GMP Simatic Wincc v11 en

SIMATIC
SIMATIC WinCC (TIA) V11

Guidelines for Implementing Automation Projects in a GMP Environment
GMP Engineering Manual
Edition
09/2012
Answers for industry.
Introduction
SIMATIC
SIMATIC WinCC (TIA) V11
GMP Engineering Manual
Guidelines for Implementing
Automation Projects in a GMP Environment
Configuring in a GMP Environment
Requirements for Computer Systems in a GMP Environment
System Specification
System Installation and Basic

Configuration
Project Settings and Definitions
Configuration for WinCC RT Professional
Configuration for WinCC Comfort /

WinCC RT Advanced
Support for Verification
Operation, Maintenance and Servicing
System Updates and Migration
09/2012
A5E31420596-AA
10
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products

Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency.
However, the information in this publication is reviewed regularly and any necessary corrections are
included in subsequent editions.
Siemens AG
Industry Sector
I IA VSS Pharma
76187 Karlsruhe
GERMANY
A5E31420596-AA
10/2012 Technical data subject to change
Copyright Siemens-AG 2012.

All rights reserved
Introduction
Purpose of the manual
This manual describes what is required, from the pharmaceutical, regulatory viewpoint in
Good Manufacturing Practice (short: GMP view), of a computer system, its software, and the procedure for configuring such a system. The relationship between the requirements and implementation is explained based on practical examples.
Target groups
This manual is intended for all plant operators, those responsible for industry-specific system concepts, project managers and programmers, servicing and maintenance personnel who use the
automation and process control technology in the GMP environment.
Basic knowledge required

Basic knowledge of SIMATIC WinCC is required to understand this manual. GMP knowledge as
practiced in the pharmaceutical industry is also beneficial.
Disclaimer
This manual is a guide for system users and project engineers for integrating SIMATIC WinCC in
the GMP environment, with regard to validation, also taking into account the specific requirements
of international regulatory bodies and organizations, such as 21 CFR Part 11.
We have verified that the contents of this document correspond to the hardware and software described. However, since deviations cannot be precluded entirely, we cannot guarantee full consistency. The information in this document is checked regularly for system changes or changes to the
regulations of the various organizations and necessary corrections will be included in subsequent
issues. We welcome any suggestions for improvement, which can be directed to the I IA VSS
Pharma in Karlsruhe (Germany).
SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

09/2012, A5E31420596-AA
Introduction
Validity of the manual

The information in this manual has been evaluated for SIMATIC WinCC (TIA Portal) V11 SP2 and
is exemplary for the components
Server/client system configured with the engineering software

SIMATIC WinCC Professional
Panel TP1200, configured with the engineering software

SIMATIC WinCC Comfort
with the option WinCC Recipes, WinCC WebNavigator and WinCC Audit as well as WinCC Premium Add-ons PM-CONTROL, PM-QUALITY, and PM-OPEN IMPORT. Information regarding the
exact compatibility between the various components is contained in the catalog CA 01.
The catalog can be found on the Internet at www.siemens.com/automation/ca01. A list relating to
the compatibility of different product versions is available at
http://support.automation.siemens.com/DE/view/de/21927773.
Any questions about the compatibility of the Premium Add-ons for SIMATIC WinCC should be addressed directly to the suppliers, see http://www.automation.siemens.com/mcms/human-machineinterface/en/visualization-software/scada/wincc-addons/Pages/Default.aspx.
Position in the information landscape

The system documentation of the SIMATIC WinCC (TIA Portal) control and monitoring system is
an integral part of the system software. It is available to the every user as online help (HTML help)
or as electronic documentation in PDF format.
This manual supplements the existing SIMATIC WinCC manuals. The guidelines herein are not
only useful during configuration, they also provide an overview of the requirements for configuration
and what is expected of computer systems in a GMP environment.
Structure of this manual

The regulations and guidelines, recommendations and mandatory specifications are explained, that
provide the basis for configuration of computer systems.
All the necessary functions and requirements for hardware and software components are also described; this should make the selection of components easier.
Based on examples, the use of hardware and software is explained and how they are configured or
programmed to meet the requirements. Further explanations can be found in the standard documentation.

09/2012, A5E31420596-AA
Introduction
Additional support
Contact your local Siemens representative and offices if you have any questions about the products mentioned in this manual and do not find the right answers.
Find your contact partner at:
http://www.siemens.com/automation/partner
You can access technical documentation for various SIMATIC products and systems at:
http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manualoverview/tech-doc-hmi/Pages/Default.aspx
The online catalog and the online ordering system are available at:
http://mall.automation.siemens.com/
For questions about this manual, please contact I IA VSS Pharma:
Email:
pharma@siemens.com
You can find additional information about the products, systems and services from Siemens for the
pharmaceutical industry at http://www.siemens.com/pharma
Training centers
We offer various courses to help you get started with SIMATIC WinCC (TIA Portal). Please contact
your regional training center or the central training center in 90327 Nuremberg, Germany.
Internet:
http://www.sitrain.com
Technical support
You can contact the Technical Support for all I IA&DT products using the web form for Support Request:
http://www.siemens.com/automation/support-request
as well as the Center of Competence for WinCC in Mannheim for the mentioned WinCC Premium
Add-ons at
Email:
WinCCAddon.automation@siemens.com
You will find more information about our technical support on the Internet at
http://www.siemens.com/automation/service&support
For example:
FAQs, technical manuals, etc. under Product Support
Examples of applications, performance, etc. under Applications and Tools

09/2012, A5E31420596-AA
Introduction
Online service & support

In addition to our documentation, we offer our comprehensive knowledge base online at:
http://www.siemens.com/automation/service
You will find the following under "Services"
The newsletter that provides you with latest information relating to your product
The right documents for you, using our Service & Support search engine
A bulletin board in which users and specialists worldwide exchange their know-how
Your local Siemens representative
Information about on-site services, repairs, spare parts, and lots more

09/2012, A5E31420596-AA
Table of Contents
1
Configuring in a GMP Environment.........................................................................................................11

1.1
1.2
1.3
1.4
1.5
Requirements for Computer Systems in a GMP Environment .............................................................15

2.1
2.2
2.3
2.4
2.5
2.5.1
2.5.2
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
Regulations and guidelines.....................................................................................................11

Life cycle model ......................................................................................................................12
Responsibilities .......................................................................................................................13
Approval and change procedure.............................................................................................13
Risk-based approach ..............................................................................................................13
Categorization of hardware and software...............................................................................15
Test effort depending on the categorization ...........................................................................15
Change and configuration management ................................................................................16
Software creation ....................................................................................................................16
Access control and user administration ..................................................................................17
Application of access control to a system...............................................................................17
Requirements for user IDs and passwords ............................................................................17
Requirements for electronic records.......................................................................................18
Electronic signatures...............................................................................................................18
Audit trail .................................................................................................................................19
Reporting batch data ..............................................................................................................19
Archiving data .........................................................................................................................19
Data backup............................................................................................................................20
Retrieving archived data .........................................................................................................20
Time synchronization ..............................................................................................................20
Use of third-party components................................................................................................20
System Specification ................................................................................................................................21

3.1
3.1.1
3.1.2
3.2
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4
3.5
3.5.1
3.5.2
3.5.3
3.6
3.6.1
3.6.2
3.6.3
Selection and specification of the hardware ...........................................................................22

Selecting the hardware components ......................................................................................22
Hardware specification ...........................................................................................................23
Security of the plant network ..................................................................................................23
Specification of the basic software .........................................................................................24
Basic software for user administration....................................................................................25
Basic software engineering.....................................................................................................26
Basic software operating level ................................................................................................27
Data archiving .........................................................................................................................28
Report generation / reporting..................................................................................................29
Specification of the application software.................................................................................29
SIMATIC additional software ..................................................................................................30
WinCC Premium Add-ons.......................................................................................................30
Interfaces to process data ......................................................................................................32
Connection to host systems....................................................................................................33
Utilities and drivers..................................................................................................................34
Printer driver ...........................................................................................................................34
Virus scanner ..........................................................................................................................34
Image & partition tools ............................................................................................................34

09/2012, A5E31420596-AA
Table of Contents
System Installation and Basic Configuration .........................................................................................35

4.1
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4
4.5
4.5.1
4.5.2
4.6
Project Settings and Definitions ..............................................................................................................53

5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.3
5.3.1
5.3.2
5.3.3
5.4
5.5
5.5.1
5.5.2
5.5.3
5.5.4
Project setup ...........................................................................................................................53

Creating a new project ............................................................................................................53
Migration of existing projects ..................................................................................................54
Working with multi-language projects .....................................................................................54
HMI device wizard...................................................................................................................55
GMP project setting in the Audit option ..................................................................................55
Object-oriented configuration..................................................................................................56
Master copies and types .........................................................................................................56
Faceplates...............................................................................................................................57
Screen window........................................................................................................................57
User data type.........................................................................................................................57
Project functions in the form of scripts....................................................................................58
Libraries ..................................................................................................................................58
Time synchronization ..............................................................................................................59
Concepts for WinCC RT Professional ....................................................................................59
Concepts for panels and HMI devices with WinCC RT Advanced .........................................60
Time stamping.........................................................................................................................62
Configuration management.....................................................................................................63
Versioning application software ..............................................................................................64
Versioning of screens .............................................................................................................64
Versioning of faceplates..........................................................................................................66
Versioning of VB / C scripts ....................................................................................................67
Versioning of reports...............................................................................................................68
Configuration for WinCC RT Professional..............................................................................................69

6.1
6.2
6.3
6.4
6.5
6.6
6.6.1
6.6.2
Installation of the operating system ........................................................................................35

Installation of SIMATIC components ......................................................................................36
Installation of the SIMATIC WinCC engineering software ......................................................36
Installation of the SIMATIC WinCC RT runtime software .......................................................36
Options for SIMATIC WinCC ..................................................................................................37
Setting up long-term archiving ................................................................................................37
Setting up user administration ................................................................................................38
User administration with SIMATIC Logon...............................................................................38
Security settings in Windows ..................................................................................................39
Configuration of SIMATIC Logon ............................................................................................40
User administration without SIMATIC Logon..........................................................................42
Local SIMATIC user groups....................................................................................................44
Administration of user rights ...................................................................................................45
Access control at the operating system level..........................................................................46
Startup characteristics ............................................................................................................46
Blocking the operating system level during ongoing operation ..............................................49
Data and information security .................................................................................................51
Creating the graphic user interface.........................................................................................69

Creating operator input alarms ...............................................................................................70
User-specific functions and scripts .........................................................................................73
Audit trail .................................................................................................................................75
Configuration for electronic signature .....................................................................................78
Recipe control .........................................................................................................................78
WinCC option"Recipes" ..........................................................................................................78
WinCC Premium Add-on PM-CONTROL ...............................................................................79
09/2012, A5E31420596-AA
Table of Contents
6.7
6.7.1
6.7.2
6.7.3
6.7.4
6.8
6.8.1
6.8.2
6.9
6.9.1
6.9.2
6.10
6.11
6.11.1
6.11.2
6.11.3
6.12
6.12.1
6.12.2
7
Configuration for WinCC Comfort / WinCC RT Advanced ....................................................................95

7.1
7.2
7.3
7.4
7.5
7.6
7.6.1
7.6.2
7.7
7.7.1
7.7.2
7.7.3
7.7.4
7.8
7.8.1
7.8.2
7.9
7.9.1
7.10
7.10.1
7.10.2
7.10.3
Electronic recording and archiving of data .............................................................................80

Specifying the data to be archived..........................................................................................80
Recording and archiving .........................................................................................................81
Archiving batch data with PM-QUALITY.................................................................................82
Increased availability for data archiving..................................................................................83
Reporting ................................................................................................................................83
Reporting of process and production data..............................................................................83
Batch-based reporting with PM-QUALITY ..............................................................................84
Monitoring the system.............................................................................................................86
Diagnostics of communication connections............................................................................86
Memory space view ................................................................................................................86
Data communication with the plant control level ....................................................................87
Connection to Web client........................................................................................................88
Setting the user rights on the WinCC server ..........................................................................88
Remote access via the network..............................................................................................89
Web access for data display...................................................................................................91
Interfaces to SIMATIC WinCC ................................................................................................92
Connection from SIMATIC S7 ................................................................................................92
Connection to other components and third-party suppliers....................................................93
Creating the graphic user interface.........................................................................................95
Creating operator input alarms ...............................................................................................95
User-specific functions and scripts .........................................................................................98
Audit trail .................................................................................................................................98
Configuration for electronic signature ...................................................................................101
Recipe control .......................................................................................................................102
WinCC option "Recipes" .......................................................................................................102
WinCC Premium Add-on PM-CONTROL .............................................................................104
Electronic recording and archiving of data ...........................................................................104
Specifying the data to be archived........................................................................................104
Recording and archiving .......................................................................................................105
Archiving batch data with PM-QUALITY...............................................................................106
Connection to a network drive with access control...............................................................107
Reporting ..............................................................................................................................109
Output of process and production data.................................................................................109
Batch-based reporting with PM-QUALITY ............................................................................110
Monitoring the system...........................................................................................................111
Diagnostics of the communication link..................................................................................111
Interfaces ..............................................................................................................................112
Connection from SIMATIC S7 ..............................................................................................112
Connection to other components and third-party suppliers..................................................112
Connection to SIMATIC WinCC RT Professional.................................................................112
Support for Verification ..........................................................................................................................115

8.1
8.2
8.3
8.3.1
8.3.2
8.3.3
8.4
8.5
8.5.1
Test planning ........................................................................................................................116

Verification of hardware ........................................................................................................116
Verification of software .........................................................................................................118
Software categorization according to GAMP Guide .............................................................118
Verification of software products...........................................................................................119
Verification of the application software .................................................................................122
Documentation of the project data........................................................................................122
Configuration control.............................................................................................................125
Project versioning .................................................................................................................125

09/2012, A5E31420596-AA
Table of Contents
8.5.2
8.6
9
Operation, Maintenance and Servicing .................................................................................................127

9.1
9.2
9.3
9.4
10
Change control of the configuration data..............................................................................125

Backing up the operating system and SIMATIC WinCC ......................................................126
Operation and monitoring .....................................................................................................127
Operational change control...................................................................................................127
System restoration ................................................................................................................128
Uninterruptible power supply (UPS) .....................................................................................129
System Updates and Migration..............................................................................................................131

10.1
10.2
Updates of system software..................................................................................................131

Migration of the application software ....................................................................................132
Index ...................................................................................................................................................................133
10

09/2012, A5E31420596-AA

As a prerequisite for configuring computer systems in the GMP environment, approved specifications must be available. Requirements contained in standards, recommendations, and guidelines
must be followed during the preparation of these specifications as well as during the implementation and operation of computer systems. This chapter deals with the most important sets of regulations and explains some of the basic ideas.
1.1
Regulations and guidelines

The regulations, guidelines and recommendations of various national and international authorities
and organizations must be observed when configuring computer systems requiring validation in the
GMP environment. Where computer systems are involved, the following are of particular significance:
Name
(author)
Title
Scope
21 CFR Part 11
Electronic Records,
Electronic Signatures
Law/regulation for manufacturers and importers of pharmaceutical products for the

U.S. market
Computerised systems
Binding directive within the European Union

for implementation into relevant national
legislation
A Risk-Based Approach
to Compliant GxP
Computerized Systems
Guideline with worldwide validity as recommendation
(U.S. Food and Drug Administration, FDA)

Annex 11 of the EU GMP Guidelines
(European Commission)
GAMP5
(ISPE)

09/2012, A5E31420596-AA
11
1.2
Life cycle model

A central component of Good Engineering Practice (GEP) is the application of a recognized project
methodology, based on a defined life cycle. The aim is to deliver a solution known as the riskbased approach that meets the relevant requirements.
GAMP5 approach
The following figure shows the general approach of GAMP5 for the development of computerized
systems. It begins with the planning phase of a project and ends with the start of pharmaceutical
production following completion of the tests and reports.
The lifecycle approach illustrated here is known as the generic model in GAMP5. With this as the
basis, we will introduce several examples of lifecycle models for a variety of "critical" systems with
different stages of specification and verification phases.
Once production has started, the system lifecycle continues until decommissioning.
Siemens Validation Manual

Based on the recommendations of the GAMP Guide, Siemens has produced a "Validation Manual".
This provides internal project teams with general information and concrete templates to help specify the validation strategy for a project. There are templates not only for project planning documents
but also for system specification and test documentation. In contrast to this GMP Manual, the Siemens Validation Manual is for internal Siemens use only.
12

09/2012, A5E31420596-AA
1.3
Responsibilities
Responsibilities for the activities included in the individual life cycle phases must be defined when
configuring computer systems in a GMP environment and creating relevant specifications. As this
definition is usually laid down specific to a customer and project, and requires a contractual agreement, it is recommended to integrate the definition into the Quality and Project Plan.
See also
1.4
GAMP5 Guide, Appendix M6 "Supplier Quality and Project Planning"
Approval and change procedure

When new systems requiring validation are set up or when existing systems requiring validation are
changed, a top priority is to achieve and maintain the validated status, which means ensuring the
traceability of the steps undertaken.
Before setting up or modifying a system, it is therefore necessary to plan, document and obtain the
customers approval of the pending steps in terms of functionality and time.
1.5
Risk-based approach
Both the U.S. agency FDA ("Pharmaceutical cGMPs for the 21st Century Initiative", 2004) and the
industry association ISPE/GAMP ("GAMP5" Guide, 2008) recommend a risk-based approach to
the validation of systems. This means that whether and to what extent a system should be validated depends on its complexity and its influence on the product quality.

09/2012, A5E31420596-AA
13
14

09/2012, A5E31420596-AA

This chapter describes the essential requirements an automated system in the GMP environment
must meet regarding the use of computerized systems. These requirements must be defined in the
specification and implemented during configuration. In case of subsequent changes or interventions in the system, reliable evidence must be provided at all times, regarding who, at what time,
and what was changed or implemented. The requirements for this task are implemented in various
functions and described in the following chapters.
Note
This chapter describes the general requirements for computerized systems. How to meet these
requirements with a specific system is dealt with starting at chapter 3.
2.1
Categorization of hardware and software
Hardware categorization
According to the GAMP Guide, hardware components of a system fall into two categories "standard
hardware components" (category 1) and "custom built hardware components" (category 2).
Software categorization
According to the GAMP Guide, the software components of a system are divided into various software categories. These range from commercially available and preconfigured "standard" software
products that are only installed to configured software products and customized applications ("programmed software").
2.2
Test effort depending on the categorization

The effort involved in validation (specification and testing) is much greater when using configured
and, in particular, customized products compared to the effort for standard products (hardware
and/or software). The overall effort for validation can therefore be significantly reduced by extensive use of standard products.

09/2012, A5E31420596-AA
15
2.3
Change and configuration management

All the controlled elements of a system should be identified by name and version and any changes
made to them should be checked. The transition from project phase to the operational procedure
should be decided in good time.
The procedure includes, for example:
Identification of the elements affected
Identification of the elements by name and version number
Change control
Control of the configuration (storage, release, etc.)
Periodic checks of the configuration
See also
2.4
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"
Software creation
Certain guidelines must be followed during software creation and documented in the Quality and
Project Plan (according to Good Engineering Practice, short GEP). Guidelines for software creation
can be found in the GAMP Guide as well as the relevant standards and recommendations.
Use of type/instance concepts and copy templates

While the validation of standard software only calls for the software name and version to be
checked, customized software validation requires the entire range of functions to be checked and a
supplier audit to be performed.
Therefore, to keep validation work to a minimum, preference should be given to standardized
blocks during configuration (products, in-house standards, project standards). From these, customized types and templates are created and tested according to the design specifications.
Identification of software modules / types / copy templates

During software creation the individual software modules must be assigned a unique name, a version, and a brief description of the module.
Changes to software modules / types / copy templates

Changes to software modules should be appropriately documented. Apart from incrementing the
version identifier, the date and the name of the person performing the change should be recorded,
when applicable with a reference to the corresponding change request/order.
16

09/2012, A5E31420596-AA
2.5
Access control and user administration

To ensure the security of computer systems in the GMP environment, such systems should be
equipped with an access control system. In addition to physical access control, access control systems protect computer systems against unauthorized access. Users are assembled into groups,
which are then used to manage user permissions. Individual users can be granted access authorization in various ways:
2.5.1
Combination of unique user ID and password,

see also chapter 2.5.2 "Requirements for user IDs and passwords"
Smart cards together with a password
Evaluation of biometrics
Application of access control to a system

In general, actions that can be performed on a computer system must be protected against unauthorized access. Depending on a users particular field of activities, a user can be assigned various
permissions. Access to user administration should only be given to the system owner or to a very
limited number of employees. Furthermore, it is absolutely essential that unauthorized access to
electronically recorded data is prevented.
The use of an automatic logout function is advisable and provides additional access protection.
This does not, however, absolve the user from the general responsibility of logging off when leaving the system. The automatic logout time should be agreed with the user and defined in the specification.
Note
Only authorized persons should be allowed access to PCs or to the computer system. This can be
supported by appropriate measures such as mechanical locking and through the use of hardware
and software for remote access.
2.5.2
Requirements for user IDs and passwords
User ID
The user ID for a system must be of a minimum length defined by the customer and be unique
within the system.
Password
When defining passwords, a minimum number of characters and the expiry period for the password
should be defined. In general, a password should comprise a combination of characters that meet
the minimum length requirement as well as at least three of the criteria listed below.
Use of uppercase letters
Use of lowercase letters
Use of numerals (0-9)
Use of special characters
The configuration is described in chapter 4.3 "Setting up user administration".

09/2012, A5E31420596-AA
17
2.6
Requirements for electronic records

The following requirements additionally apply to the use of electronic records for relevant data:
The system must be validated.
Only authorized persons must be able to enter or change data (access control).
Changes to data or deletions must be recorded (audit trail).
Relevant electronic records for long-term archiving must be stored securely and kept available
for their retention period.
The initials and signatures required by the regulations must be implemented as electronic signatures.
"Relevant" production steps/processes, "significant" interim stages, and "major" equipment

must be defined in advance by the person responsible from a pharmaceutical perspective. This
definition is often process-specific.
If an electronic manufacturing report is used, its structure and contents must match the structure and contents of the manufacturing formula / processing instructions. As an alternative, the
manufacturing instructions and report can also be combined in one document.
See also
2.7
EU GMP Guidelines chapter 4.9 and Annex 11
21 CFR Part 11 "Electronic Records, Electronic Signatures", U.S. FDA
Electronic signatures
Electronic signatures are computer-generated information, which acts as the legally binding equivalent of a handwritten signatures.
Regulations concerning the use of electronic signatures are defined, for example, in US FDA 21
CFR Part 11.
Electronic signatures are relevant in practice, for example, for manual data inputs and operator interventions during runtime, approval of process actions and data reports, and changes to recipes.
Each electronic signature must be uniquely assigned to one person and must not be used by any
other person.
Note
During the production of all drugs and medical devices which enter the U.S. market, the FDA regulations must be met; this also refers to 21 CFR Part 11 with respect to electronic signatures.
Conventional electronic signatures

If electronic signatures are used that are not based on biometrics, they must be created so that
persons executing signatures must identify themselves using at least two identifying components.
This also applies in all cases where a smart card replaces one of the two identification components.
These identification components can, for example, be a user ID and a password. The identification
components must be assigned uniquely and must only be used by the actual owner of the signature.
18

09/2012, A5E31420596-AA
Electronic signatures based on biometrics

An electronic signature based on biometrics must be created in such a way that it can only be used
by one person. If the person making the signature does so using biometric methods, one identification component is adequate.
Biometric characteristics include fingerprints, iris structure, etc.
2.8
Audit trail
The audit trail is a control mechanism of the system that allows all data entered or modified to be
traced back to the original data. A secure audit trail is particularly important when GMP-relevant
electronic records are created, modified or deleted.
Such an audit trail must document all the changes or actions made along with the date and time.
The typical content of an audit trail describes who changed what and when (old value / new value),
as an option it may also include "why".
2.9
Reporting batch data

In the production of pharmaceuticals and medical equipment, batch documentation takes on a special significance. For a pharmaceutical manufacturer, methodically created batch documentation is
often the only documented evidence within the framework of product liability.
The components of batch documentation are as follows:
Manufacturing formula / processing instructions and manufacturing report
Packaging instructions and packaging list (the packaging of the finished product is part of the
production process from a pharmaceutical perspective)
Test instructions and test report (relating to quality checks, for example analysis)
Central importance is assigned to the concept of the manufacturing report (or packaging report),
which is defined as follows:
2.10
The manufacturing report is always both product-related and batch-related
It is always based on the relevant parts of the valid manufacturing formula and processing instructions
It contains all process-relevant measurement and control processes as actual values
It also contains deviations from the specified set points.
Archiving data
Archiving (electronic) is defined as the permanent storage of electronic data and records on a longterm storage.
The customer is responsible for defining procedures and controls for the storage of electronic data.
Based on predicate rules (EU GMP Guidelines, 21 CFR Part 210/211, etc.), the customer must decide how electronic data will be retained and, in particular, which data are involved. This decision
should be based on a justified and documented risk assessment that takes into account the significance of the electronic records over the retention period.
If the archived data are migrated or converted, the integrity of the data must be assured throughout
the entire conversion process.1
1
"Good Practice and Compliance for Electronic Records and Signatures. Part 3, Models for
Systems Implementation and Evolution". PDA 2004

09/2012, A5E31420596-AA
19
2.11
Data backup
In contrast to the archiving of electronic data, data backups are used to create backup copies,
which ensure system restoration in case of original data loss or system failure.
The backup procedure must include the periodic backup of non-retentive information in order to
avoid total loss of the data if system components fail or if data is accidentally deleted. Backup procedures must be tested to ensure that data is saved correctly. Backup records should be labeled
clearly and intelligibly, and dated.2
Data backups are created on external data carriers. The data media used should comply with the
recommendations of the device manufacturer.
When backing up electronic data, the following distinctions are made
Backup of the installation, for example partition image
Backup of the application
Backup of archive data, for example process data
Here, particular attention is paid to the storage of data backup media (storage of the copy and
original in different locations, protection from magnetic fields, and elementary damage).
2.12
Retrieving archived data

Archived/backed up data must be retrievable at all times. When a system update/migration is performed, the compatibility of the archived data must be considered before the update.
2.13
Time synchronization
A uniform time reference (including a time zone reference) must be guaranteed within a system, to
be able to assign an unequivocal time stamp for archiving messages, alarms etc.
Time synchronization is especially important for archiving data and analysis of faults. UTC (Universal Time Coordinated, see also ISO 8601) is recommended as the time base for saving data. The
time stamp of alarms and values can be displayed in local time with a reference to daylight saving /
standard time.
2.14
Use of third-party components

When third-party components (hardware and software) are used, their compatibility to other components in use must be verified. If components specifically "tailored" (customized) to individual projects are used, a supplier audit should be considered in order to check the supplier and their quality
management system.
See also
GAMP5 Guide, Appendix M2 "Supplier Assessment"
"Electronic Records and Electronic Signatures Assessment". Chris Reid & Barbara Mullendore,
PDA 2001
20

09/2012, A5E31420596-AA
During the specification phase for a computer system, the system to be built and its functionality
are defined in as much detail as is required for implementation.
Specifications not only represent the basis for a structured and traceable configuration but are
particularly in the GMP environment an essential reference for final verification of the system.
The specification covers the selection of products, product variants, options, and system configurations, as well as the application software.
The overall specification can be devided, for example, into:
Functional specification (FS) in response to User Requirements Specification (URS)
Hardware (and network) Design Specification (HDS)
Software Design Specification (SDS)
HMI Design Specification

09/2012, A5E31420596-AA
21
3.1
Selection and specification of the hardware

For the operation and monitoring simple as well as more complex production processes and manufacturing operations, various system characteristics of local HMI devices including multiple-station
system with server/client are used:
Single-station system with complete control and monitoring of a production process through local HMI devices (comfort or multi-panel), panel PC or standard PC
Multiple-station system consisting of operator terminals (WinCC clients) and a WinCC server
that supplies the WinCC clients with data
Basic Panels /
Micro Panels
Operator device and

software component
3.1.1
Comfort Panels,
Mobile Panels, 277-377
Panels & Multi Panels
Integrated runtime module
Panel PCs,
Standard PCs
SCADA based in PC
WinCC Runtime
Advanced
WinCC Runtime
Professional
Selecting the hardware components

The choice of hardware components should be weighed against the requirements. These requirements can be functional characteristics, but also include aspects such as local conditions, compatible software, or data security.
For example, when designing the system corresponding class RAID systems should be used, especially for PC components with critical functions. This increases system availability and data security.
With respect to the selection of panels, an Ethernet connection is recommended for saving the data
on a network drive.
The effort required for the specification and the testing is greatly reduced by using system-tested
hardware components and system constellations.
For specific requirements on the machine level of production plants (such as in the food and beverage or the pharmaceutical industry), Siemens offers highly robust panels and panel PCs with
touch screens and stainless steel fronts.
If an HMI device is also intended for operator actions, the (regulatory!) requirements pertaining to
the recording of these actions must be considered when selecting the hardware components.
Recommendation
We recommend the use of approved hardware from the current SIMATIC HMI Catalog ST 80 because it has been verified for compatibility in the test system from Siemens.
22

09/2012, A5E31420596-AA
3.1.2
Hardware specification
The Hardware (and network) Design Specification (acronym: HDS) describes the hardware architecture and configuration. The HDS should, for example define the points listed below. This is used
later as a test basis for the verification.
Hardware layout plan and network structure
PC components for server and client
Automation system with CPUs, I/O cards, field devices, etc.
The HDS can be recorded in the Functional Specification or in a separate document.

Note
The requirements in the hardware layout plan and the designation of hardware components must
be unique.
See also
3.2
GAMP5 Guide, Appendix D3 "Configuration and Design"
Security of the plant network

In order to meet current customer needs regarding networked systems and to always ensure
maximum data security, data and information security is of great importance when establishing a
network of systems.
Measures for increasing data and system security

SIMATIC offers several ways to increase data and information security and therefore the security of
a production line. These include:
Central user administration, staggered user groups and user permissions
Security concepts regarding network security and restricted access to network drives
SIMATIC Security Control (SSC), in combination with WinCC RT Professional
SIMATIC NET SCALANCE-S Firewall and VPN modules
For further information see also
Chapter 4.6 "Data and information security"
Subject "Industrial Security" in the Online Support under ID 50203404
Manual "Security Concept PCS 7 and WinCC" in Online Support under ID 60119725

09/2012, A5E31420596-AA
23
3.3
Specification of the basic software

The software specification describes not only the application software but also the standard software components used in the system, for example by specifying the name, version number etc.
The components of commercially available standard software include the components of automation software and third-party software such as operating system, Adobe Reader, MS Office, etc.
Note
This software specification serves as an acceptance criterion during subsequent tests (FAT, SAT,
IQ, OQ), see also 8.3 "Verification of software".
The SIMATIC WinCC (TIA Portal) software consists of engineering and runtime components (Runtime) for HMI devices of varying sizes. The corresponding runtime components run on their corresponding hardware. This is configured and programmed in the engineering interface.
The technical functions for WinCC Professional and WinCC Comfort/Advanced are described
separately in chapter 6 of this manual since the functions and applications to control on-site equipment (panels) are in some cases significantly different from those in a SCADA environment (Supervisory Control and Data Acquisition).
Hardware and software requirements and choice of operating system

Information on releases of various WinCC options and options with the operating systems (32-bit
and 64-bit) are included in the catalog and
Online Support under ID 56899318
Compatibility tool https://support.automation.siemens.com/kompatool/pages
Online help, readme file
The security updates and "Critical Updates" provided by Microsoft for the Windows operating system are tested by Siemens for compatibility with SIMATIC software and released, see reference
chapter 10.1 "Updates of system software".
Basic components of SIMATIC WinCC Comfort / Advanced / Professional

Designation
24
Brief description
Availability
Comf
Adv
Prof
Graphics
Editor for producing graphics
HMI Tags
Tag management
User administration
Administration of users
HMI Alarms
Alarm logging
Logs
Logging of process values
X*
Recipes
Preparation of recipes
X*
Reports
Production of reports

09/2012, A5E31420596-AA
Additional SIMATIC components

Designation
Brief description
Availability
Comf
Adv
Prof
SIMATIC Logon
Connection to Windows user administration
SIMATIC Logon
Remote Access
Connection of panels in a central user administration with SIMATIC Logon
X*
X*
WinCC Audit for SIMATIC

Panels /
Runtime Advanced
Recording operator actions
X*
X*
-**
WinCC Server
Servers in a server/client structure
X*
WinCC Client
Client in a server/client structure
X*
WinCC WebNavigator
View of the data and operation of process

screens via web
X*
WinCC DataMonitor
View of the data via a browser
X*
* = This component requires an additional license

** = Audit trail can be implemented by configuration, see chapter 6.4 "Audit trail".
3.3.1
Basic software for user administration

A key requirement particularly in a GMP environment is the access control of the system. This is
the only way to ensure safe operation and compliance with the regulations (U.S. 21 CFR Part 11
and EU GMP Guidelines Annex 11).
Unauthorized access to both the control and monitoring system as well as the file system and directory structures in the operating system must be prevented. This requires an corresponding plan:
Definition of user groups with different authorization levels for operation and maintenance
Definition of users and assignment to the user groups
Establishing a customized system structure and disk storage, including authorizations
In a single-station system or a distributed system with multiple HMI devices (also in combination
with panels), users can be centrally managed on a computer in a workgroup or domain.
SIMATIC Logon supports a user administration system based on Windows mechanisms that can
be used both in workgroup and in a Windows domain. Information on installation and configuration
of SIMATIC Logon is contained in chapter 4.3 "Setting up user administration" and in the Engineering Manual SIMATIC Logon.
The user administration must be set up locally on each panel (see chapter 4.3.4 "User administration without SIMATIC Logon") for local HMI devices without any network connection.

09/2012, A5E31420596-AA
25
3.3.2
Basic software engineering

The TIA Portal is the common engineering interface for the HMI devices and the automation level.
The WinCC Comfort and WinCC Advanced and WinCC Professional options are available for the
configuration of the HMI devices that are suitable for the GMP environment. The required version
depends on the type of HMI device being used starting with the panel and industry PCs up to the
standard PC.
WinCC Professional 512, 4K, max. PowerTags
Engineering
component
WinCC Advanced
WinCC Comfort
WinCC Basic
Operator device and

software component
Basic Panels /
Micro Panels
Comfort Panels,
Mobile Panels, 277-377
Panels & Multi Panels
Panel PCs,
Standard PCs
SCADA based in PC
The respective engineering system contains all the basic functions for engineering the HMI devices. The Project Navigator is the central component from which all devices belonging to the project are managed. The editors to configure the various functions in each HMI device are opened in
the project navigator. Copy functions ease the adoption of configured data into other HMI devices.
Tag management
In the TIA Portal, automation systems and HMI devices are created in a project. Inputs and outputs
are maintained in a separate tag table for each controller (PLC). The HMI devices receive a process driver connection by which external HMI tags are linked to the PLC tags in the PLC tag tables.
Tag management is done exclusively in the PLC. Corrections are transmitted into the project data
of the HMI devices after compilation. This ensures that consistency of the tags is maintained
throughout the project.
Libraries
The Project Library serves as a deposit of the configured data. Configured WinCC objects like
complete graphics, graphic elements, control objects, variables, messages and lots more can be
saved in the project library and used several times in the HMI devices. A cross-project data storage
is given by the Global Library.
26

09/2012, A5E31420596-AA
Export / import of project data

The WinCC engineering system has an export / import interface. Alarms, recipe data sets, text lists,
tags and project texts can be exported and re-used in another project. An export generates either
XLSX or CSV files, which can be edited using the standard software Microsoft Excel and imported
back into the project.
3.3.3
Basic software operating level

The runtime software (RT) is used to control and monitor the production process. The following
sections discuss the functions for recording and displaying runtime data.
Alarms
Many alarms occur in a plant. These are all of varying importance. To guide the user, even in critical situations, the alarms of the project are arranged in alarm classes. These and a concept for
alarm acknowledgment should be defined at the beginning of the project with the plant manager.
Note
With the functionality display suppression in the WinCC RT Professional runtime software, the
display of selected alarms can be suppressed, e.g. in the startup phases. The alarms are still recorded in the WinCC alarm log. For additional information please see the TIA Portal Information
System.
Use of this functionality is the responsibility of the system operator and should therefore be coordinated with him.
Archives
In a regulated environment relevant production and quality data must be kept sometimes for 5, 10
or more years. This data must be defined, stored safely and placed in external archives according
to data volume or time period. A process should be implemented to define the corresponding data
and archive components. See also chapters 3.3.4 "Data archiving" and 6.7 Electronic recording
and archiving of data or 7.7 Electronic recording and archiving of data.
The WinCC RT Professional runtime software can also archive process values in compressed form
in compressed archives.
Recipes
A system should be developed to structure the recipes if recipe data or equipment data records are
required for ongoing operation. The individual recipe elements can be freely defined for each recipe. A variety of data sets can be stored for a recipe. The number depends on the selected HMI
device.

09/2012, A5E31420596-AA
27
Audit trail
Operational input and changes to GMP-relevant data must be documented with time stamp, user
ID, old value and new value in the form of an audit trail. This can be configured according to the respective values and is stored in the alarm history (WinCC RT Professional).
The audit option fulfills the required functionality of an audit trail, see chapter 5.1.5 "GMP project
setting in the Audit option" especially for panels and runtime software WinCC RT Advanced.
Note
Categorization even makes sense in the specification phase to facilitate the overview and review
of GMP-relevant inputs, values and changes in plant operation. The plant operator should be able
to name the GMP-critical values and define them in advance.
3.3.4
Data archiving
Tag values, operator alarms and the audit trail can be archived. The scope and method of archiving
depends on the hardware used in the HMI device and the runtime software.
Archiving for panels and WinCC RT Advanced

The archives can be stored on the local system, and moved or copied to a network drive if there is
a network connection. A memory card is used for local data archiving with panels. The archive size
is dependent on the available space.
Archiving with WinCC RT Professional

Configuration options for archiving in the basic package of the WinCC RT Professional runtime
software are included in server/client structures. A configuration for transfer to another computer is
set in addition to archive size and segment change. Options for long-term archiving are mentioned
in chapter 4.2.4 "Setting up long-term archiving.
The option WinCC DataMonitor can be used to view the data.
Batch-oriented archiving
The WinCC Premium Add-on PM-QUALITY is available For batch-based acquisition and archiving
of production data such as process values and alarms, see chapter 6.7.3 "Archiving batch data
with PM-QUALITY" and chapter 7.7.3 Archiving batch data with PM-QUALITY.
28

09/2012, A5E31420596-AA
3.3.5
Report generation / reporting
Reports of alarms and process values

Alarms, recipes and current process values can be printed out in report form once they have been
defined in the report editor. WinCC RT Professional provides further options for reporting, such as
the generation of log data in graphs or in tables.
Depending on the system, output to the printer is managed either in the task scheduler or by print
job. At the same time, a cyclical or event-dependent starting point is specified.
Batch-based reporting
The WinCC Premium Add-on PM-QUALITY is available for a batch-based reporting of the recorded
data, see chapter 6.8.2 "Batch-based reporting with PM-QUALITY" and chapter 7.8.2 Batch-based
reporting with PM-QUALITY.
3.4
Specification of the application software

In addition to defining the hardware (chapter 3.1 "Selection and specification of the hardware") and
the standard software components (chapter 3.3 "Specification of the basic software"), the specification of the application software is an essential part of the Design Specification. This is used later as
an acceptance criterion for the verification system (FAT, SAT, IQ, OQ) in addition to the functional
specification.
The Design Specification may consist of one or more documents. Additional, separate documents
are often added as supplements, e.g. process tag list, I/O list, parameter list, P & ID, etc. The
status of these documents (version, release) must be defined just as clearly as the other specification documents (URS, FS , DS).
See also
GAMP5 Guide, Appendix D3 "Configuration and Design"
The overall Design Specification can be devided, for example, as follows:
System specification (general)
System structure, PC profiles
User administration,
definition of user groups, users, permissions, local users, configuration of SIMATIC Logon,
WinCC user administration, etc.
Printer configuration
Archive configuration (archives, archiving cycles)
Interfaces (S7 connections, OPC, discrete I/O processing)

09/2012, A5E31420596-AA
29
HMI design specification

The following aspects are specified for the user interface:
Screen layout and navigation
Plant screens, unit screens, detailed screens of interfaces
Operating level, possibly access authorizations
Screen hierarchy
Screen resolution, screen cycles
Block icons, used graphic elements
Alarm capability, alarm classes, priorities, display
Software design specification
General information such as project name, libraries, plant hierarchy
Template and module specification in a separate document if necessary
Reaction to power failure and restart
Time synchronization, master and slave definitions
Description of exceptional circumstances for safe plant operation
Emergency off characteristics
3.5
SIMATIC additional software
3.5.1
WinCC Premium Add-ons

This manual introduces the following WinCC Premium Add-ons:
Designation
Brief description
Availability
Comf
Adv
Prof
PM CONTROL
Recipe data management and job scheduling
X*
PM-QUALITY
Batch-based recording of data and reporting
X*
PM-OPEN IMPORT
Importing process data
* For data communication, panels can be linked via an Ethernet connection to the Premium Addons which are installed on a separate PC.
The WinCC Premium Add-ons are enabled with separate licenses.
Batch-based control with PM-CONTROL

The WinCC Premium Add-on PM-CONTROL is a batch-based parameter control for recipe/product
data management. The integrated order control allows flexible handling of production orders in
which the recipe, production location, scalable production quantity and the time of production can
be specified.
The software package is divided into three applications:
Topology manager for mapping the process cell topology, creating the required parameters
and configuring the connection to the automation level
Recipe system for creating and managing recipes / products
Order planning and order control, assignment and management of production orders
30

09/2012, A5E31420596-AA
To achieve a cost-effective solution for both simple and more complex tasks, PM-CONTROL is
available in the "Compact", "Standard" and "Professional" variants.
The use of SIMATIC Logon as a central user administration can be enabled in the PM-CONTROL.
Batch-based reporting with PM-QUALITY

The data recorded in WinCC Premium Add-on PM-QUALITY can be displayed as a trend (process
values), printed out from a printer in report form or exported per HTML file, XML file or in database
format.
The software package includes the following applications:
Topology Manager for mapping the plant topology and specifying the production data to be acquired
Report Editor for creating the report layout for the acquired data and displaying batch reports
on the screen
Data Logging, runtime component for acquiring data
Data View and various ActiveX controls for displaying the batch data
Data Center, for merging the batch data (only in the redundant version)
Apart from the automatic acquisition of the configured batch data, manually entered values, for example laboratory values can be added to a batch report later. If the batch report is transferred to
the archive automatically due to the set export option, no more changes can be made to the report
if the "Complete automatically" option is set.
It is also possible to use a script in WinCC to configure an electronic signature of the batch reports
by the logged-on user and with it the manual assignment of the batch status (released / locked).

09/2012, A5E31420596-AA
31
Batch-based archiving with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY is used for batch-based acquisition of productionrelevant data such as process values and alarms.
The acquired batch data can be automatically exported in database format, in HTML format and/or
in XML format either on the local system or to a computer in the network. To view the exported
batch data in a database format, the PM-QUALITY application Data View (PM-QUALITY client) is
used.
Importing archives with PM-OPEN IMPORT

With PM-OPEN IMPORT process data (data and alarm logs) and operator actions (audit trail),
which are logged by panels and HMI devices with WinCC RT Advanced in CSV format, are transferred to the databases of WinCC RT Professional. This enables a distributed system with multiple
HMI devices to group and archive data centrally. The trend/table view and alarm view controls in
WinCC Runtime are used for displaying the data.
3.5.2
Interfaces to process data
WinCC WebNavigator
Remote access to the WinCC project data is set up with the WinCC Web Navigator in combination
with the WinCC RT Professional runtime software. To view the process screens, users with the
necessary rights must authenticate themselves using their password. The details are checked by
SIMATIC Logon. Operation of the process screens is subject to access control, which is defined in
the WinCC project user administration.
See also
Online Support ID 49516052 "Documenting operator actions via the WebNavigator"
WinCC DataMonitor
WinCC Data Monitor is a dedicated display and analysis system for process data from WinCC and
data from the WinCC long-term archive server. WinCC DataMonitor provides a number of analysis
tools for interactive data display and analysis of current process values and historical data:
32
Excel workbooks
Published reports
Trends and alarms
Process screens
Web center

09/2012, A5E31420596-AA
3.5.3
Connection to host systems

The options for connection to host systems depend on the HMI device used.
Panels and single-station system interfaces with WinCC RT Advanced

Process values for visualization and archiving can be provided for an OPC client in a data communication based on OPC (OLE for process control). For this purpose, panels can be configured as
an OPC XML server and single-station systems with WinCC Advanced as an OPC DA server
(DCOM).
Interfaces from the SCADA system to host systems

Standardized access with OPC and OLE DB from computer systems of the operational and company management level to computer systems at the process level is integrated in WinCC Professional. WinCC Professional provides access to the following process data:
Interrupts and Events (alarms), OPC A&E, read and write (acknowledgments only) access
Process value logs (trends), OPC HDA, read and write access
Process tags (states), OPC DA, read and write access

data communication via DCOM
Process tags, OPC XML DA, read and write access via web service
Process values and process value logs, OPC UA (Unified Architecture), read and write access
The data communication is handled based on the TCP/IP protocol with exchange of digital certificates.
All archive data, WinCC OLE DB, read-only access

09/2012, A5E31420596-AA
33
3.6
Utilities and drivers
3.6.1
Printer driver
For panel PCs and standard PCs, we recommend using the printer driver integrated in the operating system and approved for WinCC. No guarantee for proper operation of the system is assumed
if other drivers are used.
Printout from local printers or network printers is possible for panels. Hard copies or reports can be
printed on a network printer. Line printing of alarms is only possible on a local printer.
A list of approved printers and required settings for the panels are compiled in the product support
at:
3.6.2
Online Support ID 11376409 "Printers for SIMATIC HMI Panels"
Virus scanner
The use of virus scanners on panel PCs and standard PCs is enabled in the process mode. The
approved virus scanners can be accessed via the compatibility tool in the product support.
https://support.automation.siemens.com/kompatool/pages
The following settings must be observed when using virus scanners:
The real-time search is one of the most important functions. However, it is sufficient to examine
the incoming data traffic.
Scheduled scans must be disabled because they restrict the performance of the system considerably during process operation.
Manual search may not be performed during the process operation. It can be performed at
regular intervals, for example, during maintenance intervals.
These arrangements should be defined in the specification and/or optionally in a work instruction
from the IT department in charge.
3.6.3
Image & partition tools

Optional "Imaging" and "Partitioning" software allows you to create a backup of the entire content
of a hard drive, the so-called image or the partitioning of hard drives. A quick restoration of the system is possible with the system and user software in the backup image. Backed up hard drive contents can be copied to compatible devices. This facilitates the process of exchanging computers.
The "SIMATIC Image and Partition Creator (IPC)" provided by Siemens is a software package that
can be used to accomplish these tasks. This is even possible without separate installation through
direct use from CD or USB FlashDrive. Administration skills are needed for this process.
Note
The created images are used to restore the installed system, but not to secure online data.
34

09/2012, A5E31420596-AA
System Installation and Basic Configuration

SIMATIC WinCC (TIA Portal) consists of the engineering software and runtime software for corresponding HMI devices.
Engineering software
SIMATIC WinCC (TIA Portal) engineering software is the common engineering interface for PLC
programming and visualization. It is staggered according to the performance range the HMI devices:
WinCC Comfort for all panels
WinCC Advanced in addition to panels also for single-station PC systems
WinCC Professional also for multiple-station systems with server-client structure
Runtime software for HMI devices

The respective runtime software is required for the visualization on each HMI device:
Integrated runtime module for the panels
WinCC RT Advanced for panel PC and standard PC
WinCC RT Professional for complex plants and client-server systems
Runtime software is activated with a license key except for the panels.
4.1
Installation of the operating system

Control panels come with the preinstalled Microsoft Windows CE operating system and corresponding runtime software.
Note
The engineering system provides updates for the operating system if the MS Windows CE version
installed on the panel does not correspond to the version level of the project data. For additional
information, refer to the TIA Portal Information System > Operating system update.
Panel PCs are available in various levels of configuration with the operating system installed. The
hardware and operating system requirements of the SIMATIC HMI software must be considered
when using standard PCs.
Details can be found in the current catalog, ST 80.
Current information on the operating system and installation can be found in the "Installation" section of the of the TIA Portal Information System.
Note
The computer name must adhere to the naming convention of the SIMATIC software application.
You should read the information in the respective installation instructions and readme files of the
SIMATIC software to be installed on the computer, e.g. SIMATIC Net.
The computer name may no longer be changed after the WinCC RT Professional software is installed. This would require a complete re-installation of the runtime software.

09/2012, A5E31420596-AA
35
4.2
Installation of SIMATIC components
4.2.1
Installation of the SIMATIC WinCC engineering software

The engineering software is installed on a SIMATIC programming device (PG) or PC or a standard
PC and is used to set up the TIA Portal. The variants of the engineering software is activated
through the appropriate license.
The TIA Portal acts as a central engineering interface. Project data is created for one or more different types of HMI devices. After compiling, the project data is transferred to the respective HMI
device. Thereafter, the project can be started for ongoing operation.
4.2.2
Installation of the SIMATIC WinCC RT runtime software

Panels and panel PCs are available as complete systems with pre-installed and licensed
WinCC RT.
WinCC RT must be installed and licensed separately on each operator control and monitoring
component for server/client systems or standard PCs.
Additional licenses are required for other options that are used.
During installation of the runtime software, default settings in the Windows operating system are
automatically adapted to the requirements of the software. The required settings are displayed on
the screen during the installation and can be saved in RTF format and printed. The software installation continues after the settings are confirmed.
Note
WinCC RT Professional is customarily enabled for operation in a domain or workgroup. Domaingroup policies and domain restrictions can hinder the installation. In this case, remove the computer from the domain prior to installation. After the installation, the computer can be returned to
the domain if the group policies and restrictions do not prevent operation of the WinCC software.
SIMATIC Security Control

During installation of the WinCC RT Advanced and WinCC RT Professional runtime software, default settings in the Windows operating system are automatically adapted to the requirements of
the software. The required settings in the operating system are managed in the SIMATIC Security
Control Application for WinCC RT Professional. After installation, the application can be opened
with Start > Programs > Siemens Automation > Security Control at which time the changed setting
are clearly displayed. An option for saving and printing is provided.
The following settings are configured for specific functions:
36
Security-related registry entries
Configuration of the Windows Firewall exceptions list
DCOM settings (Distributed Component Object Model) only for WinCC RT Professional

09/2012, A5E31420596-AA
SIMATIC Security Control is restarted automatically, if following an installation of WinCC options,

other settings in the Windows operating system are required, such as for the WinCC Web Navigator.
Note
If the WinCC computer is incorporated into a different working environment (domain or workgroup), the settings must be re-configured by SIMATIC Security Control.
See also
4.2.3
TIA Portal information system "Installation instructions"
Options for SIMATIC WinCC

The options for the HMI devices do not require an additional license and can be configured in the
engineering software. The license is required on the respective HMI device so that the configured
option is operational.
Licenses are supplied on USB sticks and transferred to the HMI device using the "Automation License Manager" tool. For panels, the license is transferred via the engineering system, the Automation License Manager or ProSave. The procedure is described in the information system.
The WinCC Premium Add-ons described here, are installed after WinCC Runtime software and
then licensed with Hardlock dongles as standard.
4.2.4
Setting up long-term archiving

For long-term archiving of process values, alarm and audit trail logs, the log data can be moved to
a network drive, to another computer or outsourced. Here, the required (and only the required!) access authorization must be set up.
The task scheduler or an event for copying or moving the logs can be configured, see chapter 7.7
"Electronic recording and archiving of data" for panels and HMI devices with WinCC RT Advanced.
In addition to the archives, a backup is configured, in which the file size and time period of the outsourcing to a network drive or other computer can be defined, see chapter 6.7 "Electronic recording
and archiving of data" for HMI devices with WinCC RT Professional.

09/2012, A5E31420596-AA
37
4.3
Setting up user administration

An essential requirement for safe and compliant operation of an automated production line is controlling access to the system. This includes both accessing the operating level and the configuration level as well as accessing backups and archives. A user-based logon and logout for operator
actions is therefore one of the basic functionalities for meeting this requirement.
Users are assigned to different user groups according to their tasks when organizing operator authorizations. In the project data for each HMI device, the user groups with the same names are assigned authorizations for the individual operator actions.
Note
The structure and authorizations of the user groups should be defined in the specification at the
start of the project and implemented in the early engineering phase.
Access authorizations and settings, such as password length, complexity and period of validity can
and should be appropriately configured to increase password security.
All permissions for working with the visualization user interface (faceplates, input boxes, buttons
etc.) must be set up according to the specifications.
Note
For distributed systems (in combination with panels) or single-station systems with WinCC RT
Professional, we recommend the implementation of user administration based on SIMATIC Logon
and MS Windows Administration.
User administration is set up locally for local HMI devices without any network connection. Users
and their user group assignment are then only known locally.
4.3.1
User administration with SIMATIC Logon

Administration of user rights using SIMATIC Logon is based on the mechanisms of the Windows
operating system. The users and groups are configured according to the specification in the user
administration of Windows.
The following steps need to be done, when setting up the user administration based on SIMATIC
Logon
Set up the user groups and users in Windows
Install and set up SIMATIC Logon
Security settings in Windows, see chapter 4.3.2 Security settings in Windows
Administration of user rights for each HMI device
Then, configure the access control for the user interface:
38
Assignment of permissions in the visualization interface (input boxes, control buttons, screen
window)
Setup of access rights in PM-CONTROL or PM-QUALITY if the WinCC Premium Add-ons are
used

09/2012, A5E31420596-AA
Both Windows user administration options are available here, centralized administration in a domain structure or in a workgroup with a central logon server.
See also
Operating system help of MS Windows or the appropriate Windows manual (for setting up
Windows workgroups and the domain)
TIA Portal information system "visualizing processes" (configuring user administration)
SIMATIC HMI, Process Visualization System WinCC V6, Security Concept WinCC, chapter 4
"User and Access Management in WinCC and Integration in Windows Management"
Windows domain
The one-time administration of the groups and users on the domain server enables all computers in
the domain access to group membership.
Note
When using multiple domain servers or when there are redundant servers, the domain structure
ensures that users will still be able to perform operations and/or log on even if one domain server
fails.
Windows workgroup
All user data is created and managed on the server of a workgroup. SIMATIC Logon compares the
logon data with the user administration data on this server and then provides the logon information
to the other computers in the workgroup.
4.3.2
Security settings in Windows

When using SIMATIC Logon, the administrator configures the following security settings in Windows under "Control Panel > Administrative Tools > Local Security Policy > Security Settings and
Local Policy":
Password policies such as complexity, password length, password aging
Account lockout policies
Audit policies
Note
After installing Windows, default parameters are set for the password policy, account lockout policy and audit policy. These settings must be checked and modified according to the applicable
project requirements.
See also
Chapter 4.5.2 "Blocking the operating system level during ongoing operation"

09/2012, A5E31420596-AA
39
4.3.3
Configuration of SIMATIC Logon

SIMATIC Logon verifies the accuracy of the user's computer logon data in the central user administration and transmits the successful logon information to the respective HMI device. User logon for
the operation of WinCC options and Premium Add-ons can be included in the SIMATIC Logon verification process.
Note
In case the logon server is unavailable during a network interruption, the local user administration
becomes active instead of the central one. To control the plant and the process safety, a local
user and a local user group with limited operating rights should be created for emergency operation since.
Note
Events such as a successful and failed logon/logout procedure or password changes are stored in
the EventLog database of SIMATIC Logon as well as in the WinCC alarm system.
See also
40
Chapter 4.4 "Administration of user rights"
Chapter 6.4.3 in the manual "Safety Concept", Online-Support ID 60119725

09/2012, A5E31420596-AA
The use of SIMATIC Logon is activated in the "Runtime Settings > User Administration".
The base settings of SIMATIC Logon are carried out in the "Configure SIMATIC Logon" dialog box.
The settings are described in the configuration manual SIMATIC Logon and include, for example:
The logon of a "default user" after user logout
Logon server ("working environment")
Automatic logout with SIMATIC Logon
Note
No "auto-logoff" may be activated at the operating system level, otherwise the user interface will
be completely closed.
Furthermore, the activation of a screen saver is in combination with SIMATIC Logon is not allowed.

09/2012, A5E31420596-AA
41
4.3.4
User administration without SIMATIC Logon

The users and user groups are managed locally for panels or single-station systems (WinCC RT
Advanced). The requirements for access control are met through appropriate configuration.
42

09/2012, A5E31420596-AA
The password settings, such as password, account lockout and monitoring policy are then defined
in the local user administration of the HMI device, see the following figure.

09/2012, A5E31420596-AA
43
4.3.5
Local SIMATIC user groups

WinCC Professional supports the Windows authorization model. Power users rights at the operating system level are required as a minimum and the Windows user must be a member of several
SIMATIC groups in order to create and start the WinCC user interface. Therefore, the following local groups are automatically set up during the installation of the runtime software. These may not
be changed or deleted!
SIMATIC TIA Engineer
SIMATIC HMI
SIMATIC HMI CS
SIMATIC HMI VIEWER
Note
The defined users and user groups must be made members of the corresponding authorized
SIMATIC user groups.
A logical separation of computer access authorizations is achieved by differentiating between the
administrator and power user (plant operator) at the Windows level logon.
WinCC Professional automatically manages the security settings and release authorizations for
the project data. The access rights depend on the configuration in the WinCC user administration and are verified by the runtime software, see chapter 4.4 "Administration of user rights".
See also
44
WinCC Readme file
Chapter 4.3.2 "Security settings in Windows" applies here as well

09/2012, A5E31420596-AA
4.4
Administration of user rights

Regardless of whether a user adminstration with SIMATIC Logon or a local user administration for
a single-station system (Advanced panel or RT) without SIMATIC Logon is used, the user rights for
operation are defined in the project data of the HMI device.
The user rights are generally assigned to the user groups. For this purpose, the required user
groups with the same names (if necessary) as the user groups in Windows (SIMATIC Logon) are
created in the project data.
The following procedure must be followed for this:
Open the project data for the HMI device in the TIA Portal (engineering system)
Open the user administration with the tab "Users groups"
Create group(s)
Assign authorizations for each group
The user rights are assigned via the WinCC user groups in the project data. Members of the "Operator" group, for example, are then assigned the corresponding rights to operate in the WinCC
user administration.

09/2012, A5E31420596-AA
45
4.5
Access control at the operating system level

The operating system user in the background logged on to the WinCC Runtime should have power
user rights and not administrator rights. These rights are required to create and start the WinCC
user interface. This ensures that only WinCC has access to the database. Operating system access to the SQL database is therefore not be possible.
Access to the operating system level is not necessary and usually not required for the plant operator when logged on to WinCC. Therefore, additional configuration settings (startup characteristics,
blocking the operating system level) must be carried out. These settings avoid unauthorized access
from the process mode of SIMATIC WinCC to sensitive data of the operating system.
Note
Access to the operating system level should be reserved exclusively for administrators or technical
service personnel.
4.5.1
Startup characteristics
Automatic startup is configured including the activation of the user interface for safe start of the
HMI device. This is how access to the operating system level is prevented during startup.
Automatic logon (auto-logon) in the Windows operating system is described in the Online Support
under ID 23598260 in an example for SIMATIC IPCs.
The configuration of the automatic start of the user interface is different for each of the various HMI
devices.
46

09/2012, A5E31420596-AA
Automatic start for HMI devices with WinCC RT Professional

Automatic startup is organized in the application WinCC RT Start. This is opened with Start > Programs > Siemens Automation > Runtime Systems.
The specified project is automatically activated at computer startup if the "Autostart" property is activated. The "Allow Cancel during activation" property should not be selected, so that the project
start will not be interrupted.
Those editors which are required ongoing operation are activated in "Runtime Settings > Services".
Other applications that should be started automatically, such as the Premium Add-ons PMCONTROL or PM-QUALITY, are added under "Additional Tasks / Applications".

09/2012, A5E31420596-AA
47
Automatic start for HMI devices with WinCC RT Advanced

Automatic startup is organized in the application WinCC RT Loader (HMILoad.exe). This is opened
with Start > Programs > Siemens Automation > Runtime Systems.
The project with the project path that should start automatically is specified under "Settings". The
automatic start of the project data is delayed for the number of seconds indicated in the "Wait" box
after the operating system starts up.
A link must still be established to the application HMILoad.exe

(C:\Programme\Siemens\Automation\WinCC RT Advanced) in the autostart of the operating system.
Automatic startup for panels

The runtime loader automatically starts at panel startup. The project data is activated after the set
time delay. The delay time can be configured in the Control Panel under Transfer> Directories. We
recommend setting the value equal to 0, so that the project data is activated immediately.
Note
After commissioning, the "Remote Control" property in the Control Panel under "Transfer" should
be disabled so that accidental automatic transfer from the engineering system is prevented.
48

09/2012, A5E31420596-AA
4.5.2
Blocking the operating system level during ongoing operation
Configuration settings in WinCC Professional

The Windows keyboard is deactivated under "Keyboard" in the runtime settings to prevent access
to the operating system during process mode.
See also
TIA Portal information system

09/2012, A5E31420596-AA
49
Configuration settings in WinCC Advanced

Access to the operating system during the process mode is prevented if task switching is disabled
in the runtime settings under "General".
Note
A button in the user interface is commonly used to deactivate the ongoing operations. This button
can only be actuated with the corresponding authorization, which then provides access to the operating system.
Preventing system access in object programming

Make sure that no objects are used in the user interface that permit access to the Windows file system or to executable programs. This risk exists, for example, with OLE objects, Internet links,
online help system etc.
Configuration settings in Windows

The Keep the taskbar on top of other windows setting must be disabled in Windows.
In addition, attention must be paid that any HOT-KEY assignments are deactivated. Some graphics
cards also provide keyboard shortcuts to influence the properties of the graphics card. Some of
them might enable access to the operating system or influence WinCC operation.
50

09/2012, A5E31420596-AA
4.6
Data and information security

In a regulated environment production, processes and recorded data are checked and safely
stored to ensure that product quality can be proven. Safe handling of data is a basic requirement
for compliant operation.
Relevant production data and operator input must be stored in accordance with national and international regulations for many years. Therefore, data and information security has many facets,
some of which are explained here.
Definition of a suitable system structure
User administration, see chapter 4.3 "Setting up user administration"
Planning of data storage as well as the input and output devices
Secure storage of sensitive data with redundancy and access control, see chapter 4.6 "Data
and information security"
Use of antivirus software, see chapter 3.6.2 "Virus scanner"
Defined startup characteristics and operation of the user interface, see chapter
4.5 "Access control at the operating system level"
Organizational measures
Planning and assigning the necessary access rights
Supplemented by codes of behavior, such as handling of USB sticks
Work instructions for archiving, retrieval and possibly data migration
Adaptation of the operating system settings

During installation of the WinCC RT Advanced and WinCC RT Professional runtime software, default settings in the Windows operating system with SIMATIC Security Control are automatically
adapted to the requirements of the software.
See also
Chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software"
SIMATIC NET SCALANCE S

The SCALANCE S security modules form the core of the innovative safety concept from Siemens
that protects networks and data. The protective function of SCALANCE S works in such a way that
all traffic to and from the cell is monitored.
With a combination of different security measures such as firewall, NAT/NAPT routers and VPN
(Virtual Private Network) over IPsec tunnels, the SCALANCE S security modules protect individual
devices or even entire automation cells from:
Data espionage
Data manipulation
Unauthorized access

09/2012, A5E31420596-AA
51
See also
52
Manuals of the SCALANCE family
Comprehensive information about "Industrial Security" in the Online Support under

ID 50203404
Online Support ID 22376747 "Protecting an automation cell using Firewall" and the document
attached there
Online Support ID 22056713 "Security with IPsec-secured VPN tunnel and the document attached there

09/2012, A5E31420596-AA

Projects are used to organize the storage of data and programs resulting from the creation of an
automation solution. The data that makes up a project includes the following:
Configuration data on the hardware structure and parameter assignment data for modules
Project engineering data for communication over networks
Configuration data for the automation and HMI devices
The central data management ensures that consistency between automation and visualization is
sustained. Once created, data is available in all editors, changes or corrections are automatically
updated throughout the project.
The customer-specific operator process control and monitoring is variable in design. A large part of
the application software is configured here and extended functionality can be added with the aid of
scripts.
5.1
Project setup
5.1.1
Creating a new project

The TIA Portal is started for creating a new project. The TIA Portal offers two views, the portal view
and the project view, which can be switched.
Select the entry "Create new project" in the portal view
Enter your project name and path or accept the proposed settings.
Click the "Create" button.
The next steps are listed in the TIA Portal.
Configure a device.
This selects one by one the controller and HMI units that are required for your automation solution. Network and connections can be configured.
Write PLC program

The programs are created for the single controllers.
Configure an HMI screen

The visualization projected for the individual HMI devices.

09/2012, A5E31420596-AA
53
A wizard assists each implementation process and opens the project view at a suitable point.
5.1.2
Migration of existing projects

Projects from previous automation solutions can be migrated to the TIA Portal.
See also
General procedure for migration chapter 10 "System Updates and Migration"
Chapter 4 in the manual "TIA Portal", Online Support ID 53385672
TIA information system > Migrating projects
Guide migration of WinCC Flex 2008 SP2, Online Support ID 58857225
Migration guide for Comfort Panels, Online Support ID 49752044
5.1.3
Working with multi-language projects

The following project texts can be managed in multiple languages:
Alarm texts
Button labels
Operator relevant texts
Display names of recipes
Text lists
etc.
See also
Chapter 7.2.7 in the manual "TIA Portal", Online Support ID 53385672
TIA Portal information system > Edit project > Working with multilingual texts
54

09/2012, A5E31420596-AA
5.1.4
HMI device wizard

A base structure for the visualization interface of an HMI device is created with the support of the
HMI device wizard. When adding SIMATIC panels to a project, the wizard starts automatically; for
HMI devices based on a PC system the wizard can be started manually.
The HMI device wizard guides you through a series of dialogs for creating the basic structure. The
basic structure consists of a base screen with a toolbar, title bar, alarm line and various system
screens for diagnostic purposes. Project-specific, empty plant screens can be added, so that these
are already taken into account when selecting the screen. In addition, the screen background color,
the screen resolution, and the company-specific logo are defined.
5.1.5
GMP project setting in the Audit option

The WinCC (TIA Portal) Audit for panels or RT Advanced option is provided especially for the GMP
environment. The option includes following functions:
Creating operator input alarms
Creating an audit trails
The "NotifyUserAction" system function
Entering of electronic signatures
Data archiving with checksum
Identification of recipes as "GMP-relevant"
Documenting the audit trail
The GMP setting is activated at the start of the configuration in the runtime editor settings. Then,
the above functions are activated and can be configured, see chapters 7.2 Creating operator input
alarms, 7.4 Audit trail and 7.5 Configuration for electronic signature.

09/2012, A5E31420596-AA
55
5.2
Object-oriented configuration
Objects are graphical elements used for designing project screens. These objects include "base
objects" (line, circle, text box, etc.), "elements" (I/O box, button, etc.), "controls" and also graphics
(pipes, pumps, etc.).
By storing configured objects and object groups in libraries, they can be used repeatedly. The engineering in the TIA Portal has 2 libraries:
Project library
Global library
The objects stored there are available to all similar type HMI devices in the project ("Project Library") or in other projects ("Global Library").
One user data type is preferred for dynamization of faceplates and screen windows. It bundles
various tag types in a user-defined data structure for a process unit such as a motor. User data
types are stored in the project library and are available throughout the project.
The object-oriented configuration is useful for:
Configured objects and object groups
Faceplates
Screen window
User data types
Project functions
See also
TIA Portal information system
System manual "TIA Portal", chapter 9.1.2 "Working with objects",

Online Support ID 53385672
Note
Configured objects or groups of objects are created one-time for the particular application and
then tested with the client before they are copied to the configuration or instantiated.
5.2.1
Master copies and types

Each of the libraries mentioned above contain two folders named "Types" and "Master copies". Library objects can be created or used either as a master copy or as a type.
As a master copy, a configured object group is moved into master copy area of the project library
and can be used repeatedly in the project. Changes to the master copy are not transferred to the
copies previously created. Master copies can also be stored in a global library for use in other projects.
Faceplates and user data types are stored under types which are then integrated into the project
data as an instance.
A distinction is made between the Panel / RT or RT Advanced Professional device families when
the configured objects are stored under types. The objects can only be reused in the same variant.
56

09/2012, A5E31420596-AA
5.2.2
Faceplates
A faceplate consists of a grouping of objects which are tailored to the special requirements of the
plant with respect graphic representation and dynamization. The object properties and events,
which are used to dynamize the faceplate, are individually defined in the faceplate editor. User data
types are recommended for connecting the interface to the process screens.
A faceplate is created as a type in the project library. A copy can be saved in the comprehensive
project global library under types. Thereafter, it is available in other projects as well.
The faceplate is based on the type-instance model. A local instance of the type is created when a
faceplate is included in a process screen. Changes in the type are automatically transferred to all of
its instances. If necessary, a faceplate instance can be disassociated from the type.
Faceplates are created for either the Panels / RT Advanced or RT Professional device family and
can only be used for the corresponding variant.
The options for designing and dynamization are more diverse with RT Professional.
5.2.3
Screen window
The screen window control lets you select a screen within a screen. This functionality is used, for
example, to call a window for controlling a process unit (valve, drive). Such an operator control
screen is configured once for a particular function and then opened as an instance in a screen window. The dynamization a screen window is carried out based on user data types. When the screen
is called, a tag prefix is transferred.
The screen window technology is only available in RT Professional.
5.2.4
User data type

User data types are used for dynamization of faceplates and screen windows. For a process unit,
such as a motor, a user data type is defined, which contains all tag types of the motor as elements.
Each user data types is created for a particular type of communication (SIMATIC S7 300/400,
SIMATIC S7 1200 or internal communication) and for a family of devices Panel / RT or RT Advanced Professional and can only be used in this environment.
The example shows a simplified form.

09/2012, A5E31420596-AA
57
5.2.5
Project functions in the form of scripts

Customer-specific requirements are implemented in the form of functions or local scripts. A function
consists of system functions and / or user-defined functions.
If such user-defined functions are required repeatedly, they should be configured as project functions in the "Scripts" editor.
The function code is created one-time in the script, then tested and qualified. The function is then
available for this HMI device and project-wide for several HMI devices after moving it to the project
library under "master copy" (see 6.3 "6.3").
5.2.6
Libraries
The engineering in the TIA Portal is supported by two libraries:
Project library
Global library
The project library is used to store all user-defined WinCC objects such as complete screens, tag
tables, alarms, etc. These user-defined objects are developed in detail, tested and qualified and
are then available as a project standard for repeated use in the project.
The global library is a cross-project library, the contents of which can also be used in other projects. By default, the global library contains master copies for buttons, control modules, and document templates for the project documentation. User-specific global libraries can be set up for centralized storage of user-defined objects, e.g. from the project library.
58

09/2012, A5E31420596-AA
5.3
In SIMATIC WinCC, the time transmitted on the bus as default is the standard world time UTC
(Universal Time Coordinated).
To ensure time consistency, all stations and controllers belonging to the WinCC system must be
synchronized so that chronological processing (logging of trends, alarms) is enabled throughout the
system.
Time synchronization of SIMATIC Logon depends on the environment (Windows workgroup or domain) in which SIMATIC Logon is operated. All PCs in the Windows workgroup or within the domain must be time synchronized.
HMI devices with RT Professional can be integrated into an automatic time synchronization via the
plant / system bus. Only one "Set time-of-day" can be configured in combination with panels or single-station systems with RT Advanced.
The activation of time synchronization must also take place on the engineering station, otherwise it
could cause problems during the downloading of changes.
Note
The activation of time synchronization is necessary in plants in which GMP is mandatory.
5.3.1
Concepts for WinCC RT Professional

The structure of the time-of-day synchronization must be carefully planned. Each time-of-day synchronization in the project is dependent on requirements. The requirements of time synchronization
must be described in the function specification. The following sections introduce concepts in time
synchronization.
Time synchronization in a Windows workgroup

The time in a workgroup should be synchronized via the WinCC server. The time of the WinCC
server can also be synchronized using a time master such as SICLOCK.
Time-of-day synchronization in a Windows domain

If the automation system is operated in a Windows domain, the domain must serve as the time
master. The time of the domain server can also be synchronized using a time master such as
SICLOCK.
Note
The time on the clients in the domain is synchronized using Microsoft system services.
See also
http://www.siemens-edm.de/Siclock.zeitsynchronisationskonzept.0.html
SIMATIC HMI manual, Process Visualization System WinCC, Security Concept WinCC, chapter 5 "Planning Time Synchronization".
Online Support ID 11377522 "Display format for the date"

09/2012, A5E31420596-AA
59
5.3.2
Concepts for panels and HMI devices with WinCC RT Advanced

Direct time synchronization in NTP format can be configured between a CPU S7-1200 and panels
that support time synchronization. Here, the time can either be specified by the HMI device (master) or by the controller (slave).
See also
TIA Portal information system> Visualize processes > Communicate with controllers > Configure time synchronization
For all other HMI devices and CPUs, the time can be set in either the CPU or in the HMI device.
"Set time-of-day" does not have the same accuracy as the time synchronization, since message
frame and scripting runtimes are incorporated. The time master must be defined within the system.
Set time-of-day
The time is set with area pointers. Area pointers are parameter fields in which reading and writing
communication from the PLC and the HMI device takes place alternately. The PLC and the HMI
device trigger predefined actions when the stored data is evaluated.
The "Date/Time PLC" area pointer is used to transfer the CPU system time to the HMI device. This
is located under global area pointer and can be configured only for the connection to the CPU that
acts as a time master.
60

09/2012, A5E31420596-AA
The system time of the HMI device is transferred to the CPU via the "Date/Time" area pointer. This
area pointer is configured for each connection to a CPU if the system time of the HMI device is the
time master.
The procedure to configure the area pointers is described in TIA Portal information system.
(Visualizing processes > Communicate with controllers > Device dependency > Communicating
with SIMATIC S7-1200 or SIMATIC S7 300/400 > Data communication > Data communication with
area pointer)
See also
Settings in Windows 7 in the Online Support ID 59203176 to change the system time of the PC
with WinCC RT Advanced V11
Daylight saving / standard time changeover

An daylight saving / standard time changeover can be realized using the "SetDaylightSavingTime"
system function. This can be automated by a trigger of the PLC, which makes an analysis of the
event daylight saving / standard time changeover.
See also
TIA Portal information system > Visualize processes > Work with system functions and runtime
scripting > Reference > VB scripting (panels, RT Advanced) > System functions (panels, RT
Advanced)

09/2012, A5E31420596-AA
61
5.3.3
Time stamping
HMI alarms
Alarms from the CPU (AS) are displayed in the HMI device and logged. The alarm receives the
time stamp either from the HMI device upon arrival of the alarm (discrete alarms) or from the CPU
directly when it is created (control alarms).
A discrete alarm is detected based on a bit change in the alarm tag. The HMI alarm system assigns
the time stamp of the HMI device. The time stamp has a certain inaccuracy due to the acquisition
cycle, bus delay time and time required for processing the alarm. Alarms present for a time shorter
than the acquisition cycle are lost.
For monitoring the limits of tags in WinCC, an analog alarm is generated in the HMI alarm system if
the defined limits are violated. The assignment of the time stamp is similar that for discrete alarms.
Note
The discrete alarm procedure and limit monitoring are simply configurable alarm procedures for
panels, HMI devices with RT Advanced and single-station systems with RT Professional. In redundant systems or system configurations with multiple operator stations (RT Professional),
chronological signaling is used for synchronized acknowledgment and sending.
For chronological signaling, the SFCs/SFBs Notify, Notify_8P,Alarm, Alarm_S/SQ, Alarm_D/DQ,
Alarm_8/8P in the SIMATIC S7 are used. Refer to the relevant CPU manuals and the block descriptions in the SIMATIC STEP 7 online help for information on restrictions relating to the system
resources for simultaneously pending alarms.
See also
TIA Portal information system > PLC programming > References

(S7-300/400) > Extended instructions > Alarms
TIA Portal Information system > Visualize processes > Basics >
Alarm procedure > Overview alarm procedure
Online Support ID 23730697 "Chronological Signaling (in WinCC)
Archiving
Process values, which are acquired and evaluated in the HMI device receive by default the time
stamp at the time of the acquisition in the visualization system.
Logging cycles are defined for cyclic reading of process values. A time stamp that is assigned
when the process values are acquired, contains the inaccuracy of the configured logging cycle.
Note
The alarm block (AR_SEND) is available in SIMATIC S7-400 for logging cycles of less than
500ms in WinCC RT Professional.
With the alarm block AR_SEND, process values that should receive the time stamp from the CPU
are processed in the form of a message frame in the CPU and then transmitted as raw data to
WinCC RT Professional.
62

09/2012, A5E31420596-AA
See also
TIA Portal information system > PLC programming > References (S7-300/400) > Alarms >
AR_SEND
Online Support ID 23629327 "Process-driven archiving" (for WinCC)

The specification (URS, FS) of a GMP-compliant plant must describe the way in which time stamping will be performed. The accuracy necessary for alarm and process value acquisition must be
checked in detail. The methods of time stamping mentioned above can be used alongside each
other. The hardware for the automation and visualization must be selected accordingly.
5.4
Configuration management
The configuration of a computer system consists of various of hardware and software components,
which can vary in complexity and range from commercially available standard components to
specially customized user components. The current system configuration should be fully available
at all times and easy to understand. For this purpose, the system is divided into configuration elements, which are identifiable with a unique name and a version number and can be distinguished
from the previous versions.
Defining configuration elements

In most cases, standard hardware components are used, for example PCs, controllers (PLCs), displays, panels, etc. These are defined and documented by means of type, version number, etc.
More work is required when customer-specific hardware is used, for more on this see chapter 3.1
"Selection and specification of the hardware".
The standard components for software include, for example, the SIMATIC WinCC system software,
its libraries, other options and Premium Add-ons.
The application software is configured and/or programmed on the basis of standard software. The
individual configuration elements into which the application software should be split cannot be defined for all cases as it differs depending on various customer requirements and system characteristics.
Versioning the configuration elements

Whereas the version ID of standard software cannot be influenced by the user / project engineer,
the assignment of version numbers and a process for change control (change control) must be defined in a work instruction i. a. during the configuration of application software. From when the application is first created, all configuration elements should be maintained following a defined procedure for configuration management even if it is only subject to formal change control at a later
stage.
Note
Chapter 5.5 "Versioning application software" includes examples of how individual software elements can be versioned.
The change control procedure for a plant already in operation should be discussed in advance
with the owner of the plant, see chapter 9.2 "Operational change control".
See also
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"

09/2012, A5E31420596-AA
63
5.5
Versioning application software

The project guidelines must define which elements are to be versioned, when versioning is to take
place, and whether a major version or minor version is to be incremented; for example:
"The major version is set to 1.0 following the FAT and to 2.0 after commissioning. All other changes
are incremented in the minor version".
Whether the major version or the minor version is to be changed can also depend on the scope or
effect of the change in question.
The following data is specified for the versioning of the application software:
Name
Date
Version number
Comment on the change
The following chapters show various examples of software element versioning.
5.5.1
Versioning of screens
The engineering system automatically records the creation date, the time stamp of the last change,
and the Windows user logged on at the time. The data is retrieved if the "Screens" object in the
is pressed in the toolbar on the project navigator.
project navigator is selected and the button
See also
64
TIA information system > Introduction to the TIA Portal > User interface and operation > Structure of the user interface > Overview window

09/2012, A5E31420596-AA
Automatic versioning of the screens is not carried out; the version can be maintained manually in
the file.
Information for versioning, such as version ID, change date and name, can be stored in a static text
field. It is practical to place the text boxes for versioning in a separate screen level that can be
shown or hidden as required. The display of the static text field during the process operation is controlled by the object property display or via the "Visibility" animation.
Note
Change details can be described, for example, in the relevant change request documentation.

09/2012, A5E31420596-AA
65
5.5.2
Versioning of faceplates
When the processing of a faceplate is finished and it is approved for use in the project data, the
engineering system automatically sets the version 1.1.0. After re-processing and re-approval of the
faceplate, the second digit of the version number is automatically increased. The current processing of a faceplate can be discarded by restoring the latest approved version.
66

09/2012, A5E31420596-AA
5.5.3
Versioning of VB / C scripts
VB scripts or C scripts (only for RT Professional) are created during ongoing operation in order to
access tags and graphical screen objects and to initiate screen-independent actions.
In addition, scripts are used to link functions, which are triggered in the process mode, to individual
properties of screen objects (e.g. by using the mouse).
Two different methods of script creation are distinguished in WinCC:
Local scripts which are created directly on the property of an object in the "Screens" Editor.
These scripts are part of the screen and are stored with the screen. Versioning is performed in
the screen.
Screen-independent scripts that are created in the "Scripts" editor and are available in function
lists for repeated selection either with object properties or in the task scheduler.
For VB / C scripts that are created with the "Scripts" editor, the engineering system records the last
change date and the Windows user who is logged on at this time. For retrieving the data, see chapter 5.5.1 "Versioning of screens".
Note
It is advisable to maintain a history in the scripts indicating any changes made. The history is entered as comment before the start of the code.

09/2012, A5E31420596-AA
67
Example of recording the history in a C script:
Example of recording the history in a VB script:
5.5.4
Versioning of reports
The automatic issuing of version IDs in the report layouts is not supported. A static field can be inserted in the report layout for a version ID allowing manual versioning of various states. The version ID must be kept up-to-date as specified in the SOP for configuration management. The following figure shows an example of a report layout footer with a field added for versioning.
68

09/2012, A5E31420596-AA

In a full automation solution, SIMATIC WinCC handles the operator input, monitoring and data logging functions. The connection to the automation level takes place via efficient coupling processes
This chapter explains instructions and recommendations for the configuration of WinCC RT Professional in the GMP-mandatory environment. The configuration of HMI panels and WinCC RT Advanced is covered in chapter 7 "Configuration for WinCC Comfort / WinCC RT Advanced".
The configuration of the automation level is not described in this manual.
6.1
Creating the graphic user interface

To visualize the plant or process, process screens are created to allow operator control and monitoring according the specified requirements. Available elements are described in chapter 5.2
"Object-oriented configuration".
The HMI device wizard can be used to configure a basic structure for the visual interface and the
screen resolution. We recommend defining a system for screen selection and screen navigation in
complex processes involving several process screens. SIMATIC WinCC provides the editor menu
and toolbars for implementation.
Both the overview graphics and the operator control philosophy must be described in the specification (for example URS, FS and P&I) and created accordingly. When completed, these should be
shown in the form of screenshots to the customer for approval.
A variety of ready-made graphic objects, arranged according to subject, machine, plant components, instrumentation, operator controls and buildings (independent of a library) are available for
the creation of screens directly in the engineering system under Tools > Graphics. The objects can
be easily inserted into a screen and adjusted as needed using drag-and-drop.

09/2012, A5E31420596-AA
69
6.2

The FDA regulation 21 CFR Part 11 requires traceability of operator process control that impacts
GMP-relevant data for systems that operate in a GMP environment.
GMP-relevant operator process control that is carried out via input / output fields or buttons must
therefore be configured so that an operator input alarm is generated. This operator input alarm is
recorded in alarm logging with time stamp, user ID, old value and new value.
Input / output field

Generating an operator input alarm when a value changes in an object IO field is set in the objectproperty security. A system-side operator input alarm is generated when the "Query reason for operation" property is selected in the "Logging" area. If the "Prompt for motive" property is activated,
the system opens a window for entering a comment after the value is applied. The operating right
to change the value is configured in the "Authorization" property under "Runtime security".
Button
A system function is attached to an event of the button in order to change the values of tags via a
button. A set of system functions is available, which can also create an operator input alarm. However, the entry of a comment cannot be activated.
70

09/2012, A5E31420596-AA
Operator input alarms in combination with faceplates

Operator input alarms can be generated even if the IO field is integrated in a faceplate. For this
purpose, the "Report operator input alarm" property is activated in the faceplate on the IO field for
the object property "Security". The process value of the IO field is placed on the interface of the
faceplate. When a faceplate instance is inserted in a process screen, this interface is connected to
the corresponding tags. If the value in the faceplate is changed an operator input alarm is generated by the system, in which the tag name with the old value and new value for this faceplate instance is documented.

09/2012, A5E31420596-AA
71
Script functions for changing values

Alarms for documenting operator actions can also be configured in addition to the systemgenerated operator input alarm. For this purpose, a VB script is created by selecting a preconfigured user alarm and supplying it with the appropriate process data. This script is attached to
an object event in the process screen.
See also
TIA Portal information system > ...> Configuring user alarms
Acknowledging alarms with mandatory comments

The entry of a mandatory comment can be configured for tracing the acknowledgment of certain
alarms. To acknowledge the alarm, an operator input alarm is generated that contains a time
stamp, the user and the comment entered.
See also
72
Online Support ID 52329908 "Application Example for WinCC V7"

09/2012, A5E31420596-AA
6.3
User-specific functions and scripts

Customer-specific requirements be implemented by means of system functions and / or userdefined functions.
System functions are system-tested standard functions. A set of such functions is already integrated in the TIA Portal.
User-defined functions or local scripts based on VB or C script are user-written programs which are
rated as Category 5 software. This type of software is designed to meet customer-specific requirements, which are not covered by the standard. In this case, more work is involved for the validation
in the form of detailed functional and interface description and documented tests must be factored
in, see chapter 8.3.1 "Software categorization according to GAMP Guide".
System functions are processed parallel to user-defined functions in a "Function list" or integrated
in user-defined functions or "local scripts". A "Functions list" is defined for an object event, "Local
scripts" are attached directly to an object property.
Note
When creating user-specific functions and scripts, the programming guidelines should be defined
in project / department specific instructions (SOP coding standards, naming conventions, style
guide, etc.).

09/2012, A5E31420596-AA
73
Know-how-protected user-defined functions

User-defined functions that are created such as VB Script or C script can be password protected. A
password is required to open and edit the functions. The protection is maintained, even if the protected function is moved into the library. Password protection can be canceled if the password is
known.
Protected functions are identified in the project navigation by a lock in the icon.
See also
74
System manual "TIA Portal", chapter "Know-How Protection (page 1997),


09/2012, A5E31420596-AA
6.4
Audit trail
The recording of an audit trail for user actions with GMP-relevant data is implemented in the alarm
system in WinCC Professional.
Operator actions via the input / output fields or icons (buttons) can be configured in the "Screens"
editor so that an operator input alarm is generated by the system. (for configuration, refer to chapter 6.2 "Creating operator input alarms")
Note
The generated operator input alarm is a system alarm for which WinCC automatically enters the
old value in parameter block 2 and the new value of parameter block 3. Therefore, we recommend
renaming parameter blocks 2 and 3 accordingly.
The system alarms must be created in the "System alarms" tab in the "HMI alarms" editor before
logon and logout procedures can be accepted in the alarm system. The import dialog opens as
shown below when the tab is initially selected.

09/2012, A5E31420596-AA
75
For the display of the operator input alarms, the "Alarm view" is placed in the process screen from
the Tools > Controls are by means of drag-and-drop. To ensure that only operator input alarms and
logon / logout procedures are displayed in the "Alarm view", the corresponding filters must be set.
User-defined alarms that are created can be filtered according to the alarm number as well.
Additional filtering according to the alarm numbers 1012400 and 1012401 must be provided to ensure that logons via a web connection are also displayed.
76

09/2012, A5E31420596-AA
The Audit Trail is displayed in the process screen as follows:
The icon in the comment column indicates that a comment is present. This can be displayed with
the corresponding menu icon.

09/2012, A5E31420596-AA
77
6.5
Configuration for electronic signature

In order to use electronic signatures in stead of handwritten signatures in a computer system, legislative regulations such as 21 CFR Part 11 of the U.S. FDA or Annex 11 of the EU GMP Guidelines
must be met . Other laws and regulations define which actions require signatures. The owner of the
process always decides which of these signatures may be carried out electronically.
Operator actions in WinCC, such as entries via I / O field or button operation, can be configured so
that a simple electronic signature is requested from the logged on user.
Example: A setpoint should be changed. When clicking in the IO field, a screen window appears in
which the logged on user places his electronic signature by confirming his password. The setpoint
can then be changed. During this operator action, a script with the VB function VerifyUser or AuthenticateUserNoGUI is launched in the background which activates the SIMATIC Logon Service.
The function authenticates the logged-on user using the password entered. The electronic signature is established through an audit trail entry and user alarm request, see chapter 6.4 "Audit trail").
The screen window for the electronic signature is flexible in design. During ongoing operation, the
electronic signature information could look like this.
6.6
Recipe control
6.6.1
WinCC option"Recipes"
Creating database tables with multiple data records in the "Recipes" editor supports compliance
with the GMP requirements with respect to the audit trails of parameter data (recipe data / machine
data).
For this purpose, I/O fields are created in a recipe screen and linked to the respective data fields.
Entering a value triggers an operator input alarm , if configured correctly.
See also
78
TIA Portal information system > Visualize processes> Working with recipes

09/2012, A5E31420596-AA
6.6.2
WinCC Premium Add-on PM-CONTROL

WinCC Premium Add-on PM-CONTROL provides clear and convenient maintenance of recipes,
see chapter 3.5.1 "WinCC Premium Add-ons" - batch-based control with PM-CONTROL.
PM-CONTROL manages recipes or machine data records in a separate database. The following
functions are supported:
Change tracking in a separate recipe-related audit trail
Versioning of the recipes
Electronic signature at both input as well as for changing the recipe data records, only fully
signed recipes are available for production.
Restoration of an older recipe versions with an integrated mechanism
Configurable retention period for recipes in the recipe database
Batch reporting can be carried out with PM-QUALITY, see chapter 6.8.2 "Batch-based reporting
with PM-QUALITY".
See also
PM-CONTROL system description at

www.siemens.com/process-management
Chapter 3.5.1 "WinCC Premium Add-ons"

09/2012, A5E31420596-AA
79
6.7
Electronic recording and archiving of data

It is very important to provide full quality verification relating to quality-relevant production data, especially for production plants operating in a GMP environment.
There are several steps involved in electronic recording and archiving:
6.7.1
Definition of the data to be archiving, the archive sizes and the appropriate archiving strategy
Configuration of data logs for online storage of the selected process values
Setting parameters for transferring the logs to the archive server

(time period or amount of storage space occupied)
Specifying the data to be archived

Various factors must be taken into account when defining the archiving strategy and determining
the required storage space, for example:
Definition of data with different origins that needs to be archived (process values, alarms, batch
data, reports, audit trails, log files etc.).
Definition of the relevant recording cycles
Specification of the period of storage online and offline
Definition of the archiving cycle for transfer to external storage
These data are stored in various logs:
Data logs (archiving of tags)
Alarm log
PM-QUALITY database
PM-CONTROL databases
In addition, actions are monitored and recorded in log files or databases in other parts of the system:
WinCC reports
Change report at Step7 level for "Download to the PLC" and online parameter changes
SIMATIC Logon Eventlog
Event Viewer under Windows Computer Management (logon/logoff activities, account management, rights settings for the file system, etc. according to the corresponding configuration)
All the files mentioned (and others, if required) must be considered in the archiving concept.
80

09/2012, A5E31420596-AA
6.7.2
Recording and archiving

Archiving in WinCC involves two steps. First, alarms and process values are recorded in the alarm
log and in the data log.
Different solutions can be employed to backup these short-term archives into long-term archives
and store them for the period defined by the customer.

09/2012, A5E31420596-AA
81
Data recording in SIMATIC WinCC
The signature activated property is activated under logging in the runtime settings editor for the
logging of interrupts and process values in a GMP environment. When the data is transferred, an
internal algorithm generates a checksum. This means that subsequent manipulation is detected by
the system and is displayed when a connection is established to a manipulated database.
A second backup path can also be specified as a precautionary measure against long-term archive
server failure.
6.7.3
Archiving batch data with PM-QUALITY

In PM-QUALITY, the acquired batch data can be exported manually or automatically in database,
HTML or XML format. The acquisition of the data is described in chapter 6.8.2 "Batch-based reporting with PM-QUALITY".
Only completed batches can be archived. Selecting the Automatic batch finalize check box in the
Project Settings > Defaults dialog has the effect that changes to the batch data are no longer
possible after the automatic export in database format.
For export in HTML or XML format, the subsequent manipulation of the data can be prevented
through restrictive rights on the drive (read only) or through automatic conversion to PDF format
using auxiliary tools.
82

09/2012, A5E31420596-AA
See also
6.7.4
PM-QUALITY system description at

Increased availability for data archiving

PM-QUALITY Professional Data Center variant can be used for the continuous recording of batch
data from two parallel operating WinCC servers with RT Professional projects. This requires the
project data on both computers to be identical and that the computers to be time-synchronized.
Upon completion and release of a batch, the Application Data Center merges the recorded batch
data from two PM-QUALITY runtime databases into one database export. If one WinCC server is
not available, the Data Center only becomes active when both WinCC servers are operating again.
6.8
Reporting
6.8.1
Reporting of process and production data

The documentation of process and production data is configured in the "Report" editor. The following data can be reported:
Alarm sequence report Chronological listing of all alarms occurring since the start of WinCC Runtime
Alarm report
Alarms of the current alarm list
Log report
Alarms from the alarm log, e.g. audit trail based on operator input alarms
Tag table
Tag contents from process value / compressed logs in the form of a table
Tag trend / screen
Tag contents from process value / compressed logs in the form of a trend
Recipes
Data records of recipes in tabular form
Hardcopy
Hardcopy of screen contents
Tag values
Current process values at defined time
Note
WinCC reports support the reporting based on continuous archives.
The layouts for reporting are designed according to the requirements of the specification. In addition to detailed pages of content, a report may also include a front page, rear page, and a header
and footer. There are numerous tools available for the display of the contents. These can be simply
dragged and dropped into the detail area and then configured.
See also
TIA Portal information system > Visualize processes > Working with reports

09/2012, A5E31420596-AA
83
Print jobs
When reports are printed on a printer, a print job must be defined in which the report name, time,
page area and the printer are specified. Activation of the print job can be time/event driven.
The audit trail entries are shown in the report as follows:
6.8.2

The WinCC Premium Add-on PM-QUALITY is used for batch-based archiving and reporting. The
recording of the production-relevant data begins with the Batch start signal and ends with the
Batch end signal. The data is assigned to a specific batch, which can be configured, and called
back up again with the batch name.
The process values are graduated according to various recording cycles, recorded or copied from
the WinCC data logs into a separate PM-QUALITY database over the runtime period of the batch.
Event-driven or trigger-dependent process values (e.g. setpoints / actual values) are recorded as a
snapshot. Alarm events and audit trail entries from the alarm logs (Panel and WinCC RT Advanced) or the HMI alarms (WinCC RT Professional) are included in the PM-QUALITY database.
See also
PM-QUALITY system description at

Design of the batch report

The report editor provides numerous options for custom designing the report layout to display the
batch data.
The procedure for including audit trail entries (operator input alarms) in a batch report is shown below based on an example.
The alarm blocks displayed in the batch report are selected under the WinCC Audit Trail alarm
group properties in the Topology Manager. Furthermore, the alarm number for the operator input
alarm defined in the WinCC system is entered in the alarm filter dialog.
The WinCC Audit Trail alarm group is displayed in the report editor under available report blocks.
The audit trail alarm group is dragged to the right to be included in a report layout. The display is
defined in the properties for the report block.
84

09/2012, A5E31420596-AA
An audit trail in a batch report may be displayed as follows:
Change comments can be reported in the audit trail.

09/2012, A5E31420596-AA
85
6.9
Monitoring the system
6.9.1
Diagnostics of communication connections

WinCC provides the Channel diagnostics application for monitoring communication connections to
the secondary controllers. The application can be integrated via Start > All programs> Siemens
Automation> Runtime System or as an ActiveX control in a WinCC screen (e.g. diagnostic
screen). The status of the channels that support diagnostics is displayed in a window. Information
on the start / end of the connection, version ID and error alarms with time stamp are automatically
recorded in a log file. This represents evidence of the quality of the communication connections
provided by the system.
6.9.2
Memory space view

In the memory space view, a bar is used to indicate the amount of storage space used as a percentage of the overall capacity of the drive. A memory space view can be embedded in a screen
(e.g. diagnostic screen) for monitoring the storage capacity of each drive. Percentages and bar
colors can be configured for tolerance, warning and interrupt.
86

09/2012, A5E31420596-AA
6.10
Data communication with the plant control level

Date communication with the plant management level or other systems must be covered by system
functionalities. Various methods are available for this purpose. OPC interfaces are available and
can be installed with the system software for accessing archive data and process tags. Other
methods for direct access to the log databases are available with ADO / OLEDB or the Runtime
API.
The following interfaces are included:
OPC DA
OPC Historical Data Access (HDA)
OPC Alarms and Events (A&E)
OPC UA
ADO/OLE DB
See also
TIA information system > Visualizing processes > Interfaces > OPC
TIA information system > Visualizing processes > Working with alarms > Configuring alarm
logs
Data communication via Runtime API

The programming interface of WinCC is accessible in the Runtime API. As a result, internal WinCC
functions can be used and tag or log data accessed in custom applications.
See also
TIA information system > Visualizing processes > Interfaces > Runtime API

09/2012, A5E31420596-AA
87
6.11
Connection to Web client

A difference is made between a read-only and read-write access for web access from a computer
on the network to the user interface of WinCC. Whereas both read-only and write access can be
provided with the WinCC Web Navigator, the WinCC DataMonitor option is also available as an alternative for read-only access. Operation via the Web client is verified by SIMATIC Logon (user authentication), as well as from user administration in WinCC (user permissions).
See also
System manual "TIA Portal" chapter 3.1.2.4 "Installing WebNavigator,

Note
The standard functions are used if operator input alarms in the form of audit trail should be generated with the Web client (see chapter 6.2 "Creating operator input alarms"). The script functions
described there are only supported by the Web client if SIMATIC Logon is installed on the computer.
Note
The installation and licensing of each client for remote access is required on the computer for
viewing process images in which ActiveX controls of the WinCC Premium Add-ons for PMCONTROL and PM-QUALITY are integrated.
6.11.1
Setting the user rights on the WinCC server

The user authorization in the Web client is set up in the WinCC User administration for the user
groups.
88

09/2012, A5E31420596-AA
Remote access is enabled by selecting the "Web access" check box for the user group.
The user authorization between WebNavigator and DataMonitor is controlled with the "Web access
- view only" function. The process screens can be used if this feature is not activated and the
WebNavigator license is recognized. If this function is activated, the process screens can only be
monitored.
Note
This configuration is carried out separately for each user group. This means that authorization for
remote access, start page, language, and user authorization can be defined separately for each
user group.
6.11.2
Remote access via the network

The installation of the Web client is required for remote access.
The application WebViewer is automatically installed when you install the Web client. Since the
WebViewer can be individually configured, it is recommended that it be used instead of Internet
Explorer for remote access.
The initial configuration and further application takes place by selecting the file WinCCViewerRT in
the path where the Web client is installed, for example: C:/Program
Files/Siemens/Automation/SCADA-RT_V11/WinCC/Web Navigator/Client/Bin. The first time this is
called, parameters are assigned to the WebViewer:

09/2012, A5E31420596-AA
89
The shortcuts in the second window should be locked.
See also
TIA Portal information system > Visualize processes > Options > Web Navigator > Basics >
WinCCViewerRT
The time configured here for the automatic logout is relevant for the logout behavior of remote access. When using the WebViewer, the indicated logout time is sufficient for configuring the
WebViewer (see above). Based on the information configured here, the prompt to confirm Web
logout appears in the Web client one minute prior to the time indicated:
The settings are stored as default in the "WinCCViewerRT.xml" configuration file. The next time the
WebViewer is started, the parameter assignment dialog is not opened. If subsequent parameter
changes are required, the configuration dialog can be re-opened with the key combination Ctrl + Alt
+ P. In case this key combination is unwanted because of security reasons, the XML file can also
be deleted when having appropriate rights; then the configuration dialog will open again with the
next start of the WebViewer.
Logging on and off via the Web are reported in the WinCC alarm system, if the system alarms are
imported. (see also chapter 6.4 "Audit trail")
90

09/2012, A5E31420596-AA
Operator actions through web access can be identified on the entry for the user. In this case, the
machine name on which the action was performed is preceded by the username.
6.11.3
Web access for data display

The Trends & Alarms application of the WinCC Data Monitor option can be used to display and
evaluate logged data in addition to the WinCC Web Navigator. Trends & Alarms and the other tools
available grant read-only access to the logged data.
As an alternative, the process screens with WinCC controls can be used to display alarms or data
logs for viewing data.
With Internet Explorer, the log data can be displayed on any computer in the network. This requires
the installation of an SQL server on the computer where the log databases are stored.
To access already swapped out data archives, the Archive Connector tool is used to connect/disconnect the archived databases with/from the MS SQL server.

09/2012, A5E31420596-AA
91
6.12
Interfaces to SIMATIC WinCC
6.12.1
Connection from SIMATIC S7
Connection via defined channels

For data communication between WinCC and the automation system, a physical and a logical
communication link in the Devices & Networks editor is configured.
The tag management provides the data interface between the PLC and the PC system with the
WinCC RT Professional installation. All the editors integrated in WinCC read / write data to the tag
management. This enables direct access to the PLC tags (external tags) or HMI tags (internal
tags).
An interruption of the communication link is indicated in the WinCC when system alarms are activated.
Evaluating the tag status and quality status

To allow monitoring, a status value and a quality code are generated for each tag. Among other
things, the tag status indicates configured limit value violations and the link status between WinCC
and the automation level. The quality code is a statement about the quality of the value transfer
and value processing.
In the properties of a graphic object such as in the inspector window under Animation > Animate
property, the evaluation of the tag status or the quality code can be configured.
During dynamization of object properties using the property list, also properties for the examination
of quality code and tag status are offered. The evaluation is indicated in a VB script expression.
See also
92
GMP Engineering Manual SIMATIC STEP7,

Siemens AG, I IA VSS Pharma
TIA Portal information system > Visualize processes > Create screens > Dynamic modification
of property animations

09/2012, A5E31420596-AA
6.12.2
Connection to other components and third-party suppliers
Connection via defined channels

The OPC channel serves as a general communication link between WinCC and other systems.
The communication driver for OPC (OLE for Process Control) is certified by the OPC Foundation.
The driver is included with the WinCC system software.
SIMATIC WinCC RT Professional can be used as a SCADA system (Supervisory Control and Data
Acquisition) on which one or more secondary panels or HMI devices are connected to WinCC RT
Advanced via OPC communication.
It is possible to connect the OPC client with third-party control systems over an OPC server.
A communication link is configured for the OPC channel in the connections editor. The relevant
tags can be created with name and type once the OPC server is activated on the communication
partner.
WinCC also operates as an OPC server and transfers process values to other OPC clients.

09/2012, A5E31420596-AA
93
Configuration for WinCC Comfort / WinCC RT Advanced

Operator actions, monitoring and data logging functions for panels or single-station systems are included in WinCC or WinCC RT Advanced Comfort. This chapter describes in detail the configuration of Comfort Panels and Multi Panels with the engineering software WinCC Comfort. The introduced project methods can be applied to the WinCC Advanced engineering system.
7.1
Creating the graphic user interface

The individual process screens are created according to the requirements after the basic structure
for visualization has been generated with the HMI device wizard. Basic objects, elements and controls are available for the design of the screens in the area of the tools. Essential elements for a
GMP-compliant configuration are described in the chapter 5.2 "Object-oriented configuration".
A framework design with company name, logo and buttons for screen selection can be defined in
the form of templates. A template provides the basis for the process screens.
Both the process screens and the operator control philosophy must be described in the specification (for example URS, FS and P&I) and created accordingly. These should be submitted to the
customer for approval in the form of screenshots.
7.2

The FDA regulation 21 CFR Part 11 requires traceability of operator process control that impacts
GMP-relevant data for systems that operate in a GMP environment. Therefore, these operator
process controls must be configured so that an operator input alarm is generated. The WinCC
(TIA Portal) audit for panels or RT Advanced options support this request after activation of the
GMP compliant configuration, see 5.1.5 "5.1.5". Operator input alarms are recorded in the audit
trail with time stamp, user ID, old value and new value.
In WinCC Comfort/Advanced, the generation of the operator input alarm on each GMP-relevant tag
is activated (not on the graphics object IO field as in WinCC RT Professional).

09/2012, A5E31420596-AA
95
Once the GMP-relevant property is activated for this tag, an operator input alarm is generated in
the audit trail if the value of the tag is changed (see 7.4 7.4"). The "Comment required" box is activated for making a comment.
Operator input alarms in combination with faceplates

The interface of the faceplate instances is connected to tags or tags that are an element of a user
data type. For generating operator input alarms, the GMP-relevant property is activated for the individual tags in the tag table. All related elements are automatically activated as GMP-relevant for a
user data type (the data type motor in the figure below).
96

09/2012, A5E31420596-AA
The operator input alarms are displayed as follows in the audit trail:
Operator input alarms with the NotifyUserAction system function

The "NotifyUserAction" system function can be used to generate operator input alarms during the
execution of operator actions, which do not directly affect a tag value, for example pressing a button. This is either added to an object event in the list of functions
or incorporated in a VB script, for example as follows:

09/2012, A5E31420596-AA
97
7.3
User-specific functions and scripts

Customer-specific requirements can be implemented in WinCC Comfort / RT Advanced in the form
of functions or local VB scripts and then provided with know-how protection.
To create such functions and scripts, see also
Chapter 6.3 "User-specific functions and scripts".
Such custom scripts are rated as GAMP Category 5 software. The effort required for validation in
the form of detailed function and interface description as well as documented tests is described in
7.4
Chapter 8.3.1 "Software categorization according to GAMP Guide".
Audit trail
The log editor is upgraded to include the "Audit trail" archive when the project property GMP of the
Audit option (see 5.1.5 "GMP project setting in the Audit option") is activated. The audit trail records
the operator actions in chronological order thereby providing traceability of the plant operation.
The audit trail contains the following entries:
Configuration-dependent records:
Value change of a GMP-relevant tag
GMP-relevant recipes, see chapter 7.6 "Recipe control"
Operator input alarms based on "NotifyUserAction" system functions
Automatic entries without any additional configuration
User administration
-
Logging on and off of users, including logon failures
Import of user administration
Alarm system
-
All alarms that are acknowledged by the user (with the alarm text can also be logged)
All attempts to acknowledge
Archive operations
-
Starting / stopping a log
Opening / closing all logs
Deleting a log
Starting a sequence log
Long-term archiving of a log
Recipe operation, see chapter 7.6 "Recipe control"
Audit trail settings such as storage location, format, and minimum storage space are made in the
log editor under the Audit Trail tab in the general properties.
98

09/2012, A5E31420596-AA
The log characteristics are configured under the settings.
Note
The force function must be deactivated in the GMP environment so that all operator input alarms
are recorded in the audit trail. We recommend evaluating the events Little free space and Little
free space, critical and to configure a reaction in the function list. (e.g. generating a warning
alarm, moving the logs to a network drive)
If no storage space is available, GMP-relevant operator actions are no longer feasible.
See also:
TIA Portal information system >..> System function ArchiveLogFile
"Handling Large Archives" in the Online Support under ID 63042926

09/2012, A5E31420596-AA
99
Displaying the audit trail

The audit trail is stored either in CSV or TXT format in a circular log. A checksum, which is formed
by an internal algorithm for each entry, ensures that manipulation is detected.
To view the audit trail in the Audit Viewer, the logs are closed on the HMI device, the audit trail log
is moved to another directory e.g. network drive and then the logs are opened again. This can be
realized either in a function list (comparable to the "NotifyUserAction" event before) or by VB script
via a button or the task scheduler.
See also:
TIA Portal information system >..> System function ArchiveLogFile
The network drive can be protected against unauthorized access with Windows tools (see 4.5.2
"4.5.2") in order to prevent manipulation of the audit trail files.
The Audit Viewer application is used for the display of the audit trail on a PC and is included with
the engineering system product package. The Audit Viewer evaluates the checksums of the entries
and signals any manipulation of the file in a red display or a non-manipulated file in green.
The HmiCheckLogIntegrity.exe application that can be executed within a command prompt is another way to verify checksums in the audit trail files.
See also:
100
TIA Portal information system> Visualizing processes > Options > Working with audit trail compliant > Using audit trail > Audit trail > Evaluate audit trail with DOS program

09/2012, A5E31420596-AA
7.5
Configuration for electronic signature

A regulatory or customer requirements may require a signature for sensitive operator actions. A
simple electronic signature can be configured. This requests the password of the logged on user by
activating the project property "GMP" (see 5.1.5 "5.1.5") of the audit option. A dialog for entering
the password is automatically opened.
The electronic signature requirement is configured either in the tags in the tag table in the GMP
property or with the "NotifyUserAction" system function. "Electronic signature" is selected from the
confirmation category. If an additional comment form is desired, the corresponding check box is selected or the system function for comment required is configured with "yes".

09/2012, A5E31420596-AA
101
7.6
Recipe control
7.6.1
WinCC option "Recipes"

Related parameters such as production data and machine parameters are summarized in a recipe.
A recipe consists of several data records in which various values are stored for the individual recipe
elements. Each recipe element is connected to a tag. The recipes are logged in a separate data
store.
GMP settings can be activated by using the recipe option in combination with the audit option in the
recipe properties.
The following actions are recorded in the audit trail for GMP-relevant recipes:
102
Creating and storing new recipe records
Changing and saving recipe data records
Transferring recipe data records to the PLC or reading from the PLC
Changing the setting online/offline for the synchronization of tag values when using recipe tags

09/2012, A5E31420596-AA
All recipes and records can be displayed in the process screen with the recipe view control. However, changes to the records are not saved in the audit trail.
The recipe tags with activated "GMP-relevant property" are embedded in a recipe screen for FDAcompliant tracking of changes to the recipe data records. The recipe view control can be used for
display by deactivating the "Allow editing" property.
See also:
TIA Portal information system > Options> Working with audit GMP compliance > Configure audit functions > Recording recipe changes
TIA Portal information system > Visualize processes > Working with recipes > Viewing and editing recipes in runtime > Basics of the recipe screen
TIA Portal information system > Performance features > General technical data > Required
storage space for recipes

09/2012, A5E31420596-AA
103
7.6.2
WinCC Premium Add-on PM-CONTROL

WinCC Premium Add-on PM-CONTROL provides clear and convenient maintenance of recipes,
see chapter 3.5.1 "WinCC Premium Add-ons" - batch-based control with PM-CONTROL.
PM-CONTROL is installed on a separate computer or on the computer with WinCC RT Advanced.
The structure of PM-CONTROL enables the central recipe data management for several production units and controllers. PM-CONTROL can also be used as a standalone system for the maintenance of recipes and the management of orders. A tag connection to the panels can be established
via OPC XML, to WinCC RT Advanced via OPC DA or directly to an S7 controller via OPC. To display the recipe data and order management, PM-CONTROL provides ActiveX controls, which can
be integrated into process screens with the use of WinCC RT Advanced.
The FDA requirement for an electronic signature in accordance with the article 21 CFR Part 11 is
met by PM-CONTROL, see chapter 6.6.2 "WinCC Premium Add-on PM-CONTROL".
See also:
7.7
www.siemens.com/pm-control
Electronic recording and archiving of data

Data recording and archiving is of great importance to ensure complete proof of quality with regard
to quality-related production data for manufacturing plants in an GMP environment.
This requires that a number of steps be performed:
7.7.1
Definition of the data to be archived, the archive sizes and the appropriate archiving strategy
Configuration of data logs for online storage of the selected process values
Concept for transferring the logs, for example to a network drive
Specifying the data to be archived

Various factors must be taken into account when defining the archiving strategy and determining
the required storage space, for example:
Definition of the data to be archived from various sources such as process values, alarms, audit trails, batch data (PM-QUALITY) etc.
Definition of the respective archiving cycles
Definition of the respective retention period, both online and offline
Definition of the cycle for the external data storage
These data are stored in various logs:
104
Data log
Alarm log
Audit trail
PM-QUALITY databases
PM-CONTROL databases

09/2012, A5E31420596-AA
In addition, actions are monitored and recorded in log files or databases in other parts of the system:
WinCC reports
Change report at Step7 level for "Download to the PLC" and online parameter changes
SIMATIC Logon Event Log, on the computer with the SIMATIC Logon installation
Event Viewer under Windows computer management only for WinCC RT Advanced
(logon/logoff activities, account management, rights settings for the file system, etc. according
to the corresponding configuration)
All the files mentioned (and others, if required) must be considered in the archiving concept.
7.7.2
Recording and archiving

Tag and alarm logs are defined in the "Archives" editor for continuous archiving of process-relevant
data. The configured archiving method determines the reaction if the archive is full.
Circular log
The oldest entries are deleted.
Segmented circular log

The entries are stored in defined segments. If all segments are filled the oldest segment deleted.
Display system event at a definable level

A system event is triggered when the level is reached.
Trigger event at full archive
A checksum can be generated for each file entry for logging methods "Display system event at ..."
and "Trigger event ..." in combination with CSV and TXT formats. Any manipulation of the logs can
therefore be detected. The checksum is verified when opening the logs in the Audit Viewer application, see chapter 7.4 "Audit trail" > View the audit trail.
The size of the log depends on the length of a single entry and the number of entries. It is defined
in number of entries. The size of the memory card must be taken into account here for HMI devices.
See also:
TIA Portal information system > Visualize processes > Working with tags > Logging tags >
Working with data logging
(panels, RT Advanced)
TIA Portal information system > Visualize processes > Working with alarms > Logging alarms >
Configuring of alarm logging (panels, RT Advanced)

09/2012, A5E31420596-AA
105
The CSV, TXT and RDB formats are available as archive formats. Archiving in RDB format, a proprietary database, provides fast access to data for displaying the data in the controls during runtime. For further evaluation of the data, the RDB format must be converted into the CSV format using the copy function. Archives in CSV / TXT format can be evaluated with other tools. The TXT
format is Unicode-compliant and therefore suitable for Asian fonts.
Note
For panels, we recommend logging of tags, alarms and audit trails locally on a memory card and
cyclically transfer the logs to a network drive.
See also:
7.7.3
Chapter 7.7.4 "Connection to a network drive with access control"
TIA Portal information system > ...> System function "Archive log file"
"Handling Large Archives" in the Online Support under ID 63042926
Archiving batch data with PM-QUALITY

The WinCC Premium Add-on PM-QUALITY offers batch-based archiving of process data and
alarms, see chapter 6.7.3 "Archiving batch data with PM-QUALITY".
PM-QUALITY is installed on a separate computer or on the computer with WinCC RT Advanced.
PM-QUALITY records the batch data from multiple, parallel operating production units in a separate database. A tag connection to the panels can be established via OPC XML, to WinCC RT Advanced via OPC DA or directly to an S7 controller via OPC. Various ActiveX controls for viewing
the batch data or trends, are available in WinCC RT Advanced for integration in a process screen.
PM-QUALITY can be operated as a standalone system on a PC as an alternative. Applications to
view and manage the batch data are included in the product package.
See also:
106
www.siemens.com/pm-quality

09/2012, A5E31420596-AA
7.7.4
Connection to a network drive with access control

The panel is connected to a network via the Ethernet interface in order to back up the log that is
stored locally.
See also:
Online Support under ID 13336639 "Integration into a local network"
Note
The folder where the data is stored by the panel must be secured with Windows utilities since the
CSV and TXT do not offer protection against unauthorized user intervention.
The following procedure is recommended for this purpose:
A new user is created with the name of the panel in the Windows user administration of the PC
to which the log data is moved. The name of the panel was specified when the network connection was configured in the control panel under network. This is the name by which the panel
logs on to the network.
The access permissions of the shared folder are defined in the folder properties in the "Security" tab. The panel name is added under "Group or user names" and is assigned "Full access"
under permissions.

09/2012, A5E31420596-AA
107
The "Write" permission check box is selected under "Deny" for the user groups "Users" and
"Administrators".
The panel is authorized to store the log files in the directory based on this configuration. All other
users can only read the log files. But it maybe be considered to create a kind of HMI administrator,
who could access the folder with write permission in case of file damage etc.
Note
If the log data is placed in a subfolder of the shared directory, then the security settings for that
folder are sufficient.
The screenshots were taken in the Windows 7 operating system.
108

09/2012, A5E31420596-AA
7.8
Reporting
7.8.1
Output of process and production data

Process data can be output from a network printer in report form or stored in PDF / HMTL format.
The following data can be reported:
Tag contents
Current process values
Alarm report
Alarms from the alarm buffer or from the alarm log
Audit trail
Operator action entries
Recipes
Data records of recipes in tabular form
Hardcopy
Hardcopy of screen content
The report layout can be designed with a title page, headers and footers, multiple detail pages and
a back page. For the display of process data, a number of objects and controls in the tool range are
available which can be dragged and dropped onto the report pages and then configured.
The scope of the data output can be specified as follows:
Alarms: Alarm buffer or the alarm log output.

A time range from .. to can be specified.
Recipes: Output of a particular recipe per integrated control

For this recipe, either all records, a specific
record or a volume number of data records is printed.
Audit trail: Output of the complete audit trail entries, which were logged on the
HMI device.
Hardcopy: Printout of the current screen content graphics with "PrintScreen" system function
See also:
TIA Portal information system > Visualize processes > Working with
reports > Basics of creating reports
Activation of a printout
The output to the default printer is organized with the "PrintReport" system function. The system
function can be launched either with a button or cyclically in the task scheduler.
Reporting to a network printer or another printing option

The following alternatives are available printing reports:
Network printer
Postscript printing (printing with PostScript compatible printers)
Brother QL-650TD (thermal printer)
PDF printing (print to a PDF file)
HTML printing (print to an HTML file)

09/2012, A5E31420596-AA
109
Printer drivers for Comfort Panels are available in an options package for printing to PDF / HTML
files as well as the options for PostScript printing and Brother QL-650TD. These drivers can be installed on the HMI device using the application ProSave. Reports in the file format PDF / HTML can
also be stored on a USB stick or a network drive as an alternative to local storage.
See also:
7.8.2
List of shared printers and printer driver options package with

installation guide, Online Support ID 11376409
TIA Portal information system> Visualizing processes > Performance features > Recommended printers and printing via print server
Setting up a network printer, Online Support ID 18720136

The WinCC Premium Add-on PM-QUALITY offers convenient reporting of batch data. In contrast to
the continuous data acquisition on the HMI devices, recording of the relevant batch data begins
with the start of the batch and stops at the end of the batch. The recorded data are assigned directly to a batch name / number.
In a system configuration with panels and WinCC RT Advanced, batch data is recorded as follows
in PM-QUALITY:
110
Process values from panels, WinCC RT Advanced or directly from the S7 PLC via OPC connection
Transfer of alarm logs from the panel or WinCC RT Advanced
Transfer of the audit trail from the panel or WinCC RT Advanced

09/2012, A5E31420596-AA
Transfer of the data logs from the panel or WinCC RT Advanced
The process values are acquired cyclically or event-driven. At the end of the batch, alarm logs and
the audit trail are moved to a network drive or another drive on the PC and imported by PMQUALITY into its own database.
PM-QUALITY Report Editor provides a wide range of design and evaluation options for the presentation of batch data in a report.
See also:
Chapter 6.8.2 "Batch-based reporting with PM-QUALITY"
Chapter 7.7.3 "Archiving batch data with PM-QUALITY"
7.9
Monitoring the system
7.9.1
Diagnostics of the communication link

The status of the connection to secondary controllers can be visualized with the "System diagnostics view" control. The device view shows a table of all available devices on a level (see figure). Information on the status and error entries are displayed in the detail view, which can be opened by
double-clicking on the device in the table.
The control can are integrated, for example, into a diagnostic screen.
See also:
TIA Portal information system > Visualize processes > Creating screens > Display and operating objects > Objects

09/2012, A5E31420596-AA
111
7.10
Interfaces
7.10.1
Connection from SIMATIC S7

Comfort Panels and PC systems with WinCC RT Advanced are equipped with communication drivers for SIMATIC S7-1200, SIMATIC S7-300/400 and SIMATIC S7-200. A connection is established
via PPI (S7-200), MPI / PROFIBUS-DP or Ethernet. The physical and logical connection is configured in the Devices & Networks Editor.
The tag management is the data interface between the S7 and the HMI device. All editors integrated in WinCC read and write data in tag management. Integration in the TIA Portal engineering
interface provides a direct access to the PLC tags (external process tags) and the HMI tags (internal variables of the HMI device) in the editor for configuring the HMI device. Changes to S7 data
that are used in the operating device (e.g. PLC tags, data block assignment) are automatically updated in the projects of the connected HMI devices with the compilation of the project data.
An interruption of the communication link is automatically indicated with a system alarm in the HMI
alarms. The connection status can be visualized in a process screen with the "System diagnostics
view" control.
See also:
7.10.2
TIA Portal information system > Visualize processes > Communicate with controllers > Device
dependency > Comfort Panels / PC systems with WinCC RT
Chapter 7.9.1 "Diagnostics of the communication link"
Connection to other components and third-party suppliers

The HMI devices have an OPC interface for connecting to other components as well as third-party
suppliers. A HMI device can be used as an OPC server and / or as an OPC client. The type of the
OPC connection depends on the device.
See also:
7.10.3
TIA Portal information system > Interfaces > OPC >

Basics of RT Advanced > Using OPC
Connection to SIMATIC WinCC RT Professional

Both HMI devices with WinCC RT Professional and Advanced with RT and panels are used in a
distributed system.
Tags content is exchanged via the OPC interface.
See also:
112
Chapter 6.12.2 "Connection to other components and third-party suppliers"

09/2012, A5E31420596-AA
Central audit trail

Audit trail archives, which are generated by the individual HMI devices as a circular log in CSV
format, can be imported into the database of the reporting system of WinCC RT Professional with
the PM-OPEN IMPORT add-on. A distinction is made between user alarms and system alarms.
Please take note that the number of the standard operator input alarm in WinCC RT Professional
(12508141) is assigned to the operator inputs. Old value and new value are taken over into the
process value blocks 2 and 3. The original time stamp of the alarms is preserved when importing
data.
The import of data is organized as follows:
Installation of the PM-OPEN IMPORT add-on on the PC with

WinCC RT Professional
Creating a directory for each HMI device into which the CSV files
are either event-driven or moved cyclically
The directories are monitored by PM-OPEN IMPORT with Windows resources. As soon as a CSV
file is detected in the directory, PM-OPEN IMPORT starts reading the data.
The imported audit trail entries can be displayed in a process screen by WinCC RT Professional
with the ActiveX Control "Alarm view".
Central process data archiving and central interrupt management

Data and alarm logs which are generated by the individual HMI devices in CSV format can also be
transferred to the databases of the reporting system of WinCC RT Professional with the add-on
PM-OPEN IMPORT. Data from the data log will accordingly be read into the data log of WinCC RT
Professional and alarms into the alarm log. The original time stamp remains unchanged.
The imported data can be displayed in WinCC RT Professional on the trends / table view or the
alarm view.

09/2012, A5E31420596-AA
113
114

09/2012, A5E31420596-AA

The following graphic shows an example of a lifecycle approach. After creation of the system, the
system must be tested to establish whether all specified requirements are met. GAMP5 calls this
phase the "Verification". The terms "validation" and "qualification" are not replaced by this but
rather supplemented. The areas covered by tests performed by the supplier and suitably documented can be used for the validation activities of the pharmaceuticals company.
Various standard functions of the TIA Portal engineering system can be used in support of verification / qualification.

09/2012, A5E31420596-AA
115
8.1
Test planning
In defining a project life cycle, various test phases are specified. Therefore, basic qualification activities are defined at a very early stage of the project and fleshed out in detail during the subsequent specification phases.
The following details are defined at the outset of the project:
Parties responsible for planning and performing tests and approving their results
Scope of tests in relation to the individual test phases
Test environment (test structure, simulation)
Note
The testing effort should reflect both the results of the risk analysis and the complexity of the component under test.
A suitable test environment and time, as well as appropriate test documentation, can help to ensure that only very few tests need to be repeated, or even none at all.
The individual tests are planned in detail at the same time as the system specifications (FS, DS)
are compiled. The following are defined:
8.2
Procedures for the individual tests
Test methods, e.g. structural (code review) or functional (black box test)
Verification of hardware
During the qualification phase, tests are performed to verify whether the installed components and
the overall system design meet the requirements of the Design Specification. This includes details
such as component name, firmware / product version, installation location, server and clients used,
interfaces to the automation system, etc.
Utilities for the verification of the system hardware
116
Printouts and screenshots as proof of qualification (chapter 8.4 Documentation of the project
data)
Additional visual checks of the hardware when necessary
Printouts of the hardware configuration and verification of compliance with the switch cabinet
documentation
PC pass with information on all installed hardware and software components. This can be created manually or using commercially available tools.
Where necessary, there should also be an additional visual check

09/2012, A5E31420596-AA
Verification of panel hardware

Panels are delivered preconfigured with the operating system Windows CE. For hardware verification, panel type and version as well as additional storage cards and the network configuration need
to be checked.
Panel type and version can be read out at the panel via Control Panel > OP:
The network configuration can be found under Control Panel > Network and Dial-up Connections:

09/2012, A5E31420596-AA
117
8.3
Verification of software
Utilities for the verification of the system software

Files, printouts and screenshots of various functions and programs can be used as proof for the
qualification, for example:
8.3.1
Installed software, chapter 8.3.2 "Verification of software products"
Documentation of the project data, chapter 8.4 "Documentation of the project data"
SIMATIC Security Control, chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software"
Diagnostics of communication links, chapter 6.9.1 "Diagnostics of communication connections"
Memory space view, chapter 6.9.2 Memory space view"
Software categorization according to GAMP Guide

According to the GAMP5 Guide, the software components of a system are assigned to one of four
software categories for the purpose of validating automated systems:
Category 1: Infrastructure software
Category 3: Non-configured products
Category 4: Configured products
Category 5: Custom applications
In terms of a WinCC system, this means that the individual software components require various
degrees of effort for specification and testing depending on their software category.
While a computer system as a whole would usually have to be assigned to category 4 or sometimes even 5, the individual standard components to be installed (without configuration) involve effort analogous to category 3 or 1.
Configuration based on the installed products, libraries, blocks, etc., then corresponds to category 4.
If "Free code" is also programmed, this corresponds to a category 5.
Procedure for category 5 functions

Here, specification and testing requires a much greater effort:
1. Creation of a description of functions for the software
2. Definition of the functions used
3. Definition of the used inputs and outputs
4. Definition of the usability and observability
5. Software design according to specification and programming guidelines
6. Structural testing for compliance with programming guidelines
7. Functional testing for conformity with description of functions
8. Approval prior to use or reproduction
118

09/2012, A5E31420596-AA
8.3.2
Verification of software products

Verification includes determination whether the installed software meets the requirements of the
specification of the employed "standard" software products. These are usually products that are not
designed specifically for a customer but rather freely available on the market, e.g.:
Operating system and other software packages
SIMATIC WinCC Runtime System Software
SIMATIC Standard Options (DataMonitor, WebNavigator, Recipes, etc.)
SIMATIC WinCC Premium Add-ons (PM-CONTROL, PM-QUALITY, PM-OPEN IMPORT)
Standard libraries
The software installed on the operating system can be checked with Control Panel >
Add/Remove Programs.
The settings in the Windows operating system required for the WinCC system software can be
queried in the application SIMATIC Security Control: All programs > Siemens automation >
Security Control > Accepted settings. (see also chapter 4.2.2 "Installation of the SIMATIC
WinCC RT runtime software")
The installed SIMATIC software is documented in detail in the WinCC RT Start application under
Help > About WinCC RT Start ... > Components.

09/2012, A5E31420596-AA
119
The Automation License Manager program provides information about the licenses installed on
each WinCC computer.
Verification of panel software

The version of the operating system of a panel can be read under Control Panel > System. There
you also see the available memory space.
120

09/2012, A5E31420596-AA
The Automation License Manager program can also provide information about the SIMATIC licenses installed on panels. For this purpose, a connection between the panel and the Automation
License Manager needs to be done:
With TIA Portal Engineering System

Via the context menu HMI Device maintenance > Authorize/License
Without TIA Portal Engineering System

In Automation License Manager via the menu Edit > Connect target system > Connect HMI device
Example for licenses being installed on a panel:

09/2012, A5E31420596-AA
121
8.3.3
Verification of the application software

During verification of the application software, specification test descriptions are generated according to the requirements of the software and then used as a basis for testing the software.
The following checks are typical when testing a computer system:
Name of the application software
Technological hierarchy (plant, unit, technical equipment, individual control element etc.)
Software module test (typical test)
Communication to other nodes (controllers, MES systems etc.)
Inputs and outputs
Control module (device control level)
Equipment phases and equipment operations
Relationships between modes (MANUAL/AUTOMATIC switchovers, interlocks, start, running,

stopped, aborting, completed etc.)
Process tag designations
Visualization structure (P&I representation)
Operating philosophy (access control, group rights, user rights)
Archiving concepts (short-term archives, long-term archives)
Signal concept
Trends
Configuration data such as the tags, functions or graphics used can be output based on reports.
For this purpose, ready-made standard layouts and print jobs exist in the global library of the TIA
Portal engineering system, see chapter 6.8.1 "Reporting of process and production data".
8.4
Documentation of the project data

Documentation of the project data can be created in the engineering system in support of the
hardware and software verification process. For this purpose, the TIA Portal provides a number of
templates in the global library, also in accordance with the ISO standard for technical project
documentation.
Documentation of the following data can be displayed as a print preview on the screen or output on
a printer via the corresponding context menu:
122
Entire project data when the top node is selected in the project navigation
Project data for a device in the project navigation
Contents of an opened editor (e.g. Devices & Networks)
Tables
Libraries

09/2012, A5E31420596-AA
Example of a documentation of the Devices and Networks editor:
See also:
TIA Portal information system > Edit projects > Edit project data > Print project content

09/2012, A5E31420596-AA
123
In the print dialog box, the printer, print layout and the extent of the documentation either total or
compact is selected.
124

09/2012, A5E31420596-AA
8.5
Configuration control
8.5.1
Project versioning
In this storage concept, it might be specified, for example, that the project is backed up following a
change. The project backup is carried out in the TIA Portal in the project view under "Save as".
Here, the project can be saved under a different name with an integrated version number if necessary.
The project folder that contains the TIA Portal project can be packed in Windows Explorer as an alternative to backing up the project.
A version ID can, for example, be included in the file name of the compressed file. Make sure that
the folder hierarchy is maintained when packing the WinCC project so that the project can be read
again.
See also:
TIA Portal information system > Edit projects > Create and administer projects > Save projects
Versioning data in WinCC options / add-ons

Make sure that the appropriate databases are backed up if the Premium Add-ons are used such as
PM-CONTROL / PM-QUALITY. Before backup, the project must be closed in PM-SERVER, the
utility application for PM-CONTROL and PM-QUALITY, in order to disconnect the databases from
the MS SQL Server.
The directory that contains the project data of the add-ons (by default:
C:\Users\Public\Documents\Siemens\ProcessManagement\...), is copied or packaged at which
time a version number can be integrated in the name. The original names of the directories must
be reset before the data can be restored.
If the Premium Add-on PM-OPEN IMPORT is used, the configuration file Project.CSV is saved to
the configured storage location.
8.5.2
Change control of the configuration data

The configuration can be controlled using the versioning of the individual configuration items and
associated documentation changes , see chapter 5.5 "Versioning application software".

09/2012, A5E31420596-AA
125
8.6
Backing up the operating system and SIMATIC WinCC

The backup of the operating system and the WinCC installation should be carried out with hard
drive images. These images allow you to restore the original state of PCs without significant effort.
Note
An image can only be imported on a PC with identical hardware. For this reason, the hardware
configuration of the PC must be adequately documented.
Images of individual partitions can only be exchanged between image-compatible PCs because
various settings, for example in the registry, generally differ from PC to PC.
126

09/2012, A5E31420596-AA
9.1
Operation and monitoring

SIMATIC WinCC (TIA Portal) provides extensive process visualization. Individually configured user
interfaces can be configured for each application for reliable process control and optimization of
the entire production sequence.
The production can be monitored, managed and optimized using numerous interfaces. The central
components in monitoring during operation are screen signals in graphics and faceplates along
with trends, alarms, acoustic signals etc.
Runtime data can be output by the system based on archived data. Corresponding reports and
print jobs are configured in the engineering system for this purpose. (see chapter 6.8.1 "Reporting
of process and production data" and 7.8.1 Output of process and production data)
The available data includes alarms in chronological order, alarms from a specific alarm log, alarms
from the current alarm list, values from a process value and compression log and data from applications not belonging to WinCC.
9.2
Operational change control

Changes to validated and operational plants must always be planned in consultation with the plant
user, documented and only made and tested after approval.
The example below illustrates the procedure for changes:
1. Initiation and approval of change specification by plant user
2. Description of the software change
3. Backup of the current WinCC project data
4. Implementation of software changes including manual documentation

based on the current version.
5. Test of changes including documentation
6. Backup the changed WinCC project data with the versioning

The effects of the change to other parts of a WinCC application and the resulting tests must be
specified based on risk and documented.

09/2012, A5E31420596-AA
127
9.3
System restoration
The procedure described in this chapter should enable the end user to restore the WinCC system
after a disaster.
Disasters are taken to mean the following cases:
Damage to the operating system or installed programs
Damage to the system configuration data or configuration data
Loss or damage to runtime data
The system is restored using the saved data. The backed up data (medium) and all the materials
needed for the restoration (basic system, loading software, documentation) must be saved at the
defined point. There must be a Disaster Recovery Plan which must be checked on a regular basis.
Restoring the operating system and installed software

The restoration of the operating system and installed software is carried out by importing the corresponding images (see chapter 8.6 "Backing up the operating system and SIMATIC WinCC"). The
instructions provided by the relevant software supplier for the data backup application should be
followed.
Restoring the application software

The process for restoring the application software depends on the kind of backup.
Reading back the data from a manually created backup
Restoring the runtime data

Runtime data, for example from alarm logging data and tag logging that has not been backed up
using a backup configuration is lost in the event of a hard disk disaster.
To view historical data in WinCC Runtime, corresponding backups with the name extensions mdf
and ldf are copied back to the local machine and connected to the MS SQL Server via the Connect
archive button in the controls to display the data.
128

09/2012, A5E31420596-AA
9.4
Uninterruptible power supply (UPS)

An uninterruptible power supply (UPS) is a system for battery backup of the supply voltage. If the
power supply fails, the battery of the UPS takes over as the power supply. When power is restored,
the UPS battery discontinues serving as the power supply and the battery is recharged. A few UPS
systems offer not only battery backup of the power supply but also the possibility of supply voltage
monitoring. They ensure an output voltage without interference voltages at all times.
Systems with higher priority are, for example:
PLCs (AS controller)
Network components
Archive servers
WinCC servers
WinCC clients
Panels
In each case it is important to include the systems for data logging in the battery backup. The logging should also record the time of the power failure.
The following should also be remembered:
Configuration of signaling for power failure
Determination of the time frame for shutting down the PC
Specification of the time frame of the UPS battery backup

09/2012, A5E31420596-AA
129
130

09/2012, A5E31420596-AA
10
10.1
Updates of system software

It is essential that system software updates for a validated, operational plant are agreed with the
user. An update such as this represents a system change, which must be planned and executed in
accordance with the applicable change procedure. Similar to the description in chapter 9.2
"Operational change control", this roughly means the following steps:
Describe the planned change
Effects on functions / plant units / documentation

inclusion of the system description of the new and modified functions in the readme file/release
notes
Assessment of the risks
Define the tests which need to be performed to obtain validated status, based on the risk assessment
Approve/reject the change (in accordance with defined responsibilities)
Update of the technical documentation
Execute the change in accordance with manufacturer documentation (as the plant has been released for it)
Document the activities performed
Qualification: Carry out and document the necessary tests
In considering possible influences, the following may be relevant:
Process screens / objects / alarm system and process value archiving in function and display
Interfaces
Effects during download
System performance
Documentation (specifications)
Qualification tests to be repeated or performed for the first time
Note
Support for software update and project migration is provided by
SIMATIC Product Support at http://support.automation.siemens.com.
A list of the released Windows updates e.g. for security gaps is published in the product support
under Online-Support at ID 18752994.

09/2012, A5E31420596-AA
131
10.2
Migration of the application software

The WinCC system software is upgraded with a migration, which means that the existing project
data is transferred to the new software and then processed further.
The versions that are released for migration must be checked before migrating WinCC project data
from WinCC classic and WinCC flexible to WinCC TIA Portal. The project being migrated may have
to be upgraded to the required version.
Procedure for migration:
The project is converted to a migration format with the "Migration Tool" application.
The migration is started by clicking the migration in the portal view of the TIA Portal.
The migration report shows the migration history and may also indicate problems that require rework.
If adaptation of the project is necessary, this requires validation.
The validation effort is decided in consultation with the plant operator. Possible check points are
the new features available in WinCC as well as the correct installation of the software components
required for migration.
See also
132
TIA Portal information system > Migrating projects
Chapter 5.1.2 "Migration of existing projects"

09/2012, A5E31420596-AA
Index
A
Access control 17, 46
Alarms 27, 62
API 87
Application software 69, 95
Archiving 19, 27, 28, 32, 37, 62, 80, 104
Audit trail 19, 28, 75, 85, 98, 113
Automation License Manager 120
B
Backup 20, 34, 126
Batch report 19, 31, 84, 110
C
Category
Hardware 15
Software 15, 118
Change control 125, 127
Change procedure 13
Configuration management 16, 63, 125
D
Data communication 87
Data security 51
Diagnostics 86, 111
Documentation of project data 122
E
Electronic records 18
Electronic signature 18, 78, 101
EU GMP Guide Annex 11 11, 18
Export 27
F
Faceplates 57, 96
FDA 21 CFR Part 11 11, 18, 70, 78, 95
G
GAMP5 12, 118
GMP requirements 15

09/2012, A5E31420596-AA
H
Hardware 22
Hardware category 15
I
Image 34
Import 27
Information security 23
Installation 35
Operating System 35
SIMATIC components 36
SIMATIC WinCC options 37
Installed software 119
Interfaces 92, 112
OPC 33
Process data 32
S7 92, 112
K
Know-how protection 74
L
Libraries 58
Life cycle model 12
M
Maintenance 127
Mandatory comment 72
Master copies 56
Migration 54, 132
Monitoring 86, 111
N
Network drive 107
O
Object-oriented configuration 56
Operating system 24, 35, 39, 46, 49, 50
Operator input alarms 70, 95
Overview diagrams 69
133
Index
P
Partition 34
Password 17
Printer driver 34
Printout 84, 109
Process screens 69
Project setup 53
R
Recipes 27, 30, 78, 102
Regulations / Guidelines 11
Reporting 29, 83, 109
Restore 128
Retrieving data 20
Risk assessment 13, 116, 131
S
Screen window 57
Scripts 58, 67, 72, 73, 97, 98
Security
Network 23
SIMATIC
Security Control 36
SIMATIC NET SCALANCE S 51
User groups 44
WinCC Premium Add-ons 30
SIMATIC Logon 25, 38, 40
Software
Engineering 26
Operating level 27
Software category 15, 118
Specification 21
Application Software 29
Basic software 24
Hardware 22
HMI 30
Software design 30
System 29
User administration 25
Startup characteristics 46
Supplier audit 20
134
T
Test planning 116
Third-party components 20
Connection 93, 112
Time stamp 62
Time synchronization 20, 59
Type/instance concept 16
Types 56
U
Uninterruptible power supply (UPS) 129
Updates 131
User administration 17, 38
User data type 57
User ID 17
User interface 69, 95
User rights 45
V
Validation Manual 12
Verification 115
Application software 122
Hardware 116
Software 118
Software product 119
Versioning 125
Application software 64
configuration elements 63
Faceplates 66
Reports 68
Screens 64
Scripts 67
Virus scanner 34
W
Web access 88
Data display 91
Remote 89
User authorization 88
WinCC Add-on 125
PM-CONTROL 30, 79, 104
PM-OPEN IMPORT 32
PM-QUALITY 31, 32, 82, 83, 84, 106, 110
WinCC option
DataMonitor 32, 88
WebNavigator 32, 88
WinCC Option 125

09/2012, A5E31420596-AA
Further information
E-Mail:
pharma@siemens.com
Internet:
www.siemens.com/pharma
Siemens AG
Industry Sector
Pharmaceutical and Life
Science Industry
76187 KARLSRUHE
GERMANY
www.siemens.com/automation
Subject to change without prior notice.

A5E31420596-AA
Siemens AG 2012
Siemens
Pharma Industry

GMP Simatic Wincc v11 en

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GMP Simatic Wincc v11 en

Uploaded by

Copyright:

Available Formats

SIMATIC

SIMATIC WinCC (TIA) V11

Answers for industry.

Configuring in a GMP Environment

Requirements for Computer Systems in a GMP Environment

System Installation and Basic

Project Settings and Definitions

Configuration for WinCC RT Professional

Configuration for WinCC Comfort /

Support for Verification

Operation, Maintenance and Servicing

System Updates and Migration

Proper use of Siemens products

Copyright Siemens-AG 2012.

Basic knowledge required

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Validity of the manual

Server/client system configured with the engineering software

Panel TP1200, configured with the engineering software

Position in the information landscape

Structure of this manual

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

FAQs, technical manuals, etc. under Product Support

Examples of applications, performance, etc. under Applications and Tools

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Online service & support

Your local Siemens representative

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Configuring in a GMP Environment.........................................................................................................11

Requirements for Computer Systems in a GMP Environment .............................................................15

Regulations and guidelines.....................................................................................................11

System Specification ................................................................................................................................21

Selection and specification of the hardware ...........................................................................22

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

System Installation and Basic Configuration .........................................................................................35

Project Settings and Definitions ..............................................................................................................53

Project setup ...........................................................................................................................53

Configuration for WinCC RT Professional..............................................................................................69

Installation of the operating system ........................................................................................35

Creating the graphic user interface.........................................................................................69

Configuration for WinCC Comfort / WinCC RT Advanced ....................................................................95

Electronic recording and archiving of data .............................................................................80

Support for Verification ..........................................................................................................................115

Test planning ........................................................................................................................116

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Operation, Maintenance and Servicing .................................................................................................127

Change control of the configuration data..............................................................................125

System Updates and Migration..............................................................................................................131

Updates of system software..................................................................................................131

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Configuring in a GMP Environment

Regulations and guidelines

Law/regulation for manufacturers and importers of pharmaceutical products for the

Binding directive within the European Union

Guideline with worldwide validity as recommendation

(U.S. Food and Drug Administration, FDA)

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Configuring in a GMP Environment

Life cycle model

Siemens Validation Manual

SIMATIC WinCC (TIA) V11 - GMP Engineering Manual

Configuring in a GMP Environment

GAMP5 Guide, Appendix M6 "Supplier Quality and Project Planning"