Professional Documents
Culture Documents
Edition
09/2012
Introduction
SIMATIC
SIMATIC WinCC (TIA) V11
GMP Engineering Manual
Guidelines for Implementing
Automation Projects in a GMP Environment
System Specification
09/2012
A5E31420596-AA
10
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Trademarks
All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency.
However, the information in this publication is reviewed regularly and any necessary corrections are
included in subsequent editions.
Siemens AG
Industry Sector
I IA VSS Pharma
76187 Karlsruhe
GERMANY
A5E31420596-AA
10/2012 Technical data subject to change
Introduction
Purpose of the manual
This manual describes what is required, from the pharmaceutical, regulatory viewpoint in
Good Manufacturing Practice (short: GMP view), of a computer system, its software, and the procedure for configuring such a system. The relationship between the requirements and implementation is explained based on practical examples.
Target groups
This manual is intended for all plant operators, those responsible for industry-specific system concepts, project managers and programmers, servicing and maintenance personnel who use the
automation and process control technology in the GMP environment.
Disclaimer
This manual is a guide for system users and project engineers for integrating SIMATIC WinCC in
the GMP environment, with regard to validation, also taking into account the specific requirements
of international regulatory bodies and organizations, such as 21 CFR Part 11.
We have verified that the contents of this document correspond to the hardware and software described. However, since deviations cannot be precluded entirely, we cannot guarantee full consistency. The information in this document is checked regularly for system changes or changes to the
regulations of the various organizations and necessary corrections will be included in subsequent
issues. We welcome any suggestions for improvement, which can be directed to the I IA VSS
Pharma in Karlsruhe (Germany).
Introduction
with the option WinCC Recipes, WinCC WebNavigator and WinCC Audit as well as WinCC Premium Add-ons PM-CONTROL, PM-QUALITY, and PM-OPEN IMPORT. Information regarding the
exact compatibility between the various components is contained in the catalog CA 01.
The catalog can be found on the Internet at www.siemens.com/automation/ca01. A list relating to
the compatibility of different product versions is available at
http://support.automation.siemens.com/DE/view/de/21927773.
Any questions about the compatibility of the Premium Add-ons for SIMATIC WinCC should be addressed directly to the suppliers, see http://www.automation.siemens.com/mcms/human-machineinterface/en/visualization-software/scada/wincc-addons/Pages/Default.aspx.
Introduction
Additional support
Contact your local Siemens representative and offices if you have any questions about the products mentioned in this manual and do not find the right answers.
Find your contact partner at:
http://www.siemens.com/automation/partner
You can access technical documentation for various SIMATIC products and systems at:
http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manualoverview/tech-doc-hmi/Pages/Default.aspx
The online catalog and the online ordering system are available at:
http://mall.automation.siemens.com/
For questions about this manual, please contact I IA VSS Pharma:
Email:
pharma@siemens.com
You can find additional information about the products, systems and services from Siemens for the
pharmaceutical industry at http://www.siemens.com/pharma
Training centers
We offer various courses to help you get started with SIMATIC WinCC (TIA Portal). Please contact
your regional training center or the central training center in 90327 Nuremberg, Germany.
Internet:
http://www.sitrain.com
Technical support
You can contact the Technical Support for all I IA&DT products using the web form for Support Request:
http://www.siemens.com/automation/support-request
as well as the Center of Competence for WinCC in Mannheim for the mentioned WinCC Premium
Add-ons at
Email:
WinCCAddon.automation@siemens.com
You will find more information about our technical support on the Internet at
http://www.siemens.com/automation/service&support
For example:
Introduction
The newsletter that provides you with latest information relating to your product
The right documents for you, using our Service & Support search engine
A bulletin board in which users and specialists worldwide exchange their know-how
Information about on-site services, repairs, spare parts, and lots more
Table of Contents
1
Table of Contents
Table of Contents
6.7
6.7.1
6.7.2
6.7.3
6.7.4
6.8
6.8.1
6.8.2
6.9
6.9.1
6.9.2
6.10
6.11
6.11.1
6.11.2
6.11.3
6.12
6.12.1
6.12.2
7
Table of Contents
8.5.2
8.6
9
10
Index ...................................................................................................................................................................133
10
1.1
Title
Scope
21 CFR Part 11
Electronic Records,
Electronic Signatures
Computerised systems
A Risk-Based Approach
to Compliant GxP
Computerized Systems
11
1.2
GAMP5 approach
The following figure shows the general approach of GAMP5 for the development of computerized
systems. It begins with the planning phase of a project and ends with the start of pharmaceutical
production following completion of the tests and reports.
The lifecycle approach illustrated here is known as the generic model in GAMP5. With this as the
basis, we will introduce several examples of lifecycle models for a variety of "critical" systems with
different stages of specification and verification phases.
Once production has started, the system lifecycle continues until decommissioning.
12
1.3
Responsibilities
Responsibilities for the activities included in the individual life cycle phases must be defined when
configuring computer systems in a GMP environment and creating relevant specifications. As this
definition is usually laid down specific to a customer and project, and requires a contractual agreement, it is recommended to integrate the definition into the Quality and Project Plan.
See also
1.4
1.5
Risk-based approach
Both the U.S. agency FDA ("Pharmaceutical cGMPs for the 21st Century Initiative", 2004) and the
industry association ISPE/GAMP ("GAMP5" Guide, 2008) recommend a risk-based approach to
the validation of systems. This means that whether and to what extent a system should be validated depends on its complexity and its influence on the product quality.
13
14
2.1
Hardware categorization
According to the GAMP Guide, hardware components of a system fall into two categories "standard
hardware components" (category 1) and "custom built hardware components" (category 2).
Software categorization
According to the GAMP Guide, the software components of a system are divided into various software categories. These range from commercially available and preconfigured "standard" software
products that are only installed to configured software products and customized applications ("programmed software").
2.2
15
2.3
Change control
See also
2.4
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"
Software creation
Certain guidelines must be followed during software creation and documented in the Quality and
Project Plan (according to Good Engineering Practice, short GEP). Guidelines for software creation
can be found in the GAMP Guide as well as the relevant standards and recommendations.
16
2.5
2.5.1
Evaluation of biometrics
2.5.2
User ID
The user ID for a system must be of a minimum length defined by the customer and be unique
within the system.
Password
When defining passwords, a minimum number of characters and the expiry period for the password
should be defined. In general, a password should comprise a combination of characters that meet
the minimum length requirement as well as at least three of the criteria listed below.
17
2.6
Only authorized persons must be able to enter or change data (access control).
Relevant electronic records for long-term archiving must be stored securely and kept available
for their retention period.
The initials and signatures required by the regulations must be implemented as electronic signatures.
If an electronic manufacturing report is used, its structure and contents must match the structure and contents of the manufacturing formula / processing instructions. As an alternative, the
manufacturing instructions and report can also be combined in one document.
See also
2.7
Electronic signatures
Electronic signatures are computer-generated information, which acts as the legally binding equivalent of a handwritten signatures.
Regulations concerning the use of electronic signatures are defined, for example, in US FDA 21
CFR Part 11.
Electronic signatures are relevant in practice, for example, for manual data inputs and operator interventions during runtime, approval of process actions and data reports, and changes to recipes.
Each electronic signature must be uniquely assigned to one person and must not be used by any
other person.
Note
During the production of all drugs and medical devices which enter the U.S. market, the FDA regulations must be met; this also refers to 21 CFR Part 11 with respect to electronic signatures.
18
2.8
Audit trail
The audit trail is a control mechanism of the system that allows all data entered or modified to be
traced back to the original data. A secure audit trail is particularly important when GMP-relevant
electronic records are created, modified or deleted.
Such an audit trail must document all the changes or actions made along with the date and time.
The typical content of an audit trail describes who changed what and when (old value / new value),
as an option it may also include "why".
2.9
Packaging instructions and packaging list (the packaging of the finished product is part of the
production process from a pharmaceutical perspective)
Test instructions and test report (relating to quality checks, for example analysis)
Central importance is assigned to the concept of the manufacturing report (or packaging report),
which is defined as follows:
2.10
It is always based on the relevant parts of the valid manufacturing formula and processing instructions
Archiving data
Archiving (electronic) is defined as the permanent storage of electronic data and records on a longterm storage.
The customer is responsible for defining procedures and controls for the storage of electronic data.
Based on predicate rules (EU GMP Guidelines, 21 CFR Part 210/211, etc.), the customer must decide how electronic data will be retained and, in particular, which data are involved. This decision
should be based on a justified and documented risk assessment that takes into account the significance of the electronic records over the retention period.
If the archived data are migrated or converted, the integrity of the data must be assured throughout
the entire conversion process.1
1
"Good Practice and Compliance for Electronic Records and Signatures. Part 3, Models for
Systems Implementation and Evolution". PDA 2004
19
2.11
Data backup
In contrast to the archiving of electronic data, data backups are used to create backup copies,
which ensure system restoration in case of original data loss or system failure.
The backup procedure must include the periodic backup of non-retentive information in order to
avoid total loss of the data if system components fail or if data is accidentally deleted. Backup procedures must be tested to ensure that data is saved correctly. Backup records should be labeled
clearly and intelligibly, and dated.2
Data backups are created on external data carriers. The data media used should comply with the
recommendations of the device manufacturer.
When backing up electronic data, the following distinctions are made
Here, particular attention is paid to the storage of data backup media (storage of the copy and
original in different locations, protection from magnetic fields, and elementary damage).
2.12
2.13
Time synchronization
A uniform time reference (including a time zone reference) must be guaranteed within a system, to
be able to assign an unequivocal time stamp for archiving messages, alarms etc.
Time synchronization is especially important for archiving data and analysis of faults. UTC (Universal Time Coordinated, see also ISO 8601) is recommended as the time base for saving data. The
time stamp of alarms and values can be displayed in local time with a reference to daylight saving /
standard time.
2.14
"Electronic Records and Electronic Signatures Assessment". Chris Reid & Barbara Mullendore,
PDA 2001
20
System Specification
During the specification phase for a computer system, the system to be built and its functionality
are defined in as much detail as is required for implementation.
Specifications not only represent the basis for a structured and traceable configuration but are
particularly in the GMP environment an essential reference for final verification of the system.
The specification covers the selection of products, product variants, options, and system configurations, as well as the application software.
21
System Specification
3.1
Single-station system with complete control and monitoring of a production process through local HMI devices (comfort or multi-panel), panel PC or standard PC
Multiple-station system consisting of operator terminals (WinCC clients) and a WinCC server
that supplies the WinCC clients with data
Basic Panels /
Micro Panels
3.1.1
Comfort Panels,
Mobile Panels, 277-377
Panels & Multi Panels
Panel PCs,
Standard PCs
SCADA based in PC
WinCC Runtime
Advanced
WinCC Runtime
Professional
22
System Specification
3.1.2
Hardware specification
The Hardware (and network) Design Specification (acronym: HDS) describes the hardware architecture and configuration. The HDS should, for example define the points listed below. This is used
later as a test basis for the verification.
3.2
Security concepts regarding network security and restricted access to network drives
Manual "Security Concept PCS 7 and WinCC" in Online Support under ID 60119725
23
System Specification
3.3
The SIMATIC WinCC (TIA Portal) software consists of engineering and runtime components (Runtime) for HMI devices of varying sizes. The corresponding runtime components run on their corresponding hardware. This is configured and programmed in the engineering interface.
The technical functions for WinCC Professional and WinCC Comfort/Advanced are described
separately in chapter 6 of this manual since the functions and applications to control on-site equipment (panels) are in some cases significantly different from those in a SCADA environment (Supervisory Control and Data Acquisition).
The security updates and "Critical Updates" provided by Microsoft for the Windows operating system are tested by Siemens for compatibility with SIMATIC software and released, see reference
chapter 10.1 "Updates of system software".
24
Brief description
Availability
Comf
Adv
Prof
Graphics
HMI Tags
Tag management
User administration
Administration of users
HMI Alarms
Alarm logging
Logs
X*
Recipes
Preparation of recipes
X*
Reports
Production of reports
System Specification
Brief description
Availability
Comf
Adv
Prof
SIMATIC Logon
SIMATIC Logon
Remote Access
X*
X*
X*
X*
-**
WinCC Server
X*
WinCC Client
X*
WinCC WebNavigator
X*
WinCC DataMonitor
X*
3.3.1
Definition of user groups with different authorization levels for operation and maintenance
In a single-station system or a distributed system with multiple HMI devices (also in combination
with panels), users can be centrally managed on a computer in a workgroup or domain.
SIMATIC Logon supports a user administration system based on Windows mechanisms that can
be used both in workgroup and in a Windows domain. Information on installation and configuration
of SIMATIC Logon is contained in chapter 4.3 "Setting up user administration" and in the Engineering Manual SIMATIC Logon.
The user administration must be set up locally on each panel (see chapter 4.3.4 "User administration without SIMATIC Logon") for local HMI devices without any network connection.
25
System Specification
3.3.2
Engineering
component
WinCC Advanced
WinCC Comfort
WinCC Basic
Basic Panels /
Micro Panels
Comfort Panels,
Mobile Panels, 277-377
Panels & Multi Panels
Panel PCs,
Standard PCs
SCADA based in PC
The respective engineering system contains all the basic functions for engineering the HMI devices. The Project Navigator is the central component from which all devices belonging to the project are managed. The editors to configure the various functions in each HMI device are opened in
the project navigator. Copy functions ease the adoption of configured data into other HMI devices.
Tag management
In the TIA Portal, automation systems and HMI devices are created in a project. Inputs and outputs
are maintained in a separate tag table for each controller (PLC). The HMI devices receive a process driver connection by which external HMI tags are linked to the PLC tags in the PLC tag tables.
Tag management is done exclusively in the PLC. Corrections are transmitted into the project data
of the HMI devices after compilation. This ensures that consistency of the tags is maintained
throughout the project.
Libraries
The Project Library serves as a deposit of the configured data. Configured WinCC objects like
complete graphics, graphic elements, control objects, variables, messages and lots more can be
saved in the project library and used several times in the HMI devices. A cross-project data storage
is given by the Global Library.
26
System Specification
3.3.3
Alarms
Many alarms occur in a plant. These are all of varying importance. To guide the user, even in critical situations, the alarms of the project are arranged in alarm classes. These and a concept for
alarm acknowledgment should be defined at the beginning of the project with the plant manager.
Note
With the functionality display suppression in the WinCC RT Professional runtime software, the
display of selected alarms can be suppressed, e.g. in the startup phases. The alarms are still recorded in the WinCC alarm log. For additional information please see the TIA Portal Information
System.
Use of this functionality is the responsibility of the system operator and should therefore be coordinated with him.
Archives
In a regulated environment relevant production and quality data must be kept sometimes for 5, 10
or more years. This data must be defined, stored safely and placed in external archives according
to data volume or time period. A process should be implemented to define the corresponding data
and archive components. See also chapters 3.3.4 "Data archiving" and 6.7 Electronic recording
and archiving of data or 7.7 Electronic recording and archiving of data.
The WinCC RT Professional runtime software can also archive process values in compressed form
in compressed archives.
Recipes
A system should be developed to structure the recipes if recipe data or equipment data records are
required for ongoing operation. The individual recipe elements can be freely defined for each recipe. A variety of data sets can be stored for a recipe. The number depends on the selected HMI
device.
27
System Specification
Audit trail
Operational input and changes to GMP-relevant data must be documented with time stamp, user
ID, old value and new value in the form of an audit trail. This can be configured according to the respective values and is stored in the alarm history (WinCC RT Professional).
The audit option fulfills the required functionality of an audit trail, see chapter 5.1.5 "GMP project
setting in the Audit option" especially for panels and runtime software WinCC RT Advanced.
Note
Categorization even makes sense in the specification phase to facilitate the overview and review
of GMP-relevant inputs, values and changes in plant operation. The plant operator should be able
to name the GMP-critical values and define them in advance.
3.3.4
Data archiving
Tag values, operator alarms and the audit trail can be archived. The scope and method of archiving
depends on the hardware used in the HMI device and the runtime software.
Batch-oriented archiving
The WinCC Premium Add-on PM-QUALITY is available For batch-based acquisition and archiving
of production data such as process values and alarms, see chapter 6.7.3 "Archiving batch data
with PM-QUALITY" and chapter 7.7.3 Archiving batch data with PM-QUALITY.
28
System Specification
3.3.5
Batch-based reporting
The WinCC Premium Add-on PM-QUALITY is available for a batch-based reporting of the recorded
data, see chapter 6.8.2 "Batch-based reporting with PM-QUALITY" and chapter 7.8.2 Batch-based
reporting with PM-QUALITY.
3.4
User administration,
definition of user groups, users, permissions, local users, configuration of SIMATIC Logon,
WinCC user administration, etc.
Printer configuration
29
System Specification
Screen hierarchy
3.5
3.5.1
Brief description
Availability
Comf
Adv
Prof
PM CONTROL
X*
PM-QUALITY
X*
PM-OPEN IMPORT
* For data communication, panels can be linked via an Ethernet connection to the Premium Addons which are installed on a separate PC.
The WinCC Premium Add-ons are enabled with separate licenses.
30
System Specification
To achieve a cost-effective solution for both simple and more complex tasks, PM-CONTROL is
available in the "Compact", "Standard" and "Professional" variants.
The use of SIMATIC Logon as a central user administration can be enabled in the PM-CONTROL.
Topology Manager for mapping the plant topology and specifying the production data to be acquired
Report Editor for creating the report layout for the acquired data and displaying batch reports
on the screen
Data View and various ActiveX controls for displaying the batch data
Data Center, for merging the batch data (only in the redundant version)
Apart from the automatic acquisition of the configured batch data, manually entered values, for example laboratory values can be added to a batch report later. If the batch report is transferred to
the archive automatically due to the set export option, no more changes can be made to the report
if the "Complete automatically" option is set.
It is also possible to use a script in WinCC to configure an electronic signature of the batch reports
by the logged-on user and with it the manual assignment of the batch status (released / locked).
31
System Specification
3.5.2
WinCC WebNavigator
Remote access to the WinCC project data is set up with the WinCC Web Navigator in combination
with the WinCC RT Professional runtime software. To view the process screens, users with the
necessary rights must authenticate themselves using their password. The details are checked by
SIMATIC Logon. Operation of the process screens is subject to access control, which is defined in
the WinCC project user administration.
See also
WinCC DataMonitor
WinCC Data Monitor is a dedicated display and analysis system for process data from WinCC and
data from the WinCC long-term archive server. WinCC DataMonitor provides a number of analysis
tools for interactive data display and analysis of current process values and historical data:
32
Excel workbooks
Published reports
Process screens
Web center
System Specification
3.5.3
Interrupts and Events (alarms), OPC A&E, read and write (acknowledgments only) access
Process value logs (trends), OPC HDA, read and write access
Process tags, OPC XML DA, read and write access via web service
Process values and process value logs, OPC UA (Unified Architecture), read and write access
The data communication is handled based on the TCP/IP protocol with exchange of digital certificates.
33
System Specification
3.6
3.6.1
Printer driver
For panel PCs and standard PCs, we recommend using the printer driver integrated in the operating system and approved for WinCC. No guarantee for proper operation of the system is assumed
if other drivers are used.
Printout from local printers or network printers is possible for panels. Hard copies or reports can be
printed on a network printer. Line printing of alarms is only possible on a local printer.
A list of approved printers and required settings for the panels are compiled in the product support
at:
3.6.2
Virus scanner
The use of virus scanners on panel PCs and standard PCs is enabled in the process mode. The
approved virus scanners can be accessed via the compatibility tool in the product support.
https://support.automation.siemens.com/kompatool/pages
The following settings must be observed when using virus scanners:
The real-time search is one of the most important functions. However, it is sufficient to examine
the incoming data traffic.
Scheduled scans must be disabled because they restrict the performance of the system considerably during process operation.
Manual search may not be performed during the process operation. It can be performed at
regular intervals, for example, during maintenance intervals.
These arrangements should be defined in the specification and/or optionally in a work instruction
from the IT department in charge.
3.6.3
34
Engineering software
SIMATIC WinCC (TIA Portal) engineering software is the common engineering interface for PLC
programming and visualization. It is staggered according to the performance range the HMI devices:
Runtime software is activated with a license key except for the panels.
4.1
35
4.2
4.2.1
4.2.2
36
DCOM settings (Distributed Component Object Model) only for WinCC RT Professional
4.2.3
4.2.4
37
4.3
4.3.1
38
Assignment of permissions in the visualization interface (input boxes, control buttons, screen
window)
Setup of access rights in PM-CONTROL or PM-QUALITY if the WinCC Premium Add-ons are
used
Both Windows user administration options are available here, centralized administration in a domain structure or in a workgroup with a central logon server.
See also
Operating system help of MS Windows or the appropriate Windows manual (for setting up
Windows workgroups and the domain)
SIMATIC HMI, Process Visualization System WinCC V6, Security Concept WinCC, chapter 4
"User and Access Management in WinCC and Integration in Windows Management"
Windows domain
The one-time administration of the groups and users on the domain server enables all computers in
the domain access to group membership.
Note
When using multiple domain servers or when there are redundant servers, the domain structure
ensures that users will still be able to perform operations and/or log on even if one domain server
fails.
Windows workgroup
All user data is created and managed on the server of a workgroup. SIMATIC Logon compares the
logon data with the user administration data on this server and then provides the logon information
to the other computers in the workgroup.
4.3.2
Audit policies
Note
After installing Windows, default parameters are set for the password policy, account lockout policy and audit policy. These settings must be checked and modified according to the applicable
project requirements.
See also
Chapter 4.5.2 "Blocking the operating system level during ongoing operation"
39
4.3.3
Note
Events such as a successful and failed logon/logout procedure or password changes are stored in
the EventLog database of SIMATIC Logon as well as in the WinCC alarm system.
See also
40
The use of SIMATIC Logon is activated in the "Runtime Settings > User Administration".
The base settings of SIMATIC Logon are carried out in the "Configure SIMATIC Logon" dialog box.
The settings are described in the configuration manual SIMATIC Logon and include, for example:
Note
No "auto-logoff" may be activated at the operating system level, otherwise the user interface will
be completely closed.
Furthermore, the activation of a screen saver is in combination with SIMATIC Logon is not allowed.
41
4.3.4
42
The password settings, such as password, account lockout and monitoring policy are then defined
in the local user administration of the HMI device, see the following figure.
43
4.3.5
SIMATIC HMI
SIMATIC HMI CS
Note
The defined users and user groups must be made members of the corresponding authorized
SIMATIC user groups.
A logical separation of computer access authorizations is achieved by differentiating between the
administrator and power user (plant operator) at the Windows level logon.
WinCC Professional automatically manages the security settings and release authorizations for
the project data. The access rights depend on the configuration in the WinCC user administration and are verified by the runtime software, see chapter 4.4 "Administration of user rights".
See also
44
4.4
Open the project data for the HMI device in the TIA Portal (engineering system)
Create group(s)
The user rights are assigned via the WinCC user groups in the project data. Members of the "Operator" group, for example, are then assigned the corresponding rights to operate in the WinCC
user administration.
45
4.5
4.5.1
Startup characteristics
Automatic startup is configured including the activation of the user interface for safe start of the
HMI device. This is how access to the operating system level is prevented during startup.
Automatic logon (auto-logon) in the Windows operating system is described in the Online Support
under ID 23598260 in an example for SIMATIC IPCs.
The configuration of the automatic start of the user interface is different for each of the various HMI
devices.
46
The specified project is automatically activated at computer startup if the "Autostart" property is activated. The "Allow Cancel during activation" property should not be selected, so that the project
start will not be interrupted.
Those editors which are required ongoing operation are activated in "Runtime Settings > Services".
Other applications that should be started automatically, such as the Premium Add-ons PMCONTROL or PM-QUALITY, are added under "Additional Tasks / Applications".
47
48
4.5.2
See also
49
Note
A button in the user interface is commonly used to deactivate the ongoing operations. This button
can only be actuated with the corresponding authorization, which then provides access to the operating system.
50
4.6
Secure storage of sensitive data with redundancy and access control, see chapter 4.6 "Data
and information security"
Defined startup characteristics and operation of the user interface, see chapter
4.5 "Access control at the operating system level"
Organizational measures
Data espionage
Data manipulation
Unauthorized access
51
See also
52
Online Support ID 22376747 "Protecting an automation cell using Firewall" and the document
attached there
Online Support ID 22056713 "Security with IPsec-secured VPN tunnel and the document attached there
Configuration data on the hardware structure and parameter assignment data for modules
The central data management ensures that consistency between automation and visualization is
sustained. Once created, data is available in all editors, changes or corrections are automatically
updated throughout the project.
The customer-specific operator process control and monitoring is variable in design. A large part of
the application software is configured here and extended functionality can be added with the aid of
scripts.
5.1
Project setup
5.1.1
Enter your project name and path or accept the proposed settings.
Configure a device.
This selects one by one the controller and HMI units that are required for your automation solution. Network and connections can be configured.
53
A wizard assists each implementation process and opens the project view at a suitable point.
5.1.2
5.1.3
54
5.1.4
5.1.5
The GMP setting is activated at the start of the configuration in the runtime editor settings. Then,
the above functions are activated and can be configured, see chapters 7.2 Creating operator input
alarms, 7.4 Audit trail and 7.5 Configuration for electronic signature.
55
5.2
Object-oriented configuration
Objects are graphical elements used for designing project screens. These objects include "base
objects" (line, circle, text box, etc.), "elements" (I/O box, button, etc.), "controls" and also graphics
(pipes, pumps, etc.).
By storing configured objects and object groups in libraries, they can be used repeatedly. The engineering in the TIA Portal has 2 libraries:
Project library
Global library
The objects stored there are available to all similar type HMI devices in the project ("Project Library") or in other projects ("Global Library").
One user data type is preferred for dynamization of faceplates and screen windows. It bundles
various tag types in a user-defined data structure for a process unit such as a motor. User data
types are stored in the project library and are available throughout the project.
The object-oriented configuration is useful for:
Faceplates
Screen window
Project functions
See also
Note
Configured objects or groups of objects are created one-time for the particular application and
then tested with the client before they are copied to the configuration or instantiated.
5.2.1
56
5.2.2
Faceplates
A faceplate consists of a grouping of objects which are tailored to the special requirements of the
plant with respect graphic representation and dynamization. The object properties and events,
which are used to dynamize the faceplate, are individually defined in the faceplate editor. User data
types are recommended for connecting the interface to the process screens.
A faceplate is created as a type in the project library. A copy can be saved in the comprehensive
project global library under types. Thereafter, it is available in other projects as well.
The faceplate is based on the type-instance model. A local instance of the type is created when a
faceplate is included in a process screen. Changes in the type are automatically transferred to all of
its instances. If necessary, a faceplate instance can be disassociated from the type.
Faceplates are created for either the Panels / RT Advanced or RT Professional device family and
can only be used for the corresponding variant.
The options for designing and dynamization are more diverse with RT Professional.
5.2.3
Screen window
The screen window control lets you select a screen within a screen. This functionality is used, for
example, to call a window for controlling a process unit (valve, drive). Such an operator control
screen is configured once for a particular function and then opened as an instance in a screen window. The dynamization a screen window is carried out based on user data types. When the screen
is called, a tag prefix is transferred.
The screen window technology is only available in RT Professional.
5.2.4
57
5.2.5
5.2.6
Libraries
The engineering in the TIA Portal is supported by two libraries:
Project library
Global library
The project library is used to store all user-defined WinCC objects such as complete screens, tag
tables, alarms, etc. These user-defined objects are developed in detail, tested and qualified and
are then available as a project standard for repeated use in the project.
The global library is a cross-project library, the contents of which can also be used in other projects. By default, the global library contains master copies for buttons, control modules, and document templates for the project documentation. User-specific global libraries can be set up for centralized storage of user-defined objects, e.g. from the project library.
58
5.3
Time synchronization
In SIMATIC WinCC, the time transmitted on the bus as default is the standard world time UTC
(Universal Time Coordinated).
To ensure time consistency, all stations and controllers belonging to the WinCC system must be
synchronized so that chronological processing (logging of trends, alarms) is enabled throughout the
system.
Time synchronization of SIMATIC Logon depends on the environment (Windows workgroup or domain) in which SIMATIC Logon is operated. All PCs in the Windows workgroup or within the domain must be time synchronized.
HMI devices with RT Professional can be integrated into an automatic time synchronization via the
plant / system bus. Only one "Set time-of-day" can be configured in combination with panels or single-station systems with RT Advanced.
The activation of time synchronization must also take place on the engineering station, otherwise it
could cause problems during the downloading of changes.
Note
The activation of time synchronization is necessary in plants in which GMP is mandatory.
5.3.1
http://www.siemens-edm.de/Siclock.zeitsynchronisationskonzept.0.html
SIMATIC HMI manual, Process Visualization System WinCC, Security Concept WinCC, chapter 5 "Planning Time Synchronization".
59
5.3.2
See also
TIA Portal information system> Visualize processes > Communicate with controllers > Configure time synchronization
For all other HMI devices and CPUs, the time can be set in either the CPU or in the HMI device.
"Set time-of-day" does not have the same accuracy as the time synchronization, since message
frame and scripting runtimes are incorporated. The time master must be defined within the system.
Set time-of-day
The time is set with area pointers. Area pointers are parameter fields in which reading and writing
communication from the PLC and the HMI device takes place alternately. The PLC and the HMI
device trigger predefined actions when the stored data is evaluated.
The "Date/Time PLC" area pointer is used to transfer the CPU system time to the HMI device. This
is located under global area pointer and can be configured only for the connection to the CPU that
acts as a time master.
60
The system time of the HMI device is transferred to the CPU via the "Date/Time" area pointer. This
area pointer is configured for each connection to a CPU if the system time of the HMI device is the
time master.
The procedure to configure the area pointers is described in TIA Portal information system.
(Visualizing processes > Communicate with controllers > Device dependency > Communicating
with SIMATIC S7-1200 or SIMATIC S7 300/400 > Data communication > Data communication with
area pointer)
See also
Settings in Windows 7 in the Online Support ID 59203176 to change the system time of the PC
with WinCC RT Advanced V11
TIA Portal information system > Visualize processes > Work with system functions and runtime
scripting > Reference > VB scripting (panels, RT Advanced) > System functions (panels, RT
Advanced)
61
5.3.3
Time stamping
HMI alarms
Alarms from the CPU (AS) are displayed in the HMI device and logged. The alarm receives the
time stamp either from the HMI device upon arrival of the alarm (discrete alarms) or from the CPU
directly when it is created (control alarms).
A discrete alarm is detected based on a bit change in the alarm tag. The HMI alarm system assigns
the time stamp of the HMI device. The time stamp has a certain inaccuracy due to the acquisition
cycle, bus delay time and time required for processing the alarm. Alarms present for a time shorter
than the acquisition cycle are lost.
For monitoring the limits of tags in WinCC, an analog alarm is generated in the HMI alarm system if
the defined limits are violated. The assignment of the time stamp is similar that for discrete alarms.
Note
The discrete alarm procedure and limit monitoring are simply configurable alarm procedures for
panels, HMI devices with RT Advanced and single-station systems with RT Professional. In redundant systems or system configurations with multiple operator stations (RT Professional),
chronological signaling is used for synchronized acknowledgment and sending.
For chronological signaling, the SFCs/SFBs Notify, Notify_8P,Alarm, Alarm_S/SQ, Alarm_D/DQ,
Alarm_8/8P in the SIMATIC S7 are used. Refer to the relevant CPU manuals and the block descriptions in the SIMATIC STEP 7 online help for information on restrictions relating to the system
resources for simultaneously pending alarms.
See also
TIA Portal Information system > Visualize processes > Basics >
Alarm procedure > Overview alarm procedure
Archiving
Process values, which are acquired and evaluated in the HMI device receive by default the time
stamp at the time of the acquisition in the visualization system.
Logging cycles are defined for cyclic reading of process values. A time stamp that is assigned
when the process values are acquired, contains the inaccuracy of the configured logging cycle.
Note
The alarm block (AR_SEND) is available in SIMATIC S7-400 for logging cycles of less than
500ms in WinCC RT Professional.
With the alarm block AR_SEND, process values that should receive the time stamp from the CPU
are processed in the form of a message frame in the CPU and then transmitted as raw data to
WinCC RT Professional.
62
See also
TIA Portal information system > PLC programming > References (S7-300/400) > Alarms >
AR_SEND
5.4
Configuration management
The configuration of a computer system consists of various of hardware and software components,
which can vary in complexity and range from commercially available standard components to
specially customized user components. The current system configuration should be fully available
at all times and easy to understand. For this purpose, the system is divided into configuration elements, which are identifiable with a unique name and a version number and can be distinguished
from the previous versions.
See also
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"
63
5.5
Name
Date
Version number
5.5.1
Versioning of screens
The engineering system automatically records the creation date, the time stamp of the last change,
and the Windows user logged on at the time. The data is retrieved if the "Screens" object in the
is pressed in the toolbar on the project navigator.
project navigator is selected and the button
See also
64
TIA information system > Introduction to the TIA Portal > User interface and operation > Structure of the user interface > Overview window
Automatic versioning of the screens is not carried out; the version can be maintained manually in
the file.
Information for versioning, such as version ID, change date and name, can be stored in a static text
field. It is practical to place the text boxes for versioning in a separate screen level that can be
shown or hidden as required. The display of the static text field during the process operation is controlled by the object property display or via the "Visibility" animation.
Note
Change details can be described, for example, in the relevant change request documentation.
65
5.5.2
Versioning of faceplates
When the processing of a faceplate is finished and it is approved for use in the project data, the
engineering system automatically sets the version 1.1.0. After re-processing and re-approval of the
faceplate, the second digit of the version number is automatically increased. The current processing of a faceplate can be discarded by restoring the latest approved version.
66
5.5.3
Versioning of VB / C scripts
VB scripts or C scripts (only for RT Professional) are created during ongoing operation in order to
access tags and graphical screen objects and to initiate screen-independent actions.
In addition, scripts are used to link functions, which are triggered in the process mode, to individual
properties of screen objects (e.g. by using the mouse).
Two different methods of script creation are distinguished in WinCC:
Local scripts which are created directly on the property of an object in the "Screens" Editor.
These scripts are part of the screen and are stored with the screen. Versioning is performed in
the screen.
Screen-independent scripts that are created in the "Scripts" editor and are available in function
lists for repeated selection either with object properties or in the task scheduler.
For VB / C scripts that are created with the "Scripts" editor, the engineering system records the last
change date and the Windows user who is logged on at this time. For retrieving the data, see chapter 5.5.1 "Versioning of screens".
Note
It is advisable to maintain a history in the scripts indicating any changes made. The history is entered as comment before the start of the code.
67
5.5.4
Versioning of reports
The automatic issuing of version IDs in the report layouts is not supported. A static field can be inserted in the report layout for a version ID allowing manual versioning of various states. The version ID must be kept up-to-date as specified in the SOP for configuration management. The following figure shows an example of a report layout footer with a field added for versioning.
68
6.1
69
6.2
Button
A system function is attached to an event of the button in order to change the values of tags via a
button. A set of system functions is available, which can also create an operator input alarm. However, the entry of a comment cannot be activated.
70
71
72
6.3
73
74
6.4
Audit trail
The recording of an audit trail for user actions with GMP-relevant data is implemented in the alarm
system in WinCC Professional.
Operator actions via the input / output fields or icons (buttons) can be configured in the "Screens"
editor so that an operator input alarm is generated by the system. (for configuration, refer to chapter 6.2 "Creating operator input alarms")
Note
The generated operator input alarm is a system alarm for which WinCC automatically enters the
old value in parameter block 2 and the new value of parameter block 3. Therefore, we recommend
renaming parameter blocks 2 and 3 accordingly.
The system alarms must be created in the "System alarms" tab in the "HMI alarms" editor before
logon and logout procedures can be accepted in the alarm system. The import dialog opens as
shown below when the tab is initially selected.
75
For the display of the operator input alarms, the "Alarm view" is placed in the process screen from
the Tools > Controls are by means of drag-and-drop. To ensure that only operator input alarms and
logon / logout procedures are displayed in the "Alarm view", the corresponding filters must be set.
User-defined alarms that are created can be filtered according to the alarm number as well.
Additional filtering according to the alarm numbers 1012400 and 1012401 must be provided to ensure that logons via a web connection are also displayed.
76
The icon in the comment column indicates that a comment is present. This can be displayed with
the corresponding menu icon.
77
6.5
6.6
Recipe control
6.6.1
WinCC option"Recipes"
Creating database tables with multiple data records in the "Recipes" editor supports compliance
with the GMP requirements with respect to the audit trails of parameter data (recipe data / machine
data).
For this purpose, I/O fields are created in a recipe screen and linked to the respective data fields.
Entering a value triggers an operator input alarm , if configured correctly.
See also
78
TIA Portal information system > Visualize processes> Working with recipes
6.6.2
Electronic signature at both input as well as for changing the recipe data records, only fully
signed recipes are available for production.
Batch reporting can be carried out with PM-QUALITY, see chapter 6.8.2 "Batch-based reporting
with PM-QUALITY".
See also
79
6.7
6.7.1
Definition of the data to be archiving, the archive sizes and the appropriate archiving strategy
Configuration of data logs for online storage of the selected process values
Definition of data with different origins that needs to be archived (process values, alarms, batch
data, reports, audit trails, log files etc.).
Alarm log
PM-QUALITY database
PM-CONTROL databases
In addition, actions are monitored and recorded in log files or databases in other parts of the system:
WinCC reports
Change report at Step7 level for "Download to the PLC" and online parameter changes
Event Viewer under Windows Computer Management (logon/logoff activities, account management, rights settings for the file system, etc. according to the corresponding configuration)
All the files mentioned (and others, if required) must be considered in the archiving concept.
80
6.7.2
Different solutions can be employed to backup these short-term archives into long-term archives
and store them for the period defined by the customer.
81
The signature activated property is activated under logging in the runtime settings editor for the
logging of interrupts and process values in a GMP environment. When the data is transferred, an
internal algorithm generates a checksum. This means that subsequent manipulation is detected by
the system and is displayed when a connection is established to a manipulated database.
A second backup path can also be specified as a precautionary measure against long-term archive
server failure.
6.7.3
For export in HTML or XML format, the subsequent manipulation of the data can be prevented
through restrictive rights on the drive (read only) or through automatic conversion to PDF format
using auxiliary tools.
82
See also
6.7.4
6.8
Reporting
6.8.1
Log report
Alarms from the alarm log, e.g. audit trail based on operator input alarms
Tag table
Tag contents from process value / compressed logs in the form of a table
Tag contents from process value / compressed logs in the form of a trend
Recipes
Hardcopy
Tag values
Note
WinCC reports support the reporting based on continuous archives.
The layouts for reporting are designed according to the requirements of the specification. In addition to detailed pages of content, a report may also include a front page, rear page, and a header
and footer. There are numerous tools available for the display of the contents. These can be simply
dragged and dropped into the detail area and then configured.
See also
TIA Portal information system > Visualize processes > Working with reports
83
Print jobs
When reports are printed on a printer, a print job must be defined in which the report name, time,
page area and the printer are specified. Activation of the print job can be time/event driven.
The audit trail entries are shown in the report as follows:
6.8.2
84
85
6.9
6.9.1
6.9.2
86
6.10
OPC DA
OPC UA
ADO/OLE DB
See also
TIA information system > Visualizing processes > Interfaces > OPC
TIA information system > Visualizing processes > Working with alarms > Configuring alarm
logs
TIA information system > Visualizing processes > Interfaces > Runtime API
87
6.11
Note
The standard functions are used if operator input alarms in the form of audit trail should be generated with the Web client (see chapter 6.2 "Creating operator input alarms"). The script functions
described there are only supported by the Web client if SIMATIC Logon is installed on the computer.
Note
The installation and licensing of each client for remote access is required on the computer for
viewing process images in which ActiveX controls of the WinCC Premium Add-ons for PMCONTROL and PM-QUALITY are integrated.
6.11.1
88
Remote access is enabled by selecting the "Web access" check box for the user group.
The user authorization between WebNavigator and DataMonitor is controlled with the "Web access
- view only" function. The process screens can be used if this feature is not activated and the
WebNavigator license is recognized. If this function is activated, the process screens can only be
monitored.
Note
This configuration is carried out separately for each user group. This means that authorization for
remote access, start page, language, and user authorization can be defined separately for each
user group.
6.11.2
89
See also
TIA Portal information system > Visualize processes > Options > Web Navigator > Basics >
WinCCViewerRT
The time configured here for the automatic logout is relevant for the logout behavior of remote access. When using the WebViewer, the indicated logout time is sufficient for configuring the
WebViewer (see above). Based on the information configured here, the prompt to confirm Web
logout appears in the Web client one minute prior to the time indicated:
The settings are stored as default in the "WinCCViewerRT.xml" configuration file. The next time the
WebViewer is started, the parameter assignment dialog is not opened. If subsequent parameter
changes are required, the configuration dialog can be re-opened with the key combination Ctrl + Alt
+ P. In case this key combination is unwanted because of security reasons, the XML file can also
be deleted when having appropriate rights; then the configuration dialog will open again with the
next start of the WebViewer.
Logging on and off via the Web are reported in the WinCC alarm system, if the system alarms are
imported. (see also chapter 6.4 "Audit trail")
90
Operator actions through web access can be identified on the entry for the user. In this case, the
machine name on which the action was performed is preceded by the username.
6.11.3
91
6.12
6.12.1
92
TIA Portal information system > Visualize processes > Create screens > Dynamic modification
of property animations
6.12.2
93
7.1
7.2
95
Once the GMP-relevant property is activated for this tag, an operator input alarm is generated in
the audit trail if the value of the tag is changed (see 7.4 7.4"). The "Comment required" box is activated for making a comment.
96
The operator input alarms are displayed as follows in the audit trail:
97
7.3
Such custom scripts are rated as GAMP Category 5 software. The effort required for validation in
the form of detailed function and interface description as well as documented tests is described in
7.4
Audit trail
The log editor is upgraded to include the "Audit trail" archive when the project property GMP of the
Audit option (see 5.1.5 "GMP project setting in the Audit option") is activated. The audit trail records
the operator actions in chronological order thereby providing traceability of the plant operation.
The audit trail contains the following entries:
Configuration-dependent records:
User administration
-
Alarm system
-
All alarms that are acknowledged by the user (with the alarm text can also be logged)
Archive operations
-
Deleting a log
Audit trail settings such as storage location, format, and minimum storage space are made in the
log editor under the Audit Trail tab in the general properties.
98
Note
The force function must be deactivated in the GMP environment so that all operator input alarms
are recorded in the audit trail. We recommend evaluating the events Little free space and Little
free space, critical and to configure a reaction in the function list. (e.g. generating a warning
alarm, moving the logs to a network drive)
If no storage space is available, GMP-relevant operator actions are no longer feasible.
See also:
99
See also:
The network drive can be protected against unauthorized access with Windows tools (see 4.5.2
"4.5.2") in order to prevent manipulation of the audit trail files.
The Audit Viewer application is used for the display of the audit trail on a PC and is included with
the engineering system product package. The Audit Viewer evaluates the checksums of the entries
and signals any manipulation of the file in a red display or a non-manipulated file in green.
The HmiCheckLogIntegrity.exe application that can be executed within a command prompt is another way to verify checksums in the audit trail files.
See also:
100
TIA Portal information system> Visualizing processes > Options > Working with audit trail compliant > Using audit trail > Audit trail > Evaluate audit trail with DOS program
7.5
The electronic signature requirement is configured either in the tags in the tag table in the GMP
property or with the "NotifyUserAction" system function. "Electronic signature" is selected from the
confirmation category. If an additional comment form is desired, the corresponding check box is selected or the system function for comment required is configured with "yes".
101
7.6
Recipe control
7.6.1
The following actions are recorded in the audit trail for GMP-relevant recipes:
102
Transferring recipe data records to the PLC or reading from the PLC
Changing the setting online/offline for the synchronization of tag values when using recipe tags
All recipes and records can be displayed in the process screen with the recipe view control. However, changes to the records are not saved in the audit trail.
The recipe tags with activated "GMP-relevant property" are embedded in a recipe screen for FDAcompliant tracking of changes to the recipe data records. The recipe view control can be used for
display by deactivating the "Allow editing" property.
See also:
TIA Portal information system > Options> Working with audit GMP compliance > Configure audit functions > Recording recipe changes
TIA Portal information system > Visualize processes > Working with recipes > Viewing and editing recipes in runtime > Basics of the recipe screen
TIA Portal information system > Performance features > General technical data > Required
storage space for recipes
103
7.6.2
7.7
www.siemens.com/pm-control
7.7.1
Definition of the data to be archived, the archive sizes and the appropriate archiving strategy
Configuration of data logs for online storage of the selected process values
Definition of the data to be archived from various sources such as process values, alarms, audit trails, batch data (PM-QUALITY) etc.
104
Data log
Alarm log
Audit trail
PM-QUALITY databases
PM-CONTROL databases
In addition, actions are monitored and recorded in log files or databases in other parts of the system:
WinCC reports
Change report at Step7 level for "Download to the PLC" and online parameter changes
SIMATIC Logon Event Log, on the computer with the SIMATIC Logon installation
Event Viewer under Windows computer management only for WinCC RT Advanced
(logon/logoff activities, account management, rights settings for the file system, etc. according
to the corresponding configuration)
All the files mentioned (and others, if required) must be considered in the archiving concept.
7.7.2
Circular log
The oldest entries are deleted.
A checksum can be generated for each file entry for logging methods "Display system event at ..."
and "Trigger event ..." in combination with CSV and TXT formats. Any manipulation of the logs can
therefore be detected. The checksum is verified when opening the logs in the Audit Viewer application, see chapter 7.4 "Audit trail" > View the audit trail.
The size of the log depends on the length of a single entry and the number of entries. It is defined
in number of entries. The size of the memory card must be taken into account here for HMI devices.
See also:
TIA Portal information system > Visualize processes > Working with tags > Logging tags >
Working with data logging
(panels, RT Advanced)
TIA Portal information system > Visualize processes > Working with alarms > Logging alarms >
Configuring of alarm logging (panels, RT Advanced)
105
The CSV, TXT and RDB formats are available as archive formats. Archiving in RDB format, a proprietary database, provides fast access to data for displaying the data in the controls during runtime. For further evaluation of the data, the RDB format must be converted into the CSV format using the copy function. Archives in CSV / TXT format can be evaluated with other tools. The TXT
format is Unicode-compliant and therefore suitable for Asian fonts.
Note
For panels, we recommend logging of tags, alarms and audit trails locally on a memory card and
cyclically transfer the logs to a network drive.
See also:
7.7.3
TIA Portal information system > ...> System function "Archive log file"
106
www.siemens.com/pm-quality
7.7.4
Note
The folder where the data is stored by the panel must be secured with Windows utilities since the
CSV and TXT do not offer protection against unauthorized user intervention.
The following procedure is recommended for this purpose:
A new user is created with the name of the panel in the Windows user administration of the PC
to which the log data is moved. The name of the panel was specified when the network connection was configured in the control panel under network. This is the name by which the panel
logs on to the network.
The access permissions of the shared folder are defined in the folder properties in the "Security" tab. The panel name is added under "Group or user names" and is assigned "Full access"
under permissions.
107
The "Write" permission check box is selected under "Deny" for the user groups "Users" and
"Administrators".
The panel is authorized to store the log files in the directory based on this configuration. All other
users can only read the log files. But it maybe be considered to create a kind of HMI administrator,
who could access the folder with write permission in case of file damage etc.
Note
If the log data is placed in a subfolder of the shared directory, then the security settings for that
folder are sufficient.
The screenshots were taken in the Windows 7 operating system.
108
7.8
Reporting
7.8.1
Alarm report
Audit trail
Recipes
Hardcopy
The report layout can be designed with a title page, headers and footers, multiple detail pages and
a back page. For the display of process data, a number of objects and controls in the tool range are
available which can be dragged and dropped onto the report pages and then configured.
The scope of the data output can be specified as follows:
Audit trail: Output of the complete audit trail entries, which were logged on the
HMI device.
Hardcopy: Printout of the current screen content graphics with "PrintScreen" system function
See also:
TIA Portal information system > Visualize processes > Working with
reports > Basics of creating reports
Activation of a printout
The output to the default printer is organized with the "PrintReport" system function. The system
function can be launched either with a button or cyclically in the task scheduler.
Network printer
109
Printer drivers for Comfort Panels are available in an options package for printing to PDF / HTML
files as well as the options for PostScript printing and Brother QL-650TD. These drivers can be installed on the HMI device using the application ProSave. Reports in the file format PDF / HTML can
also be stored on a USB stick or a network drive as an alternative to local storage.
See also:
7.8.2
TIA Portal information system> Visualizing processes > Performance features > Recommended printers and printing via print server
110
Process values from panels, WinCC RT Advanced or directly from the S7 PLC via OPC connection
The process values are acquired cyclically or event-driven. At the end of the batch, alarm logs and
the audit trail are moved to a network drive or another drive on the PC and imported by PMQUALITY into its own database.
PM-QUALITY Report Editor provides a wide range of design and evaluation options for the presentation of batch data in a report.
See also:
www.siemens.com/process-management
7.9
7.9.1
The control can are integrated, for example, into a diagnostic screen.
See also:
TIA Portal information system > Visualize processes > Creating screens > Display and operating objects > Objects
111
7.10
Interfaces
7.10.1
7.10.2
TIA Portal information system > Visualize processes > Communicate with controllers > Device
dependency > Comfort Panels / PC systems with WinCC RT
7.10.3
112
Creating a directory for each HMI device into which the CSV files
are either event-driven or moved cyclically
The directories are monitored by PM-OPEN IMPORT with Windows resources. As soon as a CSV
file is detected in the directory, PM-OPEN IMPORT starts reading the data.
The imported audit trail entries can be displayed in a process screen by WinCC RT Professional
with the ActiveX Control "Alarm view".
113
114
Various standard functions of the TIA Portal engineering system can be used in support of verification / qualification.
115
8.1
Test planning
In defining a project life cycle, various test phases are specified. Therefore, basic qualification activities are defined at a very early stage of the project and fleshed out in detail during the subsequent specification phases.
The following details are defined at the outset of the project:
Parties responsible for planning and performing tests and approving their results
Note
The testing effort should reflect both the results of the risk analysis and the complexity of the component under test.
A suitable test environment and time, as well as appropriate test documentation, can help to ensure that only very few tests need to be repeated, or even none at all.
The individual tests are planned in detail at the same time as the system specifications (FS, DS)
are compiled. The following are defined:
8.2
Test methods, e.g. structural (code review) or functional (black box test)
Verification of hardware
During the qualification phase, tests are performed to verify whether the installed components and
the overall system design meet the requirements of the Design Specification. This includes details
such as component name, firmware / product version, installation location, server and clients used,
interfaces to the automation system, etc.
116
Printouts and screenshots as proof of qualification (chapter 8.4 Documentation of the project
data)
Printouts of the hardware configuration and verification of compliance with the switch cabinet
documentation
PC pass with information on all installed hardware and software components. This can be created manually or using commercially available tools.
Where necessary, there should also be an additional visual check
The network configuration can be found under Control Panel > Network and Dial-up Connections:
117
8.3
Verification of software
8.3.1
Documentation of the project data, chapter 8.4 "Documentation of the project data"
SIMATIC Security Control, chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software"
In terms of a WinCC system, this means that the individual software components require various
degrees of effort for specification and testing depending on their software category.
While a computer system as a whole would usually have to be assigned to category 4 or sometimes even 5, the individual standard components to be installed (without configuration) involve effort analogous to category 3 or 1.
Configuration based on the installed products, libraries, blocks, etc., then corresponds to category 4.
If "Free code" is also programmed, this corresponds to a category 5.
118
8.3.2
Standard libraries
The software installed on the operating system can be checked with Control Panel >
Add/Remove Programs.
The settings in the Windows operating system required for the WinCC system software can be
queried in the application SIMATIC Security Control: All programs > Siemens automation >
Security Control > Accepted settings. (see also chapter 4.2.2 "Installation of the SIMATIC
WinCC RT runtime software")
The installed SIMATIC software is documented in detail in the WinCC RT Start application under
Help > About WinCC RT Start ... > Components.
119
The Automation License Manager program provides information about the licenses installed on
each WinCC computer.
120
The Automation License Manager program can also provide information about the SIMATIC licenses installed on panels. For this purpose, a connection between the panel and the Automation
License Manager needs to be done:
121
8.3.3
Technological hierarchy (plant, unit, technical equipment, individual control element etc.)
Signal concept
Trends
Time synchronization
Configuration data such as the tags, functions or graphics used can be output based on reports.
For this purpose, ready-made standard layouts and print jobs exist in the global library of the TIA
Portal engineering system, see chapter 6.8.1 "Reporting of process and production data".
8.4
122
Entire project data when the top node is selected in the project navigation
Tables
Libraries
See also:
TIA Portal information system > Edit projects > Edit project data > Print project content
123
In the print dialog box, the printer, print layout and the extent of the documentation either total or
compact is selected.
124
8.5
Configuration control
8.5.1
Project versioning
In this storage concept, it might be specified, for example, that the project is backed up following a
change. The project backup is carried out in the TIA Portal in the project view under "Save as".
Here, the project can be saved under a different name with an integrated version number if necessary.
The project folder that contains the TIA Portal project can be packed in Windows Explorer as an alternative to backing up the project.
A version ID can, for example, be included in the file name of the compressed file. Make sure that
the folder hierarchy is maintained when packing the WinCC project so that the project can be read
again.
See also:
TIA Portal information system > Edit projects > Create and administer projects > Save projects
8.5.2
125
8.6
126
9.1
9.2
127
9.3
System restoration
The procedure described in this chapter should enable the end user to restore the WinCC system
after a disaster.
Disasters are taken to mean the following cases:
The system is restored using the saved data. The backed up data (medium) and all the materials
needed for the restoration (basic system, loading software, documentation) must be saved at the
defined point. There must be a Disaster Recovery Plan which must be checked on a regular basis.
128
9.4
Network components
Archive servers
WinCC servers
WinCC clients
Panels
In each case it is important to include the systems for data logging in the battery backup. The logging should also record the time of the power failure.
The following should also be remembered:
129
130
10
10.1
Define the tests which need to be performed to obtain validated status, based on the risk assessment
Execute the change in accordance with manufacturer documentation (as the plant has been released for it)
Process screens / objects / alarm system and process value archiving in function and display
Interfaces
System performance
Documentation (specifications)
Note
Support for software update and project migration is provided by
SIMATIC Product Support at http://support.automation.siemens.com.
A list of the released Windows updates e.g. for security gaps is published in the product support
under Online-Support at ID 18752994.
131
10.2
The project is converted to a migration format with the "Migration Tool" application.
The migration is started by clicking the migration in the portal view of the TIA Portal.
The migration report shows the migration history and may also indicate problems that require rework.
If adaptation of the project is necessary, this requires validation.
The validation effort is decided in consultation with the plant operator. Possible check points are
the new features available in WinCC as well as the correct installation of the software components
required for migration.
See also
132
Index
A
Access control 17, 46
Alarms 27, 62
API 87
Application software 69, 95
Archiving 19, 27, 28, 32, 37, 62, 80, 104
Audit trail 19, 28, 75, 85, 98, 113
Automation License Manager 120
B
Backup 20, 34, 126
Batch report 19, 31, 84, 110
C
Category
Hardware 15
Software 15, 118
Change control 125, 127
Change procedure 13
Configuration management 16, 63, 125
D
Data communication 87
Data security 51
Diagnostics 86, 111
Documentation of project data 122
E
Electronic records 18
Electronic signature 18, 78, 101
EU GMP Guide Annex 11 11, 18
Export 27
F
Faceplates 57, 96
FDA 21 CFR Part 11 11, 18, 70, 78, 95
G
GAMP5 12, 118
GMP requirements 15
H
Hardware 22
Hardware category 15
I
Image 34
Import 27
Information security 23
Installation 35
Operating System 35
SIMATIC components 36
SIMATIC WinCC options 37
Installed software 119
Interfaces 92, 112
OPC 33
Process data 32
S7 92, 112
K
Know-how protection 74
L
Libraries 58
Life cycle model 12
M
Maintenance 127
Mandatory comment 72
Master copies 56
Migration 54, 132
Monitoring 86, 111
N
Network drive 107
O
Object-oriented configuration 56
Operating system 24, 35, 39, 46, 49, 50
Operator input alarms 70, 95
Overview diagrams 69
133
Index
P
Partition 34
Password 17
Printer driver 34
Printout 84, 109
Process screens 69
Project setup 53
R
Recipes 27, 30, 78, 102
Regulations / Guidelines 11
Reporting 29, 83, 109
Restore 128
Retrieving data 20
Risk assessment 13, 116, 131
S
Screen window 57
Scripts 58, 67, 72, 73, 97, 98
Security
Network 23
SIMATIC
Security Control 36
SIMATIC NET SCALANCE S 51
User groups 44
WinCC Premium Add-ons 30
SIMATIC Logon 25, 38, 40
Software
Engineering 26
Operating level 27
Software category 15, 118
Specification 21
Application Software 29
Basic software 24
Hardware 22
HMI 30
Software design 30
System 29
User administration 25
Startup characteristics 46
Supplier audit 20
134
T
Test planning 116
Third-party components 20
Connection 93, 112
Time stamp 62
Time synchronization 20, 59
Type/instance concept 16
Types 56
U
Uninterruptible power supply (UPS) 129
Updates 131
User administration 17, 38
User data type 57
User ID 17
User interface 69, 95
User rights 45
V
Validation Manual 12
Verification 115
Application software 122
Hardware 116
Software 118
Software product 119
Versioning 125
Application software 64
configuration elements 63
Faceplates 66
Reports 68
Screens 64
Scripts 67
Virus scanner 34
W
Web access 88
Data display 91
Remote 89
User authorization 88
WinCC Add-on 125
PM-CONTROL 30, 79, 104
PM-OPEN IMPORT 32
PM-QUALITY 31, 32, 82, 83, 84, 106, 110
WinCC option
DataMonitor 32, 88
WebNavigator 32, 88
WinCC Option 125
Further information
E-Mail:
pharma@siemens.com
Internet:
www.siemens.com/pharma
Siemens AG
Industry Sector
Pharmaceutical and Life
Science Industry
76187 KARLSRUHE
GERMANY
www.siemens.com/automation
Siemens
Pharma Industry