprehensive project global library under types. Thereafter, it is available in other projects as well.

The faceplate is based on the type-instance model. A local instance of the type is created when a faceplate is included in a process screen. Changes in the type are automatically transferred to all of its instances. If necessary, a faceplate instance can be disassociated from the type.

Faceplates are created for either the Panels / RT Advanced or RT Professional device family and can only be used for the corresponding variant.

The options for designing and dynamization are more diverse with RT Professional.

5.2.3 Screen window

The screen window control lets you select a screen within a screen. This functionality is used, for example, to call a window for controlling a process unit (valve, drive). Such an operator control screen is configured once for a particular function and then opened as an instance in a screen win-dow. The dynamization a screen window is carried out based on user data types. When the screen is called, a tag prefix is transferred.

The screen window technology is only available in RT Professional.

5.2.4 User data type

User data types are used for dynamization of faceplates and screen windows. For a process unit, such as a motor, a user data type is defined, which contains all tag types of the motor as elements.

Each user data types is created for a particular type of communication (SIMATIC S7 300/400, SIMATIC S7 1200 or internal communication) and for a family of devices Panel / RT or RT Ad-vanced Professional and can only be used in this environment.

The example shows a simplified form.



5.2.5 Project functions in the form of scripts

Customer-specific requirements are implemented in the form of functions or local scripts. A function consists of system functions and / or user-defined functions.

If such user-defined functions are required repeatedly, they should be configured as project func-tions in the "Scripts" editor.

The function code is created one-time in the script, then tested and qualified. The function is then available for this HMI device and project-wide for several HMI devices after moving it to the project library under "master copy" (see 6.3 "6.3").

5.2.6 Libraries

The engineering in the TIA Portal is supported by two libraries:

• Project library

• Global library

The project library is used to store all user-defined WinCC objects such as complete screens, tag tables, alarms, etc. These user-defined objects are developed in detail, tested and qualified and are then available as a project standard for repeated use in the project.

The global library is a cross-project library, the contents of which can also be used in other pro-jects. By default, the global library contains master copies for buttons, control modules, and docu-ment templates for the project documentation. User-specific global libraries can be set up for cen-tralized storage of user-defined objects, e.g. from the project library.



5.3 Time synchronization In SIMATIC WinCC, the time transmitted on the bus as default is the standard world time UTC (Universal Time Coordinated).

To ensure time consistency, all stations and controllers belonging to the WinCC system must be synchronized so that chronological processing (logging of trends, alarms) is enabled throughout the system.

Time synchronization of SIMATIC Logon depends on the environment (Windows workgroup or do-main) in which SIMATIC Logon is operated. All PCs in the Windows workgroup or within the do-main must be time synchronized.

HMI devices with RT Professional can be integrated into an automatic time synchronization via the plant / system bus. Only one "Set time-of-day" can be configured in combination with panels or sin-gle-station systems with RT Advanced.

The activation of time synchronization must also take place on the engineering station, otherwise it could cause problems during the downloading of changes.

Note

The activation of time synchronization is necessary in plants in which GMP is mandatory.

5.3.1 Concepts for WinCC RT Professional

The structure of the time-of-day synchronization must be carefully planned. Each time-of-day syn-chronization in the project is dependent on requirements. The requirements of time synchronization must be described in the function specification. The following sections introduce concepts in time synchronization.

Time synchronization in a Windows workgroup

The time in a workgroup should be synchronized via the WinCC server. The time of the WinCC server can also be synchronized using a time master such as SICLOCK.

Time-of-day synchronization in a Windows domain

If the automation system is operated in a Windows domain, the domain must serve as the time master. The time of the domain server can also be synchronized using a time master such as SICLOCK.

Note

The time on the clients in the domain is synchronized using Microsoft system services.

See also

• http://www.siemens-edm.de/Siclock.zeitsynchronisationskonzept.0.html

• SIMATIC HMI manual, Process Visualization System WinCC, Security Concept WinCC, chap-ter 5 "Planning Time Synchronization".

• Online Support ID 11377522 "Display format for the date"

http://www.siemens-edm.de/Siclock.zeitsynchronisationskonzept.0.html�




5.3.2 Concepts for panels and HMI devices with WinCC RT Advanced

Direct time synchronization in NTP format can be configured between a CPU S7-1200 and panels that support time synchronization. Here, the time can either be specified by the HMI device (mas-ter) or by the controller (slave).

See also

• TIA Portal information system> Visualize processes > Communicate with controllers > Config-ure time synchronization

For all other HMI devices and CPUs, the time can be set in either the CPU or in the HMI device. "Set time-of-day" does not have the same accuracy as the time synchronization, since message frame and scripting runtimes are incorporated. The time master must be defined within the system.

Set time-of-day The time is set with area pointers. Area pointers are parameter fields in which reading and writing communication from the PLC and the HMI device takes place alternately. The PLC and the HMI device trigger predefined actions when the stored data is evaluated.

The "Date/Time PLC" area pointer is used to transfer the CPU system time to the HMI device. This is located under global area pointer and can be configured only for the connection to the CPU that acts as a time master.



The system time of the HMI device is transferred to the CPU via the "Date/Time" area pointer. This area pointer is configured for each connection to a CPU if the system time of the HMI device is the time master.

The procedure to configure the area pointers is described in TIA Portal information system. (Visualizing processes > Communicate with controllers > Device dependency > Communicating with SIMATIC S7-1200 or SIMATIC S7 300/400 > Data communication > Data communication with area pointer)

See also

• Settings in Windows 7 in the Online Support ID 59203176 to change the system time of the PC with WinCC RT Advanced V11

Daylight saving / standard time changeover An daylight saving / standard time changeover can be realized using the "SetDaylightSavingTime" system function. This can be automated by a trigger of the PLC, which makes an analysis of the event “daylight saving / standard time changeover”.

See also

• TIA Portal information system > Visualize processes > Work with system functions and runtime scripting > Reference > VB scripting (panels, RT Advanced) > System functions (panels, RT Advanced)




5.3.3 Time stamping

HMI alarms

Alarms from the CPU (AS) are displayed in the HMI device and logged. The alarm receives the time stamp either from the HMI device upon arrival of the alarm (discrete alarms) or from the CPU directly when it is created (control alarms).

A discrete alarm is detected based on a bit change in the alarm tag. The HMI alarm system assigns the time stamp of the HMI device. The time stamp has a certain inaccuracy due to the acquisition cycle, bus delay time and time required for processing the alarm. Alarms present for a time shorter than the acquisition cycle are lost.

For monitoring the limits of tags in WinCC, an analog alarm is generated in the HMI alarm system if the defined limits are violated. The assignment of the time stamp is similar that for discrete alarms.

Note

The discrete alarm procedure and limit monitoring are simply configurable alarm procedures for panels, HMI devices with RT Advanced and single-station systems with RT Professional. In re-dundant systems or system configurations with multiple operator stations (RT Professional), chronological signaling is used for synchronized acknowledgment and sending.

For chronological signaling, the SFCs/SFBs Notify, Notify_8P,Alarm, Alarm_S/SQ, Alarm_D/DQ, Alarm_8/8P in the SIMATIC S7 are used. Refer to the relevant CPU manuals and the block de-scriptions in the SIMATIC STEP 7 online help for information on restrictions relating to the system resources for simultaneously pending alarms.

See also

• TIA Portal information system > PLC programming > References (S7-300/400) > Extended instructions > Alarms

• TIA Portal Information system > Visualize processes > Basics > Alarm procedure > Overview alarm procedure

• Online Support ID 23730697 "Chronological Signaling (in WinCC)

Archiving

Process values, which are acquired and evaluated in the HMI device receive by default the time stamp at the time of the acquisition in the visualization system.

Logging cycles are defined for cyclic reading of process values. A time stamp that is assigned when the process values are acquired, contains the inaccuracy of the configured logging cycle.

Note

The alarm block (AR_SEND) is available in SIMATIC S7-400 for logging cycles of less than 500ms in WinCC RT Professional.

With the alarm block AR_SEND, process values that should receive the time stamp from the CPU are processed in the form of a message frame in the CPU and then transmitted as raw data to WinCC RT Professional.




See also

• TIA Portal information system > PLC programming > References (S7-300/400) > Alarms > AR_SEND

• Online Support ID 23629327 "Process-driven archiving" (for WinCC)

The specification (URS, FS) of a GMP-compliant plant must describe the way in which time stamp-ing will be performed. The accuracy necessary for alarm and process value acquisition must be checked in detail. The methods of time stamping mentioned above can be used alongside each other. The hardware for the automation and visualization must be selected accordingly.

5.4 Configuration management The configuration of a computer system consists of various of hardware and software components, which can vary in complexity and range from commercially available standard components to specially customized user components. The current system configuration should be fully available at all times and easy to understand. For this purpose, the system is divided into configuration ele-ments, which are identifiable with a unique name and a version number and can be distinguished from the previous versions.

Defining configuration elements In most cases, standard hardware components are used, for example PCs, controllers (PLCs), dis-plays, panels, etc. These are defined and documented by means of type, version number, etc. More work is required when customer-specific hardware is used, for more on this see chapter 3.1 "Selection and specification of the hardware".

The standard components for software include, for example, the SIMATIC WinCC system software, its libraries, other options and Premium Add-ons.

The application software is configured and/or programmed on the basis of standard software. The individual configuration elements into which the application software should be split cannot be de-fined for all cases as it differs depending on various customer requirements and system character-istics.

Versioning the configuration elements Whereas the version ID of standard software cannot be influenced by the user / project engineer, the assignment of version numbers and a process for change control (change control) must be de-fined in a work instruction i. a. during the configuration of application software. From when the ap-plication is first created, all configuration elements should be maintained following a defined proce-dure for configuration management even if it is only subject to formal change control at a later stage.

Note

Chapter 5.5 "Versioning application software" includes examples of how individual software ele-ments can be versioned.

The change control procedure for a plant already in operation should be discussed in advance with the owner of the plant, see chapter 9.2 "Operational change control".

See also

• GAMP5 Guide, Appendix M8 "Project Change and Configuration Management"




5.5 Versioning application software The project guidelines must define which elements are to be versioned, when versioning is to take place, and whether a major version or minor version is to be incremented; for example:

"The major version is set to 1.0 following the FAT and to 2.0 after commissioning. All other changes are incremented in the minor version".

Whether the major version or the minor version is to be changed can also depend on the scope or effect of the change in question.

The following data is specified for the versioning of the application software:

• Name

• Date

• Version number

• Comment on the change

The following chapters show various examples of software element versioning.

5.5.1 Versioning of screens

The engineering system automatically records the creation date, the time stamp of the last change, and the Windows user logged on at the time. The data is retrieved if the "Screens" object in the

project navigator is selected and the button is pressed in the toolbar on the project navigator.

See also

• TIA information system > Introduction to the TIA Portal > User interface and operation > Struc-ture of the user interface > Overview window



Automatic versioning of the screens is not carried out; the version can be maintained manually in the file.

Information for versioning, such as version ID, change date and name, can be stored in a static text field. It is practical to place the text boxes for versioning in a separate screen level that can be shown or hidden as required. The display of the static text field during the process operation is con-trolled by the object property display or via the "Visibility" animation.

Note

Change details can be described, for example, in the relevant change request documentation.



5.5.2 Versioning of faceplates

When the processing of a faceplate is finished and it is approved for use in the project data, the engineering system automatically sets the version 1.1.0. After re-processing and re-approval of the faceplate, the second digit of the version number is automatically increased. The current process-ing of a faceplate can be discarded by restoring the latest approved version.



5.5.3 Versioning of VB / C scripts

VB scripts or C scripts (only for RT Professional) are created during ongoing operation in order to access tags and graphical screen objects and to initiate screen-independent actions.

In addition, scripts are used to link functions, which are triggered in the process mode, to individual properties of screen objects (e.g. by using the mouse).

Two different methods of script creation are distinguished in WinCC:

• Local scripts which are created directly on the property of an object in the "Screens" Editor. These scripts are part of the screen and are stored with the screen. Versioning is performed in the screen.

• Screen-independent scripts that are created in the "Scripts" editor and are available in function lists for repeated selection either with object properties or in the task scheduler.

For VB / C scripts that are created with the "Scripts" editor, the engineering system records the last change date and the Windows user who is logged on at this time. For retrieving the data, see chap-ter 5.5.1 "Versioning of screens".

Note

It is advisable to maintain a history in the scripts indicating any changes made. The history is en-tered as comment before the start of the code.



Example of recording the history in a C script:

Example of recording the history in a VB script:

5.5.4 Versioning of reports

The automatic issuing of version IDs in the report layouts is not supported. A static field can be in-serted in the report layout for a version ID allowing manual versioning of various states. The ver-sion ID must be kept up-to-date as specified in the SOP for configuration management. The follow-ing figure shows an example of a report layout footer with a field added for versioning.


6 Configuration for WinCC RT Professional

In a full automation solution, SIMATIC WinCC handles the operator input, monitoring and data log-ging functions. The connection to the automation level takes place via efficient coupling processes

This chapter explains instructions and recommendations for the configuration of WinCC RT Profes-sional in the GMP-mandatory environment. The configuration of HMI panels and WinCC RT Ad-vanced is covered in chapter 7 "Configuration for WinCC Comfort / WinCC RT Advanced".

The configuration of the automation level is not described in this manual.

6.1 Creating the graphic user interface To visualize the plant or process, process screens are created to allow operator control and moni-toring according the specified requirements. Available elements are described in chapter 5.2 "Object-oriented configuration".

The HMI device wizard can be used to configure a basic structure for the visual interface and the screen resolution. We recommend defining a system for screen selection and screen navigation in complex processes involving several process screens. SIMATIC WinCC provides the editor menu and toolbars for implementation.

Both the overview graphics and the operator control philosophy must be described in the specifica-tion (for example URS, FS and P&I) and created accordingly. When completed, these should be shown in the form of screenshots to the customer for approval.

A variety of ready-made graphic objects, arranged according to subject, machine, plant compo-nents, instrumentation, operator controls and buildings (independent of a library) are available for the creation of screens directly in the engineering system under Tools > Graphics. The objects can be easily inserted into a screen and adjusted as needed using drag-and-drop.

Configuration for WinCC RT Professional


6.2 Creating operator input alarms The FDA regulation 21 CFR Part 11 requires traceability of operator process control that impacts GMP-relevant data for systems that operate in a GMP environment.

GMP-relevant operator process control that is carried out via input / output fields or buttons must therefore be configured so that an operator input alarm is generated. This operator input alarm is recorded in alarm logging with time stamp, user ID, old value and new value.

Input / output field

Generating an operator input alarm when a value changes in an object IO field is set in the object-property security. A system-side operator input alarm is generated when the "Query reason for op-eration" property is selected in the "Logging" area. If the "Prompt for motive" property is activated, the system opens a window for entering a comment after the value is applied. The operating right to change the value is configured in the "Authorization" property under "Runtime security".

Button

A system function is attached to an event of the button in order to change the values of tags via a button. A set of system functions is available, which can also create an operator input alarm. How-ever, the entry of a comment cannot be activated.



Operator input alarms in combination with faceplates

Operator input alarms can be generated even if the IO field is integrated in a faceplate. For this purpose, the "Report operator input alarm" property is activated in the faceplate on the IO field for the object property "Security". The process value of the IO field is placed on the interface of the faceplate. When a faceplate instance is inserted in a process screen, this interface is connected to the corresponding tags. If the value in the faceplate is changed an operator input alarm is gener-ated by the system, in which the tag name with the old value and new value for this faceplate in-stance is documented.



Script functions for changing values

Alarms for documenting operator actions can also be configured in addition to the system-generated operator input alarm. For this purpose, a VB script is created by selecting a pre-configured user alarm and supplying it with the appropriate process data. This script is attached to an object event in the process screen.

See also

• TIA Portal information system > ...> Configuring user alarms

Acknowledging alarms with mandatory comments

The entry of a mandatory comment can be configured for tracing the acknowledgment of certain alarms. To acknowledge the alarm, an operator input alarm is generated that contains a time stamp, the user and the comment entered.

See also

• Online Support ID 52329908 "Application Example for WinCC V7"




6.3 User-specific functions and scripts Customer-specific requirements be implemented by means of system functions and / or user-defined functions.

System functions are system-tested standard functions. A set of such functions is already inte-grated in the TIA Portal.

User-defined functions or local scripts based on VB or C script are user-written programs which are rated as Category 5 software. This type of software is designed to meet customer-specific require-ments, which are not covered by the standard. In this case, more work is involved for the validation in the form of detailed functional and interface description and documented tests must be factored in, see chapter 8.3.1 "Software categorization according to GAMP Guide".

System functions are processed parallel to user-defined functions in a "Function list" or integrated in user-defined functions or "local scripts". A "Functions list" is defined for an object event, "Local scripts" are attached directly to an object property.

Note

When creating user-specific functions and scripts, the programming guidelines should be defined in project / department specific instructions (SOP coding standards, naming conventions, style guide, etc.).



Know-how-protected user-defined functions

User-defined functions that are created such as VB Script or C script can be password protected. A password is required to open and edit the functions. The protection is maintained, even if the pro-tected function is moved into the library. Password protection can be canceled if the password is known.

Protected functions are identified in the project navigation by a lock in the icon.

See also

• System manual "TIA Portal", chapter "Know-How Protection” (page 1997), Online Support ID 57341024




6.4 Audit trail The recording of an audit trail for user actions with GMP-relevant data is implemented in the alarm system in WinCC Professional.

Operator actions via the input / output fields or icons (buttons) can be configured in the "Screens" editor so that an operator input alarm is generated by the system. (for configuration, refer to chap-ter 6.2 "Creating operator input alarms")

Note

The generated operator input alarm is a system alarm for which WinCC automatically enters the old value in parameter block 2 and the new value of parameter block 3. Therefore, we recommend renaming parameter blocks 2 and 3 accordingly.

The system alarms must be created in the "System alarms" tab in the "HMI alarms" editor before logon and logout procedures can be accepted in the alarm system. The import dialog opens as shown below when the tab is initially selected.



For the display of the operator input alarms, the "Alarm view" is placed in the process screen from the Tools > Controls are by means of drag-and-drop. To ensure that only operator input alarms and logon / logout procedures are displayed in the "Alarm view", the corresponding filters must be set.

User-defined alarms that are created can be filtered according to the alarm number as well.

Additional filtering according to the alarm numbers 1012400 and 1012401 must be provided to en-sure that logons via a web connection are also displayed.



The Audit Trail is displayed in the process screen as follows:

The icon in the comment column indicates that a comment is present. This can be displayed with the corresponding menu icon.



6.5 Configuration for electronic signature In order to use electronic signatures in stead of handwritten signatures in a computer system, legis-lative regulations such as 21 CFR Part 11 of the U.S. FDA or Annex 11 of the EU GMP Guidelines must be met . Other laws and regulations define which actions require signatures. The owner of the process always decides which of these signatures may be carried out electronically.

Operator actions in WinCC, such as entries via I / O field or button operation, can be configured so that a simple electronic signature is requested from the logged on user.

Example: A setpoint should be changed. When clicking in the IO field, a screen window appears in which the logged on user places his electronic signature by confirming his password. The setpoint can then be changed. During this operator action, a script with the VB function VerifyUser or Au-thenticateUserNoGUI is launched in the background which activates the SIMATIC Logon Service. The function authenticates the logged-on user using the password entered. The electronic signa-ture is established through an audit trail entry and user alarm request, see chapter 6.4 "Audit trail").

The screen window for the electronic signature is flexible in design. During ongoing operation, the electronic signature information could look like this.

6.6 Recipe control

6.6.1 WinCC option"Recipes"

Creating database tables with multiple data records in the "Recipes" editor supports compliance with the GMP requirements with respect to the audit trails of parameter data (recipe data / machine data).

For this purpose, I/O fields are created in a recipe screen and linked to the respective data fields. Entering a value triggers an operator input alarm , if configured correctly.

See also

• TIA Portal information system > Visualize processes> Working with recipes



6.6.2 WinCC Premium Add-on PM-CONTROL

WinCC Premium Add-on PM-CONTROL provides clear and convenient maintenance of recipes, see chapter 3.5.1 "WinCC Premium Add-ons" - batch-based control with PM-CONTROL.

PM-CONTROL manages recipes or machine data records in a separate database. The following functions are supported:

• Change tracking in a separate recipe-related audit trail

• Versioning of the recipes

• Electronic signature at both input as well as for changing the recipe data records, only fully signed recipes are available for production.

• Restoration of an older recipe versions with an integrated mechanism

• Configurable retention period for recipes in the recipe database

Batch reporting can be carried out with PM-QUALITY, see chapter 6.8.2 "Batch-based reporting with PM-QUALITY".

See also

• PM-CONTROL system description at www.siemens.com/process-management

• Chapter 3.5.1 "WinCC Premium Add-ons"

http://www.siemens.com/process-management�



6.7 Electronic recording and archiving of data It is very important to provide full quality verification relating to quality-relevant production data, es-pecially for production plants operating in a GMP environment.

There are several steps involved in electronic recording and archiving:

• Definition of the data to be archiving, the archive sizes and the appropriate archiving strategy

• Configuration of data logs for online storage of the selected process values

• Setting parameters for transferring the logs to the archive server (time period or amount of storage space occupied)

6.7.1 Specifying the data to be archived

Various factors must be taken into account when defining the archiving strategy and determining the required storage space, for example:

• Definition of data with different origins that needs to be archived (process values, alarms, batch data, reports, audit trails, log files etc.).

• Definition of the relevant recording cycles

• Specification of the period of storage online and offline

• Definition of the archiving cycle for transfer to external storage

These data are stored in various logs:

• Data logs (archiving of tags)

• Alarm log

• PM-QUALITY database

• PM-CONTROL databases

In addition, actions are monitored and recorded in log files or databases in other parts of the sys-tem:

• WinCC reports

• Change report at Step7 level for "Download to the PLC" and online parameter changes

• SIMATIC Logon Eventlog

• Event Viewer under Windows Computer Management (logon/logoff activities, account man-agement, rights settings for the file system, etc. according to the corresponding configuration)

All the files mentioned (and others, if required) must be considered in the archiving concept.



6.7.2 Recording and archiving

Archiving in WinCC involves two steps. First, alarms and process values are recorded in the alarm log and in the data log.

Different solutions can be employed to backup these short-term archives into long-term archives and store them for the period defined by the customer.



Data recording in SIMATIC WinCC

The signature activated property is activated under logging in the runtime settings editor for the logging of interrupts and process values in a GMP environment. When the data is transferred, an internal algorithm generates a checksum. This means that subsequent manipulation is detected by the system and is displayed when a connection is established to a manipulated database.

A second backup path can also be specified as a precautionary measure against long-term archive server failure.

6.7.3 Archiving batch data with PM-QUALITY

In PM-QUALITY, the acquired batch data can be exported manually or automatically in database, HTML or XML format. The acquisition of the data is described in chapter 6.8.2 "Batch-based report-ing with PM-QUALITY".

Only completed batches can be archived. Selecting the Automatic batch finalize check box in the Project Settings > Defaults dialog has the effect that changes to the batch data are no longer possible after the automatic export in database format.

For export in HTML or XML format, the subsequent manipulation of the data can be prevented through restrictive rights on the drive (read only) or through automatic conversion to PDF format using auxiliary tools.



See also

• PM-QUALITY system description at www.siemens.com/process-management

6.7.4 Increased availability for data archiving

PM-QUALITY Professional Data Center variant can be used for the continuous recording of batch data from two parallel operating WinCC servers with RT Professional projects. This requires the project data on both computers to be identical and that the computers to be time-synchronized.

Upon completion and release of a batch, the Application Data Center merges the recorded batch data from two PM-QUALITY runtime databases into one database export. If one WinCC server is not available, the Data Center only becomes active when both WinCC servers are operating again.

6.8 Reporting

6.8.1 Reporting of process and production data

The documentation of process and production data is configured in the "Report" editor. The follow-ing data can be reported:

Alarm sequence report Chronological listing of all alarms occurring since the start of WinCC Run-time

Alarm report Alarms of the current alarm list

Log report Alarms from the alarm log, e.g. audit trail based on operator input alarms

Tag table Tag contents from process value / compressed logs in the form of a table

Tag trend / screen Tag contents from process value / compressed logs in the form of a trend

Recipes Data records of recipes in tabular form

Hardcopy Hardcopy of screen contents

Tag values Current process values at defined time

Note

WinCC reports support the reporting based on continuous archives.

The layouts for reporting are designed according to the requirements of the specification. In addi-tion to detailed pages of content, a report may also include a front page, rear page, and a header and footer. There are numerous tools available for the display of the contents. These can be simply dragged and dropped into the detail area and then configured.

See also

• TIA Portal information system > Visualize processes > Working with reports




Print jobs

When reports are printed on a printer, a print job must be defined in which the report name, time, page area and the printer are specified. Activation of the print job can be time/event driven.

The audit trail entries are shown in the report as follows:

6.8.2 Batch-based reporting with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY is used for batch-based archiving and reporting. The recording of the production-relevant data begins with the Batch start signal and ends with the Batch end signal. The data is assigned to a specific batch, which can be configured, and called back up again with the batch name.

The process values are graduated according to various recording cycles, recorded or copied from the WinCC data logs into a separate PM-QUALITY database over the runtime period of the batch. Event-driven or trigger-dependent process values (e.g. setpoints / actual values) are recorded as a snapshot. Alarm events and audit trail entries from the alarm logs (Panel and WinCC RT Ad-vanced) or the HMI alarms (WinCC RT Professional) are included in the PM-QUALITY database.

See also

• PM-QUALITY system description at www.siemens.com/process-management

Design of the batch report

The report editor provides numerous options for custom designing the report layout to display the batch data.

The procedure for including audit trail entries (operator input alarms) in a batch report is shown be-low based on an example.

The alarm blocks displayed in the batch report are selected under the WinCC Audit Trail alarm group properties in the Topology Manager. Furthermore, the alarm number for the operator input alarm defined in the WinCC system is entered in the alarm filter dialog.

The WinCC Audit Trail alarm group is displayed in the report editor under available report blocks. The audit trail alarm group is dragged to the right to be included in a report layout. The display is defined in the properties for the report block.




An audit trail in a batch report may be displayed as follows:

Change comments can be reported in the audit trail.



6.9 Monitoring the system

6.9.1 Diagnostics of communication connections

WinCC provides the Channel diagnostics application for monitoring communication connections to the secondary controllers. The application can be integrated via Start > All programs> Siemens Automation> Runtime System or as an ActiveX control in a WinCC screen (e.g. diagnostic screen). The status of the channels that support diagnostics is displayed in a window. Information on the start / end of the connection, version ID and error alarms with time stamp are automatically recorded in a log file. This represents evidence of the quality of the communication connections provided by the system.

6.9.2 Memory space view

In the memory space view, a bar is used to indicate the amount of storage space used as a per-centage of the overall capacity of the drive. A memory space view can be embedded in a screen (e.g. diagnostic screen) for monitoring the storage capacity of each drive. Percentages and bar colors can be configured for tolerance, warning and interrupt.



6.10 Data communication with the plant control level Date communication with the plant management level or other systems must be covered by system functionalities. Various methods are available for this purpose. OPC interfaces are available and can be installed with the system software for accessing archive data and process tags. Other methods for direct access to the log databases are available with ADO / OLEDB or the Runtime API.

The following interfaces are included:

• OPC DA

• OPC Historical Data Access (HDA)

• OPC Alarms and Events (A&E)

• OPC UA

• ADO/OLE DB

See also

• TIA information system > Visualizing processes > Interfaces > OPC

• TIA information system > Visualizing processes > Working with alarms > Configuring alarm logs

Data communication via Runtime API

The programming interface of WinCC is accessible in the Runtime API. As a result, internal WinCC functions can be used and tag or log data accessed in custom applications.

See also

• TIA information system > Visualizing processes > Interfaces > Runtime API



6.11 Connection to Web client A difference is made between a read-only and read-write access for web access from a computer on the network to the user interface of WinCC. Whereas both read-only and write access can be provided with the WinCC Web Navigator, the WinCC DataMonitor option is also available as an al-ternative for read-only access. Operation via the Web client is verified by SIMATIC Logon (user au-thentication), as well as from user administration in WinCC (user permissions).

See also

• System manual "TIA Portal" chapter 3.1.2.4 "Installing WebNavigator”, Online Support ID 57341024

Note

The standard functions are used if operator input alarms in the form of audit trail should be gener-ated with the Web client (see chapter 6.2 "Creating operator input alarms"). The script functions described there are only supported by the Web client if SIMATIC Logon is installed on the com-puter.

Note

The installation and licensing of each client for remote access is required on the computer for viewing process images in which ActiveX controls of the WinCC Premium Add-ons for PM-CONTROL and PM-QUALITY are integrated.

6.11.1 Setting the user rights on the WinCC server

The user authorization in the Web client is set up in the WinCC User administration for the user groups.




Remote access is enabled by selecting the "Web access" check box for the user group.

The user authorization between WebNavigator and DataMonitor is controlled with the "Web access - view only" function. The process screens can be used if this feature is not activated and the WebNavigator license is recognized. If this function is activated, the process screens can only be monitored.

Note

This configuration is carried out separately for each user group. This means that authorization for remote access, start page, language, and user authorization can be defined separately for each user group.

6.11.2 Remote access via the network

The installation of the Web client is required for remote access.

The application WebViewer is automatically installed when you install the Web client. Since the WebViewer can be individually configured, it is recommended that it be used instead of Internet Explorer for remote access.

The initial configuration and further application takes place by selecting the file WinCCViewerRT in the path where the Web client is installed, for example: C:/Program Files/Siemens/Automation/SCADA-RT_V11/WinCC/Web Navigator/Client/Bin. The first time this is called, parameters are assigned to the WebViewer:



The “shortcuts” in the second window should be locked.

See also

• TIA Portal information system > Visualize processes > Options > Web Navigator > Basics > WinCCViewerRT

The time configured here for the automatic logout is relevant for the logout behavior of remote ac-cess. When using the WebViewer, the indicated logout time is sufficient for configuring the WebViewer (see above). Based on the information configured here, the prompt to confirm Web logout appears in the Web client one minute prior to the time indicated:

The settings are stored as default in the "WinCCViewerRT.xml" configuration file. The next time the WebViewer is started, the parameter assignment dialog is not opened. If subsequent parameter changes are required, the configuration dialog can be re-opened with the key combination Ctrl + Alt + P. In case this key combination is unwanted because of security reasons, the XML file can also be deleted when having appropriate rights; then the configuration dialog will open again with the next start of the WebViewer.

Logging on and off via the Web are reported in the WinCC alarm system, if the system alarms are imported. (see also chapter 6.4 "Audit trail")



Operator actions through web access can be identified on the entry for the user. In this case, the machine name on which the action was performed is preceded by the username.

6.11.3 Web access for data display

The Trends & Alarms application of the WinCC Data Monitor option can be used to display and evaluate logged data in addition to the WinCC Web Navigator. Trends & Alarms and the other tools available grant read-only access to the logged data.

As an alternative, the process screens with WinCC controls can be used to display alarms or data logs for viewing data.

With Internet Explorer, the log data can be displayed on any computer in the network. This requires the installation of an SQL server on the computer where the log databases are stored.

To access already swapped out data archives, the “Archive Connector” tool is used to con-nect/disconnect the archived databases with/from the MS SQL server.



6.12 Interfaces to SIMATIC WinCC

6.12.1 Connection from SIMATIC S7

Connection via defined channels

For data communication between WinCC and the automation system, a physical and a logical communication link in the Devices & Networks editor is configured.

The tag management provides the data interface between the PLC and the PC system with the WinCC RT Professional installation. All the editors integrated in WinCC read / write data to the tag management. This enables direct access to the PLC tags (external tags) or HMI tags (internal tags).

An interruption of the communication link is indicated in the WinCC when system alarms are acti-vated.

Evaluating the tag status and quality status

To allow monitoring, a status value and a quality code are generated for each tag. Among other things, the tag status indicates configured limit value violations and the link status between WinCC and the automation level. The quality code is a statement about the quality of the value transfer and value processing.

In the properties of a graphic object such as in the inspector window under Animation > Animate property, the evaluation of the tag status or the quality code can be configured.

During dynamization of object properties using the property list, also properties for the examination of quality code and tag status are offered. The evaluation is indicated in a VB script expression.

See also

• GMP Engineering Manual SIMATIC STEP7, Siemens AG, I IA VSS Pharma

• TIA Portal information system > Visualize processes > Create screens > Dynamic modification of property animations



6.12.2 Connection to other components and third-party suppliers

Connection via defined channels

The OPC channel serves as a general communication link between WinCC and other systems. The communication driver for OPC (OLE for Process Control) is certified by the OPC Foundation. The driver is included with the WinCC system software.

SIMATIC WinCC RT Professional can be used as a SCADA system (Supervisory Control and Data Acquisition) on which one or more secondary panels or HMI devices are connected to WinCC RT Advanced via OPC communication.

It is possible to connect the OPC client with third-party control systems over an OPC server.

A communication link is configured for the OPC channel in the connections editor. The relevant tags can be created with name and type once the OPC server is activated on the communication partner.

WinCC also operates as an OPC server and transfers process values to other OPC clients.


7 Configuration for WinCC Comfort / WinCC RT Ad-vanced

Operator actions, monitoring and data logging functions for panels or single-station systems are in-cluded in WinCC or WinCC RT Advanced Comfort. This chapter describes in detail the configura-tion of Comfort Panels and Multi Panels with the engineering software WinCC Comfort. The intro-duced project methods can be applied to the WinCC Advanced engineering system.

7.1 Creating the graphic user interface

The individual process screens are created according to the requirements after the basic structure for visualization has been generated with the HMI device wizard. Basic objects, elements and con-trols are available for the design of the screens in the area of the tools. Essential elements for a GMP-compliant configuration are described in the chapter 5.2 "Object-oriented configuration".

A framework design with company name, logo and buttons for screen selection can be defined in the form of templates. A template provides the basis for the process screens.

Both the process screens and the operator control philosophy must be described in the specifica-tion (for example URS, FS and P&I) and created accordingly. These should be submitted to the customer for approval in the form of screenshots.

7.2 Creating operator input alarms The FDA regulation 21 CFR Part 11 requires traceability of operator process control that impacts GMP-relevant data for systems that operate in a GMP environment. Therefore, these operator process controls must be configured so that an operator input alarm is generated. The WinCC (TIA Portal) audit for panels or RT Advanced options support this request after activation of the GMP compliant configuration, see 5.1.5 "5.1.5". Operator input alarms are recorded in the audit trail with time stamp, user ID, old value and new value.

In WinCC Comfort/Advanced, the generation of the operator input alarm on each GMP-relevant tag is activated (not on the graphics object IO field as in WinCC RT Professional).



Once the GMP-relevant property is activated for this tag, an operator input alarm is generated in the audit trail if the value of the tag is changed (see 7.4 “7.4"). The "Comment required" box is acti-vated for making a comment.

Operator input alarms in combination with faceplates

The interface of the faceplate instances is connected to tags or tags that are an element of a user data type. For generating operator input alarms, the GMP-relevant property is activated for the in-dividual tags in the tag table. All related elements are automatically activated as GMP-relevant for a user data type (the data type motor in the figure below).



The operator input alarms are displayed as follows in the audit trail:

Operator input alarms with the NotifyUserAction system function

The "NotifyUserAction" system function can be used to generate operator input alarms during the execution of operator actions, which do not directly affect a tag value, for example pressing a but-ton. This is either added to an object event in the list of functions …

or incorporated in a VB script, for example as follows:



7.3 User-specific functions and scripts Customer-specific requirements can be implemented in WinCC Comfort / RT Advanced in the form of functions or local VB scripts and then provided with know-how protection.

To create such functions and scripts, see also

• Chapter 6.3 "User-specific functions and scripts".

Such custom scripts are rated as GAMP Category 5 software. The effort required for validation in the form of detailed function and interface description as well as documented tests is described in

• Chapter 8.3.1 "Software categorization according to GAMP Guide".

7.4 Audit trail The log editor is upgraded to include the "Audit trail" archive when the project property GMP of the Audit option (see 5.1.5 "GMP project setting in the Audit option") is activated. The audit trail records the operator actions in chronological order thereby providing traceability of the plant operation.

The audit trail contains the following entries:

Configuration-dependent records: • Value change of a GMP-relevant tag

• GMP-relevant recipes, see chapter 7.6 "Recipe control"

• Operator input alarms based on "NotifyUserAction" system functions

Automatic entries without any additional configuration • User administration

- Logging on and off of users, including logon failures

- Import of user administration

• Alarm system

- All alarms that are acknowledged by the user (with the alarm text can also be logged)

- All attempts to acknowledge

• Archive operations

- Starting / stopping a log

- Opening / closing all logs

- Deleting a log

- Starting a sequence log

- Long-term archiving of a log

• Recipe operation, see chapter 7.6 "Recipe control"

Audit trail settings such as storage location, format, and minimum storage space are made in the log editor under the Audit Trail tab in the general properties.



The log characteristics are configured under the settings.

Note

The force function must be deactivated in the GMP environment so that all operator input alarms are recorded in the audit trail. We recommend evaluating the events Little free space and Little free space, critical and to configure a reaction in the function list. (e.g. generating a warning alarm, moving the logs to a network drive)

If no storage space is available, GMP-relevant operator actions are no longer feasible.

See also:

• TIA Portal information system >..> System function ArchiveLogFile

• "Handling Large Archives" in the Online Support under ID 63042926




Displaying the audit trail

The audit trail is stored either in CSV or TXT format in a circular log. A checksum, which is formed by an internal algorithm for each entry, ensures that manipulation is detected.

To view the audit trail in the Audit Viewer, the logs are closed on the HMI device, the audit trail log is moved to another directory e.g. network drive and then the logs are opened again. This can be realized either in a function list (comparable to the "NotifyUserAction" event before) or by VB script via a button or the task scheduler.

See also:

• TIA Portal information system >..> System function ArchiveLogFile

The network drive can be protected against unauthorized access with Windows tools (see 4.5.2 "4.5.2") in order to prevent manipulation of the audit trail files.

The Audit Viewer application is used for the display of the audit trail on a PC and is included with the engineering system product package. The Audit Viewer evaluates the checksums of the entries and signals any manipulation of the file in a red display or a non-manipulated file in green.

The HmiCheckLogIntegrity.exe application that can be executed within a command prompt is an-other way to verify checksums in the audit trail files.

See also:

• TIA Portal information system> Visualizing processes > Options > Working with audit trail com-pliant > Using audit trail > Audit trail > Evaluate audit trail with DOS program



7.5 Configuration for electronic signature A regulatory or customer requirements may require a signature for sensitive operator actions. A simple electronic signature can be configured. This requests the password of the logged on user by activating the project property "GMP" (see 5.1.5 "5.1.5") of the audit option. A dialog for entering the password is automatically opened.

The electronic signature requirement is configured either in the tags in the tag table in the GMP property or with the "NotifyUserAction" system function. "Electronic signature" is selected from the confirmation category. If an additional comment form is desired, the corresponding check box is se-lected or the system function for comment required is configured with "yes".



7.6 Recipe control

7.6.1 WinCC option "Recipes"

Related parameters such as production data and machine parameters are summarized in a recipe. A recipe consists of several data records in which various values are stored for the individual recipe elements. Each recipe element is connected to a tag. The recipes are logged in a separate data store.

GMP settings can be activated by using the recipe option in combination with the audit option in the recipe properties.

The following actions are recorded in the audit trail for GMP-relevant recipes:

• Creating and storing new recipe records

• Changing and saving recipe data records

• Transferring recipe data records to the PLC or reading from the PLC

• Changing the setting online/offline for the synchronization of tag values when using recipe tags



All recipes and records can be displayed in the process screen with the recipe view control. How-ever, changes to the records are not saved in the audit trail.

The recipe tags with activated "GMP-relevant property" are embedded in a recipe screen for FDA-compliant tracking of changes to the recipe data records. The recipe view control can be used for display by deactivating the "Allow editing" property.

See also:

• TIA Portal information system > Options> Working with audit GMP compliance > Configure au-dit functions > Recording recipe changes

• TIA Portal information system > Visualize processes > Working with recipes > Viewing and ed-iting recipes in runtime > Basics of the recipe screen

• TIA Portal information system > Performance features > General technical data > Required storage space for recipes



7.6.2 WinCC Premium Add-on PM-CONTROL

WinCC Premium Add-on PM-CONTROL provides clear and convenient maintenance of recipes, see chapter 3.5.1 "WinCC Premium Add-ons" - batch-based control with PM-CONTROL.

PM-CONTROL is installed on a separate computer or on the computer with WinCC RT Advanced. The structure of PM-CONTROL enables the central recipe data management for several produc-tion units and controllers. PM-CONTROL can also be used as a standalone system for the mainte-nance of recipes and the management of orders. A tag connection to the panels can be established via OPC XML, to WinCC RT Advanced via OPC DA or directly to an S7 controller via OPC. To dis-play the recipe data and order management, PM-CONTROL provides ActiveX controls, which can be integrated into process screens with the use of WinCC RT Advanced.

The FDA requirement for an electronic signature in accordance with the article 21 CFR Part 11 is met by PM-CONTROL, see chapter 6.6.2 "WinCC Premium Add-on PM-CONTROL".

See also:

• www.siemens.com/pm-control

7.7 Electronic recording and archiving of data Data recording and archiving is of great importance to ensure complete proof of quality with regard to quality-related production data for manufacturing plants in an GMP environment.

This requires that a number of steps be performed:

• Definition of the data to be archived, the archive sizes and the appropriate archiving strategy

• Configuration of data logs for online storage of the selected process values

• Concept for transferring the logs, for example to a network drive

7.7.1 Specifying the data to be archived

Various factors must be taken into account when defining the archiving strategy and determining the required storage space, for example:

• Definition of the data to be archived from various sources such as process values, alarms, au-dit trails, batch data (PM-QUALITY) etc.

• Definition of the respective archiving cycles

• Definition of the respective retention period, both online and offline

• Definition of the cycle for the external data storage

These data are stored in various logs:

• Data log

• Alarm log

• Audit trail

• PM-QUALITY databases

• PM-CONTROL databases

http://www.siemens.com/pm-control�



In addition, actions are monitored and recorded in log files or databases in other parts of the sys-tem:

• WinCC reports

• Change report at Step7 level for "Download to the PLC" and online parameter changes

• SIMATIC Logon Event Log, on the computer with the SIMATIC Logon installation

• Event Viewer under Windows computer management only for WinCC RT Advanced (logon/logoff activities, account management, rights settings for the file system, etc. according to the corresponding configuration)

All the files mentioned (and others, if required) must be considered in the archiving concept.

7.7.2 Recording and archiving

Tag and alarm logs are defined in the "Archives" editor for continuous archiving of process-relevant data. The configured archiving method determines the reaction if the archive is full.

• Circular log The oldest entries are deleted.

• Segmented circular log The entries are stored in defined segments. If all segments are filled the oldest segment de-leted.

• Display system event at a definable level A system event is triggered when the level is reached.

• Trigger event at full archive

A checksum can be generated for each file entry for logging methods "Display system event at ..." and "Trigger event ..." in combination with CSV and TXT formats. Any manipulation of the logs can therefore be detected. The checksum is verified when opening the logs in the Audit Viewer applica-tion, see chapter 7.4 "Audit trail" > View the audit trail.

The size of the log depends on the length of a single entry and the number of entries. It is defined in number of entries. The size of the memory card must be taken into account here for HMI de-vices.

See also:

• TIA Portal information system > Visualize processes > Working with tags > Logging tags > Working with data logging (panels, RT Advanced)

• TIA Portal information system > Visualize processes > Working with alarms > Logging alarms > Configuring of alarm logging (panels, RT Advanced)



The CSV, TXT and RDB formats are available as archive formats. Archiving in RDB format, a pro-prietary database, provides fast access to data for displaying the data in the controls during run-time. For further evaluation of the data, the RDB format must be converted into the CSV format us-ing the copy function. Archives in CSV / TXT format can be evaluated with other tools. The TXT format is Unicode-compliant and therefore suitable for Asian fonts.

Note

For panels, we recommend logging of tags, alarms and audit trails locally on a memory card and cyclically transfer the logs to a network drive.

See also:

• Chapter 7.7.4 "Connection to a network drive with access control"

• TIA Portal information system > ...> System function "Archive log file"

• "Handling Large Archives" in the Online Support under ID 63042926

7.7.3 Archiving batch data with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY offers batch-based archiving of process data and alarms, see chapter 6.7.3 "Archiving batch data with PM-QUALITY".

PM-QUALITY is installed on a separate computer or on the computer with WinCC RT Advanced. PM-QUALITY records the batch data from multiple, parallel operating production units in a sepa-rate database. A tag connection to the panels can be established via OPC XML, to WinCC RT Ad-vanced via OPC DA or directly to an S7 controller via OPC. Various ActiveX controls for viewing the batch data or trends, are available in WinCC RT Advanced for integration in a process screen. PM-QUALITY can be operated as a standalone system on a PC as an alternative. Applications to view and manage the batch data are included in the product package.

See also:

• www.siemens.com/pm-quality




7.7.4 Connection to a network drive with access control

The panel is connected to a network via the Ethernet interface in order to back up the log that is stored locally.

See also:

• Online Support under ID 13336639 "Integration into a local network"

Note

The folder where the data is stored by the panel must be secured with Windows utilities since the CSV and TXT do not offer protection against unauthorized user intervention.

The following procedure is recommended for this purpose:

• A new user is created with the name of the panel in the Windows user administration of the PC to which the log data is moved. The name of the panel was specified when the network con-nection was configured in the control panel under network. This is the name by which the panel logs on to the network.

• The access permissions of the shared folder are defined in the folder properties in the "Secu-rity" tab. The panel name is added under "Group or user names" and is assigned "Full access" under permissions.




• The "Write" permission check box is selected under "Deny" for the user groups "Users" and "Administrators".

The panel is authorized to store the log files in the directory based on this configuration. All other users can only read the log files. But it maybe be considered to create a kind of HMI administrator, who could access the folder with write permission in case of file damage etc.

Note

If the log data is placed in a subfolder of the shared directory, then the security settings for that folder are sufficient.

The screenshots were taken in the Windows 7 operating system.



7.8 Reporting

7.8.1 Output of process and production data

Process data can be output from a network printer in report form or stored in PDF / HMTL format.

The following data can be reported:

Tag contents Current process values

Alarm report Alarms from the alarm buffer or from the alarm log

Audit trail Operator action entries

Recipes Data records of recipes in tabular form

Hardcopy Hardcopy of screen content

The report layout can be designed with a title page, headers and footers, multiple detail pages and a back page. For the display of process data, a number of objects and controls in the tool range are available which can be dragged and dropped onto the report pages and then configured.

The scope of the data output can be specified as follows:

• Alarms: Alarm buffer or the alarm log output. A time range from .. to can be specified.

• Recipes: Output of a particular recipe per integrated control For this recipe, either all records, a specific record or a volume number of data records is printed.

• Audit trail: Output of the complete audit trail entries, which were logged on the HMI device.

• Hardcopy: Printout of the current screen content graphics with "PrintScreen" system function

See also:

• TIA Portal information system > Visualize processes > Working with reports > Basics of creating reports

Activation of a printout

The output to the default printer is organized with the "PrintReport" system function. The system function can be launched either with a button or cyclically in the task scheduler.

Reporting to a network printer or another printing option

The following alternatives are available printing reports:

• Network printer

• Postscript printing (printing with PostScript compatible printers)

• Brother QL-650TD (thermal printer)

• PDF printing (print to a PDF file)

• HTML printing (print to an HTML file)



Printer drivers for Comfort Panels are available in an options package for printing to PDF / HTML files as well as the options for PostScript printing and Brother QL-650TD. These drivers can be in-stalled on the HMI device using the application ProSave. Reports in the file format PDF / HTML can also be stored on a USB stick or a network drive as an alternative to local storage.

See also:

• List of shared printers and printer driver options package with installation guide, Online Support ID 11376409

• TIA Portal information system> Visualizing processes > Performance features > Recom-mended printers and printing via print server

• Setting up a network printer, Online Support ID 18720136

7.8.2 Batch-based reporting with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY offers convenient reporting of batch data. In contrast to the continuous data acquisition on the HMI devices, recording of the relevant batch data begins with the start of the batch and stops at the end of the batch. The recorded data are assigned di-rectly to a batch name / number.

In a system configuration with panels and WinCC RT Advanced, batch data is recorded as follows in PM-QUALITY:

• Process values from panels, WinCC RT Advanced or directly from the S7 PLC via OPC con-nection

• Transfer of alarm logs from the panel or WinCC RT Advanced

• Transfer of the audit trail from the panel or WinCC RT Advanced





• Transfer of the data logs from the panel or WinCC RT Advanced

The process values are acquired cyclically or event-driven. At the end of the batch, alarm logs and the audit trail are moved to a network drive or another drive on the PC and imported by PM-QUALITY into its own database.

PM-QUALITY Report Editor provides a wide range of design and evaluation options for the presen-tation of batch data in a report.

See also:

• Chapter 6.8.2 "Batch-based reporting with PM-QUALITY"

• Chapter 7.7.3 "Archiving batch data with PM-QUALITY"

• www.siemens.com/process-management

7.9 Monitoring the system

7.9.1 Diagnostics of the communication link

The status of the connection to secondary controllers can be visualized with the "System diagnos-tics view" control. The device view shows a table of all available devices on a level (see figure). In-formation on the status and error entries are displayed in the detail view, which can be opened by double-clicking on the device in the table.

The control can are integrated, for example, into a diagnostic screen.

See also:

• TIA Portal information system > Visualize processes > Creating screens > Display and operat-ing objects > Objects



7.10 Interfaces

7.10.1 Connection from SIMATIC S7

Comfort Panels and PC systems with WinCC RT Advanced are equipped with communication driv-ers for SIMATIC S7-1200, SIMATIC S7-300/400 and SIMATIC S7-200. A connection is established via PPI (S7-200), MPI / PROFIBUS-DP or Ethernet. The physical and logical connection is config-ured in the Devices & Networks Editor.

The tag management is the data interface between the S7 and the HMI device. All editors inte-grated in WinCC read and write data in tag management. Integration in the TIA Portal engineering interface provides a direct access to the PLC tags (external process tags) and the HMI tags (inter-nal variables of the HMI device) in the editor for configuring the HMI device. Changes to S7 data that are used in the operating device (e.g. PLC tags, data block assignment) are automatically up-dated in the projects of the connected HMI devices with the compilation of the project data.

An interruption of the communication link is automatically indicated with a system alarm in the HMI alarms. The connection status can be visualized in a process screen with the "System diagnostics view" control.

See also:

• TIA Portal information system > Visualize processes > Communicate with controllers > Device dependency > Comfort Panels / PC systems with WinCC RT

• Chapter 7.9.1 "Diagnostics of the communication link"

7.10.2 Connection to other components and third-party suppliers

The HMI devices have an OPC interface for connecting to other components as well as third-party suppliers. A HMI device can be used as an OPC server and / or as an OPC client. The type of the OPC connection depends on the device.

See also:

• TIA Portal information system > Interfaces > OPC > Basics of RT Advanced > Using OPC

7.10.3 Connection to SIMATIC WinCC RT Professional

Both HMI devices with WinCC RT Professional and Advanced with RT and panels are used in a distributed system.

Tags content is exchanged via the OPC interface.

See also:

• Chapter 6.12.2 "Connection to other components and third-party suppliers"



Central audit trail

Audit trail archives, which are generated by the individual HMI devices as a circular log in CSV format, can be imported into the database of the reporting system of WinCC RT Professional with the PM-OPEN IMPORT add-on. A distinction is made between user alarms and system alarms.

Please take note that the number of the standard operator input alarm in WinCC RT Professional (12508141) is assigned to the operator inputs. Old value and new value are taken over into the process value blocks 2 and 3. The original time stamp of the alarms is preserved when importing data.

The import of data is organized as follows:

• Installation of the PM-OPEN IMPORT add-on on the PC with WinCC RT Professional

• Creating a directory for each HMI device into which the CSV files are either event-driven or moved cyclically

The directories are monitored by PM-OPEN IMPORT with Windows resources. As soon as a CSV file is detected in the directory, PM-OPEN IMPORT starts reading the data.

The imported audit trail entries can be displayed in a process screen by WinCC RT Professional with the ActiveX Control "Alarm view".

Central process data archiving and central interrupt management

Data and alarm logs which are generated by the individual HMI devices in CSV format can also be transferred to the databases of the reporting system of WinCC RT Professional with the add-on PM-OPEN IMPORT. Data from the data log will accordingly be read into the data log of WinCC RT Professional and alarms into the alarm log. The original time stamp remains unchanged.

The imported data can be displayed in WinCC RT Professional on the trends / table view or the alarm view.




8 Support for Verification

The following graphic shows an example of a lifecycle approach. After creation of the system, the system must be tested to establish whether all specified requirements are met. GAMP5 calls this phase the "Verification". The terms "validation" and "qualification" are not replaced by this but rather supplemented. The areas covered by tests performed by the supplier and suitably docu-mented can be used for the validation activities of the pharmaceuticals company.

Various standard functions of the TIA Portal engineering system can be used in support of verifica-tion / qualification.



8.1 Test planning In defining a project life cycle, various test phases are specified. Therefore, basic qualification ac-tivities are defined at a very early stage of the project and fleshed out in detail during the subse-quent specification phases.

The following details are defined at the outset of the project:

• Parties responsible for planning and performing tests and approving their results

• Scope of tests in relation to the individual test phases

• Test environment (test structure, simulation)

Note

The testing effort should reflect both the results of the risk analysis and the complexity of the com-ponent under test.

A suitable test environment and time, as well as appropriate test documentation, can help to en-sure that only very few tests need to be repeated, or even none at all.

The individual tests are planned in detail at the same time as the system specifications (FS, DS) are compiled. The following are defined:

• Procedures for the individual tests

• Test methods, e.g. structural (code review) or functional (black box test)

8.2 Verification of hardware During the qualification phase, tests are performed to verify whether the installed components and the overall system design meet the requirements of the Design Specification. This includes details such as component name, firmware / product version, installation location, server and clients used, interfaces to the automation system, etc.

Utilities for the verification of the system hardware • Printouts and screenshots as proof of qualification (chapter 8.4 “Documentation of the project

data”)

• Additional visual checks of the hardware when necessary

• Printouts of the hardware configuration and verification of compliance with the switch cabinet documentation

• PC pass with information on all installed hardware and software components. This can be cre-ated manually or using commercially available tools. Where necessary, there should also be an additional visual check



Verification of panel hardware

Panels are delivered preconfigured with the operating system Windows CE. For hardware verifica-tion, panel type and version as well as additional storage cards and the network configuration need to be checked.

Panel type and version can be read out at the panel via Control Panel > OP:

The network configuration can be found under Control Panel > Network and Dial-up Connections:



8.3 Verification of software

Utilities for the verification of the system software

Files, printouts and screenshots of various functions and programs can be used as proof for the qualification, for example:

• Installed software, chapter 8.3.2 "Verification of software products"

• Documentation of the project data, chapter 8.4 "Documentation of the project data"

• SIMATIC Security Control, chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime soft-ware"

• Diagnostics of communication links, chapter 6.9.1 "Diagnostics of communication connections"

• Memory space view, chapter 6.9.2 “Memory space view"

8.3.1 Software categorization according to GAMP Guide

According to the GAMP5 Guide, the software components of a system are assigned to one of four software categories for the purpose of validating automated systems:

• Category 1: Infrastructure software

• Category 3: Non-configured products

• Category 4: Configured products

• Category 5: Custom applications

In terms of a WinCC system, this means that the individual software components require various degrees of effort for specification and testing depending on their software category.

While a computer system as a whole would usually have to be assigned to category 4 or some-times even 5, the individual standard components to be installed (without configuration) involve ef-fort analogous to category 3 or 1.

Configuration based on the installed products, libraries, blocks, etc., then corresponds to cate-gory 4.

If "Free code" is also programmed, this corresponds to a category 5.

Procedure for category 5 functions

Here, specification and testing requires a much greater effort: 1. Creation of a description of functions for the software 2. Definition of the functions used 3. Definition of the used inputs and outputs 4. Definition of the usability and observability 5. Software design according to specification and programming guidelines 6. Structural testing for compliance with programming guidelines 7. Functional testing for conformity with description of functions 8. Approval prior to use or reproduction



8.3.2 Verification of software products

Verification includes determination whether the installed software meets the requirements of the specification of the employed "standard" software products. These are usually products that are not designed specifically for a customer but rather freely available on the market, e.g.:

• Operating system and other software packages

• SIMATIC WinCC Runtime System Software

• SIMATIC Standard Options (DataMonitor, WebNavigator, Recipes, etc.)

• SIMATIC WinCC Premium Add-ons (PM-CONTROL, PM-QUALITY, PM-OPEN IMPORT)

• Standard libraries

The software installed on the operating system can be checked with Control Panel > Add/Remove Programs.

• The settings in the Windows operating system required for the WinCC system software can be queried in the application SIMATIC Security Control: All programs > Siemens automation > Security Control > Accepted settings. (see also chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software")

The installed SIMATIC software is documented in detail in the WinCC RT Start application under Help > About WinCC RT Start ... > Components.



The Automation License Manager program provides information about the licenses installed on each WinCC computer.

Verification of panel software

The version of the operating system of a panel can be read under Control Panel > System. There you also see the available memory space.



The Automation License Manager program can also provide information about the SIMATIC li-censes installed on panels. For this purpose, a connection between the panel and the Automation License Manager needs to be done:

• With TIA Portal Engineering System Via the context menu HMI Device maintenance > Authorize/License

• Without TIA Portal Engineering System In Automation License Manager via the menu Edit > Connect target system > Connect HMI de-vice

Example for licenses being installed on a panel:



8.3.3 Verification of the application software

During verification of the application software, specification test descriptions are generated accord-ing to the requirements of the software and then used as a basis for testing the software.

The following checks are typical when testing a computer system:

• Name of the application software

• Technological hierarchy (plant, unit, technical equipment, individual control element etc.)

• Software module test (typical test)

• Communication to other nodes (controllers, MES systems etc.)

• Inputs and outputs

• Control module (device control level)

• Equipment phases and equipment operations

• Relationships between modes (MANUAL/AUTOMATIC switchovers, interlocks, start, running, stopped, aborting, completed etc.)

• Process tag designations

• Visualization structure (P&I representation)

• Operating philosophy (access control, group rights, user rights)

• Archiving concepts (short-term archives, long-term archives)

• Signal concept

• Trends

• Time synchronization

Configuration data such as the tags, functions or graphics used can be output based on reports. For this purpose, ready-made standard layouts and print jobs exist in the global library of the TIA Portal engineering system, see chapter 6.8.1 "Reporting of process and production data".

8.4 Documentation of the project data Documentation of the project data can be created in the engineering system in support of the hardware and software verification process. For this purpose, the TIA Portal provides a number of templates in the global library, also in accordance with the ISO standard for technical project documentation.

Documentation of the following data can be displayed as a print preview on the screen or output on a printer via the corresponding context menu:

• Entire project data when the top node is selected in the project navigation

• Project data for a device in the project navigation

• Contents of an opened editor (e.g. Devices & Networks)

• Tables

• Libraries



Example of a documentation of the Devices and Networks editor:

See also:

• TIA Portal information system > Edit projects > Edit project data > Print project content



In the print dialog box, the printer, print layout and the extent of the documentation either total or compact is selected.



8.5 Configuration control

8.5.1 Project versioning

In this storage concept, it might be specified, for example, that the project is backed up following a change. The project backup is carried out in the TIA Portal in the project view under "Save as". Here, the project can be saved under a different name with an integrated version number if neces-sary.

The project folder that contains the TIA Portal project can be packed in Windows Explorer as an al-ternative to backing up the project.

A version ID can, for example, be included in the file name of the compressed file. Make sure that the folder hierarchy is maintained when packing the WinCC project so that the project can be read again.

See also:

• TIA Portal information system > Edit projects > Create and administer projects > Save projects

Versioning data in WinCC options / add-ons

Make sure that the appropriate databases are backed up if the Premium Add-ons are used such as PM-CONTROL / PM-QUALITY. Before backup, the project must be closed in PM-SERVER, the utility application for PM-CONTROL and PM-QUALITY, in order to disconnect the databases from the MS SQL Server.

The directory that contains the project data of the add-ons (by default: C:\Users\Public\Documents\Siemens\ProcessManagement\...), is copied or packaged at which time a version number can be integrated in the name. The original names of the directories must be reset before the data can be restored.

If the Premium Add-on PM-OPEN IMPORT is used, the configuration file Project.CSV is saved to the configured storage location.

8.5.2 Change control of the configuration data

The configuration can be controlled using the versioning of the individual configuration items and associated documentation changes , see chapter 5.5 "Versioning application software".



8.6 Backing up the operating system and SIMATIC WinCC The backup of the operating system and the WinCC installation should be carried out with hard drive images. These images allow you to restore the original state of PCs without significant effort.

Note

An image can only be imported on a PC with identical hardware. For this reason, the hardware configuration of the PC must be adequately documented.

Images of individual partitions can only be exchanged between image-compatible PCs because various settings, for example in the registry, generally differ from PC to PC.


9 Operation, Maintenance and Servicing

9.1 Operation and monitoring SIMATIC WinCC (TIA Portal) provides extensive process visualization. Individually configured user interfaces can be configured for each application – for reliable process control and optimization of the entire production sequence.

The production can be monitored, managed and optimized using numerous interfaces. The central components in monitoring during operation are screen signals in graphics and faceplates along with trends, alarms, acoustic signals etc.

Runtime data can be output by the system based on archived data. Corresponding reports and print jobs are configured in the engineering system for this purpose. (see chapter 6.8.1 "Reporting of process and production data" and 7.8.1 “Output of process and production data”)

The available data includes alarms in chronological order, alarms from a specific alarm log, alarms from the current alarm list, values from a process value and compression log and data from appli-cations not belonging to WinCC.

9.2 Operational change control Changes to validated and operational plants must always be planned in consultation with the plant user, documented and only made and tested after approval.

The example below illustrates the procedure for changes:

1. Initiation and approval of change specification by plant user

2. Description of the software change

3. Backup of the current WinCC project data

4. Implementation of software changes including manual documentation

based on the current version.

5. Test of changes including documentation

6. Backup the changed WinCC project data with the versioning

The effects of the change to other parts of a WinCC application and the resulting tests must be specified based on risk and documented.

Operation, Maintenance and Servicing


9.3 System restoration The procedure described in this chapter should enable the end user to restore the WinCC system after a disaster.

Disasters are taken to mean the following cases:

• Damage to the operating system or installed programs

• Damage to the system configuration data or configuration data

• Loss or damage to runtime data

The system is restored using the saved data. The backed up data (medium) and all the materials needed for the restoration (basic system, loading software, documentation) must be saved at the defined point. There must be a Disaster Recovery Plan which must be checked on a regular basis.

Restoring the operating system and installed software

The restoration of the operating system and installed software is carried out by importing the corre-sponding images (see chapter 8.6 "Backing up the operating system and SIMATIC WinCC"). The instructions provided by the relevant software supplier for the data backup application should be followed.

Restoring the application software

The process for restoring the application software depends on the kind of backup.

• Reading back the data from a manually created backup

Restoring the runtime data

Runtime data, for example from alarm logging data and tag logging that has not been backed up using a backup configuration is lost in the event of a hard disk disaster.

To view historical data in WinCC Runtime, corresponding backups with the name extensions mdf and ldf are copied back to the local machine and connected to the MS SQL Server via the Connect archive button in the controls to display the data.



9.4 Uninterruptible power supply (UPS) An uninterruptible power supply (UPS) is a system for battery backup of the supply voltage. If the power supply fails, the battery of the UPS takes over as the power supply. When power is restored, the UPS battery discontinues serving as the power supply and the battery is recharged. A few UPS systems offer not only battery backup of the power supply but also the possibility of supply voltage monitoring. They ensure an output voltage without interference voltages at all times.

Systems with higher priority are, for example:

• PLCs (AS controller)

• Network components

• Archive servers

• WinCC servers

• WinCC clients

• Panels

In each case it is important to include the systems for data logging in the battery backup. The log-ging should also record the time of the power failure.

The following should also be remembered:

• Configuration of signaling for power failure

• Determination of the time frame for shutting down the PC

• Specification of the time frame of the UPS battery backup




10 System Updates and Migration

10.1 Updates of system software It is essential that system software updates for a validated, operational plant are agreed with the user. An update such as this represents a system change, which must be planned and executed in accordance with the applicable change procedure. Similar to the description in chapter 9.2 "Operational change control", this roughly means the following steps:

• Describe the planned change

• Effects on functions / plant units / documentation inclusion of the system description of the new and modified functions in the readme file/release notes

• Assessment of the risks

• Define the tests which need to be performed to obtain validated status, based on the risk as-sessment

• Approve/reject the change (in accordance with defined responsibilities)

• Update of the technical documentation

• Execute the change in accordance with manufacturer documentation (as the plant has been re-leased for it)

• Document the activities performed

• Qualification: Carry out and document the necessary tests

In considering possible influences, the following may be relevant:

• Process screens / objects / alarm system and process value archiving in function and display

• Interfaces

• Effects during download

• System performance

• Documentation (specifications)

• Qualification tests to be repeated or performed for the first time

Note

Support for software update and project migration is provided by SIMATIC Product Support at http://support.automation.siemens.com.

A list of the released Windows updates e.g. for security gaps is published in the product support under Online-Support at ID 18752994.



System Updates and Migration


10.2 Migration of the application software The WinCC system software is upgraded with a migration, which means that the existing project data is transferred to the new software and then processed further.

The versions that are released for migration must be checked before migrating WinCC project data from WinCC classic and WinCC flexible to WinCC TIA Portal. The project being migrated may have to be upgraded to the required version.

Procedure for migration:

• The project is converted to a migration format with the "Migration Tool" application.

• The migration is started by clicking the migration in the portal view of the TIA Portal.

The migration report shows the migration history and may also indicate problems that require re-work.

If adaptation of the project is necessary, this requires validation.

The validation effort is decided in consultation with the plant operator. Possible check points are the new features available in WinCC as well as the correct installation of the software components required for migration.

See also

• TIA Portal information system > Migrating projects

• Chapter 5.1.2 "Migration of existing projects"


Index

A Access control 17, 46 Alarms 27, 62 API 87 Application software 69, 95 Archiving 19, 27, 28, 32, 37, 62, 80, 104 Audit trail 19, 28, 75, 85, 98, 113 Automation License Manager 120

B Backup 20, 34, 126 Batch report 19, 31, 84, 110

C Category

Hardware 15 Software 15, 118

Change control 125, 127 Change procedure 13 Configuration management 16, 63, 125

D Data communication 87 Data security 51 Diagnostics 86, 111 Documentation of project data 122

E Electronic records 18 Electronic signature 18, 78, 101 EU GMP Guide Annex 11 11, 18 Export 27

F Faceplates 57, 96 FDA 21 CFR Part 11 11, 18, 70, 78, 95

G GAMP5 12, 118 GMP requirements 15

H Hardware 22 Hardware category 15

I Image 34 Import 27 Information security 23 Installation 35

Operating System 35 SIMATIC components 36 SIMATIC WinCC options 37

Installed software 119 Interfaces 92, 112

OPC 33 Process data 32 S7 92, 112

K Know-how protection 74

L Libraries 58 Life cycle model 12

M Maintenance 127 Mandatory comment 72 Master copies 56 Migration 54, 132 Monitoring 86, 111

N Network drive 107

O Object-oriented configuration 56 Operating system 24, 35, 39, 46, 49, 50 Operator input alarms 70, 95 Overview diagrams 69

Index


P Partition 34 Password 17 Printer driver 34 Printout 84, 109 Process screens 69 Project setup 53

R Recipes 27, 30, 78, 102 Regulations / Guidelines 11 Reporting 29, 83, 109 Restore 128 Retrieving data 20 Risk assessment 13, 116, 131

S Screen window 57 Scripts 58, 67, 72, 73, 97, 98 Security

Network 23 SIMATIC

Security Control 36 SIMATIC NET SCALANCE S 51 User groups 44 WinCC Premium Add-ons 30

SIMATIC Logon 25, 38, 40 Software

Engineering 26 Operating level 27

Software category 15, 118 Specification 21

Application Software 29 Basic software 24 Hardware 22 HMI 30 Software design 30 System 29 User administration 25

Startup characteristics 46 Supplier audit 20

T Test planning 116 Third-party components 20

Connection 93, 112 Time stamp 62 Time synchronization 20, 59 Type/instance concept 16 Types 56

U Uninterruptible power supply (UPS) 129 Updates 131 User administration 17, 38 User data type 57 User ID 17 User interface 69, 95 User rights 45

V Validation Manual 12 Verification 115

Application software 122 Hardware 116 Software 118 Software product 119

Versioning 125 Application software 64 configuration elements 63 Faceplates 66 Reports 68 Screens 64 Scripts 67

Virus scanner 34

W Web access 88

Data display 91 Remote 89 User authorization 88

WinCC Add-on 125 PM-CONTROL 30, 79, 104 PM-OPEN IMPORT 32 PM-QUALITY 31, 32, 82, 83, 84, 106, 110

WinCC option DataMonitor 32, 88 WebNavigator 32, 88

WinCC Option 125

Siemens AGIndustry SectorPharmaceutical and Life Science Industry76187 KARLSRUHEGERMANY

Subject to change without prior notice. A5E31420596-AA© Siemens AG 2012

Further informationE-Mail:[email protected]

Internet:www.siemens.com/pharma

SiemensPharma Industry

www.siemens.com/automation

C

M

Y

CM

MY

CY

CMY

K

WinCC_GMP_U4_EN.ai 1 14.09.2012 12:28:32WinCC_GMP_U4_EN.ai 1 14.09.2012 12:28:32