Professional Documents
Culture Documents
Introduction, Contents
Requirements of Computer
Systems in a GMP Environment
System Specification
4
5
7
8
System Installation
Additional Harware/Software
Components
Index
01/2008
A5E01100604-02
10
Safety-Related Notices
Notices that you should observe to ensure your own personal safety and to avoid damage to property
and equipment can be found in the relevant technical manuals. The safety of pharmaceutical products
of prime importance to the pharmacist must be evaluated by the pharmaceutical company itself. This
document provides information on this topic.
Qualified Personnel
Only qualified personnel should be allowed to install and work on this equipment. Qualified persons
are defined as persons who are authorized to commission, to ground, and to tag circuits, equipment,
and systems in accordance with established safety practices and standards.
Siemens AG
Industry Sector
Industry Automation
D- 76181 KARLSRUHE
GERMANY
A5E01100604-02
01/2008
Introduction
Purpose of this manual
This manual describes what is required from the pharmaceutical, regulatory
viewpoint for Good Manufacturing Practice (GMP environment), of the computer
system, the software and the procedure for configuring SIMATIC WinCC. The
relationship between the requirements and system build is explained based on
practical examples.
Intended audience
This manual is intended for all plant operators, those responsible for control system
designs for specific industries, project managers and programmers, servicing and
maintenance personnel who use the process control technology in the GMP
environment. It describes solutions for implementing automation projects with
SIMATIC WinCC in situations where the principles of GMP are mandatory.
Disclaimer
This manual contains instructions for system users and programmers for
integrating SIMATIC WinCC into the GMP environment. It covers validation and
takes into account special aspects such as the requirements of FDA 21 CFR
Part 11.
We have checked that the contents of this document correspond to the hardware
and software described. Nevertheless, as deviations cannot be precluded entirely,
we cannot guarantee complete accuracy of the information contained herein. The
information in this document is checked regularly for system changes or changes
to the regulations of the various organizations and necessary corrections will be
included in subsequent issues. We welcome any suggestions for improvement and
ask that they be sent to the A&D Competence Center Pharma in Karlsruhe
(Germany).
iii
Introduction
iv
Introduction
Conventions
The following conventions are used in this manual.
Activities involving several steps are numbered in the order in which the activities
should be performed.
Procedures involving only a few steps are indicated by a bullet ().
References to other manuals are shown in bold italic.
Menu commands are shown in bold face.
Additional support
If, once you have read the manual, you have any questions about the products
described in it, please contact your local Siemens representative.
You will find information on who to contact at:
http://www.siemens.com/automation/partner
You will find a guide to the technical documentation we offer for individual SIMATIC
products and systems at:
http://www.siemens.de/simatic-tech-doku-portal
The online catalog and ordering system are available at:
http://mall.automation.siemens.com/
If you have questions on the manual, please contact the A&D Competence Center
Pharma:
E-mail:
pharma.aud@siemens.com
Fax:
Additional information about the products, systems and services from Siemens for
the pharmaceutical industry can be found at:
http://www.siemens.com/pharma
Training centers
Siemens offers a number of training courses to familiarize you with the SIMATIC
WinCC operator control and monitoring system. Please contact your regional
training center or the central training center in D90327 Nuremberg, Germany.
Phone:
+49 (911) 895-3200.
Internet: http://www.sitrain.com
Technical support
You can reach the technical support for all A&D products
Phone:
Fax:
You can find additional information about our technical support online at
http://www.siemens.de/automation/service
Introduction
vi
The right documents for you, using our Service & Support search engine
A forum where users and experts from all over the world exchange
experiences
Information about on-site services, repairs, spare parts. Much more can be
found on our "Services" pages.
Table of Contents
Introduction
iii
Table of Contents
vii
11
1.1
1.2
1.3
1.4
1.5
2
2.1
2.2
2.3
2.3.1
2.3.2
2.3.2.1
2.3.2.2
2.4
2.4.1
2.4.2
2.4.3
2.5
2.5.1
2.5.2
2.5.3
2.6
2.6.1
2.6.2
2.6.3
2.7
2.8
2.9
2.10
2.10.1
2.10.2
2.10.3
2.10.4
2.11
2.11.1
2.11.2
2.12
2.13
Hardware categorization
Software categorization
Configuration management
Configuration Identification
Configuration control
Versioning
Change control
Software creation
Use of typicals for programming
Identifying software modules/typicals
Changing software modules/typicals
Access protection and user management
Applying access protection to a system
User ID and password requirements
Case sensitivity Smart Cards and Biometric Systems
Electronic signatures
Conventional electronic signatures
Electronic signatures based on biometrics
Security measures for user IDs/Passwords
Audit trail
Time synchronization
Archiving Data
Batch reporting
Components of batch documentation
Components of the manufacturing Log
The uses of electronic batch data
Requirements of electronic records
Data backup
Application software
Process data
Retrieving archived data
Use of third-party components
12
17
19
20
21
23
24
25
27
28
28
28
28
29
29
29
29
30
30
31
31
32
32
33
33
34
35
36
37
37
37
38
38
39
40
41
42
43
vii
Table of Contents
System specification
3.1
3.1.1
3.1.2
3.1.3
3.2
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.5.1
3.3.5.2
3.3.5.3
3.3.5.4
3.3.6
3.3.7
3.3.8
3.3.9
3.3.9.1
3.3.9.2
3.3.9.3
3.3.10
3.3.11
3.4
3.4.1
3.4.2
3.4.3
4
4.1
4.2
4.3
4.4
4.5
4.6
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.7
4.8
4.9
5
5.1
5.2
5.3
5.4
5.5
5.5.1
5.5.2
5.6
viii
45
System installation
47
47
47
48
49
51
52
53
53
54
55
55
56
56
57
58
59
60
60
61
61
63
65
67
68
68
68
68
69
70
71
73
74
75
76
77
78
79
84
87
88
89
90
91
92
95
95
97
98
100
106
107
108
109
Table of Contents
5.7
5.8
5.9
5.9.1
5.9.2
5.9.3
5.9.4
5.10
5.10.1
5.10.2
5.10.3
5.10.3.1
5.10.3.2
5.10.3.3
5.10.3.4
6
6.1
6.2
6.3
6.4
6.5
6.5.1
6.5.2
6.6
6.7
6.8
6.8.1
6.8.2
6.8.2.1
6.8.2.2
6.8.2.3
6.8.2.4
6.8.2.5
6.8.3
6.9
6.9.1
6.9.1.1
6.9.1.2
6.9.1.3
6.9.2
6.10
6.11
6.11.1
6.11.2
6.11.3
6.11.4
6.12
6.13
6.13.1
6.13.2
6.13.3
6.13.4
6.14
6.15
6.16
Introduction
Creating overview pictures
Creating operator input messages
Electronic signature
Audit trail
WinCC Audit
Audit trail via WinCC Alarm Logging
Archiving data: Setting up process value archives
Setting up user archives
Long-term archiving
Long-term archiving in SIMATIC WinCC
Long-term archiving with SIMATIC Central Archive Server
Method 152
Configuring the Central Archive Server
Archiving and transfer to the CAS
Retrieving archived data
Data displays
Batch-oriented long-term archiving with PM-QUALITY
Reporting
Reporting with WinCC Report Designer
Page layout editor
Print jobs
Logging the Audit Trail entries from WinCC Audit
Batch-oriented reporting with PM-QUALITY
Lifebeat monitoring
Data communication with the plant management level
Data communication with the connectivity pack
Data communication with the connectivity station
Data communication with Industrial Data Bridge
Data communication via the ODK programming interface
Creating C and VB scripts
Connecting to a Web client
Configuring web access on the WinCC server for process operator input
Setting up operator permissions on the WinCC server
Remote access via the network
Configuring web access on the WinCC server to display data
Connecting SIMATIC WinCC flexible
Connecting SIMATIC S7
Connecting third-party components
110
111
114
115
116
119
119
121
121
121
121
122
123
125
127
129
129
130
132
135
138
138
143
148
149
150
150
152
154
160
160
161
161
164
164
165
168
169
174
177
178
178
178
179
179
180
181
181
184
185
185
190
191
193
ix
Table of Contents
7
7.1
7.2
7.3
7.4
7.4.1
7.4.2
7.4.3
7.5
7.6
7.7
8
8.1
8.2
9
195
Introduction
Planning qualification
Qualification of the system hardware
Qualification of automation software
Software categorization according to GAMP Guide
Qualification of standard software
Qualification of application software
Configuration control: Versioning and archiving projects
Tracking configuration changes
Backing up the operating system and SIMATIC WinCC
Systems productive mode
195
196
197
199
199
200
202
203
207
209
211
211
212
215
9.1
9.2
215
216
10
217
10.1
10.1.1
10.1.2
Index
217
219
221
Index-1
11
1.1
VP
PQ
VR
QPP
QP
QR
PQ
Traceability
Matrix
IQ
ica
if
ec
Sp
FS
tio
SAT
n
DS
FAT
Module
Development
Qu
ali
fic
ati
on
OQ
Te
sti
ng
/
URS
Application
Development
Module
Testing
System Build
12
Description
VP
Validation Plan
QP
Qualification Plan
QPP
URS
FS
Functional Specification
DR
Design Specification
FAT
SAT
IQ
Installation Qualification
OQ
Operational Qualification
PQ
Performance Qualification
VR
Validation Report
QR
Qualification Report
13
Validation plan
The validation plan (VP) specifies the overall strategy and specifies the parties
responsible for the validation of a system in its operational environment [PDA,
GAMP4].
In the case of complex plants (for example a production line with several
process cells and computer systems), there may also be a master validation
plan (MVP) as well as VPs valid only for specific process cells and systems.
Qualification plan
In contrast to the validation plan, a qualification plan (QP) describes the
qualification activities in detail. It defines the tests to be performed and indicates
the dependencies.
The qualification plan follows a validation plan. Due to the similar contents of both
documents, it is possible to combine the QP and the QPP.
Specification
The specification phase starts with the creation of the URS. As a rule, the URS is
created by the user and describes the requirements which the system has to meet.
Once the URS has been created, an FS is created, usually by the supplier. The FS
describes the requirements defined in the URS more precisely on a functional
level. The subsequent DS contains detailed requirements as regards system build.
14
The function and design specifications both form the basis for later qualification
and validation tests. The following issues also have to be addressed during the
function and design specification phases:
Software structure
Programming standards
Naming conventions
System Build
The system is implemented in accordance with the design specification during the
system build stage. Along with the procedures defined in the QPP and additional
guidelines (coding standards, naming conventions, and data backups, for
example), change management, which aims to enable changes to and deviations
from the original specifications to be traced, plays an important role.
See also GAMP 4, Appendix M8 "Guideline for Project Change Control" and
GAMP 4, Appendix M10 "Guideline for Document Management".
15
FAT
Once the system build steps have been completed, a factory acceptance test
(FAT) is often carried out on the supplier's premises and documented, enabling
any programming errors to be identified and remedied prior to delivery.
The aim of the FAT is for the customer to accept the system for delivery in its
tested state.
SAT
The site acceptance test (SAT) shows that an computer system works within its
target operating environment with interfaces to the instrumentation and plant
sections according to the specification. Depending on the project, the SAT can be
combined with commissioning (and therefore with the IQ or OQ).
Qualification report
The qualification report (QR) summarizes the results of the tests performed, based
on the qualification plan, and confirms that the qualification phases have been
completed successfully.
Validation report
The validation report (VR) sums up the results of the individual validation steps and
confirms the validated status of the system. The creation of both the validation plan
and the validation report is the responsibility of the customer.
16
1.2
Ordinance /
policy
Author/orga Title
nization
21 CFR Part 11
US FDA
Ordinances / Scope
recommendat
ion
Electronic records,
electronic signature
Current good
manufacturing practice
in manufacturing,
processing, packing, or Ordinance
holding of drugs; general
Manufacturers
and importers of
pharmaceutical
products for the
US market
Current good
manufacturing practice
for finished
pharmaceuticals
Annex 11 of the
EU-GMP Guide
European
Commission
Directorate
General III
Computerized Systems
Policy
Europe
Annex 18 of the
EU-GMP Guide
European
Commission
Directorate
General III
Good Manufacturing
Practice for Active
Pharmaceutical
Ingredients
Policy
Europe
GAMP 4
ISPE
Policy
Worldwide
GAMP Good
Practice Guide
ISPE
Validation of Process
Control Systems
Recommendati Worldwide
on
NAMUR
Recommendatio
n NE 71
NAMUR
Operation and
Maintenance of
Validated Systems
Recommendati Europe
on
Note
This manual is based on the requirements of GAMP 4 and US 21 CFR Part 11.
17
NAMUR recommendations
NAMUR recommendations are reports of the experience that were produced by the
"Process Control Systems Special Interest Group of the Chemical and
Pharmaceutical Industry" for optional use by its members. They should not be
viewed as standards or guidelines. The NAMUR recommendations below are of
particular interest for the configuration and use of computer systems in the GMP
environment:
18
1.3
Responsibilities
Responsibilities for the activities included in the individual life cycle stages must be
defined when configuring computer systems in the GMP environment and creating
corresponding specifications. As this definition is usually laid down on a customerand project-specific basis and requires a contractual agreement, it is
recommended that the definition is integrated into the quality and project plan. See
also GAMP 4, Appendix M2.
19
1.4
20
1.5
21
22
VP
PQ
VR
QPP
QP
QR
PQ
Traceability
Matrix
IQ
ica
if
ec
Sp
FS
tio
SAT
n
DS
FAT
Module
Development
Qu
ali
fic
ati
on
OQ
Te
sti
ng
/
URS
Application
Development
Module
Testing
System Build
23
2.1
Hardware categorization
A system's hardware components are assigned to one of two hardware categories
in accordance with the GAMP 4 Guide, Appendix M4. The hardware categories
are listed below:
24
2.2
Software categorization
According to the GAMP Guide for Validation of Automated Systems, the
software components of a system are assigned to one of five software categories.
The five GAMP software categories are listed below:
Category 2, firmware
Category 2 includes the firmware, for example in field instruments or compact
controllers, whose configuration has been adapted to e.g. the on-site conditions.
Here too, the name and version of the firmware must be documented, along with
its configuration, and checked in the context of an installation qualification (IQ). The
device functionality must be checked by means of an operational qualification
(OQ).
25
26
2.3
Configuration management
The GAMP 4 Guide defines configuration management as the process which
needs to be followed in order to precisely define an automated system at any point
during its life cycle, from initial development right through to decommissioning of
the system.
Configuration management involves using administrative and technical procedures
in order to:
Identify and define basic system components and to specify them in general
27
2.3.1
Configuration Identification
Version and change management is only practicable with a suitable configuration
environment. Siemens therefore identifies every software and hardware package
using a unique product label (Machine-Readable Product Code - MLFB) and
version identifier. For the application software, the parts of an automated system
that are subject to configuration management must be clearly specified. The
system must be divided into configuration elements to this end. These must be
defined at an early stage of system build to ensure that a complete list of
configuration elements can be created and maintained. Application-specific
elements should have a unique ID (name or identification number). The amount of
detail required when defining elements is determined by the requirements of the
system and the supplier who is developing the application.
2.3.2
Configuration control
The maintenance of configuration elements must be checked at regular intervals
by means of reviews, for example. Here, particular attention must be paid to the
change control and the related versioning. Archiving and release of individual
configuration items should also be taken into account.
2.3.2.1
Versioning
To ensure correct change management, the configuration elements must be
versioned. The version must be updated each time a change is made.
2.3.2.2
Change control
Suitable control mechanisms must be in place during configuration in order to
ensure that changes are documented and transparency achieved. The control
mechanisms can be described by means of SOPs and must cover the following:
28
Software versioning
2.4
Software creation
Certain guidelines must be followed during software creation, which must be
documented in the quality and project plan (GEP idea). Software creation
guidelines can be taken from the GAMP 4 Guide for Validation of Automated
Systems and from relevant standards and recommendations.
2.4.1
2.4.2
2.4.3
29
2.5
Biometric systems
2.5.1
30
Note
Please note that only authorized persons must be able to access PCs and the
system. This can be ensured by using appropriate measures such as mechanical
locks and hardware and software for remote access.
2.5.2
In order to comply with the Windows guidelines for password complexity, at least
three of the criteria listed must be taken into account in the password alongside the
minimum length.
2.5.3
31
2.6
Electronic signatures
Electronic signatures are computer-generated character strings, which act as
legally binding equivalents to handwritten signatures.
Regulations concerning the use of electronic signatures are defined in US FDA 21
CFR Part 11, for example.
Electronic signatures are of practical relevance when it comes to manual data input
and operator intervention during runtime, approving process actions and data
reports, and changing recipes, for example.
Each electronic signature must be assigned uniquely to one person and must not
be used by any other person.
It must be possible for a pharmaceutical company to confirm to the authorities that
an electronic signature represents the legal equivalent of a handwritten signature.
Electronic signatures can be biometrically based or the system can be set up
without biometric features.
2.6.1
Note
The regulations found in 21 CFR Part 11, published by the FDA, must be satisfied
in the manufacture of all pharmaceutical products and medical devices intended
for the US market.
32
2.6.2
2.6.3
33
2.7
Audit trail
The Audit Trail is a control mechanism of the system that allows all data entered or
modified to be traced back to the original data. A secure Audit trail is particularly
important as regards the creation, modification, or deletion of GMP-relevant
electronic records.
In this case, the Audit Trail must archive and document all changes or actions
performed, together with the corresponding date and time. The typical content of
an Audit Trail must be specified and must cover "who" has changed "what" and
"when" (old value/new value).
The archiving period must correspond to the period stipulated in the specification.
There must be adequate hard disk space to allow the entire Audit Trail to be stored
until the next transfer to an external data medium.
Systems which provide adequate data security must be used (e.g. redundant
systems, standby systems, mirrored hard disks based on RAID 1).
34
2.8
Time synchronization
A consistent time reference (including a time zone reference) must be guaranteed
within a system, in order to be able to assign a unique time stamp for archiving
messages, alarms, etc.
Time synchronization is especially important for archiving data and analysis of
faults. UTC (Universal Time Coordinated, defined in ISO 8601) is recommended for
the time base for saving data. The time can be displayed in local time with a note
regarding summer / winter time.
35
2.9
Archiving Data
Archiving means the permanent storage of electronic data and records of a
computer system in a long-term storage system. 1
The customer is responsible for the definition and checks involved in storing
electronic data.
Based on the predicate rules (GMP Guide, 21 CFR Part 210, 21 CFR Part 211,
etc.), the customer must decide how electronic data will be retained and, in
particular, which data will be affected by this procedure. This decision should be
based on a justified and documented risk assessment that takes into account the
significance of the electronic records over the archiving period.
The customer should define the following requirements 2:
Required archiving duration for the relevant data types, based on legal and
commercial requirements
Process values (often in the form of trends), alarms (interrupts, warnings, etc.),
Audit Trails, and, under certain circumstances, other batch data can be archived
for SIMATIC systems.
The memory space on a system's data carriers is restricted. Data can be swapped
out to external data carriers at regular intervals in order to free up space on these
system data carriers.
When migrating or converting the archived data, the integrity of the data must be
assured over the entire conversion process. 3
"Good Practice and Compliance for Electronic Records and Signatures. Part 1, Good
Electronic Records Management". ISPE/PDA 2001.
"Good Practice and Compliance for Electronic Records and Signatures. Part 3,
Models for Systems Implementation and Evolution". PDA 2004.
"Good Practice and Compliance for Electronic Records and Signatures. Part 3,
Models for Systems Implementation and Evolution". PDA 2004.
36
2.10
Batch reporting
When producing pharmaceuticals and medical equipment, batch documentation
takes on a special significance. For a pharmaceutical manufacturer, methodically
created batch documentation is often the only documented evidence within the
framework of product liability.
2.10.1
Test instructions and test log (relating to quality checks, e.g. example analysis)
The manufacturing log (or packaging log) has a central significance here and this is
defined below:
2.10.2
It is always based on the relevant parts of the valid manufacturing formula and
processing instructions
Initials of the operator involved in all significant production steps and, when
applicable, the person checking the operations (double-check when weighing
materials, for example)
The batch number and / or the analytical control number and the actual
quantities of all constituent materials
All relevant processing steps, any unusual events and the major equipment
used
37
2.10.3
2.10.4
38
2.11
Data backup
In contrast to the archiving of electronic data, data backups are used to create
backup copies which allow the system to be restored if the original data or entire
system is lost. 4
The backup procedure must cover the periodic backup of volatile information to
avoid total loss of data due to defective system components or inadvertent deletion
of data. Backup procedures must be tested to ensure that data is saved correctly.
Backup records should be labeled clearly and intelligibly and dated. 5
Data backups are created on external data carriers. The data carrier used should
comply with the recommendations of the device manufacturer.
When backing up electronic data, a distinction is made between software backups
(for example application software, partition images) and archive data backups.
Here, particular attention is paid to the storage of data backup media (storage of
the copy and original in different locations, protection from magnetic fields, and
elementary damage).
"Good Practice and Compliance for Electronic Records and Signatures. Part 1, Good
Electronic Records Management". ISPE/PDA 2001.
"Electronic Records and Electronic Signatures Assessment". Chris Reid & Barbara
Mullendore, PDA 2001.
39
2.11.1
Application software
Software backups have to be created following every software change on a system
and must document the system's last valid software version. If parts of the software
are modified, it is sufficient to only back up the modified part of the application
software. Complete software backups still have to be created at regular intervals,
however. If software backups are to be created as part of a software change on an
existing system or a system reinstallation, they must be created once the
installation has been performed. During the course of the project the software
version must be backed up and documented at defined milestones, such as at the
end of the FAT (i.e. prior to delivery of the system), once the installation
qualification (IQ) has been completed, prior to the tests involved in the operational
qualification (OQ), and, of course, when the system is handed over to the operator.
Software versions must also be retained in the form of software backups at regular
intervals during the creation of new software versions.
Software backups of the application software and configuration parameters must
be created.
40
Creation date
System name
Date of backup
2.11.2
Process data
The data stored in computer systems, such as trends, measured values, or
interrupts, should be backed up to external data carriers at regular intervals. This
will minimize the risk of data being lost should a fault occur.
System designations
Creation date
Consecutive number
41
2.12
42
2.13
43
44
System specification
This chapter focuses on the selection criteria for the hardware and software. The
activities for the selection of the products, product variants and system
constellations are performed in the specification phase of a computer system. This
is demonstrated in the following life cycle model by the marking in the left area.
VP
PQ
VR
QPP
QP
QR
PQ
Traceability
Matrix
IQ
ica
if
ec
Sp
FS
tio
SAT
n
DS
FAT
Module
Development
Qu
ali
fic
ati
on
OQ
Te
sti
ng
/
URS
Application
Development
Module
Testing
System Build
45
System specification
46
System specification
3.1
3.1.1
System structure
The SCADA system SIMATIC WinCC is intended for all branches and can be
adapted flexibly to specific customer requirements for a production plant.
With SIMATIC WinCC, you can implement a variety of different system
configurations from single-user systems to multiple-user systems with a
client/server structure.
With a single-user system, the entire operator control and monitoring of a
production process can be handled on one PC.
A multiple-user system consists of operator stations (WinCC clients) and one or
more WinCC servers that supply the WinCC clients with data.
Availability can be increased by setting up redundant systems.
To connect to the underlying automation level, for example, SIMATIC S7-300 / S7400 or systems from other vendors, bus systems such as MPI, PROFIBUS or
Industrial Ethernet can be used. The choice of bus system depends on the number
of linked partners and the environmental conditions for data communication.
Note
The individual components can be selected from the current SIMATIC HMI
catalog ST 80 to suit the specification of the production plant.
3.1.2
Hardware specification
The Hardware Design Specification (HDS for short) describes the hardwares
architecture and configuration. The following aspects should be defined at this
point. This will serve as the checking basis for IQ and OQ later on.
Network topology
Field devices
Note
The defaults in the hardware overview diagram and the names of the hardware
components must be unique. The designation for each hardware component may
only occur once in the computer system.
Note
More information relating to the requirements can be found in GAMP 4,
Appendix D3.
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
47
System specification
3.1.3
48
System specification
3.2
49
System specification
Data espionage
Data manipulation
Unauthorized access
Note
SCALANCE-S technology offers various applications. More information can be
found in the manuals of the SCALANCE family.
50
System specification
3.3
Basic WinCC software that is already contained in the WinCC system software
Designation
Short description
Alarm logging
Message archiving
Basic process
control
Configuration tool
Graphics designer
Project duplicator
Redundancy
Report designer
Creation of reports
Security control
Tag logging
User administrator
User archive
Tag management
Tag management
WinCC server
License in addition
to WinCC license
time synchronization
51
System specification
Short description
License
Central archive
server
DataMonitor
PM-CONTROL
PM-QUALITY
SIMATIC Manager
STEP 7
SIMATIC Logon
SIMATIC PC/PG
image & partition
creator
Version trail
WebNavigator
WinCC audit
3.3.1
Operating system
In principle, the latest information relating to the operating system and WinCC
installation can be found in the "Installation Notes" manual that is supplied with the
software package. The Read me first menu item on the WinCC Installation DVD
should also be observed along with the Installation Notes and Release Notes
sections.
52
System specification
3.3.2
SIMATIC Logon
The user logs on to the system using SIMATIC Logon. The logout, user change
and password change functions are available to a logged-on user. SIMATIC Logon
should be installed on all SCADA systems (WinCC server and WinCC client).
User administrator
The permissions for controlling the process are configured in WinCC User
Administrator. Controlling the process is divided into individual operator control
functions that can be enabled for selected user groups. To be able to use these
functions, the user must be a member of the appropriate user group. At runtime,
the User Administrator checks the operator permissions in WinCC and SIMATIC
Logon checks the authorizations.
3.3.3
Electronic signature
An electronic signature is implemented in SIMATIC WinCC in conjunction with the
SIMATIC Logon software. SIMATIC Logon provides the interface that can be
addressed in WinCC using script functions for checking the user ID and password.
53
System specification
3.3.4
Audit Trail
WinCC Audit
For production plants operated in a GMP environment, in 21 CFR Part 11, the FDA
specifies the recording of changes to electronically managed records relevant for
GMP including the time stamp, user ID, old value and new value in the form of an
Audit Trail. The WinCC Audit option was developed for this functionality in
SIMATIC WinCC. The option represents the various requirements that arise from
the system architecture of WinCC as client/server system, as multiproject, etc., in
terms of the Audit Trail. WinCC Audit allows the user to implement one central
Audit Trail over several server/client systems and several WinCC projects.
Furthermore, WinCC Audit not only records the operator responses during runtime,
but also changes in the engineering phase.
54
WinCC Audit RC for configuration of the Audit Trail for operator responses
during runtime and for engineering changes and recording the Audit Trail
during operations
WinCC Audit RT is for recording the Audit Trail per station (server or client
needed).
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
System specification
The Audit Trail can be visualized with an Audit Viewer. A large number of standard
and customized filters can be set in the Audit Viewer to specifically select or
display the corresponding Audit Trail information. The Audit Trail information can
also be exported or even printed out. The Audit Viewer is included in the scope of
supply for the product.
The Audit Trail is stored in an SQL database. The WinCC Audit Trail database can
be configured such that the Audit Trail of one or more WinCC stations or of one or
more WinCC projects is recorded. It is also possible to store the Audit Trail
database on a local computer or on a computer in the network.
WinCC Audit works together with the SIMATIC Logon software to provide access
protection (see also chapter 4.6.6 "Setting up SIMATIC Logon for the Audit
option).
3.3.5
Engineering software
SIMATIC WinCC is a modular system. Its basic components are the Configuration
Software (CS) and Runtime Software (RT) Both software components are included
in the full WinCC package (RC). The selection of the full package depends on the
number of power tags (external tags) required to interface with the automation
level.
The Configuration Software (CS) contains all the basic functions for engineering
SIMATIC WinCC. The central component is the WinCC editor in which editors can
be opened for configuring the various functions. Some functions that are
recommended for a GMP environment are pointed out below.
3.3.5.1
Tag management
55
System specification
3.3.5.2
3.3.5.3
Change control
that are transferred into the WinCC database, for example adaptations to
the tag management, in Alarm Logging, in Tag Logging, etc.,
and changes that are carried out to WinCC configuration files, for example
in plant pictures, reports, scripts or even customer documents. These
changes are recorded by the document check.
User documents
56
System specification
Note
When changes are made to documents, document control makes it possible to
recognize that a document has been changed; details of the change are, however,
not recorded and should be described in comments.
Systems must be in place to ensure that the files write protection cannot be
altered manually in Windows Explorer.
3.3.5.4
57
System specification
3.3.6
Online archiving
The runtime software (RT) is used to control and monitor the production process.
This is possible in single-user or multiple-user (client-server structure) system
configuration.
The following sections discuss the basic functions of the runtime software for
recording and displaying runtime data.
Alarm Logging
The entire message system is configured in Alarm Logging. This includes
preparation, display, acknowledgment and archiving of messages. Alarm events
from the process, from the automation system and from the WinCC system can be
processed in the message system.
In production plants in a GMP environment, Alarm Logging can also be used for an
Audit Trail. Operator input in process pictures (for example changing an I/O value
or clicking a button) trigger an operator input message that is entered in Alarm
Logging with its time stamp, user ID, old value, and new value,
To display messages during operation, the ActiveX Alarm control is linked into the
process picture. At the same time, the message view is configured. The display of
different message views is achieved by multiple linking of the Alarm Control and
setting the appropriate message filters.
Messages are logged manually or automatically. Print jobs set up in the Report
Designer control the logging.
Note
The Alarm Hiding functionality can be used to prevent selected messages from
being displayed. This is used in for example start-up phases when there are huge
numbers of messages to ensure that the less important ones are not displayed.
Despite this, the messages are recorded in the WinCC Alarm Logging. More
information on this can be found in the WinCC Information System.
Use of this functionality is the responsibility of the system operator and should
therefore be coordinated with him.
Tag Logging
Archiving of process values is configured in the Tag Logging editor. Selected
process values are recorded in definable acquisition cycles and stored in process
value or compressed archives.
58
System specification
The recorded process values are stored in the archive database. Once the
database reaches a defined database size or a specified interval has elapsed, the
archive database is transferred to external storage. Long-term archiving is also an
option (see chapter 6.8 "Long-term archiving").
During operation, current or previously archived process values can be displayed
as trends or tables. To achieve this, the relevant ActiveX Control (Online Trend
Control, Online Table Control) is linked into a process picture.
The report of the archived process values is configured in the Report Designer.
3.3.7
Long-term archiving
Long-term archiving of process values and messages can be set up using a longterm archive server or using the WinCC Central Archive Server (CAS) option. Both
concepts are introduced below.
59
System specification
The WinCC DataMonitor option can be used as an analysis tool. The WinCC
Connectivity Pack option can be used to run data analyses, for example with the
assistance of the OLE DB interface.
The CAS and WinCC server and multiclients are configured on a separate
engineering station in the SIMATIC NCM PC Manager or in the SIMATIC Manager.
With WinCC version 6.2 SP2 and higher, the CAS can also be set up redundantly.
3.3.8
Reporting
Report designer
The SIMATIC WinCC Report Designer is used both for documentation of the
WinCC configuration and for logging the runtime data.
The configuration data can be documented for the WinCC Explorer and every
configured editor, for example Tag Logging, Alarm Logging, etc. The preconfigured print jobs and report layouts ship with SIMATIC WinCC. The
preconfigured report layouts can be opened with the page layout editor of the
Report Designer and modified as necessary.
For runtime logging (for example, messages from Alarm Logging or process values
from Tag Logging), there are preconfigured report layouts and print jobs that ship
with the product. The user defines which runtime data will be logged in the preconfigured layouts. To define the contents, the layout is opened in the page layout
editor of the Report Designer and edited as required.
The WinCC runtime components, for example Alarm Logging, use pre-configured
print jobs. The output options, scope and layout of these print jobs can be modified.
It is also possible to create application-specific print jobs.
3.3.9
60
System specification
The software packages presented below are particularly relevant for process
visualization / automation in a GMP environment.
3.3.9.1
Availability
3.3.9.2
Batch control
PM-CONTROL
PM-CONTROL is a batch-oriented parameter control for recipe/product data
management. The integrated order control allows flexible handling of production
orders in which the recipe, production location, scalable production quantity and
the time of production can be specified.
61
System specification
Topology manager for mapping the process cell topology, creating the required
parameters and configuring the interface to the automation level.
To achieve a cost-effective solution for both simple and more complex tasks, PMCONTROL is available in the "Compact", "Standard" and "Professional" variants.
In the Topology Manager, user rights are specified for certain user groups. User
access is checked by SIMATIC Logon.
In the recipe system, the recipes are signed with an electronic signature after they
have been created. After each recipe change, a new signature is necessary. In the
Topology Manager configuration, it is possible to decide whether the full signature
for a recipe requires one electronic signature or two electronic signatures from
different users.
The recipe data is recorded in an Audit Trail from the point in time at which it is
created. Every recipe change is recorded along with time stamp, user ID, old value
and new value. The implemented rollback function allows an older recipe version to
be restored. The Audit Trail can be printed out or exported to an XML file.
Only fully signed recipes can be included in an order by the order control. Each
scheduled order, in turn, has an electronic signature. During processing, only data
from signed orders can be loaded on the computer system.
The processing of the orders is started, either automatically when requested by the
automation level or manually with the required user rights.
62
System specification
User archive
With the user archive option, recipe data or machine data records can for example
be saved in the form of database tables.
To obtain an overview of the created data records in an archive, the ActiveX
control WinCC User Archive Table Element is inserted in a WinCC picture with
read access. Detailed information about the User Archive option can be found in
WinCC Information System > Options > User Archives.
Automatic versioning of the data records is not supported with the User Archive
option. Versioning must be implemented during configuration. The User Archive
can be exported manually in CSV format.
Note
Operator input in the User Archive is recorded by WinCC Audit.
3.3.9.3
Batch-oriented reporting
PM-QUALITY
The data recorded in PM-QUALITY can be displayed in trends (process values),
printed as reports on a printer or exported as an HTML file, XML file or in database
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
63
System specification
format. It is also possible to configure the export of batch data for long-term
archiving on a different computer (see chapter 6.9.2 "Batch-oriented long-term
archiving with PM-QUALITY").
The software package includes the following applications:
Topology Manager for mapping the plant topology and specifying the
production data to be acquired
Report Editor for creating the report layout for the acquired data and displaying
batch logs on the screen
Data View / Export View and various ActiveX Controls for displaying batch data
Data Center, for compiling the batch data (only in the redundant version)
Apart from the automatic acquisition of the configured batch data, manually
entered values, for example laboratory values can be added to a batch report later.
If the batch report is transferred to the archive automatically due to the set export
option, no more changes can be made to the report if the "Complete automatically"
option is set.
It is also possible to use a script in WinCC to configure an electronic signature of
the batch reports by the logged-on user and with it the manual assignment of the
batch status (released / locked).
PM-QUALITY can be used both in a WinCC single-user system and in a WinCC
multi-user system.
For use in redundant systems, PM-QUALITY is also available with the PMQUALITY Data Center option. This application merges the recorded batch data
from two runtime databases in an export database. The Data Center can be
installed separately from PM-QUALITY on any computer in the network.
64
System specification
3.3.10
Web navigator
The WinCC Web Navigator option is used to set up remote access to the WinCC
project via Microsoft Internet Explorer. The name of the WinCC server is entered in
the address bar to view the process pictures. A logon dialog automatically appears
and a user with the necessary rights must authenticate himself here using his
password. The details are checked by SIMATIC Logon. Operator input in the
process pictures, for example changing I/O fields, is subject to access protection
that is defined in the WinCC project under Editor User Administrator.
65
System specification
WinCC DataMonitor
WinCC DataMonitor is a pure display and evaluation system for process data from
WinCC, data from the WinCC long-term archive server and data from the WinCC
Central Archive Server (CAS). WinCC DataMonitor provides a number of analysis
tools for interactive data display and for analysis of current process values and
historical data:
Excel Workbooks allows the integration of current and historical messages and
process values from WinCC in MS Excel and therefore supports online
analysis.
Trends & Alarms is used to display and analyze historical data from WinCC
runtime / the central archive server or from WinCC long-term servers. The data
can be displayed in tables or in trends.
Process Screens are simply used for monitoring and navigating using WinCC
process pictures with MS Internet Explorer (view only client).
Connectivity pack
The connectivity pack provides interfaces for access to archive data and messages
in WinCC. WinCC provides access to the following process data:
Alarms and events (messages), OPC A&E, read and write (acknowledgments
only) access
Process tags (states), OPC DA, read and write access, ships with WinCC
system software
The connectivity pack provides standardized access with OPC and OLE DB from
computer systems at enterprise and management levels to computer systems at
the process level.
66
System specification
3.3.11
SIMATIC IT
With its numerous components, SIMATIC IT forms an MES (Manufacturing
Execution System) following the ISA 95 standard.
SIMATIC IT is used to optimize the interaction of planning, development, and
procurement within the framework of manufacturing processes.
The main elements of SIMATIC IT are:
67
System specification
3.4
3.4.1
Print drivers
It is advisable to use the print drivers integrated in the operating system that have
been approved for use with SIMATIC WinCC. If external drivers are used, there
can be no guarantee that the system will operate problem-free.
3.4.2
Virus scanners
The use of virus scanners during operation is permitted. More information about
selecting and configuring virus scanners and updating them can be found in the
WinCC Readme files.
3.4.3
68
System installation
The WinCC system software is available as a complete package (engineering und
runtime software) or as a runtime package on CD. The software is licensed using
license keys graduated according to the number of power tags (external tags) for
interfacing to the automation level.
In a multi-user system with server/client structure, the system software with the
required number of power tags and the server option is installed on the WinCC
server. With a basic configuration, the smallest RT license is adequate for clients.
Prior to installation on a PC, the specified hardware requirements and approved
operating systems as listed in the WinCC Installation Notes must be checked.
69
System installation
4.1
Note
When issuing the computer name, WinCC project name and names for tags and
objects, the list of "Impermissible characters" in WinCC must be noted. This list is
stored in the WinCC Information System under Working with WinCC > Working
with projects > Annex > Impermissible characters.
The computer name must comply with the WinCC naming convention before the
MS SQL server is installed. The computer name cannot be changed later on. This
requires the MS SQL server and WinCC system to be fully reinstalled.
70
System installation
4.2
Note
WinCC is basically approved for operation in a domain or workgroup. Domaingroup policies and domain restrictions can hinder the installation. In this case,
remove the computer from the domain prior to installation. After the installation,
the computer can be returned to the domain if the group policies and restrictions
do not prevent operation of the WinCC software.
Before the WinCC system software is installed on the PC, setup checks whether
certain system requirements are met.
Operating system
User permissions
Security policies
Graphic resolution
Internet Explorer
SQL Server that ships on a separate CD along with the SIMATIC WinCC
system software.
Once all the requirements have been met, the installation of SIMATIC WinCC
is started. Follow the instructions of the setup.
71
System installation
72
System installation
4.3
Note
The proposed settings must be accepted in order for the SIMATIC WinCC system
software to function properly.
73
System installation
4.4
74
System installation
4.5
Print drivers
It is advisable to use the printer drivers integrated in the operating system that
have been approved for use. If external drivers are used, there can be no
guarantee that the system will operate problem-free.
Virus scanners
The use of virus scanners during operation is permitted.
The following settings should be observed when using virus scanners:
The manual search should not be run during process mode. It can be run
at regular intervals, for example at maintenance intervals.
75
System installation
4.6
Note
The structure of the access protection must be specified at the start of
configuration.
All the permissions for working with the visualization user interface (faceplates,
input boxes, buttons etc.) must be set up according to the specifications in the
URS and the FS.
Note
The access security all the monitoring mechanisms (password age, password
length, password generation, password lockout threshold etc.) must be configured
and set in Windows. The operating system user should also only have power user
or user permissions and should not have administrator privileges. This ensures
that only WinCC has access to the database. This means that access by the
operating system to the SQL database is impossible.
76
System installation
4.6.1
Note
When the Windows audit policies are activated (see chapter 4.6.3 "Security
settings in Windows"), actions made by an operating system user in the operating
system are recorded.
77
System installation
4.6.2
In a domain
In a workgroup
Windows domains
Within a domain, the AGLP strategy (Access Global Local Permission)
recommended by Microsoft for the management of resource access over trusted
relationships in Windows) is used; in other words, if users of a domain with the
same tasks are added to a global group, they are also added to a local group and
then adopt the necessary permissions. If a domain server is used in the working
environment, the advantages of the group and user management can be used in
conjunction with SIMATIC Logon. The central administration of groups and users
on the domain server allows all computers that belong to the domain access to the
groups and users. To increase availability, domains can be set up with several
domain servers.
Windows workgroup
Within a workgroup, local users with the same tasks should be added to a local
group and the required permissions assigned to the group.
If a computer is a member of a Windows workgroup, the computer acting as server
of the workgroup must be specified. All user data are created and managed on this
server. From here, they are made available to the other computers in the system.
The WinCC server can be included in the server selection, however for
performance reasons a separate computer is often selected and used only for
managing users.
In the login selection box, the local computer or a domain can be selected. This
displays all groups of this server. Administration of the groups and users of the
computers belonging to the workgroup is not necessary. A redundant configuration
is not possible in this case. Emergency operation is possible using the local user
management.
SIMATIC WinCC supports the Windows permissions model. When SIMATIC
WinCC is installed, the following local groups are set up:
SIMATIC HMI
SIMATIC HMI CS
SIMATIC WinCC manages the security settings and share rights automatically. To
create and start a WinCC project, a user requires the administrator or power user
status and must be a member of the SIMATIC HMI user group. The access rights
within the WinCC project are checked by User Administrator.
78
System installation
You will find more information in the SIMATIC WinCC Installation Notes and
"WinCC Security Concept" Manual, Chapter 4 "User and Access Management in
WinCC and Integration into Windows Management".
4.6.3
Note
The Windows domain must be used when there are several servers or redundant
servers to make sure that users can continue to input data or log on if a domain
server fails.
When logging onto Windows, each user is assigned exactly the permissions
required to perform the particular task. For example, in order to work on the
WinCC project, the user must be a member of the local group Power User and
SIMATIC HMI.
When logging in during runtime, the operator is given exactly those rights
required to operate the plant as defined in the UserAdministrator.
Additional information
WinCC Information System, section Working with WinCC > Setting Up User
Administration > WinCC Options for the User Administrator > Option
SIMATIC Logon
79
System installation
Password must meet When it is activated, the password must contain at least
complexity
three of the four following categories:
requirements
1. A-Z uppercase letters
2. a-z lowercase letters
3. 0-9 numerical characters
4. !,$,% etc. special characters
Minimum password
length
Maximum password
age
Minimum password
age
The following screenshot shows the Password Policy dialog box. The settings
shown are examples:
Computer management is opened with the following menu command: Start >
Settings > Control Panel > Administrative Tools > Security Settings.
80
System installation
The following screenshot shows the Account Lockout Policy dialog box.
81
System installation
Audit account
management
Computer management is opened with the following menu command: Start >
Settings > Control Panel > Administrative Tools > Local Security Settings.
Note
To monitor the logon activity, the required settings must be made in the audit
policy of the local policies of Windows.
82
Note
After installing Windows, default parameters are set for the password policy,
account lockout policy and audit policy. The settings must be checked and
adapted to the requirements of the current project.
System installation
Additional information
83
System installation
4.6.4
The full name of every user must be entered in "Local Users and Groups" in
Windows Computer Management. This name is used by the application for
display in SIMATIC WinCC after logging on.
The basic settings for configuring SIMATIC Logon are made in the Configure
SIMATIC Logon dialog.
The relevant language is set in the General tab. It is also possible to define
whether a default user is logged on after a user has logged off (by the user or
automatically by the system). It is also possible to set the number of days after
which a user is reminded that a password change is necessary.
Note
In contrast to all other users, the "Default user" must not be created as a Windows
user. The "Default user" is a member of the "Default group" and
"Emergency_operator" groups. Which rights these groups have is specified in the
WinCC User Administrator (server/client).
In the Working environment tab, the user specifies whether the information
relating to groups and users relates to a Windows domain or a Windows workgroup
server. The name of the domain or workgroup server must be entered.
84
System installation
In the Logon device tab, the user specifies whether the logon is via the keyboard,
smart card or other procedure such as biometric user identification, for example by
fingerprint.
In the Automatic logoff tab, the user specifies whether automatic logoff is used. If
this is selected, the delay before a user is automatically logged off must also be
specified.
85
System installation
Note
Activating a screensaver is not permitted in conjunction with SIMATIC Logon.
Note
To allow operator input during operation, user groups are configured in the WinCC
User Administrator.
86
System installation
4.6.5
Create group(s).
The check box for enabling SIMATIC Logon must also be selected in the User
Administrator of the WinCC project.
Note
In conjunction with SIMATIC Logon, it is not permitted to configure a time for an
automatic logoff in the User Administrator. An automatic logoff is configured only
in SIMATIC Logon.
See Chapter 4.6.4 "Configuring SIMATIC Logon"
Note
The configuration and assignment of user permissions is described in detail in the
WinCC Information System in the section Working with WinCC > Setup of a
User Administration.
87
System installation
4.6.6
The operating permissions in WinCC Audit are governed via the Audit Admin and
AuditDocControl user groups. The help system for WinCC Audit provides detailed
information.
88
System installation
4.6.7
89
System installation
4.7
90
System installation
4.8
The CAS is configured via the CAS engineering station. See Chapter 6.8.2.2
"Configuring the Central Archive Server".
91
System installation
4.9
Note
Access to the operating system level should only be permitted for administrators
or maintenance personnel.
The Keep the taskbar on top of other windows setting must also be disabled in
Windows.
92
System installation
93
System installation
94
5.1
Startup behavior
Once the configuration of a WinCC project has been customized, only the runtime
component of WinCC is used for operator control and monitoring and for data
archiving. To prevent unauthorized access to the system, the computer can be
configured so that WinCC Runtime is activated automatically when the computer
starts up.
When the operating system starts, one user who is a member of the SIMATIC HMI
user group must be logged on automatically. This procedure is described on the
Customer Support Internet page under Entry ID 15390777
(http://support.automation.siemens.com/).
The WinCC project to be opened when the computer starts up is specified in the
"AutoStart Configuration" WinCC program. An alternative / redundant project can
also be specified. If the "Activate project at startup" check box is selected, the
WinCC project is activated immediately during operation. Clicking the "Add to
AutoStart" button enters the settings in the computer autostart and these go into
effect the next time the computer is started.
The "AutoStart Configuration" dialog is opened with Start >Programs > SIMATIC
> WinCC > Autostart.
Additional settings for the startup characteristics are made in the WinCC project.
To do this, open the properties of the Computer object from the shortcut menu.
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
95
Those WinCC components that were configured and must therefore be active
during operation (for example Tag Logging, Alarm Logging, etc.) are activated in
the "Startup" tab.
Other applications that are required to be active on the computer during process
mode can be included in the list with the Add button as can be seen in the
Additional Tasks/Applications box.
96
5.2
97
5.3
98
The example shows how a system tag is set up to evaluate the hard disk capacity.
The display of the relevant system tag could, for example, be configured in a
diagnostics picture along with the ActiveX control Channel Diagnosis.
99
5.4
Object-oriented configuration
By using picture windows (for example for controlling process units such as valves,
drives or similar) and user objects (for example for uniform visualization of objects)
in WinCC, the configuration can be created object-oriented. The objects (picture
window, user blocks) are created once for the various use cases. The design and
control philosophy must be discussed with the customer, described in a
specification and approved by the customer. The individual objects are then put
through a function test and qualified. When configuring the process pictures,
copies (user objects) or instances (picture windows) of the qualified objects are
used.
User objects
A user object is an object whose graphic representation and dynamic
characteristics are tailored to the requirements of the system. The object properties
and the events that cause a dynamic response in the object are specified
individually in a configuration dialog. Structure tags are recommended for the
dynamic response of the user objects (see structure tag below).
User objects are either entered in the project library or collected together in a
standard picture.
The procedure for creating user objects is described in detail in the WinCC
Information System.
Note
When a user object is duplicated, a copy is made. If a user object is changed, for
example by adding an object property, all the linked user objects must be updated
manually.
100
Picture windows
The picture window smart object allows a picture to be called within a picture. This
functionality is used, for example, to call a window for controlling a process unit
(valve, drive). Such an operator control picture is configured once for a particular
function and then opened as an instance in a picture window. When the picture is
called, a tag prefix is transferred (see structure tag below).
The example shows the properties of a picture window. The picture name, tag
prefix and title properties were configured.
101
Structure tag
Structure tags are used to make picture windows and user objects dynamic. A
structure type is defined for a process unit, for example a motor, and contains all
tag types for the motor as structure elements.
The example shows a simplified form.
102
A new tag of the data type "Motor" is created in the WinCC tag management for the
corresponding communication connection. The addressing is configured
accordingly.
In integrated mode, tag management is adopted from the SIMATIC Manager. The
address is thereby assigned automatically.
103
Based on the example, the following tags will be created for the communication
connection:
The tag name is made up of the structure instance, for example the name of the
motor, and the structure elements of the structure type separated by a period. The
structure instance is transferred to the picture window as the tag prefix property
(see example of picture window above).
104
The individual structure elements are linked to the relevant object properties to
allow a dynamic response in the picture that is called in a picture window to control
the motor.
By linking the structure elements, the picture is dynamically updated once. When
the picture is called, only the tag prefix is transferred.
The procedure with user objects is similar. The structure elements are attached to
the configured, user-defined object properties. To link to the tag instance, the
dynamic Wizard "Change user object link" is used that is integrated in the WinCC
Graphics Designer.
105
5.5
106
The following refers to a few tools and functions used to reduce the
validation work required for an computer system in the GMP environment.
5.5.1
Symbol library
The integrated global library contains numerous pre-configured graphic objects.
Graphic objects such as machines and plant components, measuring equipment,
operator control elements and buildings are thematically organized. The library
objects can be inserted with drag-and-drop and adapted as required.
Note
To keep the work for qualifying process pictures to a minimum, it is advisable to
use standard symbols from the symbol library.
107
5.5.2
Project library
The project library can be used to store objects developed and defined by the user
that can then be included in multiple process pictures. User-defined objects that
have been tested and qualified individually are stored in the project library and are
then available as a project standard for multiple use.
Note
The project library is part of the WinCC project and is located in the subdirectory
"\library". To allow its use in other WinCC projects, the library.pxl file must be
copied to the corresponding folder of the destination project.
108
5.6
109
5.7
110
5.8
Redundancy configuration
The redundancy option is included in the WinCC system software, but has to be
licensed separately on each computer. To install, the WinCC Setup is started, the
Customized selection chosen and the Redundancy option selected.
The configuration dialog is opened using the Redundancy entry in WinCC Explorer.
This is where the computer name of the redundant partner server is stated,
settings for data calibration are made and the connections to the redundant partner
configured. Data calibration in redundancy mode is selected for the corresponding
user archive in the User Archive tab.
With WinCC V6.2 and higher a second computer link is needed between the
servers.
Data calibration in redundancy mode is approved by selecting the Activate
redundancy check box.
111
Synchronization of the internal tags must be configured separately for each tag.
The Tag synchronization check box in tag management is activated for this
purpose in the properties dialog for tags.
Once redundancy has been configured and the corresponding internal tags have
been synchronized, the Project Duplicator (Start > Programs > SIMATIC > Tools
> Project Duplicator) is used to create the WinCC project for the redundant
partner server and this is copied onto the computer. The computer name and
standard master settings are adjusted automatically.
The WinCC project is first activated on the standard master, then on the redundant
partner server. The value of the internal binary tags @RM-Master is 1 on the
master server and 0 on the partner server.
112
113
5.9
Time synchronization
In SIMATIC WinCC, the time transmitted on the bus as default is the standard
world time UTC (Universal Time Coordinated). This corresponds to Greenwich
Mean Time.
The time stamps are generated in UTC and stored in the archive of the WinCC
server. During operation, the process data stored in the archive (messages and
trends) are displayed with the timebase configured in the Properties dialog of the
ActiveX control. This allows a system configuration in WinCC over different time
zones.
Note
The activation of time synchronization is necessary in plants in which GMP is
mandatory.
114
Note
Time synchronization must also be activated on the engineering stations
otherwise problems could arise when downloading changes.
5.9.1
Note
The time on the clients in the domain is synchronized using Microsoft system
services.
Additional information
Procedures for configuring time synchronization can be found in the following
documents:
WinCC Information System > Options > Options for Process Control
>Time Synchronization
WinCC Information System > Release Notes > Process Control Options >
Time Synchronization
115
5.9.2
116
Client/server
1. Time synchronization over the plant bus (WinCC server is time master).
By selecting the Synchronization via System Bus (Master, Slave) check
box, the access point for time synchronization can be defined. The WinCC
server is also declared as time master.
117
118
Note
Other concepts for time synchronization are documented in the "SIMATIC WinCC
Security Concept" manual.
5.9.3
5.9.4
Time stamping
119
Note
The bit message procedure and limit value monitoring can be used with a singleuser system in WinCC. In redundant systems or WinCC systems with several
operator stations, chronological signaling is used for coordinated acknowledgment
and transmission.
For chronological signaling, the SFCs/SFBs Alarm, Alarm_S/SQ, Alarm_D/DQ,
Alarm_8/8P are used on the SIMATIC S7. Refer to the respective CPU manuals
and the block descriptions in the SIMATIC STEP 7 help to learn about restrictions
regarding the system resources for simultaneously pending messages.
To use the chronological signaling function, the SIMATIC S7-400 in conjunction
with the Alarm and Alarm 8/8P blocks is recommended.
Process values that receive their time stamp from the automation system are
prepared in the form of a frame on the automation system and transferred as a raw
data tag. The packet structure is described in the WinCC Information System in
Working with WinCC > Archiving Process Values > Basics of Archiving
Process Values > Process Values and Tags > Structure of a Frame with Raw
Data Tags. The frames are evaluated in Tag Logging by format DLLs and entered
in the archive. The date and time correspond to the time at which the process
value was stored in the automation system.
The specification (URS, FS) of a GMP-compliant plant must describe the way in
which time stamping will be performed. The accuracy necessary for message and
process value acquisition must be checked in detail. The methods of time stamping
mentioned above can be used alongside each other.
120
5.10
5.10.1
5.10.2
5.10.3
121
"The main version is set to 1.0 after the FAT and to 2.0 after commissioning. All
other changes are incremented in the secondary version".
The distinction between main and secondary version changes can also be made
for example by the scope or impact of the change.
5.10.3.1
Name
Date
Version number
The procedure for the versioning is part of the configuration management and must
be described in a SOP, which is binding for all persons participating in the project.
The following describes examples and options for versioning in WinCC:
122
5.10.3.2
Additional information on versioning, for example the version ID, date changed and
name can be entered in a static text box. It is practical to place the text boxes for
versioning in a separate picture level that can be shown or hidden as required. The
display of the static text box during process mode is controlled by the Display
object property.
123
Note
Details of a change can, for example, be described in the relevant validation
documents.
Note
WinCC Audit RC or WinCC Audit Change Control feature a document check with
automatic versioning for WinCC pictures.
124
5.10.3.3
Versioning VB / C scripts
VB or C scripts are created to access tags and graphic picture objects during
operation and to trigger actions that are not dependent on pictures.
Scripts are also used to link functions triggered during process mode to individual
object properties in Graphics Designer (for example input using the mouse).
Two different methods of script creation are distinguished in WinCC:
VB / C scripts created with the Global Script editor provide boxes in the Properties
dialog for entering the data Create By, Changed By, Version ID and Comment.
The creation date and date of change are entered automatically by the WinCC
system.
125
comment box of the Properties dialog (see above) can also be used to record the
history.
Example of recording the history in a C script
Note
WinCC Audit RC or WinCC Audit Change Control feature a document check with
automatic versioning for C / VB scripts.
126
5.10.3.4
Versioning reports
The automatic issuing of version IDs in the report layouts is not supported. A static
field can be inserted in the report layout for a version ID allowing manual
versioning of different states. The version ID must be kept up-to-date as specified
in the SOP for configuration management. The following picture shows an example
of a report layout footer with a field added for versioning.
Note
WinCC Audit RC or WinCC Audit Change Control features a document check with
automatic versioning for report layouts.
127
128
6.1
Introduction
In a full automation solution, the SIMATIC WinCC SCADA system handles the
operator input, monitoring and data archiving functions. The interface to the
automation level is over powerful process links.
Chapter 6 explains the configuration of SIMATIC WinCC in a GMP environment
based on examples. The configuration of the automation level in a GMP
environment is not described in this chapter.
The following graphic shows the life cycle model. The configuration focused on in
this chapter belongs to the System build area in the graphic.
VP
PQ
VR
QPP
QP
QR
PQ
Traceability
Matrix
IQ
ica
if
ec
Sp
FS
tio
SAT
n
DS
FAT
Module
Development
Qu
ali
fic
ati
on
OQ
Te
sti
ng
/
URS
Application
Development
Module
Testing
System Build
129
6.2
If the Basic Process Control WinCC option is installed, the following editors are
added to the WinCC Explorer.
The OS Project Editor is used to configure the WinCC project for standardized
operator control of the process among other things, the monitor layout, monitor
resolution, operating philosophy for the buttons, and message presentation are
configured.
130
The user interface is divided into three areas, the overview area, the work area and
the button area.
Additional editors included in the Basic Process Control WinCC option are:
131
6.3
Input/output field
To create an operator input message for an I/O field object, the Operator input
message property must be set to yes. If the Operator Activities Report property is
also configured with yes, the system opens a window for entering comments after
the value has been applied.
The I/O field is also assigned access protection. For the Operator permissions
property, a function is selected that was configured earlier in the WinCC User
Administrator (see chapter 4.6.5 "Configuring the user administrator"). Only
persons authorized to use this function can make changes in the I/O field.
The figure shows the Properties > Miscellaneous selection for an I/O field in
WinCC Graphics Designer.
132
Button
As default in WinCC, an operator input message is generated only when a direct
connection to a tag is configured. This means that if there is a direct connection,
the mouse click event for the button writes the value specified for the constant to
the defined tag. If the Operator Input Message check box is selected, the system
generates a message. It is not possible to enter an operator input comment here.
Functions that are not offered here, for example entering comments, can be
programmed using script functions. These functions belong to software category 5
and require more work for validation.
133
The transfer parameters in this function call have the following meaning:
pszSource
pszArea
pszEvent
pszBatch
pszUnit
fOld
fNew
pszComment
This project function can be downloaded free of charge from Customer Support
under entry ID 24325381 (http://support.automation.siemens.com/).
Note
The operator input message produced in this way distributes the message
information to process value blocks 1 to 5. Compared with the automatically
created operator input message, the information is therefore contained in different
reporting columns.
134
Note
If the standard operator input message is used when creating the operator input
message, this is also automatically adopted by WinCC Audit.
6.4
Electronic signature
Operator actions in WinCC, for example, input via I/O fields or buttons, can be
configured so that an electronic signature is required from the logged on user. The
operator actions that require an electronic signature during operation must be
specified in the specification (URS, FS).
Below, there is an example of configuring use of a button with an electronic
signature.
In the example, the Start / Stop buttons turn the air-conditioning on or off. When
the button is clicked, a picture window opens in which the password of the loggedon user is requested. The button function is executed only after the correct
password has been entered.
Procedure:
1. Two buttons for Start and Stop are configured in a process picture. In the
Object Properties > Miscellaneous, the operator control enable was set to
No for every button. The status of the operator control enable Yes / No is
controlled depending on the AirCond_Active tag. This is achieved by linking
the tag or using a dynamic value dialog.
2. For the Authorization property, the Aircondition function was assigned to
each button. This restricts the operator input permissions for the button to
those users who are members of a user group to which the Aircondition
function was assigned. This is configured in User Administrator (see chapter
4.6.5 "Configuring the user administrator").
135
In the object properties in the Events tab, the Mouse Action property is linked to a
VB script. The SL_VerifyUser.bmo VB function which the SIMATIC Logon Service
dialog displays is called up in this script. The function authenticates the logged-on
user using the password entered. Depending on the outcome of this check, the
functions which are to be triggered by pressing the button are programmed. In this
example, the AirCond_Active tag is set to 1 for the Start button and reset to 0 for
the Stop button.
The SL_VerifyUser.bmo function can be downloaded free of charge from entry ID:
24458155 (http://support.automation.siemens.com/).
The InsertAuditEntry function inserted in the script produces an entry in the WinCC
Audit Trail which reflects the operator action and logged-on user.
136
During operation the details of the electronic signature have the following
appearance:
137
6.5
Audit trail
To record an Audit Trail of user actions involving data relevant for GMP, the use of
the WinCC Audit option is recommended, however, Alarm Logging of WinCC can
also be used. Both variants are introduced below.
6.5.1
WinCC Audit
In WinCC Audit Trail, operator input to standard objects such as I/O fields, sliders,
check boxes, option buttons and text lists can be recorded. The recording of the
operator control elements is enabled for each individual object in each process
picture.
For I/O fields, text lists, and slider bars, the display of user comments can also be
enabled.
138
Generation of an operator input message is enabled for WinCC tags described via
a direct connection in WinCC (see chapter 6.3 Creating operator input
messages).
The InsertAuditEntry function is also used to create Audit Trail entries. This
function can be linked both in C scripts and VB scripts. This allows user-specific
Audit Trail entries to be generated, for example due to events or changes in object
properties.
The RC license is required to configure the Audit Trail with WinCC Audit. Once
configuration is complete, this can be replaced with the RT license. This license is
sufficient for records in the Audit Trail during operation.
139
If the Audit Trail is stored on a network drive, it is first recorded on the local
computer with the WinCC project and then transferred to the remote computer. If
the connection between the remote and local computer fails, all incoming Audit
Trail entries are buffered until the connection is established again. The buffered
Audit Trail entries are then automatically transferred from the local to the remote
computer. This avoids problems and loss of data if the network is disrupted.
140
Note
More information on configuring WinCC Audit can be found in the associated
documentation.
Displaying, printing and exporting the Audit Trail via Audit Viewer
The Audit Viewer displays the content of the selected WinCC Audit Trail. The Audit
Viewer is installed as an independent program under Windows and is part of the
WinCC Audit product. A large number of different filters can be set to filter out
important information for the application. WinCC Audit provides so-called Custom
filters, which represent frequently needed inquiries. Beyond that you can define
your own filters and store them in a file
Customers can also define their own filters and save them in a file.
If required for other purposes, the generated Audit Trail can be exported to an MS
Excel file. This is only possible if MS Excel >= 2003 is installed on the computer. It
is also possible to document the data on a printer. If a PDF writer is installed on the
computer, the data can be stored in PDF format.
To allow viewing of the Audit Trail in plant pictures during WinCC runtime, the Audit
Viewer application can also be linked into a WinCC picture as an OCX.
141
Note
The Audit Viewer only displays the data and there is therefore no possibility of
entries being manipulated.
The Audit Viewer can access all Audit Trail databases located on the network.
If access using the standard Audit Viewer tool is not sufficient, access via the MS
SQL Server Management Studio can be set up. This is done using the
WinCCAuditViewer user account with read-only rights so that the Audit Trail
database is protected from changes.
142
6.5.2
The operator input message is a system message that cannot be configured userdefined. Values that are changed due to the operator input are automatically
entered in process value 2 (old value) and in process value 3 (new value) by the
system. We therefore recommend that you rename process value blocks 2 and 3.
The tag designation is transferred in the tag system block.
143
Double-clicking on the control opens the Properties dialog. To ensure that only
operator input messages are displayed, a selection must be made. The Selection
button opens the configuration dialog. Under System Blocks > Message Classes,
the System message, without acknowledgement is selected. On the right in the
detailed window, the operator input message must simply be selected.
144
145
To allow entries for the login / logout of a user to be shown in the Audit Trail, the
type must be changed from process control to operator input message by doubleclicking in the Type column for the message numbers 1008000 through 1008007 in
the WinCC Alarm Logging.
The display of the message blocks is also configured in the Message Lists tab.
The X in the Comment column shows that a comment exists. This can be
displayed with the button marked in the screenshot as follows:
146
147
6.6
Creating a process value archive and selecting the tags to be stored in the
short-term archive.
Data (analog and binary values) relating to process tags is stored in a database via
the process value archive. A process value archive is created as a short-term
archive. The size is decided in the specification (URS, FS, DS).
148
6.7
149
6.8
Long-term archiving
In the archiving concept of WinCC, a distinction is made between online archiving
(short-term) and offline archiving (long-term). Online archiving is handled by
WinCC Alarm Logging and WinCC Tag Logging.
6.8.1
150
Copy backup files onto the configuration computer on which WinCC Runtime is
run. In Alarm Logging or Tag Logging, the backup files are connected to the
project so that the archived values can be displayed in operation.
In the properties of the message archive, a folder is entered as the destination path
in the Backup Configuration tab. This folder is the folder set up on the long-term
server. To avoid problems if the long-term server fails, a second alternative
destination path can be specified.
The setting Signing off active is made in the backup configuration (Tag Logging
Fast and Tag Logging Slow) for process value archives that archive data from a
GMP environment. When the data is transferred, a checksum is generated. This
allows subsequent manipulation to be detected by the system when a backup
process archive database is reconnected to the WinCC system. If a manipulated
database is reconnected, WinCC displays a warning.
151
The backup for the Tag Logging Fast and Tag Logging Slow archives is configured
in Tag Logging.
For more information, refer to Alarm Logging above.
6.8.2
6.8.2.1
Method
Archived data, like process values (Tag Logging) and messages (Alarm Logging)
are collected in the Central Archive Server from the connected WinCC servers. The
advantage of the CAS is that the data that are transferred from the WinCC servers
and stored on the CAS are available for viewing and analysis purposes for longer
than is the case with the WinCC long-term archive server.
The archived process values are displayed in the form of trends and tables and the
alarms are displayed during operation (runtime) using the WinCC controls that are
provided as standard and incorporated in the process picture. Accessing the
archive data over a selected time period takes the form of transparent access that
is handled automatically by the system. This means that the user no longer needs
to concern himself with whether selected archive data are still available on the
WinCC servers or whether they have already been transferred to the CAS.
152
The WinCC CAS software is used to automatically install the StoragePlus software
package on the computer. StoragePlus provides tools for CAS administration,
creating web views and a WebViewer. This allows various views of the archived
data to be configured using Internet Explorer.
The example shown in the following picture shows the possible forms of access for
displaying trends and tables (Tag Logging) and messages on the WinCC clients.
The individual server segments are transferred to the CAS once complete. If this
isnt possible, for example if the connection is interrupted, the data segments
remain on the server. Another transfer process is started later on. This procedure
is known as Store & Forward and offers high levels of data security.
153
6.8.2.2
154
Import an existing WinCC server project via Menu Options > Import OS or
insert a SIMATIC PC station, double-click on the Configuration object in the
right-hand window (the hardware configuration is opened), select the Insert
object context menu from the table to select the HMI application type >
WinCC application
Create one more SIMATIC PC station each with the WinCC CAS application
type or the WinCC application client, as described above
The path to the destination computer on which the corresponding project is running
in runtime is stated in the object properties for each application.
155
The Alarm Logging and Tag Logging are configured as usual in the WinCC project
via the engineering system and no backup configuration is entered. This is done
automatically by the system configuration.
The Long-term relevance option is automatically selected in Tag Logging for each
configured archive tag. This option can be deactivated in either the corresponding
column or properties dialog if long-term archiving is not needed in the CAS.
156
The archive settings for data management on the Central Archive Server (CAS)
are configured in the CAS Options tag.
With regard to the hard disk memory capacity available, the operator must assess
the extent to which access including long-term access must remain for the
system.
CAS data that are transferred using a backup configuration must be reconnected to
the CAS for viewing.
157
Once all the WinCC applications have been configured, the server data for the
WinCC server and CAS are created using the context menu.
The server data of the CAS are then assigned to the WinCC server and the server
data of both the WinCC server and CAS assigned to the WinCC client. This is done
using the context menu Assign OS server.
The Destination system > Load context menu is used to transfer the project data
for every WinCC application to the destination computer. The WinCC project
should now be opened on the destination computers and runtime activated.
Note
The preconditions and details relating to the CAS configuration described above
can be found in the WinCC CAS Information System.
Note
Once the CAS project has been created, all configurations, including WinCC
server configurations, are run on the engineering station (ES) and not on the
destination computer. Each time the configuration is changed, a new server
package is created and loaded on the destination computer.
158
The View Editor is used to configure trends and message displays that are
saved in a separate view.
The Web Viewer is used to display views that are produced using the View
Editor and have been published for this form of viewing.
Access protection
The Central Archive Server is a dedicated server, i.e. it is not a station on which for
example a process WinCC server can be operated and observed. It is simply used
for archiving. CAS access protection therefore takes two forms:
A WinCC client that has access protection thanks to SIMATIC Logon can be
used to display the data that is still linked in the CAS.
The archived data can be displayed on the CAS using the StoragePlus
WebViewer. StoragePlus offers dedicated access protection for this.
Network security
The Central Archive Server needs to access the WinCC terminal bus to receive
data from the WinCC servers.
There is just one approved folder called ArchivDir on the CAS for this purpose.
Completed database segments are transferred here from the WinCC servers.
The StoragePlus WebViewer is simply used to display the archived data on the
local computer.
The Central Archive Server must be included in the entire system security concept
(see chapter 3.2 "System network security").
159
6.8.2.3
6.8.2.4
160
6.8.2.5
Data displays
Pre-assembled views are available as
Views that have been fully produced are displayed on the CAS computer using the
Web Viewer via Internet Explorer.
More information can be found in the WinCC CAS Information System
documentation.
Since StoragePlus can only be used to access locally on your own PC, the address
for Internet Explorer is http://localhost/ when launching the WebViewer.exe
application.
As the Windows operating system user already logged in, you are automatically
logged in.
6.8.3
Only completed batches can be archived. A batch has the status closed, when:
161
Automatic export of a batch is performed only once. Selecting the Automatic batch
finalize check box in the Project Settings > Defaults dialog has the effect that
changes to the batch data are no longer possible after the automatic export.
For export in HTML format or XML format, subsequent manipulation of the data
can be prevented by assigning the appropriate rights to the drive (read-only).
PM-QUALITY checks if the completed batch is ready for export in the current
acquisition cycle. The data must first be exported to a local hard disk. Transferring
the batch data to an external drive, for example to the long-term archive server,
can be configured with Following action.
162
The Export View application is used to view batch data in the database format. The
tool is contained in the PM-QUALITY package.
The batch is selected in a batch list dialog; viewing on screen is started with a
button in the toolbar.
For more detailed information on the WinCC premium add-on PM-QUALITY, refer
to the product's online help.
163
6.9
Reporting
6.9.1
Message report
Archive report
Tag table
Note
WinCC Report Designer supports logging of continuous processes.
The contents of user archives can also be documented in the form of a table.
The design and output of the runtime data can be defined in page layouts. Print
jobs control the printout. The output range and options are also specified in the
print job.
A series of system layouts and system print jobs for various documentation
requirements are supplied with the product. These can be used to create new
layouts or print jobs but they should not be modified. Changing the system layout
means additional test effort from a GMP perspective. If the system software is
upgraded, the system layouts are overwritten by the installation.
Note
The WinCC Information System lists available layouts print jobs in Working with
WinCC > Documentation of Configuration and Runtime Data > Appendix
System Layouts and Print Jobs for Runtime Documentation.
164
6.9.1.1
In the following example, the Archive Report object under Alarm Logging RT is
linked into the report to show the Audit Trail entries (user input messages). The
column appearance is configured in the properties.
165
166
As a filter, either the number of the operator input message is specified (the
message number is fixed by the WinCC system) or activated by clicking Message
Class > System, without acknowledgment and selecting the Operator input
check box.
167
6.9.1.2
Print jobs
WinCC Report Designer documents data from continuous processes over a
defined time. The period is set along with all other settings in the print job. During
process mode and before the log starts, it is also possible to open a parameter
assignment dialog in which the output selections, timebase, and time range for the
output of archive tags can be changed for the log being output.
Note
For more detailed information on the WinCC Report Designer, refer to the WinCC
Information System, section Working with WinCC > Documentation of
Configuration and Runtime data.
The Audit Trail entries are shown in the log as follows:
168
6.9.1.3
169
170
The Database table object is selected from the standard objects and dragged into
the layout using drag-and-drop.
171
The Database connection property is selected from the Connect tab in properties
for the database table.
172
The Edit button opens a dialog in which the connection to the WinCC_Audit
database is configured.
The data source previously created is selected under ODBC data source.
Activating Display column headers prints the WinCC Audit column headers in the
report.
A user-specific selection for choosing the data to be displayed is specified under
SQL Statement. The Test SQL statement button checks that the syntax is correct.
The column width can be adjusted under Geometry > Columns > in the database
table properties.
173
6.9.2
Static objects for report designs and dynamic objects for displaying the batch data
are listed in the highlighted area at the lower left.
The dynamic objects are configured for the specific plant beforehand in the
Topology Manager application. The dynamic objects include batch header data,
phase sections, snapshots, alarm events, Audit Trail entries, tag logging values,
etc. A tabular horizontal or vertical display style can be selected.
Tag logging values are shown in the form of trend curves. This involves defining
trend templates in which the values and the form of the trend graphic are specified.
You can also display comparable trends with values from different batches.
The procedure for including Audit Trail entries (operator input messages) in a batch
log is shown below based on an example.
174
The alarm blocks to be shown in the batch report are selected in the properties of
the Audit Trail alarm group. The message number for the operator input message
as defined in the WinCC system is also entered in the Alarm filter dialog.
The Audit Trail alarm group is displayed in the area for the existing objects in the
Report Layout editor. The Audit Trail alarm group is dragged to the right to be
included in a report layout.
175
176
6.10
Lifebeat monitoring
The Lifebeat Monitor monitors all servers, clients and automation devices which
can be reached over PC networks and industrial networks (Industrial Ethernet,
PROFIBUS or OPC).
To configure the nodes to be monitored, the Lifebeat Monitoring editor is opened
in WinCC Explorer. Here, all the nodes to be monitored and the monitoring cycle in
which the lifebeat monitoring takes place can be set up.
Note
Lifebeat monitoring for third-party systems must be configured manually. Its use
depends on the communication partner of the third-party system. If the third-party
system represents an important interface to SIMATIC WinCC, Lifebeat Monitoring
is absolutely necessary.
For additional information, refer to the WinCC Information System > Options >
Options for Process Control > Lifebeat Monitoring.
177
6.11
6.11.1
6.11.2
WinCC OLE DB allows read access to Tag Logging and Alarm Logging archive
databases.
178
6.11.3
6.11.4
179
6.12
180
Note
The creation of category 5 software should be limited to a minimum because it
significantly increases the work involved for testing and validation.
6.13
6.13.1
181
The web page is configured in the second dialog. The settings are preassigned by
default. They can however be adapted by the user.
The Windows firewall is adapted in the third dialog. The settings needed are
described in detail in the Help section for the Web Navigator (Start > Programs >
SIMATIC > WinCC > DataMonitor > DataMonitor Information System).
The corresponding process pictures of the WinCC project must be published in the
Web Navigator Server application for remote access. Another wizard that is
launched in WinCC Explorer via the Web View Publisher context menu for the Web
Navigator object is used for this purpose.
182
The WinCC project path and folder for web access are entered automatically in the
dialog. The data can be preceded by a server prefix. This is needed when installing
on a multiclient.
Those WinCC process pictures that are to be viewed or operated via remote
access are published in the dialog.
The functions and pictures to which references are made in the process pictures
selected are published in the other dialogs.
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
183
A completion report announces that all the information has been recorded.
Note
The corresponding client has to be installed and licensed on the computer for
remote access in order to view the process pictures that are included in the
controls of the WinCC premium add-ons PM-CONTROL and PM-QUALITY.
6.13.2
Checking the check box for SIMATIC Logon activates authentication of the user
logged on via SIMATIC Logon. Also see chapter 4.6.4 "Configuring SIMATIC
Logon".
Remote access is activated by selecting the check box for the Web Navigator. The
start screen for the web client can be configured and may deviate from the start
screen for runtime on the WinCC server. There is also an option for selecting the
language for viewing in the web client.
The "DataMonitor Monitor only" function controls operator permissions between
WebNavigator and DataMonitor. If this function is not activated and the
WebNavigator license is detected, the operator can control the process pictures. If
this function is activated, the process pictures can only be monitored.
184
Note
This configuration is undertaken separately for each user group. This means that
the definitions for release for remote access, the start page, language and
operator permissions may be different for each user group.
6.13.3
6.13.4
185
When the DataMonitor server is installed, the DM-ADMIN and DM-USER user
groups are automatically created.
To configure and operate the DataMonitor, a Windows user must be created on the
computer with the DataMonitor server and this user must either be a member of
DM-ADMIN or DM-USER. Users who are assigned to the DM-USER user group
have access to view the data.
A connection is established on the remote computer via Internet Explorer. The
name of the PC on which the DataMonitor server is installed is entered under
Address (http://Rechnername). A logon dialog for specifying user ID and password
is displayed. Once the logon is complete, the DataMonitor start page appears.
186
To display the archive data, the Trend & Alarms tool for example is started by
clicking on the left-hand side.
The menu offers the following views:
Alarm table
187
188
Example of a plot:
189
6.14
190
6.15
Connecting SIMATIC S7
191
The evaluation of the tag status in this example is shown by a color. If the
described state occurs, the color changes according to the configuration. The
quality code is configured in much the same way.
The checking of the quality code and tag status can also be performed in VB / C
scripts and linked to a user-defined action.
Note
For more detailed information on using SIMATIC S7 in a GMP environment, refer
to the "SIMATIC STEP 7 GMP Engineering Manual: Guidelines for Implementing
Automation Projects in a GMP Environment".
192
6.16
193
194
7.1
Introduction
The following graphic shows the life cycle model. Qualification, which is the focus
of this chapter, is assigned to the area of Test / Qualification in the graphic.
VP
PQ
VR
QPP
QP
QR
PQ
Traceability
Matrix
IQ
ica
if
ec
Sp
FS
tio
SAT
n
DS
FAT
Module
Development
Qu
ali
fic
ati
on
OQ
Te
sti
ng
/
URS
Application
Development
Module
Testing
System Build
The aim of the qualification is to provide documented proof that the system was set
up according to the specifications and that all specified requirements have been
met. Qualification describes, executes and finally evaluates all the activities
necessary for this. Various standard functionalities of SIMATIC WinCC can be
used as support in qualification during IQ and OQ.
195
7.2
Planning qualification
Defining a life cycle for project development determines various test phases. The
basic qualification activities are then established at a very early stage in the project
and put into detailed specific terms during later specification phases.
The definitions laid down at the start of the project include
Note
The amount of test work involved should reflect the results of the risk analysis and
the complexity of the components to be tested.
In parallel to completion of the system specification (FS, DS), the individual tests
are also planned in detail. This defines:
196
Test methods, for example structural (code review) and/or functional (black
box test)
7.3
Connection type
Address number
Number of racks
Address description
Address number
Etc.
Note
The documentation is supported by print-outs of the HW config.
The switching cabinet documentation must also match this.
197
MAC address (when using the ISO protocol on the plant bus)
PROFIBUS addresses
Note
The SIMATIC NetPro configuration can be printed out.
Note
The PC passport is normally created manually. Some PC manufacturers provide a
utility for automatic detection of the hardware information.
The PC passport can be printed and used to verify the qualification (IQ/OQ) of the
installed PC hardware. Visual inspection can be carried out at the same time.
198
7.4
7.4.1
199
7.4.2
Operating system
Standard libraries
Operating system
The installed software can be verified by operating system functions. The
information can be found under Control Panel > Install/Remove Programs. All
installed software components are displayed here.
200
Software licenses
The Automation License Manager program provides information on the installed
licenses on the WinCC computer. To view this information, open the Automation
License Manager and select the partition of the PC on which the licenses are
installed on the left in the Explorer bar. The available SIMATIC licenses of the
system are now shown on the right.
Note
The installed licenses must correspond to the requirements defined in the
specification.
201
7.4.3
202
Check of the operating philosophy (access control, group rights, user rights)
Note
If extra blocks are needed in addition to the WinCC standard libraries in order to
configure special processes or functions, the amount of validation work will
increase greatly.
7.5
SIMATIC Version Trail manages all actions such as creating, archiving, deleting
version statuses, etc. of a version project in the version history (Audit Trail). The
version history can be called up using the Options > Version History menu. All
actions relating to archiving projects and even deleting version statuses are also
logged here. The following diagram shows the version history of creating the
"Sample1" version project right up to archiving various version statuses.
203
When using SIMATIC Version Trail for continuous archiving, the version history
provides a good way of documenting various software statuses during the life cycle
of an computer system.
All software statuses along with archiving date and version are listed in
chronological order.
The version statuses are stored in zip files and can be easily archived and
retrieved.
More detailed information can be found in the "SIMATIC Step 7 GMP Engineering
manual: "Guidelines for Implementing Automation Projects in the GMP
Environment".
Note
To ensure traceable versioning with a version history, we recommend using
SIMATIC Version Trail in integrated mode. More detailed information can be found
in the "SIMATIC Step 7 GMP Engineering manual: Guidelines for Implementing
Automation Projects in a GMP Environment".
204
corresponding process. The projects archive data are stored in zip files that can be
easily archived in the long term.
Manual versioning
In this storage concept, it might be specified, for example, that the project is
backed up following a change. The project can be backed up using the WinCC
Project Duplicator tool. The Project Duplicator tool is opened with Start >
Programs > SIMATIC > WinCC > Tools. The Project Duplicator produces a direct
copy of the WinCC project using the path specified.
Alternatively the folder containing the WinCC project is zipped in Windows Explorer
to back up a project. When zipping, all data are reliably compressed.
Versioning can, for example, be included in the file name of the compressed file.
When compressing the WinCC project, it is important that the folder hierarchy is
retained so that the project can be read again later.
Note
The WinCC project must be closed before it is copied.
205
206
7.6
WinCC Explorer
Project properties
Alarm logging
Tag logging the most relevant changes to timers, archives and tag tables.
User administrator
User archives
Other editor programs whose configuration data are saved in the projects CS
database.
207
The diagram shows two tags which have been created as new (Insert EventType).
One of the tags was then renamed (Update EventType).
The Document Control area covers changes in the following areas:
208
7.7
Create an image of the operating system installation with all drivers and all
settings relating to the network, user administration, etc. without SIMATIC
WinCC.
Create an image of the installed PCs with SIMATIC WinCC, WinCC options
and WinCC premium add-ons.
Create an image of the installed PCs with SIMATIC WinCC including all the
projects.
Note
An image can only be restored on a PC with identical hardware. For this reason,
the hardware configuration of the PC must be adequately documented.
Images of individual partitions cannot be exchanged between PCs because their
settings, such as registry settings, differ.
209
210
8.1
1. Release of change
specification by plant owner
4. Implementation of software
change based on the new
version
WinCC Audit is used to record
changes in the engineering and
document check in an Audit
Trail. The version statuses of the
project software and documents
are also managed
5. Test of changes incl
documentation (e.g. FAT)
211
8.2
System recovery
The procedure described in this chapter should enable the end user to restore the
WinCC system after a disaster.
Disasters are taken to mean the following cases:
The system is restored using the saved data. The backed up data (medium) and all
the materials needed for the restoration (basic system, loading software,
documentation) must be saved at the defined point. There must be a Disaster
Recovery Plan which must be checked on a regular basis.
212
When using a CAS, the data do not have to be copied back. The data are
displayed directly in the OCX Alarm Control or Trend Control / Table Control by
selecting the lost time period.
213
214
9.1
Evaluation of risks
Definition of the tests to be run in order to retain the validated status on the
basis of the risk assessment
Ports
Documentation (specification)
Note
The SIMATIC Customer Support at http://support.automation.siemens.com
provides support for software updating and project migration.
215
9.2
Note
The situations in which migration or conversion of the project data becomes
necessary are described in the WinCC Information System of the new version in
the section Upgrading WinCC > Notes on Migration of Projects.
The Project Migrator is available for migration. The project data is migrated offline,
the WinCC system software must be completely closed down. Follow the
instructions of the Project Migrator. If adaptation of the project is necessary, this
requires validation.
The validation effort is specified in consultation with the plant user. Possible test
points are the new functions available in WinCC and the correct installation of the
software components required for migration.
Note
The migration procedure is described in detail in the WinCC Information System in
the section "Migration".
Note
A WinCC project that has been opened once using WinCC V6.2 cannot be edited
or run again with version 6.0.
216
10
10.1
The power consumption of the system to be buffered determines the size of the
UPS. Another criterion for the selection is the priority of the systems.
Systems with high priority are:
Network components
Archive server
WinCC server
WinCC clients
Field devices, which usually have relatively high power consumption, can be
included in the buffering, depending on the performance capacity of the UPS. This
should be based on the process category and selected in consultation with the
system operator.
In any case, it is important to include the systems for reporting the data in the
buffering. The time of the power failure should also be included in the reporting.
The use of UPS systems is a factor in the software installation. It needs to be
installed and configured on the PC-based computer of the visualization system.
The automation systems (PLC) should be programmed in a way that allows the
process control system to be brought to a safe state with a specified buffer time in
the event of power failure.
Due to varying requirements of individual devices, three classes have been
established for the UPS context. These have been specified by the International
Guidelines for Implementing Automation Projects in a GMP Environment
A5E01100604-02
217
Engineering Consortium (IEC) under the product standard IEC 62040-3 by the
European Union under EN 50091-3:
The simplest and least expensive UPS systems (according to IEC 62040-3.2.20 of
UPS class 3) are standby or offline UPS systems. They only protect against power
failure and transient voltage fluctuations and peaks. They do not compensate for
undervoltage or overvoltage. Offline UPS systems automatically switch to battery
mode when undervoltage or overvoltage occurs.
Network-interactive UPS
Online UPS
218
10.1.1
219
220
Action
Reaction
Power failure
< 10 seconds
Power failure
> 20 minutes
Power returns
after 25 minutes
The WinCC computers are buffered by the UPS, for example for
20 minutes. An alarm in the PCS documents the power outage
and the shutdown of the WinCC computers after 20 minutes.
The UPS stops supplying power after a defined time (for
example 25 minutes) so that an independent restart of the
WinCC computers is possible once power has been restored.
Power failure
> 1 hour
The WinCC computers are buffered by the UPS, for example for
20 minutes. An alarm in the PCS documents the power outage
and the shutdown of the WinCC computers after 20 minutes.
The UPS stops supplying power after a defined time so that an
independent restart of the WinCC computers is possible when
power returns.
10.1.2
221
222
Index
2
21 CFR Part 11 ............................................... 17
A
Access protection...................................... 30, 53
Access protection CAS ................................. 159
Add-on packages ............................................ 52
Add-on software packages ............................. 60
Alarm Logging................................................. 58
Application software - creation ...................... 129
Application software backup ........................... 40
Application software specification ................... 51
Approval and change procedure ..................... 20
Archiving ......................................................... 36
Archiving - online ............................................ 58
Archiving - project ......................................... 203
Archiving/transfer - CAS ............................... 160
Audit trail ................................................. 34, 138
Audit Trail........................................................ 54
Audit Trail - CAS ........................................... 159
Audit Trail configuration - Alarm Logging ...... 143
Audit Trail configuration - WinCC Audit......... 138
Availability ....................................................... 61
B
Backup - operating system ........................... 209
Backup configuration - Alarm Logging .......... 151
Backup configuration - Tag Logging ............. 152
Backup configuration
WinCC Audit - Audit Trails ........................ 142
Backup StoragePlus ..................................... 160
Batch control ................................................... 61
Batch documentation ...................................... 37
Batch reporting................................................ 37
Batch-based long-term archiving .................... 60
Biometric systems........................................... 31
C
CAS - configuration....................................... 154
Central Archive Server (CAS) ......................... 59
Change control.......................................... 28, 56
Change control configuration changes....... 207
Change Control during operation .................. 211
Concepts for time synchronization ................ 115
Configuration control....................................... 28
Configuration identification.............................. 28
Configuration management..................... 27, 121
ConfigurationTool............................................ 56
Connectivity pack............................................ 66
D
Data Backup....................................................39
Data communication via the
ODK programming interface...................... 179
Data communication with Industrial
DataBridge ................................................179
Data communication with the
connectivity pack ....................................... 178
Data communication with the
connectivity station .................................... 178
Data communication with the
plant management level ............................ 178
Data display CAS/StoragePlus................... 161
Design specification ........................................15
Diagnostics for communication connections....97
Disabling the Windows level............................92
E
Electronic batch data .......................................38
Electronic record .............................................38
Electronic signature ........................... 32, 53, 135
Electronic signature - biometric .......................33
Electronic signature - changing values .......... 134
Electronic signature - conventional..................32
Engineering software.......................................55
EU-GMP Guide ...............................................17
EU-GMP Guide Annex 11 ............................18
EU-GMP Guide - Annex 18 .............................18
F
FAT..................................................................16
FDA .................................................................17
FDA sets of regulations ...................................18
Functional specification ...................................15
G
GAMP........................................................17, 18
GMP requirements ..........................................23
Guidelines .......................................................17
H
Hardware categorization..................................24
Index-1
Index
L
Life cycle model .............................................. 12
Lifebeat monitoring ....................................... 177
Logging - Audit Trail entries from
WinCC Audit ............................................. 169
Long-term archive server - setup .................... 90
Long-term archiving ................................ 59, 150
Long-term archiving - CAS............................ 152
Long-term archiving PM-QUALITY ............ 161
Long-term archiving - WinCC........................ 150
M
Manufacturing execution systems (MES)........ 67
Manufacturing log ........................................... 37
Migration ....................................................... 216
N
NAMUR recommendation ............................... 18
Network security - CAS................................. 159
O
Object-oriented configuration ........................ 100
ODBC data source - creating ........................ 169
Operator input message - create .................. 132
Options packages ........................................... 52
Overview pictures - creation ......................... 130
P
Page layout editor ......................................... 165
Password .................................................. 31, 33
Permission management - WinCC User
administrator ............................................... 87
Picture windows ............................................ 101
Planning qualification .................................... 196
PM-CONTROL................................................ 61
PM-QUALITY .................................................. 63
Print drivers............................................... 68, 75
Print jobs ....................................................... 168
Process data backup ...................................... 41
Process pictures - creation ........................... 106
Process value archive - setup ....................... 148
Project library ................................................ 108
Project settings ............................................... 95
Index-2
R
Redundancy - configuration........................... 111
Regulations .....................................................17
Report designer...............................................60
Reporting................................................. 60, 164
Reporting batch-oriented ..............................63
Reporting - Report Designer.......................... 164
Reporting with PM-QUALITY......................... 174
Retrieving archived data..................................42
Retrieving archived data CAS/StoragePlus 160
S
S7 - connecting ............................................. 191
SAT .................................................................16
Script ............................................................. 109
Security setting - Windows audit trail..............82
Security setting - account ................................81
Security setting - password .............................80
Security settings in Windows...........................79
Security vulnerability in configuration ..............92
SIMATIC IT......................................................67
SIMATIC Logon...............................................53
SIMATIC Logon - PM-QUALITY / PMCONTROL setup .........................................89
SIMATIC Logon WinCC Audit setup.............88
SIMATIC Logon configuration .........................84
SIMATIC NET - setting .................................. 110
Smart card.......................................................31
Software categorization ............................. 21, 25
Software categorization of SIMATIC WinCC . 199
Software creation ............................................29
Specification ....................................................14
Specification of system hardware....................47
Startup behavior ..............................................95
Structure tag.................................................. 102
Symbol library................................................ 107
System information channel ............................98
System installation ..........................................69
System network security..................................49
System recovery............................................ 212
System specification........................................45
T
Tag Logging ....................................................58
Tag management ............................................55
Third-party component ....................................43
Third-party components - connecting ............ 193
Time stamping............................................... 119
Time synchronization............................... 35, 114
Index
U
Uninterruptible power supply - configuration . 219
Uninterruptible power supply (UPS).............. 217
Updates, service packs, hotfixes................... 215
User administrator........................................... 53
User archive.................................................... 63
User archive setting up .............................. 149
User ID................................................ 30, 31, 33
User management .................................... 30, 53
User management setup.............................. 76
User objects .................................................. 100
User requirements specification...................... 15
V
Validation plan ................................................ 14
Validation report.............................................. 16
Version control - project .................................. 57
Version Trail.................................................... 57
Versioning ....................................................... 28
Versioning application software ................. 121
Versioning - manual ...................................... 205
Versioning - pictures......................................123
Versioning - project ....................................... 203
Versioning - reports ....................................... 127
Versioning - VB / C scripts............................. 125
Versioning with SIMATIC Version Trail.......... 203
Versioning with WinCC Project Versioning.... 204
Versioning/backup of data of WinCC options /
WinCC premium add-ons .......................... 206
Virus scanners........................................... 68, 75
W
Web access configuration for
process operator input............................... 181
Web access - configuration to display data ... 185
Web access operator permissions ............. 184
Web access - remote..................................... 185
Web client connecting ................................ 181
Web navigator .................................................65
WinCC Audit....................................................54
WinCC Audit ChangeControl...........................56
WinCC Audit Project Versioning......................58
WinCC DataMonitor.........................................66
WinCC flexible - connecting .......................... 190
WinCC long-term archive server .....................59
Windows domains ...........................................78
Windows workgroup ........................................78
Index-3
Index
Index-4