· · 2016-07-07Proper use of Siemens products ... servicing and maintenance personnel who use the automation and process control technology in ... the use of the hardware and

⊂√⇒⊄√⇐

⊂√⇒⊄√⇐ ∉⇐⊂ ⊃⟩¬♠∂≈≡≥∂±≡← ≠°↑ √″↓≥≡″≡±↔∂±÷ ⇒♠↔°″↔∂°± ∉↑°∝≡…↔← ∂± ¬∉ ∨±♥∂↑°±″≡±↔

∨≈∂↔∂°± ñ

¬∉ ∨±÷∂±≡≡↑∂±÷ ±♠≥

⇒±←♦≡↑← ≠°↑ ∂±≈♠←↔↑ƒ⟩

SIMATIC PCS 7 V8.1

GMP Engineering Manual

Guidelines for Implementing AutomationProjects in a GMP Environment

09/2015A5E36742739-AA

Introduction

Configuring in a GMPEnvironment 1Requirements for ComputerSystems in a GMP Environment 2

System Specification 3System Installation andConfiguration 4

Project Settings and Definitions 5

Creating Application Software 6

Support for Verification 7

Data Backup 8Operation, Maintenance andServicing 9

System Updates and Migration 10

Abbreviations

Index List

Siemens AGDivision Process Industries and DrivesPostfach 48 4890026 NürnbergGERMANY

A5E36742739-AA09/2015 Subject to change

Copyright © Siemens AG 2015.All rights reserved

Legal informationWarning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to preventdamage to property. The notices referring to your personal safety are highlighted in the manual by a safety alertsymbol, notices referring only to property damage have no safety alert symbol. These notices shown below aregraded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.If more than one degree of danger is present, the warning notice representing the highest degree of danger willbe used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating toproperty damage.

Qualified PersonnelThe product/system described in this documentation may be operated only by personnel qualified for the specifictask in accordance with the relevant documentation, in particular its warning notices and safety instructions.Qualified personnel are those who, based on their training and experience, are capable of identifying risks andavoiding potential hazards when working with these products/systems.

Proper use of Siemens productsNote the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technicaldocumentation. If products and components from other manufacturers are used, these must be recommendedor approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation andmaintenance are required to ensure that the products operate safely and without any problems. The permissibleambient conditions must be complied with. The information in the relevant documentation must be observed.

TrademarksAll names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publicationmay be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of LiabilityWe have reviewed the contents of this publication to ensure consistency with the hardware and softwaredescribed. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, theinformation in this publication is reviewed regularly and any necessary corrections are included in subsequenteditions.

Introduction

SIMATIC PCS 7 V8.1 – GMP Engineering ManualA5E36742739-AA 3

Introduction

Purpose of the manualThis manual contains instructions for system users and configuring engineers forintegrating SIMATIC systems into the GMP environment (GMP = GoodManufacturing Practice). It covers validation and takes into account specialrequirements of international regulatory bodies and organizations, such as 21 CFRPart 11 of the FDA or EU GMP Guidelines Annex 11.

In the first chapters, this manual describes what is required from thepharmaceutical, regulatory viewpoint (in short: GMP environment), of the computersystem, the software and the procedure for configuring such a system. In thefollowing chapters, practical examples are used to explain the relationship betweenrequirements and implementation.

To suggest improvements to this document, please use the contact detailsprovided at the back of this manual.

Target groupsThis manual is intended for all plant operators, those responsible for systemdesigns for specific industries, project managers and programmers, servicing andmaintenance personnel who use the automation and process control technology inthe GMP environment.

Basic knowledge requiredBasic knowledge of SIMATIC PCS 7 is required to understand this manual.Knowledge of GMP as practiced in the pharmaceutical industry is also anadvantage.

Validity of the manualThe information in this manual applies to SIMATIC PCS 7 V8.1. The componentsexamined are the PCS 7 ES, PCS 7 OS, and SIMATIC BATCH. Refer to theproduct catalog or compatibility tool for detailed information on the compatibility ofthe individual components.

Product Catalog CA 01: www.siemens.com/automation/ca01Compatibility tool: http://www.siemens.com/kompatool

Any questions about the compatibility of the add-on products for SIMATIC PCS 7should be addressed directly to the suppliers.Industry Mall catalog and ordering system – Add-ons for SIMATIC PCS 7

Introduction

SIMATIC PCS 7 V8.1 – GMP Engineering Manual4 A5E36742739-AA

Position in the information landscapeThe system documentation of the SIMATIC PCS 7 process control system is anintegral part of the SIMATIC PCS 7 system software. It is available to every user asonline help (HTML help) or as electronic documentation in PDF format.

This manual supplements the existing SIMATIC PCS 7 manuals. It is not onlyuseful during configuration; it also provides an overview of the requirements forconfiguration and what is expected of computer systems in a GMP environment.

Structure of this manualThe regulations and guidelines, recommendations and mandatory specificationsare explained. These provide the basis for configuration of computer systems.

All the necessary functions and requirements for hardware and softwarecomponents are also described; this should make the selection of componentseasier.

Based on examples, the use of the hardware and software is explained and howthey are configured or programmed to meet the requirements. More detailedexplanations can be found in the standard documentation.

Training centerSiemens offers a number of training courses to familiarize you with SIMATICPCS 7. Please contact your regional training center, or the central training center inD 90327 Nuremberg, Germany.

Internet: http://www.sitrain.com

Siemens on the InternetYou will find a guide to the technical documentation offered for the individualSIMATIC Products and Systems here at:SIMATIC PCS 7 V8.1 technical documentation

The online catalog and online ordering system are available at:http://mall.industry.siemens.com/

You can find additional information about the products, systems, and services fromSiemens for the pharmaceutical industry at:http://www.siemens.com/pharma.

Introduction


Technical support on the InternetYou can find comprehensive information on our Service and Support at:http://support.industry.siemens.com/

The product support offered there includes:Technical specifications and information on the product statusFAQs and application examples

You will also find on this page:Application examplesComprehensive overview of services, e.g. information about on-site service,repairs, spare parts, and much moreA bulletin board in which users and specialists worldwide exchange their know-howmySupport for personal filters, notifications, support requests, among otherthings, our newsletter containing up-to-date information on your products.

Additional supportContact your Siemens partner at your local office or agencies if you have anyquestions relating to the product and do not find the right answers in this manual.

Find your personal Siemens contact person at:http://www.siemens.com/automation/partner

If you have questions on this manual, please contact:E-mail: [email protected]

Table of Contents


Table of Contents

Introduction.................................................................................................................................. 3

Table of Contents ........................................................................................................................ 6

1 Configuring in a GMP Environment................................................................................ 10

1.1 Regulations and guidelines........................................................................................ 10

1.2 Life cycle model ......................................................................................................... 10

1.3 Responsibilities .......................................................................................................... 11

1.4 Approval and change procedure................................................................................ 12

1.5 Risk-based approach ................................................................................................. 12

2 Requirements for Computer Systems in a GMP Environment .................................... 13

2.1 Categorization of hardware and software .................................................................. 13

2.2 Test effort depending on the categorization .............................................................. 13

2.3 Change and configuration management.................................................................... 13

2.4 Software creation ....................................................................................................... 14

2.5 Access control and user administration ..................................................................... 142.5.1 Applying access control to a system.......................................................................... 152.5.2 Requirements for user IDs and passwords................................................................ 15

2.6 Requirements for electronic records .......................................................................... 16

2.7 Electronic signatures.................................................................................................. 16

2.8 Audit trail .................................................................................................................... 17

2.9 Reporting batch data.................................................................................................. 17

2.10 Archiving data ............................................................................................................ 18

2.11 Data backup ............................................................................................................... 18

2.12 Retrieving archived data ............................................................................................ 19

2.13 Time synchronization ................................................................................................. 19

2.14 Use of third-party components ................................................................................... 19

3 System Specification........................................................................................................ 20

3.1 Selection and specification of the hardware .............................................................. 213.1.1 Hardware specification............................................................................................... 213.1.2 Selecting the hardware components.......................................................................... 213.1.3 CPU 410-5H for process automation ......................................................................... 223.1.4 Hardware solutions for special automation tasks ...................................................... 23

3.2 Security of the plant network...................................................................................... 23

3.3 Specification of the basic software............................................................................. 243.3.1 Operating system....................................................................................................... 243.3.2 Basic software user administration ............................................................................ 243.3.3 Software components for engineering ....................................................................... 253.3.4 Software components for operation level .................................................................. 27

Table of Contents


3.3.5 SIMATIC BATCH basics and options ........................................................................ 283.3.6 Long-term archiving ................................................................................................... 293.3.7 Reporting.................................................................................................................... 30

3.4 Application software specification .............................................................................. 31

3.5 Additional software SIMATIC PCS 7 Add-ons ........................................................... 323.5.1 versiondog – Version assignment and configuration control ..................................... 323.5.2 OPD – User dialogs and electronic signatures .......................................................... 33

3.6 Utilities and drivers..................................................................................................... 333.6.1 Printer drivers............................................................................................................. 333.6.2 Virus scanners ........................................................................................................... 333.6.3 Image & partition tools ............................................................................................... 34

4 System Installation and Configuration........................................................................... 35

4.1 Installation of the operating system ........................................................................... 35

4.2 Installation of SIMATIC PCS 7 ................................................................................... 35

4.3 Setting up user administration ................................................................................... 354.3.1 User administration on the operating system level .................................................... 364.3.2 Security settings in Windows ..................................................................................... 374.3.3 SIMATIC user groups................................................................................................. 384.3.4 Configuration of SIMATIC Logon ............................................................................... 39

4.4 Administration of user rights ...................................................................................... 414.4.1 Administration of user rights on the Engineering System (ES).................................. 414.4.2 Administration of user rights on the Operation System (OS)..................................... 434.4.3 Administration of user rights in SIMATIC BATCH...................................................... 44

4.5 Access control to operating system level................................................................... 454.5.1 Configuration settings in Windows............................................................................. 464.5.2 Configuration setting on SIMATIC PCS 7 OS............................................................ 474.5.3 Secure configuration .................................................................................................. 47

4.6 Data and information security .................................................................................... 474.6.1 SIMATIC Security Control (SSC) ............................................................................... 484.6.2 SCALANCE S ............................................................................................................ 48

5 Project Settings and Definitions ..................................................................................... 50

5.1 Project setup .............................................................................................................. 505.1.1 Multiproject................................................................................................................. 505.1.2 Multi-user engineering ............................................................................................... 51

5.2 Referenced OS stations............................................................................................. 51

5.3 Using the master data library ..................................................................................... 525.3.1 Synchronizing shared declarations ............................................................................ 535.3.2 Synchronizing SFC types........................................................................................... 545.3.3 Synchronizing the plant hierarchy.............................................................................. 54

5.4 SIMATIC NET ............................................................................................................ 565.4.1 Configuring SIMATIC NET......................................................................................... 565.4.2 Plant bus and terminal bus ........................................................................................ 565.4.3 PROFIBUS................................................................................................................. 575.4.4 Foundation Fieldbus (FF)........................................................................................... 585.4.5 PROFINET ................................................................................................................. 585.4.6 SIMATIC PDM............................................................................................................ 60

5.5 OS Project Editor ....................................................................................................... 61

5.6 Time synchronization ................................................................................................. 62

5.7 Configuration management........................................................................................ 64

Table of Contents


5.8 Versioning of software elements................................................................................ 645.8.1 Versioning of AS elements in PCS 7 ......................................................................... 655.8.2 Versioning of OS elements in PCS 7 ......................................................................... 695.8.3 Additional information on versioning .......................................................................... 71

6 Creating Application Software ........................................................................................ 72

6.1 Software modules, types, and copy templates .......................................................... 726.1.1 Modules and types in PCS 7 ...................................................................................... 726.1.2 Example of a process tag type................................................................................... 746.1.3 Automatic generation of block icons .......................................................................... 756.1.4 Type Change in RUN (TCiR) ..................................................................................... 77

6.2 Bulk engineering ........................................................................................................ 776.2.1 Bulk engineering with the process object view .......................................................... 776.2.2 Bulk engineering with the IEA .................................................................................... 776.2.3 Type/instance concept with the Advanced ES........................................................... 79

6.3 Creating process pictures .......................................................................................... 81

6.4 User-specific blocks and scripts................................................................................. 82

6.5 Interfaces to PCS 7 .................................................................................................... 826.5.1 PCS 7 OS Web option ............................................................................................... 826.5.2 OS Client in a virtual environment ............................................................................. 846.5.3 Open PCS 7 ............................................................................................................... 856.5.4 SIMATIC BATCH API................................................................................................. 86

6.6 Recipe control with SIMATIC BATCH........................................................................ 866.6.1 Batch definition of terminology................................................................................... 876.6.2 Conformity with the ISA-88.01 standard .................................................................... 876.6.3 Configuring SIMATIC BATCH.................................................................................... 896.6.4 Functions and settings in SIMATIC BATCH .............................................................. 896.6.5 Messages in SIMATIC BATCH .................................................................................. 926.6.6 Creating batch reports ............................................................................................... 92

6.7 SIMATIC Route Control ............................................................................................. 92

6.8 Alarm management.................................................................................................... 946.8.1 Specification............................................................................................................... 946.8.2 Message classes........................................................................................................ 956.8.3 Priorities ..................................................................................................................... 956.8.4 Suppressing, filtering, hiding...................................................................................... 966.8.5 Monitoring PCS 7 components – Lifebeat Monitoring ............................................... 976.8.6 Monitoring PCS 7 components – SMMC ................................................................... 986.8.7 Monitoring connected systems .................................................................................. 98

6.9 Audit trail and change control .................................................................................... 996.9.1 PCS 7 ES ................................................................................................................... 996.9.2 PCS 7 OS................................................................................................................. 1016.9.3 SIMATIC BATCH ..................................................................................................... 102

6.10 Configuration for electronic signatures .................................................................... 1056.10.1 Electronic signature in SIMATIC BATCH................................................................. 1056.10.2 Electronic signatures on PCS 7 OS ......................................................................... 1086.10.3 Electronic signature on PCS 7 ES ........................................................................... 109

6.11 Recording and archiving data electronically ............................................................ 1106.11.1 Determining the data to be archived ........................................................................ 1106.11.2 Setting up process value archives ........................................................................... 1106.11.3 Archiving batch data................................................................................................. 1126.11.4 Long-term archiving on a central archive server...................................................... 113

6.12 Uninterruptible power supply (UPS)......................................................................... 1136.12.1 Configuration of a UPS ............................................................................................ 114

Table of Contents


6.12.2 UPS configuration via digital inputs ......................................................................... 1156.12.3 MASTERGUARD UPS systems .............................................................................. 116

7 Support for Verification ................................................................................................. 117

7.1 Test planning............................................................................................................ 117

7.2 Verification of hardware ........................................................................................... 118

7.3 Verification of software............................................................................................. 1207.3.1 Software categorization according to GAMP Guide ................................................ 1207.3.2 Verification of the application software .................................................................... 1247.3.3 Simulation for test mode .......................................................................................... 126

7.4 Configuration control ................................................................................................ 1277.4.1 Versioning of projects with Version Trail.................................................................. 1277.4.2 Recipe comparison .................................................................................................. 1337.4.3 Version comparison with Version Cross Manager (VXM)........................................ 1347.4.4 Configuration control with "versiondog" ................................................................... 1357.4.5 Write protection for CFCs/SFCs and SFC types ..................................................... 1357.4.6 Block encryption with "S7 Block Privacy"................................................................. 137

8 Data Backup .................................................................................................................... 139

8.1 Backup of system installation................................................................................... 139

8.2 Data backup for application software....................................................................... 140

9 Operation, Maintenance and Servicing ........................................................................ 142

9.1 Operation and monitoring ........................................................................................ 1429.1.1 Process visualization................................................................................................ 1429.1.2 Asset Management .................................................................................................. 142

9.2 Operational change control ...................................................................................... 145

9.3 Remote maintenance ............................................................................................... 145

9.4 System restoration ................................................................................................... 146

10 System Updates and Migration ..................................................................................... 148

10.1 General procedure ................................................................................................... 148

10.2 Updating the system software.................................................................................. 148

10.3 Migration of application software ............................................................................. 149

10.4 Validation effort for migration ................................................................................... 149

Abbreviations........................................................................................................................... 150

Index List .................................................................................................................................. 151

Configuring in a GMP Environment


1 Configuring in a GMP Environment

As a prerequisite for configuring computer systems in the GMP environment,approved specifications must be available. Requirements contained in standards,recommendations, and guidelines must be followed when creating thesespecifications and when implementing and operating computer systems. Thischapter deals with the most important sets of regulations and explains some of thebasic ideas.

1.1 Regulations and guidelinesThe regulations, guidelines and recommendations of various national andinternational authorities and organizations have to be observed when configuringcomputer systems requiring validation in the GMP environment. Regardingcomputer systems, the following are of particular significance:

Title(author)

Subtitle Area of application

21 CFR Part 11(U.S. Food and DrugAdministration, FDA)

Electronic Records,Electronic Signatures

Law/regulation for manufacturersand importers of pharmaceuticalproducts for the U.S. market

Annex 11 of the EUGMP Guidelines(European Commission)

Computerised systems Binding directive within theEuropean Union for implementationin relevant national legislation

GAMP5(ISPE)

A Risk-Based Approachto Compliant GxPComputerized Systems

Guideline with worldwide validity asrecommendation

1.2 Life cycle modelA central component of Good Engineering Practice (GEP) is the application of arecognized project methodology, based on a defined life cycle. The aim is todeliver a solution known as the risk-based approach that meets the relevantrequirements.

GAMP5 approachThe following figure shows the general approach of GAMP5 for the development ofcomputerized systems. It begins with the planning phase of a project and ends withthe start of pharmaceutical production following completion of the tests and reports.



The lifecycle approach illustrated here is known as a generic model in GAMP5.With this as the basis, we will introduce several examples of lifecycle models for avariety of "critical" systems with different stages of specification and verificationphases.

Once production has started, the system life cycle continues untildecommissioning.

Siemens Validation ManualSiemens has produced a "Validation Manual" based on the recommendations ofthe GAMP Guide. This provides internal project teams with general information andconcrete (document) templates to help specify the validation strategy for a project.There are templates not only for project planning documents but also for systemspecification and test documentation. In contrast to this GMP Engineering Manual,the Siemens Validation Manual is intended for internal Siemens use only.

1.3 ResponsibilitiesResponsibilities for the activities included in the individual life cycle phases must bedefined when configuring computer systems in a GMP environment and creatingrelevant specifications. As this definition is usually laid down specific to a customerand project, and requires a contractual agreement, it is recommended to integratethe definition in the Quality and Project Plan (QPP).

See alsoGAMP5 Guide, Appendix M6 "Supplier Quality and Project Planning"



1.4 Approval and change procedureWhen new systems requiring validation are set up or when existing systemsrequiring validation are changed, the top priority is to achieve or maintain thevalidated status, which means ensuring the traceability of the steps undertaken.

Before setting up or modifying a system, it is therefore necessary to plan,document and obtain the customer's or plant operator's approval of the pendingsteps in terms of functionality and time.

1.5 Risk-based approachBoth the U.S. FDA ("Pharmaceutical cGMPs for the 21st Century Initiative", 2004)and the industry association ISPE/GAMP ("GAMP5" Guide, 2008) recommend arisk-based approach to the validation of systems. This means that the question asto whether or not and to what extent a system should be validated depends on itscomplexity and its influence on the product quality.

Requirements for Computer Systems in a GMP Environment


2 Requirements for Computer Systems in aGMP Environment

This chapter describes the essential requirements an automated system in theGMP environment must meet regarding the use of computerized systems. Theserequirements must be defined in the specification and implemented duringconfiguration. In case of subsequent changes or interventions in the system,reliable evidence must be provided at all times, regarding who, at what time, andwhat was changed or implemented. The requirements for this task areimplemented in various functions and described in the following chapters.

NoteThis chapter describes the general requirements for computerized systems. Howto meet these requirements with a specific system is dealt with starting fromchapter 3.

2.1 Categorization of hardware and software

Hardware (HW) categorizationAccording to the GAMP Guide, hardware components of a system fall into twocategories "standard hardware components" (category 1) and "custom builthardware components" (category 2).

Software (SW) categorizationAccording to the GAMP Guide, the software components of a system are dividedinto various software categories. These range from commercially available andpreconfigured "standard" software products that are merely installed to configuredsoftware products and customized applications ("programmed software").

2.2 Test effort depending on the categorizationThe effort involved in validation (specification and testing) is much greater whenusing configured and, in particular, customized products compared to the effort forstandard products (hardware and/or software). The overall effort for validation cantherefore be significantly reduced by extensive use of standard products.

2.3 Change and configuration managementAll the controlled elements of a system should be identified by name and versionand any changes made to them should be checked. The transition from the projectphase to the operational procedure should be decided in good time.



The procedure includes, for example:Identification of the elements affectedIdentification of the elements by name and version numberChange controlControl of the configuration (storage, release, etc.)Periodic checks of the configuration

See alsoGAMP5 Guide,Appendix M8 "Project Change and Configuration Management"

2.4 Software creationCertain guidelines must be followed during software creation and documented inthe Quality and Project Plan (in the sense of Good Engineering Practice, in shortGEP concept). Guidelines for software creation can be found in the GAMP Guideand in relevant standards and recommendations.

Use of type/instance concepts and copy templatesWhile the validation of standard software only calls for the software name andversion to be checked, customized software validation requires the entire range offunctions to be checked and a potential supplier audit to be performed.

Therefore, to keep validation work to a minimum, preference should be given tostandardized blocks during configuration (products, in-house standards, projectstandards). From these, customized types and templates are created and testedaccording to the design specifications.

Identification of software modules/types/copy templatesDuring software creation, the individual software modules must be assigned aunique name, a version, and a brief description of the module.

Changes to software modules/ types/copy templatesChanges to software modules should be appropriately documented. Apart fromincrementing the version identifier, the date and the name of the person performingthe change should be recorded, when applicable with a reference to thecorresponding change request/order.

2.5 Access control and user administrationTo ensure the security of computer systems in the GMP environment, suchsystems must be equipped with an access-control system. In addition to physicalaccess control to certain areas, access-control systems protect systems againstunauthorized logical access. Users are assembled into groups, which are thenused to manage user permissions. Individual users can be granted accessauthorization in various ways:



Combination of unique user ID and password,see also chapter 2.5.2 “Requirements for user IDs and passwords"Smart cards together with a passwordEvaluation of biometrics, e.g. fingerprint scanners

2.5.1 Applying access control to a systemIn general, actions that can be performed on a computer system must be protectedagainst unauthorized access. Depending on a user's particular field of activity, auser can be assigned various permissions. Access to user administration shouldonly be given to the system owner or to a very limited number of employees.Furthermore, it is absolutely essential that unauthorized access to electronicallyrecorded data is prevented.

The use of an automatic logout function is advisable and provides additionalaccess protection. This does not, however, absolve the user from the generalresponsibility of logging off when leaving the system. The automatic logout timeshould be agreed with the user and defined in the specification.

NoteOnly authorized persons must be able to access PCs and the system. This can besupported by appropriate measures such as mechanical locks and through theuse of hardware and software for remote access.

2.5.2 Requirements for user IDs and passwords

User ID:The user ID for a system must be of a minimum length defined by the customerand be unique within the system.

Password:When defining passwords, a minimum number of characters and the expiry periodof the password should be defined. In general, a password should comprise acombination of characters that meet the minimum length requirement as well as atleast three of the criteria listed below.

Use of uppercase lettersUse of lowercase lettersUse of numerals (0-9)Use of special characters

See alsoChapter 4.3 "Setting up user administration"



2.6 Requirements for electronic recordsThe following requirements additionally apply to the use of electronic records forrelevant data:

The system must be validated.Only authorized persons must be able to enter or change data (accesscontrol).Changes to data or deletions must be recorded (audit trail).Electronic records that are relevant for long-term archiving must be storedsecurely and kept available for their retention period..The initials and signatures required by the regulations must be implemented aselectronic signatures."Relevant" production steps/processes, "significant" interim stages, and "major"equipment must be defined in advance by the person responsible from apharmaceutical perspective. This definition is often process-specific.If an electronic manufacturing report is used, its structure and contents mustmatch the structure and contents of the manufacturing formula / processinginstructions. As an alternative, the manufacturing instructions and report canalso be combined in one document.

See alsoEU GMP Guidelines, chapter 4.9 and Annex 1121 CFR Part 11 "Electronic Records, Electronic Signatures", U.S. FDA

2.7 Electronic signaturesElectronic signatures are computer-generated information, which acts as legallybinding equivalent to handwritten signatures.

Regulations concerning the use of electronic signatures are defined, for example,in 21 CFR Part 11 of the US FDA or in EU GMP Guidelines Annex 11.

Electronic signatures are relevant in practice, for example, for manual data inputsand operator interventions during runtime, approval of process actions and datareports, and changes to recipes.

Each electronic signature must be uniquely assigned to one person and must notbe used by any other person.

NoteDuring the production of drugs and medical devices, which enter the U.S. market,the FDA regulations must be met; this also refers to 21 CFR Part 11 with respectto electronic signatures.



Conventional electronic signaturesIf electronic signatures are used that are not based on biometrics, they must becreated so that persons executing signatures must identify themselves using atleast two identifying components. This also applies in all cases in which a smartcard replaces one of the two identification components.

These identifying components can, for example, consist of a user ID and apassword. The identification components must be assigned uniquely and must onlybe used by the actual owner of the signature.

Electronic signatures based on biometricsAn electronic signature based on biometrics must be created in such a way that itcan only be used by one person. If the person making the signature does so usingbiometric methods, one identification component is adequate.

Biometric characteristics include fingerprints, iris structure, etc.

2.8 Audit trailThe audit trail is a control mechanism of the system that allows all data entered ormodified to be traced back to the original data. A secure audit trail is particularlyimportant when GMP-relevant electronic records are created, modified or deleted.

Such an audit trail must document all the changes or actions made along with thedate and time. The typical content of an audit trail describes who changed whatand when (old value / new value), as an option it may also include "why".

2.9 Reporting batch dataThe batch documentation is of particular importance in the production ofpharmaceuticals and medical devices. For pharmaceutical manufacturers, theproperly created batch documentation often represents the only documentedevidence within the framework of product liability.

The components of the batch documentation are as follows:Master production record and batch production recordPackaging instructions and packaging record (the packaging of the finisheddrug is part of the manufacturing process from the pharmaceutical perspective)Test instructions and test report (for all quality checks, for example, in thechemical analysis)

Central importance is assigned to the concept of the batch production record orpackaging record, which is defined as follows:

The batch production record is always related to a product and batch,always based on the corresponding parts of the applicable master productionrecord, andcontains all process-relevant measurement and control processes as actualvaluesand deviations from the specified set points.



2.10 Archiving data(Electronic) archiving means the permanent storage of electronic data and recordsin a long-term storage medium.

The customer is responsible for defining the procedures and controls relating to thestorage and retention of electronic data.

Based on predicate rules (EU GMP Guidelines, 21 CFR Part 210/211, etc.), thecustomer must decide how electronic data is stored and, in particular, which data isaffected by this. This decision should be based on a reasonable and documentedrisk assessment, which also considers the significance of the electronic recordsover the retention period.

If the archived data are migrated or converted, the integrity of the data must beassured over the entire conversion process.

See alsoGAMP5 Guide, Appendix O9 "Backup and restore"

2.11 Data backupIn contrast to the archiving of electronic data, data backups are used to createbackup copies, which ensure system restoration in case of original data loss orsystem failure.

The backup procedure must include periodic backup of non-retentive information inorder to avoid total loss of data due to system components failure or data beingdeleted by mistake. Backup procedures must be tested to ensure that data issaved correctly. Backup records should be labeled clearly and intelligibly anddated.

Data backups are created on external data carriers. The data media used shouldcomply with the recommendations of the device manufacturer.

When backing up electronic data, the following distinctions are madeBackup of the installation, for example partition imageBackup of the applicationBackup of archive data, for example process data

Here, particular attention is paid to the storage of data backup media (storage ofthe copy and original in different locations, protection from magnetic fields, andelementary damage).

See alsoGAMP5 Guide, Appendix O9 "Backup and restore"



2.12 Retrieving archived dataIt must be ensured that archived/backed up data can be read back at any time. If asystem update/migration is to be performed, compatibility of the dataarchived/backed-up before the update must be ensured. If required, the archivedata must also be migrated.

See alsoGAMP5 Guide, Appendix O13 "Archiving and recovery"GAMP5 Guide, Appendix D7 "Data migration"

2.13 Time synchronizationA uniform time reference (including a time zone reference) must be guaranteedwithin a system, to be able to assign an unequivocal time stamp for archivingmessages, alarms etc.

Time synchronization is especially important for archiving data and analysis offaults. UTC (Universal Time Coordinated, see also ISO 8601) is recommended asthe time base for saving data. The time stamp of messages and values can bedisplayed in local time with a note indicating daylight saving time / standard time.

2.14 Use of third-party componentsWhen third-party components (hardware and software) are used, their compatibilityto other components in use must be verified. If components specifically "tailored"(customized) to individual projects are used, a supplier audit should be consideredin order to check the supplier and its quality management system.

See alsoGAMP5 Guide, Appendix M2 "Supplier Assessment"

System Specification


3 System Specification

During the specification phase for a computer system, the system to be built and itsfunctionality are defined in as much detail as is required for implementation.

Specifications not only represent the basis for a structured and traceableconfiguration but are – particularly in the GMP environment – an essentialreference for final verification of the system.

The specification covers the selection of products, product variants, options, andsystem configurations, as well as the application software.

The overall system specification can be divided, for example, into:Functional specification (FS) in response to user requirement specifications(URS)System specification general (DCS design, general topics)Hardware (and network) design specification (HDS)Software design specification (SDS)HMI design specification

A very good overview of the PCS 7 Portfolio as well as for optimized processing ofprojects from planning, to implementation and the test, through to handover to thecustomer is also offered by:

"Fast Track Engineering" multimedia demonstration systemOnline support under Entry ID 60242433



3.1 Selection and specification of the hardwareVarious system designs are used for the automation as well as the operation andmonitoring of simple and complex production processes and manufacturingoperations.

The selection of hardware components should be measured against therequirements. These requirements may be functional, but also include aspectssuch as local conditions, compatible software or data security.

3.1.1 Hardware specificationThe Hardware Design Specification (acronym: HDS) describes the hardwarearchitecture and configuration including the networks. The HDS should, forexample define the points listed below. This specification is used later as a testbasis for the verification.

Hardware overview diagram, system structure and organizationControl cabinets (control cabinet names, UPS configuration, location), PCstation control cabinets, automation system with CPUs, I/O cards, etc.PC components for server and clientInstallation procedures and instructions for servers, clients, ESAppropriate subdivision of plant and plant unit areas for the ASNetwork structure for Industrial Ethernet, e.g. switches, transmissiontechnology (electrical, optical, wireless), names and Ethernet configuration ofthe stations (AS, PC stations, etc.), general network settingsProfibus installation, division of networks for the automation systems, andspecific Profibus settingsTime synchronization for hardware (SICLOCK)Barcode scanner configurationField devices

The HDS can be an integral part of an overall specification document or beextracted into a separate document.

NoteThe information in the hardware overview diagram and the naming of hardwarecomponents must be unequivocal.

See alsoGAMP5 Guide, Appendix D3 "Configuration and Design"

3.1.2 Selecting the hardware componentsUse of hardware components from the PCS 7 catalog ensures the long-termavailability of hardware and spare parts.

For reasons of system availability and data security/integrity, appropriate classRAID systems for PC components, such as ES, OS single stations, OS serversand BATCH servers should be implemented in the system design.

When a SIMATIC PCS 7 bundle is supplied, the customer receives a PC on whichall software required for the relevant applications is installed. The componentscontained in the bundle are not always identical to the products of the same names



available on the market. As a consequence, the availability of spare parts will differtoo.

Also in virtual systems you should prefer well-proven system components, such asESXi server.

NoteOnly hardware from the current PCS 7 catalog should be used. The use ofunreleased configurations requires additional effort for specification and testphase. See www.siemens.com/automation/ca01.

If PCs are placed in control cabinets, make sure that suitable hardwarecomponents are provided, such as operator channel extensions.

There are different types of automation systems.Standard automation systemFault-tolerant automation systemThe user programs loaded in both CPUs are fully identical and are runsynchronously by both CPUs. The switchover has no effect on the ongoingprocess because it is bumpless.Fail-safe automation systemIt automatically brings the plant to a safe state in the event of a fault. Therelevant national regulations must be observed when configuring,commissioning, and operating fail-safe systems. S7 F-systems provide areference sum of the fail-safe program section available. This sum is recordedto enable the detection of changes in the fail-safe program.

See alsoManual "PCS 7 PC Configuration"Online support under Entry ID 90635791

3.1.3 CPU 410-5H for process automationThe "CPU 410-5H Process Automation" is specifically designed for the SIMATICPCS 7 control system. As with previous controllers of the SIMATIC PCS 7 system,the CPU 410-5H Process Automation can be used in all process automationindustries. The very flexible scalability based on PCS 7 process objects makes itpossible to cover the entire performance range from the smallest to the largestcontroller, in standard, fault-tolerant and fail-safe applications with only onehardware.

This yields the following benefits:Reduced number of CPU versions, no memory cardsResulting in fewer spare partsEasy system and functionality extensionFlexible area of application, increased ruggedness

See also"PCS 7 CPU 410-5H Process Automation" system manualOnline support under Entry ID 74736822



3.1.4 Hardware solutions for special automation tasksAdditional device-specific solutions are required to integrate hardware componentswhich are not offered in the SIMATIC hardware manager. These components areinterfaced using special device master data. Integration examples for suchhardware components include:

Integration of weighing modules (SIWAREX)Integration of frequency inverters for drives (Masterdrives, Micromaster)Integration of user-specific field devices

To keep validation work to a minimum, hardware components from the PCS 7 Add-on catalog (ST PCS 7 AO) should be given preference.

3.2 Security of the plant networkIn the field of modern process control systems, the boundaries between the officeand automation environments are disappearing at an ever increasing rate.Automation solutions with connected WEB clients, MES applications, andcustomized office networks and applications are growing in importance. To satisfythese demands and ensure as high a level of data security as possible, theplanning and structure of networked PCS 7 automation solutions are highlyimportant.

Measures for increasing data and plant securitySIMATIC offers several options for increasing data and information security and,thus, the security of a production plant. These include:

Staggered user, group, and role conceptSafety concepts for network security and limited access to network drivesSIMATIC Security Control (SSC)SCALANCE S firewall and VPN modules

For additional information, see alsoChapter 4.6 "Data and information security"Online support under Entry ID 50203404"Security Concept PCS 7 and WinCC",Online support under Entry ID 60119725Manual "PCS 7 Engineering Compendium Part F - Industrial Security",Online support under Entry ID 109476100



3.3 Specification of the basic softwareThe Software Design Specification (SDS) describes the software’s architecture andconfiguration. This describes not only the application software but also the"standard" software components used in the system, for example by specifying thename, version number etc. This description serves as a reference when performingsubsequent tests (FAT, SAT, etc.).

Commercially available standard software components include automationsoftware components and software provided by third parties, see also chapter 7.3"Verification of software".

Hardware and software requirements and operating system selectionInformation on compatibility, Online support under Entry ID 2334224Compatibility tool http://www.siemens.com/kompatoolPCS 7 Toolset DVD, Readme fileManual "PCS 7 PC Configuration"Online support under Entry ID 90635791

3.3.1 Operating systemInformation is included regarding the release of SIMATIC products with variousoperating systems (32-bit and 64-bit)

in the CA01 product catalogin the compatibility tool http://www.siemens.com/kompatoolin the online help, readme file

The security updates provided by Microsoft and "Important Updates" for theWindows operating system are tested by Siemens for compatibility with SIMATICsoftware and released, see note under chapter 10.2 "Updating the systemsoftware".

3.3.2 Basic software user administrationAn essential requirement in particular in the GMP field is the access control to thesystem; which is the only way of ensuring secure operation in compliance withregulations (21 CFR Part 11 and EU GMP Guidelines Annex 11).

Unauthorized access to both the operating and monitoring system as well as thefile system and the folder structures in the operating system must be avoided.Appropriate planning is required with this in mind:

Definition of user groups with various authorization levels for operation andmaintenanceDefinition of users and assignment to user groupsDetermination of adjusted plant structure and drive storage includingauthorizations

Access to the SIMATIC PCS 7 system components is controlled by SIMATICLogon. More information on the installation and configuration of the differentSIMATIC Logon components can be found in chapter 4.3 "Setting up useradministration" and "Configuration Manual SIMATIC Logon".



3.3.3 Software components for engineeringSome of the most important functions of the SIMATIC PCS 7 engineering softwareare described below.

See alsoManual "PCS 7 Engineering System (V8.1)", chapter 8.7,Online support under Entry ID 90663380

Multiproject engineeringFor a description of setting up and using multiprojects, see chapter 5.1 "Projectsetup" of this manual.

Process Control LibrariesThe process control libraries contain ready-made, tested objects (blocks,faceplates, and symbols). When these libraries are used, engineering is usuallylimited to the configuration of the relevant objects. One major advantage of usingpredefined objects when engineering automated systems is the lower-levelsoftware categorization (see chapter 7.3.1 "Software categorization according toGAMP Guide") and the possibility of implementing updates. Therefore, thevalidation work required is less than that for user-specific blocks.

WinCC Configuration StudioThe WinCC Configuration Studio provides a simple means of configuring bulk datafor OS projects. The user interface is split into a navigation area and a data areaoriented on Microsoft Excel.

The WinCC Configuration Studio includes the following editors and functions:Tag ManagementAlarm LoggingTag LoggingText LibraryUser AdministratorHorn

CFC (Continuous Function Chart)The CFC Editor provides a graphic interface for configuring automation and controlfunctions. Drag & drop is used to move function blocks from libraries to a CFCchart, where they are interconnected and configured in accordance withrequirements.

SFC (Sequential Function Chart)The SFC Editor facilitates the graphic configuration and commissioning ofsequential controls. Essential components here are steps and transitions, as wellas simultaneous and alternative branches.



Import/Export Assistant (IEA)The Import/Export Assistant is a tool used to configure systems which featurerecurring functions and/or plant units. Process tag lists or CAD charts previouslycreated in the planning phase are used during configuration to create CFCs forprocess tags, for the most part automatically. During this process, replicas of themodels are generated and then supplied with specific data, see chapter 6.2 "Bulkengineering".

Advanced Engineering System (AdvES)The AdvES is based on a type/instance concept, which enables improved bulkengineering and thus minimizes the risk of errors. Similar to the typicals in the IEA,templates are created in the AdvES from which instances are generated. Unlike inthe IEA, the instances in the AdvES are still linked to the type following duplicationand can be updated.

Further information regarding configuration and the advantages of using the AdvEScan be found in chapter 6.2.3 "Type/instance concept with the Advanced ES".

Block protectionBlocks can be protected from changes and access so that only the inputs andoutputs are still accessible. "S7 Block Privacy" (PCS 7 V8.0 and higher) providesgreater security than the previous Know-How protection and should therefore beused preferentially for sensitive areas in particular, see chapter 7.4.5 for writeprotection and chapter 7.4.6 for block encryption.

NoteIn order to work with blocks encrypted with "S7 Block Privacy", the AS must havea CPU 4xx with firmware version V6.0 or higher.

Version TrailSIMATIC PCS 7 Version Trail enables multiprojects, single projects, and project-specific libraries to be backed up together with the assignment of a unique versionID for the archived projects.

In PCS 7 V8.0 and higher, it is also possible to back up multiprojects, projects, andlibraries at defined times automatically and with versioning, and to read back blockparameters in a time-controlled manner.

For more information on configuration and use of "Version Trail", refer to chapter7.4.1 "Versioning of projects with Version Trail".

Version Cross Manager (VXM)The Version Cross Manager is an additional software package for PCS 7, whichallows two PCS 7 user projects or libraries to be compared and any differences tobe displayed. Multiprojects cannot be compared.

For more information on configuration and use of the VXM, refer to chapter 7.4.3"Version comparison with Version Cross Manager (VXM)".



Route ControlThe SIMATIC Route Control additional software package is used to configure,monitor, and diagnose materials handling (paths) within a plant. It is fully integratedin SIMATIC PCS 7 and SIMATIC BATCH.

For more information on configuration and use of "SIMATIC Route Control", refer tochapter 6.7 "SIMATIC Route Control".

Simulation with S7-PLCSIM and SIMITS7 PLCSIM is a simulation tool for S7 user programs. This software component,which is available as an option, simulates a SIMATIC S7-CPU on a programmingdevice or PC. The configured application software can be tested without the use ofAS hardware (CPU and/or signal modules). Only one CPU can be simulated at agiven time. Communications processors and Route Control cannot be simulated.

NoteThe use of S7 PLCSIM is of particular interest for the test system, for example, fortypical tests.For a subsequent operation with an Ethernet network, the Ethernet connectionshould be configured beforehand in PLCSIM, since all communication links haveto be reconfigured for the use of MPI.

SIMIT can be used from the simulation of the field level through to processsimulation, see chapter 7.3.3 "Simulation for test mode".

3.3.4 Software components for operation level

Basic software for Operator System (OS)Systems for the operator control and monitoring of the plant are implementedeither as single or multiple station systems.

With a single station system, all operator control and monitoring tasks can behandled on one PC.

A multiple station system (client-server architecture) consists of operator stations(OS clients) and one or more OS servers, which supply the OS clients with data.

Redundant systems can be set up to increase availability.

NoteThe number of licenses for the operator stations can be increased at a later timeusing suitable packs. When extending/updating a license, the existing licensemust be available, i.e. runtime cannot be active. Online extension is only possiblefor redundant servers.



SFC Visualization additional softwareAn SFC (sequential function chart) is used as a sequential control system (alsoknown as a sequencer) of processes. SFCs consist of a sequence of steps that areseparated from one another in each case by step enabling conditions (ortransitions). Using SFC Visualization, the configured SFCs can be displayed on theoperator station and operated in manual mode. SFC Visualization enablesprocesses to be clearly displayed by showing their different process actions.

No additional effort is necessary to configure the SFC visualization.

OS Web Option additional softwareThe PCS 7 OS Web option enables the PCS 7 plant to be operator controlled andmonitored via the Intranet or Internet.

NoteUse of the Web option in a controlled environment must be thoroughly discussedand agreed with the customer. Aspects such as access to the Web Client, criticalor non-critical operator control and monitoring functions, logons, and audit trails,as well as a secure data connection, must be considered during thesediscussions.

Additional information on the use and configuration of the Web option can be foundin chapter 6.5.1 "PCS 7 OS Web option" and in the manual "PCS 7 OS WebOption".

3.3.5 SIMATIC BATCH basics and optionsThe SIMATIC BATCH software is integrated in SIMATIC PCS 7. It can be operatedas a single user station system or a client/server system and can be used invarious different plants, thanks to its modular architecture and scalability. SIMATICBATCH servers can be configured redundantly.

SIMATIC BATCH includes a range of functionalities:



Batch planningEnables batch planning and control in BatchCC, supported by order categorylist, production order list, batch results list, etc.Hierarchical recipesEnables creation of hierarchical recipes according to ISA-88ROP library (library operations)Enables creation and central management of library operations, includingpassing them on to instances. The reference to the master module can beresolved at a later point in the project.Separation of procedure/formulaEnables recipes with formulas and formula categories that are independent ofa particular plant unit. Any number of formulas (parameter sets) can be createdfor one procedure.API interfaceSIMATIC BATCH API is an open interface and offers many functions for onlineand offline operation, such as for connection to the plant control level.

Refer to the system documentation for more information on using and configuringthe individual BATCH functionalities.

See alsoChapter 6.6 "Recipe control with SIMATIC BATCH"

3.3.6 Long-term archivingIn the regulated environment, relevant production and quality data must beretained in some cases for 5 or 10 years or even longer. It is essential for thesedata to be defined, reliably saved, and transferred to external archives.

The basic package contains configuration options for archiving. The strategy forexporting to another computer will be defined according to the amount of dataaccumulated and the retention period.

Long-term archiving of process values and messages can be set up using animport/export ofconcepts are introduced below.

OS archivingProcess values and messages are stored in a short-term archive based onMicrosoft SQL server technology. The data saved on the archive server can beexported to another computer and, if required, read back again, or permanentlytransferred to a long-term archive, see chapter 6.11.2 "Setting up process valuearchives" for this purpose.



SIMATIC Process HistorianA SIMATIC Process Historian can be used to centrally acquire and archive processvalues and messages from several WinCC servers (also redundant systems) aswell as batch data. Transparent access to the archived data in order to view themessages and process values in the user interface is handled by the systemautomatically in the background. The messages saved in WinCC archives are fullytransferred to the Process Historian. Only those variables that are labeled as being"Long-term relevant" are transferred.

If the Process Historian is unobtainable, the completed archives remain on theWinCC servers and are transferred later on when the link to the Process Historianis reactivated. For this purpose, sufficient memory volume is to be planned onSIMATIC WinCC servers. Monitoring of the network connection may also beadvisable.

Defined interfaces provide direct access to archived process values andmessages. This means that important production data is available throughout thecompany.

See also"Process Historian 2014" manual,Online support under Entry ID 109475338

3.3.7 ReportingFor the necessary quality certification, a definition is made to establish whichproduction data is relevant for output in a report. A report can include messagesand alarms, batch data as well as process values in tables or trend format.

See alsoManual "PCS 7 Engineering System (V8.1)" chapter 5.2.5,Online support under Entry ID 90663380

Report DesignerThe WinCC Report Designer continually reports process data for a defined periodof time. The report output is started via a print job.

The Report Designer is also used for documentation of the configured WinCCproject. For this purpose, preconfigured report layouts and print jobs are includedin the SIMATIC PCS 7 scope of supply. Both the preconfigured report layouts andprint jobs can be opened in the Report Designer and modified as required.

Information ServerThe SIMATIC Information Server offers the option of reporting on recorded processvalues, batch data, and messages. Both preconfigured and those configured basedon Microsoft Reporting Services can be represented in the web-based interfaceand exported to various formats. Additional integration in Microsoft Word, Excel orPowerPoint shows the reports for the archive data in the familiar officeenvironment.



Data exchange via Open PCS 7Open PCS 7 can be used to exchange data with external systems, such as theplant management and production control level, MES level, or ERP level via theOPC interface, without knowledge of the PCS 7 project topology being required.OPC (OLE for Process Control) refers to a uniform, vendor-independent softwareinterface, the standard of which was defined by the OPC Foundation. The OPCFoundation is an alliance of leading companies in the field of industrial automation.Information on OPC can be found on the Internet at http://www.opcfoundation.org;the use of Open PCS 7 is described in more detail in chapter 6.5.3 "Open PCS 7".

3.4 Application software specificationIn addition to the selection and definition of the hardware (chapter 3.1) and theutilized standard software components (chapter 3.3), the specification of theapplication software is an integral component of the design specification. This isnot only used to specify functions but also serves later as acceptance criteriaduring system verification (FAT, SAT, etc.).

The design specification can consist of one or more documents. Additionalseparate documents are often added as supplements, e.g., process tag list, I/O list,parameter list, P&ID, etc. Like for the other specification documents (URS, FS,DS), the status of these documents (version, release) must be clearly defined.

See alsoGAMP5 Guide, Appendix D3 "Configuration and Design"

In addition to the previously mentioned hardware specification, the designspecification can be divided as follows, for example:

System specification (general)Organization of domain, domain administrationUser administration in Windows,Definition of user groups, users, authorizations, local users, configuration ofSIMATIC Logon, WinCC user administration, SIMATIC BATCH roledistribution, Route Control user groups, etc.Domain and PC profilePrinter configurationArchive configuration (archives, archive cycles, batch reports)Interfaces (S7 connections, OPC, discrete I/O processing)

HMI design specificationExamples of the aspects specified for the user interface include the following:

Screen layout and navigationPlant pictures, unit pictures, detail pictures of interfacesOperator level, access authorizationsPicture hierarchyScreen resolution, picture cyclesBlock icons, faceplates usedMessage capability, message classes, priorities, representation, see chapter6.8.1



Software design specificationGeneral information such as name of multiproject, name of projects, name oflibraries, plant hierarchyAppropriate division of plant and plant unit areas for the automation systems,see also HDS in chapter 3.1Software structure, typical and module specification, possibly in a separatedocumentControl modules (CM) and control module types (CMT) (statuses, behavior,response to restart)Equipment modules (EM) and types (statuses, logic status, behavior,configuration)Route Control, if present (function, interface blocks)SIMATIC BATCH (function, distribution of recipes, use of forms)Any other utilized functionalities, such as RFID etc.Power failure and restart behavior (behavior of PC stations and automationsystems, failure of an AS)Time synchronization, specification of time master and slaveDescription of exceptional statuses for reliable plant operationEmergency-Off response

NoteAs a basis for configuring batch control, SIMATIC PCS 7 uses the model ofANSI/ISA-88.01, see also chapter 6.6.2.

See alsoApplication example for specification of technical functions with SFC types aswell as instantiation, Online support under Entry ID 33412955

3.5 Additional software SIMATIC PCS 7 Add-onsThe SIMATIC PCS 7 Add-On catalog contains solutions for various areas ofapplication or special branches, such as the process industry. The addresses ofthe relevant contacts for these add-ons are listed in the catalog.

NotePriority should be given to add-ons from the latest catalog when implementingfunctions that go beyond the standard scope of PCS 7.See SIMATIC PCS 7 Add-ons

3.5.1 versiondog – Version assignment and configuration controlThe entire lifecycle of a SIMATIC PCS 7 system can be tracked through theversion history with versiondog - from planning through commissioning tocontinuous optimization during operation. If a new version is created, versiondogautomatically determines the changes and makes them transparent to the user.

PCS 7 Smart Compare shows the differences between two versions in the familiarSIMATIC PCS 7 project structure. Differences between two CFCs or SFCs arehighlighted in color in a graphic comparison. The audit trail of versiondog allows



you verify at any time who made a change, when it was made, what was done andwhy it was done.

See alsoPCS 7 Add-on description on the Internet, including manufacturer details

3.5.2 OPD – User dialogs and electronic signaturesThe software operator dialog (OPD) simplifies the interaction between operatingpersonnel and process control system. As a powerful operator tool, it facilitatescontrol of the process and provides complete proof of all manual operations.

The OPD software, which can be executed in a SIMATIC PCS 7 / SIMATICBATCH system environment, is based on the Microsoft SQL server software. Ituses the SIMATIC logon for user verification and electronic signatures.

See alsoPCS 7 Add-on description on the Internet, including manufacturer details

3.6 Utilities and drivers

3.6.1 Printer driversIt is advisable to use the printer drivers integrated in the operating system andapproved for PCS 7. If external drivers are used, no guarantee of proper systemoperation can be provided.

3.6.2 Virus scannersThe use of virus scanners in process mode (runtime) is permitted. Additionalinformation on selecting, configuring, and updating virus scanners can be found inthe PCS 7 Readme files as well as in Online Support under Entry ID 64847781 andin Manual "PCS 7 Managing Virus Scanners" in Online Support under Entry ID38625951.

When virus scanners are used, the following settings must be observed:The real-time search is one of the most important functions. It is sufficient,however, to restrict the analysis to incoming data traffic.The time-controlled search should be deactivated, as it significantly limitssystem performance in process mode.The manual search should not be run during process mode. It can beperformed at regular intervals, e.g. during maintenance cycles.

These arrangements should be described in the specification and/or wherenecessary, in a work instruction (SOP) from the IT department in charge.



3.6.3 Image & partition toolsSupplemental “Imaging” and “Partitioning” software allows you to create a backupof the entire contents of a hard drive, the so-called image, as well as to partition thehard drives. A quick restoration of the system is possible with the system and usersoftware backed up in the image. Backed up hard drive contents can also beimported to devices of the same type. This facilitates the replacement ofcomputers.

Siemens provides the software package "SIMATIC Image and Partition Creator(IPC)" to perform these tasks. This can even be done without a separateinstallation by starting the program directly from CD or USB Flash Drive.Administration skills are needed for this process.

NoteThe created images are used to restore the installed system, but not to back uponline data.

System Installation and Configuration


4 System Installation and Configuration

4.1 Installation of the operating systemWhen selecting the operating system, observe the information given in chapter 3and the sources named therein.

See alsoInstallation instructions for the operating systemManual "PCS 7 PC Configuration"Online support under Entry ID 90635791

4.2 Installation of SIMATIC PCS 7To install SIMATIC PCS 7, follow the instructions of the setup program. Whenrequired, approved third-party components (e.g. Office) must be installed prior toinstalling PCS 7. More installation information is contained in the

Manual "Security Concept PCS 7 and WinCC"Online support under Entry ID 60119725Manual "PCS 7 PC Configuration"Online support under Entry ID 90635791Manual PCS 7 "Released Modules"PCS 7 installation DVDReadme files of the individual SIMATIC components

NoteSIMATIC Logon must be selected in the installation setup.

4.3 Setting up user administrationFor secure operation in compliance with regulations, controlled access is requiredto both, the operation level and configuration level as well as archive data andbackup copies is required.

A user-related logon and logoff for operator actions is a basic functionality formeeting this requirement.

The user management of SIMATIC Logon uses the mechanisms of the Windowsoperating system and therefore ensures reliable access protection. For theorganization of operating authorization, the users are assigned their tasksaccording to various user groups in the Windows user administration.

These user groups are assigned authorizations for the individual operator actions.



NoteThe structure of the user groups should already be defined in the specification atthe start of the configuration.The individual operator rights of the software modules are defined in the moduledescription.All authorization levels for operation via the visualization interface (faceplates,input fields, buttons, etc.) and their assignment to user groups are to be set upaccording to specifications and tested in the course of the project.

The setup is differentiated in terms of which level the user operates. The affiliationto certain Windows User Groups is therefore required for the start or theconfiguration of SIMATIC components such as SIMATIC WinCC or SIMATICLogon. These user groups are automatically created in the Windows useradministration upon installation of the software components and must not bedeleted.

For the operation of process mode, project-specific user groups are set up whichare equipped with the required operation permissions in the configuration.

The following sequence is recommended when setting up user administration withSIMATIC Logon and is described in the following chapters:

Setup of user groups and users under on operating systems, see chapter 4.3.1Setting up security settings in Windows, see chapter 4.3.2SIMATIC user groups, see chapter 4.3.3Setup and configuration of SIMATIC Logon, see chapter 4.3.4Administration of authorizations for the individual user groups in SIMATICcomponents (ES, OS, BATCH); see chapter 4.4

4.3.1 User administration on the operating system levelAdministration of user permissions using SIMATIC Logon is based on themechanisms of the Windows operating system. There are two user administrationoptions here:

Centralized administration in a domain structureAdministration on one computer of a work group

When using multiple servers or when there are redundant servers, the domainstructure must be used to ensure that users will still be able to perform operationsand log on even if one domain server fails. However, the domain serverfunctionality may not be installed on a PCS 7 system.

NoteThe complete name for each user must be entered under "Local users andgroups" in the Windows Computer Management. This name can be used for thedisplay in SIMATIC PCS 7 after logon to the application and is required forelectronic signatures. Êach user’s full name should therefore be entered.

See also"Security Concept PCS 7 and WinCC",Online support under Entry ID 60119725



Manual "PCS 7 Engineering Compendium Part A",Online support under Entry ID 107196780, chapter 3.2.5 "Work group anddomains"

While a user is authenticated for his operator rights in the SIMATIC environmentwhen he logs on, a "default user" is always logged on to the operating system atthe same time and has the permissions required for the operating system level.These should not be higher than actually required, see also chapter 4.5 "Accesscontrol to operating system level".

NoteThe user logged on to the operating system must be the same one who is loggedon throughout the entire system; he must be logged on automatically when an OScomputer starts up.

NoteLogons, logoffs and unsuccessful logon attempts can be viewed in the SIMATICLogon Eventlog Viewer and exported; changes to the user and groupconfiguration are recorded on the operating system level in the Eventlog and canbe saved there.

4.3.2 Security settings in WindowsAccess authorizations as well as password settings such as the length, complexity,and validity period can and should be configured appropriately to increase datasecurity.

When using SIMATIC Logon, the system administrator makes the followingsecurity settings in Windows under Control Panel > Administration> Local securityregulations > Security settings > Account regulations / Local regulations:

Password policies such as complexity, password length, password agingAccount lockout policiesAudit policies (e.g. logon events and logon attempts)



NoteFollowing Windows installation, default parameters are set for the passwordpolicies, account lockout policies, and audit policies. The settings must bechecked and adapted to the requirements of the current project.

See alsoChapter 4.5 "Access control to operating system level"Chapter 4.6 "Data and information security"Manual "PCS 7 Engineering Compendium Part F", chapter 6.4 "Passwordpolicies", Online support under Entry ID 109476100All-round protection with Industrial Security – system security,Online support under Entry ID 50203404

4.3.3 SIMATIC user groupsWhen PCS 7 is installed, local SIMATIC standard user groups are automaticallycreated in the operating system with various rights (SIMATIC HMI, etc.). Thesemust not be changed or deleted.

The defined users and user groups must be made members of these SIMATICuser groups which have the appropriate authorization.

A differentiation is made when logging on the Windows level between systemadministrator and user (plant operator), which results in a consequent division ofthe computer access authorization.

See alsoChapter 4.5 "Access control to operating system level""Security Concept PCS 7 and WinCC",Online support under Entry ID 60119725



4.3.4 Configuration of SIMATIC LogonSIMATIC Logon serves as an interface between the Windows user administrationand SIMATIC components. It checks the correctness of logon data for a useragainst the central user administration. If the logon is valid, the associated usergroups are returned to the operator station.

The basic settings for SIMATIC Logon are made with the "Configure SIMATICLogon" dialog. The available settings are described in "SIMATIC Logon"configuration manual and include, for example:

The logon of a "default user" after a user logoffLogon server ("working environment")Automatic logoff on using SIMATIC Logon

NoteEvents, such as successful and failed logons and logoffs, password changes, etc.are stored in the EventLog database of SIMATIC Logon. This must be taken intoaccount when backing up data, see also chapter 6.9 "Audit trail and changecontrol".



Default user after user logs offIn the "General" tab, you can define whether a default user should be logged onafter a user logs off.

Unlike all other users, the "Default User" does not have to be created as aWindows user. The "Default user" is a member of the "Default group" or any otheruser group assigned here. The rights of this group are determined in WinCC UserAdministrator.

Automatic logoff (Auto-Logoff)To prevent unauthorized accesses from occurring with the logged-on user, the"Auto-Logoff" function must be enabled and a time assigned in the SIMATIC Logonconfiguration. If use of the default user has been activated, this user is then loggedon.

NoteThe "Auto-Logoff" function must not be enabled at the operating system level, asthis will close down the user interface completely.A screen saver should also be disabled when SIMATIC Logon is used. Otherwise,when unlocking the screen, the system would ask for the password of theWindows user, which the PCS 7 OS operator should not know.



4.4 Administration of user rights

4.4.1 Administration of user rights on the Engineering System (ES)Access to projects and libraries can be controlled using SIMATIC Logon. Whenactivating access protection for new or unprotected projects, the Windows userwho is logged on is automatically defined as the project administrator. That usercan then define other users as project editors or project administrators. Tocomplete activation of access protection, the user must specify a project passwordwhich should only be known to the project administrators.

"SIMATIC Logon role management" serves as the interface for assigning users tothe group of project editors or project administrators.

InstructionsAccess protection must be activated for every project and every library used in themultiproject.Synchronization: Within a multiproject, access protection for one project or librarycan be passed down to all other projects/libraries.The project format is changed when access protection is activated for the firsttime. The project can then no longer be edited using a STEP 7 version < V5.4.

Possible user permissions on the ESA user on the ES may be given the following permissions:

Project editorMake project changesDisplay change log

Project administratorMake project changes



Display change logEnable and disable the change logManage access protectionDeactivating access protectionSynchronizing access protection in the multiproject

NoteIn order for a user to be assigned to permission roles, he must already be knownin Windows user administration.

The following presents three possible scenarios for establishing and usingprotected projects / libraries.

Scenario 1SIMATIC Logon installedUser known in WindowsAccess permission for the project is available

When the user has the required permission, he can open a project without anyfurther authentication, provided it is in the same network as the user. This alsoapplies if the project has been taken out of the multiproject.

Scenario 2SIMATIC Logon installedUser known in WindowsAccess permission for the project is not available

If a user does not have access permission, protected projects/libraries aredisplayed in gray.

If the user attempts to open the project, he will be prompted to enter the projectpassword. If the user knows this password and enters it, he is automaticallydefined as a project administrator.

NoteThe project password should only be known to the project administrator.



Scenario 3SIMATIC Logon not installed

If SIMATIC Logon is not installed, there is no project administration function. Eachtime a protected project/library is opened, the project password must be entered.Also in this case, the project password should only be made known to the relevantgroup of people. If the protected project has been provided by a customer, theymust decide whether or not the existing password should be changed in theirsystem.

NoteThe way in which the project password is used and the time at which accessprotection is to be activated on the ES level should be given careful considerationand defined at an early stage.

See alsoConfiguration manual "PCS 7 Engineering System"Online support under Entry ID 90663380

4.4.2 Administration of user rights on the Operation System (OS)Windows user groups are assigned to PCS 7 OS groups by virtue of their samenames. For example, if you want to assign an "Operator" Windows group, anidentically named "Operator" group must be created in the PCS 7 OS UserAdministrator and the required rights assigned. The following procedure must befollowed for this:

Open PCS 7 OS projectOpen User Adminstrator via WinCC Control CenterCreate the group(s)Assign the permissions for each group

The figure below shows how operator authorizations are assigned to individualgroups.



NoteCentralized management of users, such as that provided by SIMATIC Logon, isessential in many situations, especially in regulated environments. For this, thecheck mark for activation of SIMATIC Logon must be set in the PCS 7 OS "UserAdministration" of the respective PCS 7 OS computer.

4.4.3 Administration of user rights in SIMATIC BATCHPermissions and roles are assigned in the SIMATIC BATCH application using"SIMATIC Logon Role Management".



The individual roles are assigned to operator rights in SIMATIC BATCH. Thefollowing can also be defined:

User permissions for a user rolePermitted user roles per computerPermitted user roles per unit

NoteRights management in SIMATIC BATCH has been re-structured as of V8.1 tohave a clearer layout, thanks to an additional organizational level. All existingrights remain in place following an upgrade, meaning that the existingconfiguration can be used.

4.5 Access control to operating system levelFor the general network configuration, refer to the manuals "PCS 7 EngineeringSystem Configuration" and "PCS 7 and WinCC Security Concept".

Since access to the Windows operating system level should be avoided for securityreasons, additional configuration settings are necessary. These settings preventunauthorized access from SIMATIC PCS 7 process mode to sensitive operatingsystem data.



NoteAccess to the operating system level should be reserved exclusively foradministrators and technical maintenance personnel.

Automatic startup and logonThe "default user" on the operating system level should be logged on automaticallywhen each server or client starts up.

Activating the operator control level (runtime)Automatic starting of the PCS 7 operator control level (runtime) must be activatedso that the operating system level cannot be accessed.

4.5.1 Configuration settings in WindowsYou can use hot keys to go to the operating system level. This option must bedisabled for operator stations in particular.



Some graphics cards also offer such settings, which should be disabled:

4.5.2 Configuration setting on SIMATIC PCS 7 OSAccess to the operating system during process operation (runtime) is configuredvia the OS parameter properties.

NoteIt must also be ensured in PCS 7 OS user administrator that the button forterminating process operation (deactivate OS) can only be clicked if theappropriate permission is available.

4.5.3 Secure configurationIf possible, no OLE objects should be configured, as such objects often allowunauthorized access to folders, files, and programs.

4.6 Data and information securityIn the regulated environment, production processes and recorded data are subjectto control and secure retention to ensure verification of product quality. The securehandling of data is a basic requirement for operation in compliance withregulations.

National and international standards require retention of relevant production dataand operator inputs for many years. For this reason, there are many facets to dataand information security, some of which are described here.

Definition of a suitable system structureFor system structure including user management, see Windows settings inchapters 4.3.1 and 4.3.2 as well as in chapter 4.6.2 "SCALANCE S".Planning of data storage and of input and output devicesSecure storage of sensitive data with redundancy and access protectionUse of virus scanners, see chapter 3.6.2For defined behavior on startup and when operating the user interface, seechapter 4.5 "Access control to operating system level"



Organizational measuresPlanning and assignment of the required access permissionsSupplementation by codes of behavior, e.g. for handling of USB sticksWork instructions for archiving, readback, and possibly data migration

Operating system settings and network securityThe settings in the Windows operating system are configured using SIMATICSecurity Control.

4.6.1 SIMATIC Security Control (SSC)Using SIMATIC Security Control increases the level of computer security. Theapplication can be run either when PCS 7 installation is completed or at a laterpoint in time. The following settings are configured automatically for specificfunctions (OS client/server, ES, etc.):

Configuration of the Windows Firewall exception list for PCS 7 communication(firewall can be activated)DCOM settings for PCS 7 (Distributed Component Object Model)Security-related registry entries

Following installation, the Start > SIMATIC > SimaticSecurityControl menucommand can be used to perform configuration at any time. SSC also enables thesettings made in the system to be documented.

NoteIf the SIMATIC PC station is integrated into another work environment (domain orworkgroup), it must be reconfigured.

See alsoComprehensive information about "Industrial Security" inOnline support under Entry ID 50203404

4.6.2 SCALANCE SThe increasing integration of plant networks in office networks is accompanied byincreased security risks, from network problems such as the duplicate assignmentof network addresses, to problems with viruses, and even the possibility of attacksby cyber-crime.

In certain applications, the SCALANCE S security modules can be used tocounteract these risks. They basically offer two different functions:

FirewallIf a firewall is used, only registered nodes can communicate over the network.

See also"Protection of an automation cell via a firewall" including the documentattached there, Online support under Entry ID 22376747



VPNA virtual private network (VPN) links external computers in two or more localnetworks via the Internet and encrypts the transferred data at the same time. AVPN connection enables external systems to perform secure remote access overthe Internet. To do this, SCALANCE S technology uses the widely used IPSecprotocol, which provides an extremely high level of security in tunnel mode (VPNtunnel).

See also"Security via IPSec-secured VPN tunnel", including the document attachedthere, Online support under Entry ID 22056713

NoteSCALANCE S technology offers various applications. More information can befound in the manuals of the SCALANCE product series.

Project Settings and Definitions


5 Project Settings and Definitions

5.1 Project setup

5.1.1 MultiprojectMultiproject engineering allows a project to be divided into several sub-projects sothat it can be worked on by more than one person. A higher-level "multiproject",which contains the individual projects (AS, OS, SIMATIC BATCH) and the masterdata library, is defined in the SIMATIC Manager. Projects can be added to andremoved from the multiproject. The master data library supports consistent datamanagement within the multiproject.

NoteIn a controlled environment in particular, it is essential to use the master datalibrary to centrally manage process tag types, models, SFC types, and shareddeclarations.

The SIMATIC PCS 7 "New project" wizard assists you in creating projects. Itautomatically creates a multiproject. A new project can be added to an existingmultiproject as an empty or a preconfigured project. The project name to beassigned must be previously defined in the software specification, as it can bedifficult to subsequently rename a project.

See alsoManual "PCS 7 Compendium Part A", chapter 4.2 "Required settings in theSIMATIC Manager" and chapter 4.3 "Automatically creating a multiproject"Online support under Entry ID 107196780

For projects whose size means they are suitable candidates for division intoseveral multiprojects, the project structure and modes of operation must becarefully planned and documented. Your usual Service & Support contacts wouldbe happy to assist you with this.

See also"Multiproject engineering", Online support under Entry ID 22258951"Multiproject engineering with SIMATIC BATCH",Online support under Entry ID 23785345

NoteGood coordination among the project team is essential, especially in largerprojects! Therefore, to the extent possible, actions such as compiles or downloadsshould be scheduled so that they do not block the entire team.



5.1.2 Multi-user engineeringThe configuration of an extensive range of projects can be performed in parallel byvarious users, whereby the users process different resources.

The release for the Multi-user engineering is activated in a property on the PCS 7OS server. A resource dialog provides an overview of which resource is in processon which computer.

In contrast to remote configuration via a configuration client, the configurationclients do not need to be entered in the computer list for Multi-user engineering.

5.2 Referenced OS stationsUsing a referenced OS station allows you to create a reference to an existing OSstation. Several OS types can be configured as samples and all other OS stationsderived from these samples, similar to the way the type/instance concept works.

Configuration typesThe following types of OS stations can be referenced:

a) Referenced station for OS single user station (WinCC application ref.)

b) Referenced station for OS client station (WinCC application client ref.)

Software configuration using the example of a clientThe referenced OS client station needs a standard multiclient as a reference. Areferenced OS client station is then added to the project and the "OS Basis" isdefined in the object properties (see figure). The number of referenced OS clientstations is limited by the maximum number of operator stations, which is defined byPCS 7.

NoteIf the reference station is changed, all OS stations which point to it must beloaded.



Advantages of using referenced stationsReferenced stations help to minimize errors and the amount of work required. Onlythe reference station has to be tested in detail according to its specification. For thereferenced stations merely special configuration features need to be taken intoaccount, for example, screen resolutions, PCS 7 client-specific operating ranges,and user rights. General function tests also need to be performed.

5.3 Using the master data libraryTo allow several instances of the same functions to be generated, SIMATIC PCS 7offers a duplication option, based on a defined software procedure. However, thisis only possible in conjunction with the master data library, which contains not onlythe folders for process tag types and models, but also the folders for shareddeclarations (units, enumerations, and equipment properties).

The project typicals are created on the basis of the libraries used (PCS 7 standardlibrary, Advanced Process Library APL, etc.). They are then stored and managedin the master data library. The PCS 7 standard libraries include templates that canbe used.

NoteThe modules and typicals should be verified in a module test and approved by thecustomer prior to instantiation.

Not only must the same versions of faceplates, SFC types, and typicals be used inall projects within a multiproject, but such projects must also be based on acommon plant hierarchy and shared declarations. The individual projects must besynchronized with the master data library for this.

NoteSIMATIC Version Trail is used to clearly archive and organize versions of themaster data library during the course of the project.

The faceplates, SFC types, and shared declarations are the smallest user softwaremodules. These are used in creating process tag types and models, which are thenduplicated either manually or via the IEA interface, see also chapter 6.2.2 “Bulkengineering with the IEA" as well as chapter 6.2.3 "Type/instance concept with theAdvanced ES" for more on this.

See alsoManual "PCS 7 Compendium Part A", chapter 7.2.1 "Process tag types(templates)", Online support under Entry ID 107196780



5.3.1 Synchronizing shared declarationsShared declarations are generated in the master data library automatically whenthe multiproject is created. These declarations can be synchronized to make themavailable in all projects. Centralized maintenance in the master data library isstrongly recommended in order to ensure consistency throughout the multiproject.



5.3.2 Synchronizing SFC typesSFC types must be created and maintained in the master data library in order toachieve data consistency. These types can be synchronized to make the currentSFC types available in the projects.

Differences can be evaluated using the Version Cross Manager prior tosynchronization.

5.3.3 Synchronizing the plant hierarchyThree views are available in SIMATIC PCS 7 for configuration purposes:

Component view for configuring hardwarePlant view for structuring the process engineering hierarchyProcess object view for centralized editing of parameters, signals, messages,picture objects, archive tags, etc.



It is advisable to structure the plant hierarchy in the same way in all projects withina multiproject. To do this, place the plant hierarchy in a project (recommendation:OS project) and transfer this structure to all projects of the multiproject. The shareddeclarations of the template project are also transferred to the selected projects aspart of this process. This forms a connection between the hierarchy folders.

See alsoManual "PCS 7 Compendium Part A", chapter 4.6 "Creating the planthierarchy", Online support under Entry ID 107196780

NoteThe template project takes on a kind of master role, in other words the names ofthe created hierarchy folders can only be changed centrally in the template.Names in the replicas can only be changed once this connection has beenremoved.



5.4 SIMATIC NET

5.4.1 Configuring SIMATIC NETSIMATIC NET reflects the gateways used in the project. The SIMATIC NETnetwork addresses and settings for the AS, OS, distributed I/O, etc. described inthe specification must be used for configuration. This is verified later during testing(for example, FAT, IQ).

The gateways are configured using the "Advanced PC Configuration" procedure.With Windows, all the automation stations (AS) and operator stations (OS) can beconfigured on a central engineering station and the configuration files can bedownloaded.

Specifically, the following connections are configured:AS/OS connectionsAS/AS connectionsES/AS connectionsRemote I/O connections

These connections can also be designed to be fault-tolerant.

Additional information can be found in the SIMATIC NET documentation.

5.4.2 Plant bus and terminal busIndustrial Ethernet offers a comprehensive range of network components forelectrical and optical data transmission. In SIMATIC PCS 7, a distinction is madebetween a plant bus and a terminal bus. To guarantee a high degree of securityand performance, it is advisable to install these two buses separately.

Industrial Ethernet plant busIndustrial Ethernet is used as the plant bus. The Industrial Ethernet networkoperates according to the access method CSMA/CD as defined in IEEE 802.3.(Carrier sense multiple access with collision detection).

The automation stations are connected with the OS servers and the engineeringstation over the plant bus. The ISO protocol is generally used as the transportprotocol.

See alsoManual "PCS 7 Compendium Part A", chapter 3.3.7 "Configuring the plantbus", Online support under Entry ID 107196780

Ethernet terminal busThe PCS 7 servers are connected with the clients, archive servers, and higher-level MES systems over the terminal bus. The TCP/IP protocol is normally used asthe transport protocol.

See alsoManual "PCS 7 Compendium Part A", chapter 3.3.6 "Configuring the terminalbus", Online support under Entry ID 107196780



5.4.3 PROFIBUSReliable communication with the field level must be in place in order to ensuretrouble-free plant operation. Such communication is based on a high-performancereal-time bus system such as PROFIBUS versions DP and PA.

See alsoSystem manual "SIMATIC NET PROFIBUS Network Manual"Manual "PCS 7 Engineering System (V8.1)" chapter 5.5.6,Online support under Entry ID 90663380Manual "PCS 7 Compendium Part A",Chapter 5.4 "Settings on the CP 443-5 Ext as PROFIBUS master"Online support under Entry ID 107196780

NoteThe configuration of the PROFIBUS devices/communication is integrated into theoverall project in the SIMATIC Manager. A backup of the engineering projecttherefore contains the entire user software. This has corresponding advantages interms of regular data backups and verification of the software within theframework of the test phases.

PROFIBUS DPRemote I/O stations such as ET 200 can have a simple or a redundant design overelectrical or optical PROFIBUS DP networks.

With the help of an isolating transformer (RS 485iS coupler) used as a barrier andthe intrinsically safe ET 200iSP, PROFIBUS DP can even be used in hazardouszone 1. This makes data transfer rates of up to 1.5 Mbps possible, even inhazardous areas.

Complex process I/O devices such as those listed below can be linked to PCS 7using predefined add-on blocks:

SIMOCODE pro motor management systemMICROMASTER 4 frequency invertersSIWAREX weighing system

Also available:Function modules (e.g. closed-loop controllers, motor starters, etc.)HART modules (for integrating HART field devices)

F-modules (for fail-safe applications)Ex modules (connection of actuators/sensors from EX zone)

HART modules can be configured via PDM, see chapter 5.4.6 "SIMATIC PDM".

PROFIBUS PAPROFIBUS PA can also be implemented in simple installation or with increasedavailability. The ring topology can be used here for a redundant structure. ThePROFIBUS PA can be run via corresponding devices (Ex-coupler or AFDiS(D)) aswell as intrinsically safe bus. As such, devices can be connected from Ex-zones.The AFDiSD is also characterized by its extended diagnostic capability, such assignal level, jitter, etc. according to NAMUR NE107 "Self-Monitoring and Diagnosisof Field Devices" for main cables and spur cables.



See alsoOperating Instructions "Bus Links DP/PA Coupler, DP/PA Link and Y Link",Online support under Entry ID 1142696

NoteWhen configured as a diagnostic slave, the FDC 157-0 DP/PA coupler is fullyintegrated into plant-level PCS 7 Asset Management.

5.4.4 Foundation Fieldbus (FF)In addition to facilitating communication via PROFIBUS and HART, SIMATICPCS 7 offers interfaces for FOUNDATION Fieldbus (H1), allowing a wide range ofFF instruments and positioners to be integrated into the process control system.The FOUNDATION Fieldbus H1 is connected to PROFIBUS DP via the DP/FF link.

This concept offers:Central engineering of the DP/FF link and FF field devices without the need foradditional toolsFF drivers in the PCS 7 library and the support of the driver wizardIntegration in PCS 7 Asset ManagementDeterministic communicationCyclic and acyclic communicationCyclic diagnostic information provided by the DP/FF link and the FF fielddevices

See alsoManual "DP/FF Link", Online support under Entry ID 24239833Manual "SIMATIC Process Control System PCS 7, FOUNDATION Fieldbus",Online support under Entry ID 109475994

Diagnostics wit PCS 7 Asset ManagementDP/FF links and FF field devices are displayed identically in PCS 7 AssetManagement and behave like DP/PA links and Profibus PA field devices.

5.4.5 PROFINETProfinet IO is a manufacturer-independent standard (IEC 61158-5-10), and withinthe scope of Totally Integrated Automation (TIA) it is the joining and extension ofthe PROFIBUS DP standard, the established fieldbus, and Industrial Ethernet.Similarly to PROFIBUS, PROFINET stands for maximum transparency, open ITcommunication, network security and real-time communication down to the fieldlevel.

See alsoSystem Manual "SIMATIC PROFINET System Description"Manual "SIMATIC Process Control System PCS 7 Engineering System (V8.0)"Chapter "Planning the Field Level with PROFINET"

PROFINET remote I/O stations such as ET200M can have a simple design overelectrical or optical Ethernet networks. In addition to this, there is the option ofintegrating PROFIBUS DP and PROFIBUS PA devices via a proxy.



PROFINET fulfills the following properties:Transmission of time-critical data in guaranteed time intervals.Deterministic system: Accurate prediction in terms of the transmission timeProblem-free communication using other standard protocols within the samenetwork

The following table compares PROFIBUS and PROFINET:

PROFIBUS PROFINETTransmission rate 12 Mbps 100 Mbps

Cycle time Min. 300 µs Min. 31.25

Jitter <1µs <1µs

User data per device (slave) 244 bytes 64 KB (internal)8 KB (external)

Number of devices/interfaces 125 256 internal128 external

Number of devices/supports 16253 onboard IF+10 CPs

7681 onboard IF+4 CPs

Consistent user data 244 internal128 external

1440 internal240 external

I/O address space 8 KB internal8 KB external

8 KB internal4 KB external

The advantages of PROFINET for the user are the merging of PROFIBUS andEthernet into one standardized and flexible overall concept. (See the followingfigure).



5.4.6 SIMATIC PDMSIMATIC PDM (Process Device Manager) is a software package for theconfiguration, parameter assignment, commissioning, and maintenance of devices(for example, transducers). Among other things, it enables process values andalarms, as well as device status information, to be monitored easily. In addition,commissioning and maintenance is supported by the LifeList functionality whichdetects and addresses field devices online at the bus.

NoteChanges to the field device configuration can be reproduced with the PDM"Change log". This function is disabled by default, and it should be enabled underthe PDM project settings.

Electronic Device Description (EDD)The EDD forms the basis for device integration. It is supplied by the devicemanufacturer, made available via the Internet, or included in the device catalogs ofEDD applications.

SIMATIC PDM is fully integrated in PCS 7. All devices integrated in a project usingEDD can be parameterized, commissioned, and maintained from a centralengineering station by means of a single tool.

NoteWhen selecting the devices, ensure that the EDDs must be integrated into thePDM. PDM is provided with one device library of the previously integrated devicedescriptions. A list of the integrated EDDs, for the respective version, can becalled in Online support under Entry ID 109485555 "SIMATIC PDM DeviceLibrary".The integration of EDDs not contained in this library can be costly and in somecases not even necessary. As a general rule, an integration test is advisable forthe field devices prior to the final selection.

Export functions in SIMATIC PDMIn SIMATIC PDM, the following field device data can be backed up via an exportprocedure:

Device parametersChange log, changes sorted according to objectCalibration report, contains information relating to commissioning andmaintenance, as well as test results

NoteVersion information can be saved in the device’s comment field. This informationis then exported together with the device data. A version can also be identified bythe name given to the export file.



As the export file contains a reference to an appropriate transformation file, thecontent of the export file is displayed in the Web browser in a readable HTMLformat. The corresponding transformation file ("PDMExportEddl.XSL" for the deviceparameters and change log or "PDMExportCalibration.XSL" for the calibrationreport) is copied to the export file location as part of the export procedure.

NoteIf the export file is copied to a different directory or computer and the HTMLdisplay is to be used, the corresponding transformation file must also be copied.

5.5 OS Project EditorThe OS Project Editor serves as the basic tool for configuring the user interface, forexample, for setting the screen layout, screen resolution, etc.

When an OS project is created in the SIMATIC PCS 7 ES, the OS Project Editor isinitialized with the default settings.

Many of these default settings can and should be retained in projects. Anydeviations must be defined in the specification and require very special attention inevery update of the system.

Some settings are always project-specific. These settings and any changes inresponse to customer requirements are defined in the specification.

The screenshot above shows the layout of the OS Project Editor. It is also used tospecify, for example, whether the user interface should display the "user name" orthe "user ID".

The layout is configured in runtime in the "Layout" tab. This includes the screenformats, number of monitors per OS station and the display of the user nameor user ID in runtime.



Message classes, message types, message blocks, and the PCS 7 standardmessages are configured in the "Message configuration" tab.Messaging response is configured in the "Message display" tab. This includesthe display of messages in the message pages and the group display,message filters and Smart Alarm Hiding.Under "Areas" the representation of area and server keys (for example,process cell, unit, functions, etc.) are configured for the overview area.The number and arrangement of picture windows is configured in the "RuntimeWindow" tab. The pictures (graphics) and faceplates are opened in the picturewindows in runtime.In the "Basic Data" tab, you can specify which modified files of the project areto be overwritten by factory state files. However, you should always ensurewhen making this configuration change that runtime operation remainsconsistent and safe.The "General" tab contains settings for the OS Project Editor.

See alsoProcess Control System PCS 7 OS V8.1,Online support under Entry ID 90682677Manual "PCS 7 Compendium Part A", chapter 9.1.4 "Working with the OSproject editor", Online support under Entry ID 107196780

5.6 Time synchronizationTime synchronization is an important feature in automated systems in the GMPenvironment. When several automation stations (AS) and/or operator stations (OS)interact, messages, alarms, trends, and audit trail data must be archived withsynchronized time stamps.

In SIMATIC PCS 7, the default time transmitted on the buses is always thestandardized world time UTC (Universal Time Coordinated).

The time stamps are generated in UTC and stored in the archive of the OS server.In runtime, all the process data stored in the archive (messages and trends) aredisplayed converted from UTC to the time zone set in the Windows system (takingthe daylight-saving/standard time setting into account).

Activating time synchronization in PCS 7 means that an active time master handlesthe synchronization of all OS servers, operator stations, automation stations, andthe engineering station. To ensure synchronized time, all the stations in the PCS 7system must be synchronized so that messages can be processed in the correctchronological order throughout the plant (archiving of trends, messages,redundancy synchronization of servers).

Time Synchronization in a Windows Workgroup:In a workgroup environment, the plant bus is synchronized via the central plantclock, SICLOCK, for example. The OS servers obtain the time from the plant bus;they are configured as "cooperative time masters". If no SICLOCK timer isavailable, an OS server becomes the active time master. The automation stationsobtain the time from SICLOCK; they are configured as time slaves. The OS clientsobtain the time from an OS server; they only receive the time from OS serverswhose server data they have also loaded.



Time synchronization in a Windows domainIf the automation system is operated in a Windows domain, the domain controllerwith the PDC role serves as the time master on the terminal bus. It obtains its timefrom a SICLOCK connected in series, for example. The OS servers receive thetime from this domain controller via the terminal bus. The OS clients obtain the timefrom a selected OS sever. The plant bus and, as a result, the connectedautomation stations (AS) are also synchronized by this OS server (the first serverto enter process mode). The server then becomes the active time master.

When high-precision time stamping is required, the automation stations also haveto be synchronized directly by a SICLOCK TM via the plant bus.

If the plant uses components, such as BATCH servers on which no operatorstation is installed, these also need to be synchronized. This can be done via anadditional DCF77 (e.g. SICLOCK) or GPS service or by means of software over thenetwork or the Internet.

Time synchronization for package unitsPackage units may be integrated in many PCS 7 environments. These packageunits can obtain their time from the Windows domain through the standardizedNetwork Time Protocol (NTP). It is also possible to send the time from oneSiemens automation system to another via the S7 protocol.

NoteIt must be ensured that the automatic daylight-saving/standard time adjustment isset correctly in the operating system.If a SICLOCK is used as the clock and the operator station display will be adjustedfor daylight-saving time, the SICLOCK must also be set to adjust for daylight-saving time to ensure that all messages are archived with the correct time stamps.This adjustment must be activated on the operator station in the Control Panel >Date and Time > Time Zone.

See alsoFunction manual "PCS 7 Time Synchronization",Online support under Entry ID 90682531Configuration manual "PCS 7 Engineering System", chapter 9.9.5.2 "Settingthe Time Synchronization",Online support under Entry ID 90663380Configuration manual "PCS 7 Operator Station", chapter 13 "TimeSynchronization", Online support under Entry ID 90682677"Security Concept PCS 7 and WinCC",Online support under Entry ID 60119725"PCS 7 Compendium Part A", chapter 9.1.7 "Time Synchronization"Online support under Entry ID 107196780"DCF77", Online support under Entry ID 19693801"Industrial Ethernet", Online support under Entry ID 109477614"Windows domains" Online support under Entry ID 16620294"Setting the Time Synchronization",Online support under Entry ID 16622902FDA Guidance 21 CFR Part 11 – Time Stamps, 2002,withdrawn



5.7 Configuration managementThe configuration of a computer system consists of various hardware and softwarecomponents that may vary in complexity and range from commercially-availablestandard components to specially customized user components. A clear andcomplete overview of the current system configuration must always be available.This is achieved by dividing the system into configuration elements, which can beidentified by a unique designation and a version number and can be distinguishedfrom the previous version.

Defining configuration elementsIn terms of hardware, standard components are usually used, which are defined byand documented with their type designation, version number, etc. If customer-specific hardware is used, more work is required; see chapter 3.1 "Selection andspecification of the hardware" for more information.

Such "standard components" are used at least in part for the software, for example,SIMATIC PCS 7 system software, its libraries and options. Just like the hardware,these are defined and documented with designation, version number, etc.

The application software is configured and programmed on the basis of standardsoftware. It is not possible to give a blanket definition of the individual configurationelements that the user software must be divided into, due to differing customerrequirements and system designs.

Versioning of configuration elementsWhile the version designation of standard software cannot be influenced by theuser or configuring engineer, work instructions for issuing of version numbers,change control procedures, and the like must be defined for configuring theapplication software. All configuration elements must be maintained in atransparent manner right from the start of system's creation.

NoteChapter 5.8 "Versioning of software elements" includes examples of howindividual software elements can be versioned. Change control of variouselements is explained in chapter 6.9 "Audit trail and change control" and chapter7.4 "Configuration control".Always consult the plant operator to agree upon a procedure for making changesto a plant in ongoing operation; see chapter 9.2 "Operational change control".

See alsoGAMP5 Guide,Appendix M8 "Project Change and Configuration Management"

5.8 Versioning of software elementsThe project guidelines must define which elements are to be versioned, whenversioning is to take place, and whether a major version or minor version is to beincremented; for example:

"The major version is set to 1.0 following the FAT and to 2.0 after commissioning.All other changes are reflected by incrementing the sub version."



However, whether the main version or the sub version is to be changed can alsodepend on the scope or effect of the change in question.

NoteThe version, author, and comment fields can be written using the Import/ExportAssistant (IEA) .

The following chapters show various examples of software element versioning,which are basically divided into:

AS elements, which act as control functions in the controllerOS elements, which are used for operator control and monitoring

5.8.1 Versioning of AS elements in PCS 7The individual configuration levels in PCS 7 provide various options for assigning aversion identification and, possibly, an author and comment to each element.

Versioning of blocks, CFCs, and SFCsFor blocks, CFCs, and SFCs, as well as for SFC types and models, versionnumbers are managed in the properties of the respective object.

PCS 7 supports the option for semi-automatic versioning of CFC/SFCs and SFCtypes. This versioning must be enabled in the properties of the particular project ormultiproject, see following picture.



When the versioning for the respective project is enabled, a dialog box opensautomatically when you close a modified CFC/SFC or SFC type. In the examplebelow this is the "Properties CFC Chart" dialog.

Use the right and left cursor keys of the version number to increment the minor ormajor version. If you make an incorrect entry, the version can only be decrementedto the last saved version. Changes to the version number must always beperformed on the engineer’s responsibility.

NoteOnce saved, a version number can no longer be reversed. The project teammember must carefully examine his entries before confirming with OK. Theversion number can be set in the range of 0.0001 to 255.4095.



Information on the version history can also be added to the chart as a separatecomment in the form of a text field, see graphic below.



NoteAnother possible variant is versioning on the unit level, if the plant has anappropriate structure. The unit and lower-level elements are managed andversioned as functional units. The version of the unit can be transferred to allelements using the "Find/Replace" function in the process object view. Versionand change comments should then be maintained in the unit CFC.

Versioning of hardware configuration in "HW Config"

In the "Properties" mask, the comment field can be used to enter the version IDand additional information, such as the version history.

Versioning of configuration in SIMATIC NETThe version identification can be entered in the properties on the bus level (systembus, PROFIBUS).



5.8.2 Versioning of OS elements in PCS 7During software creation, all graphics, reports, C scripts, and VB scripts created bythe user must be assigned data such as an author, date, comment, and version ID.User objects (picture typicals), for example, feature a version field for this purpose.Scripts and user FBs (SCL) can be identified by means of their date of change; theversion identification and comment must be inserted in the script header in textformat.

Configuration settings must be appropriately documented, on the one hand to actas a reference for use in validation, and on the other hand to ensure they areavailable if the system needs to be restored.

Example for graphics

Top graphic: Versioning in a hidden field within the graphic display

Bottom graphic: Version identification as a visible field within the graphic display;explanations relating to the version history outside it



Example for reportsVisible text field for versioning, e.g., in the report footer:

Example for C/VB scriptsInserting of version and comments within a script:



5.8.3 Additional information on versioning

Versioning of BATCH elementsRecipe versioning is described under "Change Control for Recipes" in chapter6.9.3 "SIMATIC BATCH".

Versioning of projects, multiprojects, and librariesSupporting system functions for versioning of projects, etc. are described inchapter 7.4 "Configuration control".

Creating Application Software


6 Creating Application Software

This chapter presents information and recommendations intended to aid in thecreation of application software in environments subject to GMP.

6.1 Software modules, types, and copy templatesSoftware modules or type templates in the form of function blocks, function chartsor complex step sequences are widespread in the process control engineering.They are created in advance and reproduced within the scope of the configuration.

NoteModules and types are defined with the aim of not only reducing the amount ofconfiguration work required but also, and more importantly, of creating a clearsoftware structure. This helps to simplify the associated documentation and a risk-based definition of the testing work involved, while also supporting subsequentsystem maintenance.

See alsoChapter 2.4 "Software creation"

6.1.1 Modules and types in PCS 7A distinction is made in SIMATIC PCS 7 between an SFC type, a process tag type,and a model.

SFC type Interface to SIMATIC BATCH for operating equipmentphases/equipment operations, for example:

HeatingStirring (agitation)Emptying

Process tag type A CFC, for exampleValvesPumpsMotors

Model Combination of several CFC and/or SFCs, for example:PID tempering of a tankLevel monitoring, including safety shutdown to protectagainst overflow of tankUnit

The mode of operation of the modules must be described in a specification inwhich the parameter assignments (MES-relevant, archiving, block comment, unit ofmeasure, etc.) and interconnections are defined. For more information on usingtypes for programming, see also chapter 2.4 "Software creation".



InstructionsModules are named in accordance with the Functional Specification and theDesign Specification.The modules/types must be verified and approved by means of a module testbefore they are duplicated.An up-to-date record of the software modules used must be kept for each AS, inthe form of a document containing software version details.

SFC typeThe SIMATIC PCS 7 type/instance concept enables types of sequential controls tobe created. The "SFC type" allows sequential controls to be defined, including aninterface in the form of a CFC block. The sequence logic of the SFC type is basedon the interface I/Os of the SFC type, i.e. in contrast to an SFC, an SFC typecannot access just any process signals.

More detailed information on this topic can be found in the Manual "SFC forSIMATIC S7" in Online support under Entry ID 90663402.

The SFC type is not executable on its own. An SFC type, just like a function blocktype, must be placed in a CFC before it receives an executable object, in this casean SFC instance. The SFC type and the SFC instances are included in the"Compile program" operation. To execute an SFC instance, both the SFC type andthe SFC instance are downloaded to the automation system.

Process tag type / modelWith SIMATIC PCS 7, a process tag type/model consisting of one or more CFCand/or SFCs can be created for subcomponents of the same type. Creatingprocess tag types or models for similar plant units saves on work required forengineering and testing. Once a process tag type or model has been tested, it canquickly be duplicated as often as required in the multiproject in the form of replicas.For each replica, the plant hierarchy, CFC name, messages, I/Os for parameters orsignals, and various module properties can be adapted.

Each block instance can also be assigned a picture icon, which can then beautomatically inserted, along with its tag interface, into the flow chart defined in theSIMATIC Manager by deriving it from the screen hierarchy during OS compilation.This saves work and ensures that the picture icon is connected to the correct blockinstance. Models can contain pictures and reports.

NoteSee chapter 6.1.3 "Automatic generation of block icons" for information on usingblock icons. These block icons should be tested together with the associatedsoftware module as a process tag type and approved by the customer before theyare duplicated.



6.1.2 Example of a process tag typeEvery software module is created as a template in the form of a CFC. Following asoftware module test, this is released for instantiation and can be used within theframework of the configuration.

For a spring-closing valve, the module might appear as shown below.

The valve to be controlled features a control signal for the OPEN function and twofeedback messages for the states opened and closed, as well as monitoring ofmodule I/O faults for the open/closed feedback message. Blocks from the PCS 7standard library were used for the example above.

In accordance with GMP requirements, the parameter assignment and theinterconnection of the inputs and outputs must be described in detail in a suitablespecification ("Software Module Design Specification", for example) and verified bymeans of a test ("software module test" or "typical test").

See alsoManual "PCS 7 Compendium Part A", chapter 7.2.1 "Process tag types(templates)", Online support under Entry ID 107196780

NoteConsideration can also be given to settings like process value archiving, forexample, when creating the process tag type.



6.1.3 Automatic generation of block iconsGraphic block icons are used to display information relating to process states (e.g.valve open, closed, faulty, etc.) on the PCS 7 operator station (OS).

PCS 7 offers graphic templates for all blocks contained in the PCS 7 library, thussupporting the type/instance concept from the function block in the AS through tothe operator component in the PCS 7 OS plant pictures. PCS 7 provides severaltemplates for use.

NoteGenerating block icons automatically reduces the risk of an error occurring.

See alsoPCS 7 on Tour – Basic,Chapter 10 section 5 "Adapted block icons and faceplates"

If the Create/Update Block Icons function is executed, the block icons are derivedfrom the plant hierarchy of the project by means of their names and priorities,copied from the templates, and automatically linked to the tag interface of therelevant operator panel.

Priority Image name Remark1. @PCS7Typicals*.pdl starting alphabetically with the last picture2. @PCS7Typicals.pdl3. @@PCS7Typicals.pdl is contained in the standard

The @@PCS7Typicals.pdl templateThe "@@PCS7Typicals.pdl" picture is included in every PCS 7 OS project bydefault. It contains the standard block icons.

NoteThe "@@PCS7Typicals.pdl" original file must not be changed under anycircumstances. Any changes to the original file will be overwritten when an updateor upgrade is performed.Separate templates should be created for customer-specific block icons,"@PCS7Typicals*.pdl".

See also"Use of template pictures @PCS7Typicals", Online support under Entry ID26697820"Copying pictures in the OS project editor",Online support under Entry ID 19688107

Project-specific templateA project-specific template, "@PCS7Typicals*.pdl", can be created by copying thetemplate "@@PCS7Typicals.pdl". Customer-specific changes can then be made tothe "new" template.



The @Template.pdl templateThe "@Template.pdl" template is primarily used when block icons are inserted intopictures manually. These block icons are not connected to the plant hierarchy andare not, therefore, created or updated by the system.

Anyhow, it can be helpful to use the template file. On the one hand you are notthen linked to the plant hierarchy, and on the other hand you can use a wizard toexport picture objects from one or all flow charts to a configuration file, modifyblock icons and their connections, and finally import the picture objects again. Theconfiguration file can be edited using tools such as Excel.

NoteThe "@Template.pdl" file is maintained by the PCS 7 system and is overwrittenwhen an update or upgrade is performed. It is therefore advisable to back up the"@Template.pdl" file on a regular basis.

Other Template Pictures@@ConfigTypicals.pdlUsed to create/update lifebeat monitoring.

@@MaintenanceTypicals.pdlUsed to create/update diagnostic pictures.

@PCS7elements.pdlThe template contains a collection of predefined objects for creating block icons.

@PCS7Typicals_Batch.pdlUsed to create/update block icons for SIMATIC BATCH.

@PCS7Typicalsrc.pdlUsed to create/update block icons for SIMATIC Route Control.

This list is not exhaustive.

Central changeability of picture objectsIn the type definition, SIMATIC PCS 7 allows objects to be changed centrally; inother words, subsequent changes to picture objects are made in the templatepictures.

NoteThe central changeability of picture objects does not mean that changes areautomatically passed on/down to the instances. As a result, the "Export PictureObjects" function must be executed via the dynamic wizard before the changesare passed on; this ensures that all objects will be located at their originalpositions after "Import Picture Objects" is performed.



6.1.4 Type Change in RUN (TCiR)TCiR is available as of PCS 7 V8.1 in connection with an AS410 CPU as offirmware version V8.1. TCiR enables changes to block connections (inputs,outputs) to be downloaded from blocks in running operation. This functionality canonly be used to a limited extent, due to the necessary validation procedures in thepharmaceutical industry, meaning that the effects of such a change must be knownand easily controlled. A possible application could, for example, be an ultra-purewater plant in a group of plants.

6.2 Bulk engineering

6.2.1 Bulk engineering with the process object viewIf this involves checking or changing numerous parameters quickly, this can beperformed in the Process Object view. Using this, parameters can be filtered bycertain criteria and their values viewed and processed.

NoteThe Process Object View enables searching of charts throughout the entiremultiproject.

6.2.2 Bulk engineering with the IEAThe Import/Export Assistant (IEA) is used for two tasks.

Duplication with the IEAThe Import/Export Assistant is used to duplicate process tag types or models. Forthis, project-dependent typicals are defined on the basis of standard libraries; thesetypicals can then be copied as instances as often as required using theImport/Export Assistant.



NoteThe modular software structure and the process of duplication using the IEAsignificantly reduce both the risk of errors occurring and the engineering andtesting effort required.

Parameter editing with the IEAFurthermore, the IEA File Editor is used to enter parameters and signal processingin a table for each instance in accordance with the definitions contained in thespecifications.

Technical fct. 1

Basic fct. 1

Basic fct. 2

Basic fct. n

Unit 6677

Technical fct. 2

Technical fct. n

6718 Heating

Basic fct. 1

Basic fct. 2

Basic fct. n

PCS 7 Library

User blockscreate / test

Shareddeclarations

Tag type:create / test

Basic functions

Engineering

Model:create / test

Technical functions

Model:create / test UNIT

Basic fct.

Heating

Basic fct. 1

Basic fct. 2

Basic fct. n

Technical fct. 1

Basic fct. 1

Basic fct. 2

Basic fct. n

Technical fct. 2

Technical fct. n

Master Data Library

Bulk engineering withIEA

8877 Heating

Basic fct. 1

Basic fct. 2

Basic fct. n

4711 Heating

Basic fct. 1

Basic fct. 2

Basic fct. n

Technical fct. 1

Basic fct. 1

Basic fct. 2

Basic fct. n

Unit 4711

Technical fct. 2

Technical fct. n

Application software



NoteThe Import/Export Assistant is managed as a separate optional package inSIMATIC PCS 7. It is included on the PCS 7 Toolset DVD and installed as part ofthe general setup, although it does require a separate license.

See alsoManual "PCS 7 Engineering System", chapter 9.12.7 "Creating process tagsfrom process tag types (multiproject)",Online support under Entry ID 90663380

6.2.3 Type/instance concept with the Advanced ESLike the IEA, the Advanced Engineering System (AdvES) is also an application forcopying, editing, and importing software/hardware components using bulkengineering.

For example, it is possible to import process tag and signal lists in AdvES. Theplant hierarchy, signal settings, and parameter settings can be adoptedautomatically from the imported process tag lists and signal lists. The hardware(distributed I/O including channel assignment) can be generated from the signallists. All software/hardware components configured in AdvES can be transferred toPCS 7 and used there.

While duplication in the IEA is limited to copying (usually a one-time operation), thetype/instance concept also provides a tool for subsequent maintenance of types(control module types, CMT) and their associated instances (control modules, CM).

Comparison of the AdvES with the IEA

User interface

When configuring with AdvES, the program guides the user through the variousconfiguring steps. For this, the user interface of AdvES features a progress displayconsisting of various steps. The user is shown which step is currently active. Thesteps must be processed in a logical sequence one after the other. Only one stepat a time can be processed. All preceding steps and following steps are blockedfrom processing. This minimizes the risk of errors when configuring. Theprocessing status of the project can always be recognized. This is especiallyimportant in the case of multi-user engineering, when several persons are workingon the project, or if the work in the AdvES had to be interrupted.

Type/instance versus copying

If a typical is changed subsequently in the IEA, this requires a complete re-importof the "instances" (copies). This means that parameter assignments andinterconnections to other functions or higher functions will be lost and that post-processing including validation is required.

On the other hand, users can change existing, and possibly already instantiated,CMTs in the AdvES at any time. Previously generated CMs can be checked fordeviations from the CMT and the changes can be adopted. As result, configuring ofCMTs is more flexible than configuring of IEA typicals.



Type variants with optional blocks

When configuring a CMT, it is possible to insert optional blocks. For generation ofCMs, it is possible to specify whether optional blocks are to be used and, if so,which ones. This produces classes and subclasses during the typical creation.

Thus, for example, a valve with an interlock block and another valve without aninterlock block are generated from the same CMT. With the IEA, two typicals wouldbe necessary for these two valves.

When the IEA is used, up to 8 typicals, depending on the combination, would haveto be created and tested, as opposed to a single CMT with, for example, threeoptional blocks.

Configuring with AdvESFollowing installation, AdvES is contained in SIMATIC Manager and is openedthere. You select and right-click a project to open a menu that contains the "Openproject in AdvancedES" option.

When AdvEs is opened the first time, an AdvES project is created automaticallyand linked to the PCS 7 project from which it was opened.

After AdvES is opened, the existing relevant hardware and software components(plant hierarchy, etc.) must be imported in AdvES. The project will then be releasedin AdvES for processing. AdvES guides the user through the various configuringsteps using a progress display.

The user can generate CMTs from a process tag type from the master data libraryor create completely new CMTs. CMTs can contain individual control units, controltags, and messages. Both the green colored block headers in the following figureand the top area of the image illustrate that a CMT is involved.



Individual control unit types, their attributes, individual control units, control tags,and messages can be processed in AdvES.

CMs are generated by copying a CMT to the plant hierarchy. It can be specified foreach CM whether optional blocks will be used and, if so, which ones.

After the project is processed in AdvES, all relevant data are exported back to thePCS 7 project. Further processing of the project takes place in SIMATIC Manager.

See alsoManual "PCS 7 Advanced Process Functions Engineering System",Online support under Entry ID 106463761"High-performance mass data engineering",Online support under Entry ID 61627479

6.3 Creating process picturesProcess pictures must be created in accordance with the definitions contained inthe specifications (e.g. URS, FS, and P&ID). Similarly to all the other work steps inthe GMP environment, initially planning, then implementation and subsequentlytesting is performed.

Block icons should be assigned using the "automatic generation of block icons"function, which means one block icon is assigned to each instance-specific module(valve, pump, closed-loop controller, etc.) in the process picture using the IEA file.The picture and the block charts must be configured in the same plant hierarchyfolder, or in plant hierarchy folders with the same name, in order for block icons tobe generated.



After the graphics are created, they should be submitted to the customer in theform of screenshots for approval.

See alsoChapter 6.1.3 "Automatic generation of block icons"for information on using template pictures as a libraryManual "PCS 7 Compendium Part A", chapter 9.2 "Visualization interface"Online support under Entry ID 107196780

6.4 User-specific blocks and scriptsUser-specific blocks (FB, FC) and scripts (C, VB) are programs written and createdby the user, which are assigned to GAMP software category 5. This type ofsoftware was developed to meet customer-specific demands not covered byexisting functions and libraries.

In general with such customized blocks and scripts, a greater effort for validationmust be calculated for detailed functional and interface descriptions as well asdocumented tests; see also chapter 7.3.1 "Software categorization according toGAMP Guide".

NoteWhen user-specific blocks and scripts are created, the rules for creating softwareelements should be defined in instructions specific to the project/department(coding standards, PCS 7 style guide, etc.).

See alsoManual "PCS 7 V7.0 Programming Instructions for Blocks",Online support under Entry ID 24449702Manual "PCS 7 Compendium Part A", chapter 7.1.2 "Creating user-definedtechnological blocks" Online support under Entry ID 107196780

6.5 Interfaces to PCS 7

6.5.1 PCS 7 OS Web optionThis option enables PCS 7 system processes to be controlled and monitored viaan Internet/Intranet connection. One PCS 7 OS Web server and at least onePCS 7 Web client is required.

Within a PCS 7 OS multiple station system the PCS 7 OS Web Server is installedas an OS client with PCS 7 OS Web Server functionality. It should not also be usedas an operator station (OS client). This can be ensured by deactivating graphicsruntime.

The WebViewer is installed automatically when the Web client is installed. Forremote access, it is advisable to use this in preference to the Internet Explorersince the WebViewer can be custom configured.

The Web server itself should be certified so that access to Web server functions issecure, authenticated, and encrypted (keyword: https access).



All pictures and required scripts are stored on the OS Web server so that they canbe displayed and run on the Web client. All pictures and scripts must be published.The "Web View Publisher" is used for this.

See alsoManual "PCS 7 OS Web Option", chapter 4.4,Online support under Entry ID 61187433,Manual "PCS 7 V7.0 Programming Instructions for Blocks",Chapter 2.1.10 "WebClient (differences compared to WinCC)"Online support under Entry ID 24449702Manual "PCS 7 Compendium Part A",Chapter 9.2 "Visualization interface",Online support under Entry ID 107196780"Operator actions via WebNavigator",Online support under Entry ID 49516052

NoteIf scripts are used, preference should be given to event-controlled script editingwherever possible, as it saves on resources. By contrast, cyclic scripts shouldonly be used on a specific basis as needed.

SIMATIC Logon must be installed on the Web server, thus integrating the Webclient into the SIMATIC Logon functions. As a result, access to the Web client ispassword-protected. User permissions are assigned in the OS User Administrator.They correspond to those of standard clients, the only additional requirement isthat the Intranet/Internet access option must be enabled.

See alsoChapter 4.6 "Data and information security""Security Concept PCS 7 and WinCC",Online support under Entry ID 60119725

Load Balancing FunctionalityWhen several Web Navigator servers are used, the "Load Balancing" functionalityenables an even load balance among the servers. In addition, the Web Clients areautomatically redistributed among the other Web Servers if one of the Web Serversfails. This works by selecting a Load Balancing server in advance from theparticipating Web Navigation servers. If a Web Client then logs on to a LoadBalancing server, this server assigns the Web Client to the server with the lowestload.

To make use of the functionality, one "Load Balancing" license per Web Server isrequired. Up to 32 Web Servers can be networked together. No additional licenseis needed for the clients. For WinCC computers, it is sufficient to have a "WinCCRedundancy" license with the "Load Balancing Step-Up" license.

NoteThe "WinCCViewerRT.exe" application does not support the "Load Balancing"function.

To make use of the Load Balancing functionality, it must be configured on eachparticipating Web Server. The WinCC Basic system and the Web Navigator server



must be installed for this. The Web Servers must be set up identically (applies alsoto the user administration), and the standard website must be set for WebNavigator.

The configuration of the Load Balancing function must be opened in WinCCExplorer using the shortcut menu of the Web Navigator. The window that opensmust list each individual Web Server using its IP address. For the Load Balancingserver, the "Allow Load Balancing" check box must be selected and a pollinginterval must be set.

NoteWeb Servers with a "Web Navigator Diagnostics Server" license must not belisted as a Load Balancing participant.

Thin ClientIn PCS 7 V8.0 and higher, a thin client solution allows the terminal server and theWeb Server to be operated on one computer. In this case, a terminal session isopened on the terminal server for each thin client. The thin clients can then accessthe terminal server and Web Server using the Remote Desktop Protocol (RDP).Because this is a server-based functionality, a user does not have to be logged onto the terminal server.

A thin client solution is easy to maintain because changes only have to be madeonce on the terminal server and are then available to every thin client.

See also"Thin Clients", Online support under Entry ID 61187980

6.5.2 OS Client in a virtual environmentOn high-performance computers (see VMWare system requirements underhttp://www.vmware.com/resources/compatibility/search.php), it is possible to createmultiple virtual environments. These then serve as the basis for an OS Client,irrespective of the actual hardware. OS Clients are shared in a virtual environment.The use of VMWare ESXi visualization software is supported. Various operatingsystems can be run on the virtualization, such as Windows NT, Windows 2000,Windows XP, and Windows 7 32/64-bit version.

When an OS Client is operated in a virtual environment, the following limitationsmust be anticipated. Multiple virtualizations can run simultaneously on a VMwareESXi, but only one Remote Desktop Connection per virtualization is possible. MultiVGA cards are not supported. In addition, the horn functionality as well as USBconnections are not supported. This must be noted, for example, for programs thatare licensed using a USB dongle.

See also"Virtualization in PCS 7", Online support under Entry ID 93997453



6.5.3 Open PCS 7Open PCS 7 makes PCS 7 data available to higher-level systems, such as theplant control level. The standard interfaces below are available for exchanging databetween Open PCS 7 stations:

OPC UA (Unified Architecture)OPC "Classic"

OPC DA (Data Access)OPC A&E (Alarm & Events)OPC HDA (Historical Data Access)OPC H A&E (Historical Alarm & Events)

OLE/DB for applications with OLE capability, such as MS Office products;OLE/DB permits access to historical values, alarms, and messages viastandardized database calls

The Open PCS 7 station can be used to access several redundant server pairs. If aserver fails, the Open PCS 7 station performs redundancy switchoverautomatically. If the active server fails, the station switches to the remaining serverautomatically, so that this server carries out the next read job. An uninterruptedread job is repeated on the server which is then active.

A connection via OPC UA (Unified Architecture) offers increased security in datacommunication in comparison to the OPC DA connection. OPC UA Server andOPC UA Client both provide a certificate. These certificates must be exchangedand accepted by the connection partners. Only then can data communication takeplace successfully.

Access to thestation

OPCinterface

Data type

OS server UA Process values and messages

OS server DA Process picture tags

OS server A&E Alarms and messages (Alarm Logging)

OS server HDA Historical measured values (Tag Logging)

OS server H A&E Historical alarms and messages (Alarm Logging)

OS server OLE-DB Direct access to archive data

See alsoManual "Open PCS 7", chapter 7.1 "Access options",Online support under Entry ID 109475996

Advantages of OPC UA compared to previous OPC specifications are:Integrated security concept (authentication and authorization, encryption anddata integrity)Independent of DCOM, no DCOM settings are requiredIndependent of operating system, independent of manufacturerUnification of the previous OPC standards to form one interface; one commonOPC standard for tags, alarms, and historical dataCommunication via a single firewall port



NoteThe OPC connection should not serve as an extended operating source, butessentially as data evaluation or information. When establishing an OPCconnection, particular emphasis must therefore be placed on data security and theassignment of write authorization should be carefully performed.The PCS 7 OS Web Option should be selected for possible operation from outsidethe PCS 7 environment, see chapter 6.5.1.

6.5.4 SIMATIC BATCH APIThe SIMATIC BATCH interface provides the following function calls as theprogramming interface:

Access to BATCH objects and dataNavigate through SIMATIC BATCH object hierarchiesNotifications about events

A field of application is the data interface for transmission of events and methods(e.g., CreateBatch, ArchiveBatch, GetParameter, etc.) to an MES level.

The option also exists to reference the interface directly via "SAP" or to use theSIMATIC API via separate software solutions.

6.6 Recipe control with SIMATIC BATCHSIMATIC BATCH is a software package for PCS 7, which structures discontinuousprocesses, known as batch processes.

SIMATIC BATCH is used to graphically design, plan, modify, control and monitorrecipe structures. A major advantage of the batch production is the collection andarchiving of production data. These production data are needed for both theregulatory requirements for traceability (audit trail) as well as for operationalanalysis of the production process.



6.6.1 Batch definition of terminologySome commonly used batch terminology is described below.

Term DescriptionMaster recipe Set of rules and information required to define how a product is

manufactured.

Controlrecipe

Copy of the master recipe with extra information specific to a process cell.

Batch Equipment-dependent amount of a product manufactured in a defined,discontinuous production sequence.

Process A sequence of chemical, physical, or biological activities for manufacturingmaterials or products.

6.6.2 Conformity with the ISA-88.01 standardISA-88, also known as S88, is an international standard for batch control, whichrepresents the design specifications for software, equipment and operation of theprocessing. SIMATIC BATCH was developed on the basis of the ANSI/ISA-88.01(1995) Batch Control, Part 1: Models and Terminology standard.

One of the recommendations contained in the "Technical Report" ISA-TR88.0.03-1996 is the use of SFC (Sequential Function Charts, DIN/IEC 1131) as a graphiclanguage for describing recipe procedures. Recipes created with the BATCHRecipe Editor follow the structures and functionalities described in this standard.

SIMATIC PCS 7 software modelISA-88.01 describes various models, which can be fully implemented with PCS 7and SIMATIC BATCH.

The process cell model (physical model) describes the process cell, unit,equipment module, and device control level, which is mapped using the planthierarchy in the plant view of SIMATIC Manager.



In SIMATIC BATCH, the procedural model (procedure, unit procedure, operation,phase) reflects the process cell model from the point of view of the controlsequence.

Term DescriptionRecipe procedure A recipe procedure runs in a process cell to control a process and to

create a batch of a product.

Recipe unitprocedure

A recipe unit procedure runs on a unit to control a recipe stage. A unitcan only be occupied by one batch at any one time.

Recipeoperation/recipephase

A recipe operation or a recipe phase runs on an equipment module toimplement a process engineering task or function.

Control-loop level The control-loop level is not within the scope of the BATCH system andis addressed only via the equipment module. It is entirely located in theautomation system.

Application of the ISA-88.01 standard in SIMATIC PCS 7The ISA-88.01 software model divides the process into various modules,simplifying the process of validation. The process is split up hierarchically into thefollowing parts:

Physicalmodel

Graphic Proceduralelements

Implementation inPCS 7

Implementedby

PlantProcess cell

ProcedureProcedure

BATCH component:Recipe

Operator /supported bysupplier

SequenceUnit

Unit procedureUnit procedure(s)

CFC component:Unit blockBATCH component:Unit recipe

Operator /supported bysupplier

SystemequipmentEquipmentmodule (EM)

Recipe operation /phaseRecipe operation /phase(may containcontrol strategies)

SFC type component:Use of SFC types toallow instantiation.(equipment phases,equipment operations)

Supplier /supported byoperator

ControlModule (CM)Controlmodule (CM)

- CFC component:Use of the PCS 7 libraryand of CFCs

Vendor

NoteThe names and functions of the modules correspond to the definitions containedin the specifications.

See alsoOperating Manual "PCS 7 SIMATIC BATCH V8.1" (SP1)",Online support under Entry ID 106471750



6.6.3 Configuring SIMATIC BATCHBasics and options of SIMATIC BATCH are explained in chapter 3.3.5 "SIMATICBATCH basics and options".

See alsoManual "Getting Started PCS 7 SIMATIC BATCH",Online support under Entry ID 58638984Manual "PCS 7 Compendium Part C",Online support under Entry ID 109098121

The individual configuring steps are divided into the following:

Working in SIMATIC ManagerCreating and configuring BATCH systemsCreating the plant hierarchyCompiling OS dataGenerating BATCH types (SFC type)Propagating BATCH typesCompiling instancesTransferring data to OSLoading process cell data

Working in the BATCH Control Center (BCC) and Recipe Editor (RP)Reading batch dataCreating master recipesCreating the recipe structureReleasing master recipes for productionCreating an orderReleasing a batchCreating ROP libraries, formula categories, and formulasExporting/importing recipes, parameter sets, etc. (optional)

See alsoApplication examples for specification of technical functions with SFC types aswell as instantiation, Online support under Entry ID 33412955

6.6.4 Functions and settings in SIMATIC BATCHVarious functions and project settings can be used in SIMATIC BATCH. Thesesettings are described in detail in the relevant system documentation. A number ofsettings are presented in the following. For detailed versions, see "SIMATICBATCH V8.1 SP1" in chapter 13.1.2.

Predefined batch namesWith the "Use predefined batch names" function, batch names can beautomatically created from various static and dynamic elements.



NoteThe length of the batch name is restricted to 32 characters.

Recipe step specific set-pointsWithin the defined equipment limits, the range for set-points can also be limited foreach recipe step. This means that the process can be guided better and the qualityof the final product is increased.

Editing of recipes with 'Release revoked/invalid’ status"With the "No" setting, you prevent recipes in 'Release revoked/invalid' status frombeing re-released with the same name/version.

NoteThe default setting is "Yes" and should be set to "No" in the regulatedenvironment.

Automatically release batchesNewly added batches are automatically released upon creation for production. Thedefault setting is "No". For the setting "Yes", the user saves a separate releasestep, which may make sense for other authorizations. A configured signature isrequested for the release even when using automatic system release.

Exporting/importing of batch objectsFor the export/import of

LibrariesMaster recipesFormula categories and formulas

see Operating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 8.5.8,Online support under Entry ID 106471750.



Online structure changes for recipe structuresSIMATIC BATCH allows you to change recipe structures in both hierarchicalrecipes and flat recipes. This applies to control recipes that have the status"released", "planned" or "started".

NoteOnline structural changes are an additional functionality for master recipes duringtesting. They serve to simplify the optimization of recipes. Online structuralchanges are not possible during production (master recipe released forproduction). Default setting is "No".

Settings for performing online structure changesThe master recipe has the status "Release for testing".The user must have the "structural changes" permission.The check mark must be set for "Allow online structure change" in the projectsettings.

If the option "Active batches have to be held" is selected, this provides protectionby bringing the current batch to a safe state when changes are made to recipestructures. Once the change is made, the batch must be resumed by the operator.

If the option "Active batches have to be held" is disabled, the change can be madeduring ongoing operation, which has the disadvantage that the batch automaticallyapplies and enables the changes when the changes are made.

Notes and restrictionsWhen online structure changes are being made to a batch, access to this batchby other clients is blocked. A visual comparison of the changes to all Batchclients is made once the online structure changes are complete.It is advisable to stop the batch for structural changes. If a structural change ismade without stopping the batch, a complete reporting cannot be ensured.



Deleting a canceled batchAttention should be given, for example, to the point "Permit deletion of completed,not archived batches". This means that canceled batches can be deleted withoutarchiving the data. This is only rarely desired in the pharmaceutical environment.This setting should therefore remain deselected, unless the customer expresslyrequests otherwise.

Additional settings in SIMATIC BATCHImportant parameters and settings are also contained in

Chapter 6.9.3 on the topics of "Audit trail and change control"Chapter 6.10.1 "Electronic signature in SIMATIC BATCH"

6.6.5 Messages in SIMATIC BATCHAll messages for the batch control, which are managed in the WinCC archives, canalso be displayed on the SIMATIC BATCH Client. The requirement is that a PCS 7OS application is running on the computer.

See alsoOperating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 8.8.7 "Display ofoperation and status messages" and chapter 13.1.2.3 "Display of warning anderror messages", Online support under Entry ID 106471750

6.6.6 Creating batch reportsThe SIMATIC BATCH report ensures the documentation of recipes and batch datain the form of logs:

The recipe report contains all the data required for production. This includesthe recipe header data, the input materials and output materials list and theprocedural rules.The batch report contains all the information required for the reproducibility ofthe batch process, quality assurance and the fulfillment of legal requirements.The reports can be automatically saved as a PDF file.

The report is integrated in the user interface of the Batch Control Center.

See alsoOperating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 8.5.7 and chapter8.9, Online support under Entry ID 106471750

6.7 SIMATIC Route ControlSIMATIC Route Control is a program package of SIMATIC PCS 7, which is usedfor automated transport of materials in plants.

Typical application examples include:Transport of solids and liquidsBuffer applications and provision of buffers for productionBio-reactors, such as cell culture plants with upstream and downstreamCIP and SIP procedures with various flushing paths



A Route Control server is needed in order to use SIMATIC Route Control. RouteControl servers can have a redundant configuration.

SIMATIC Route Control is configured on the SIMATIC PCS 7 engineering station.The following figure illustrates the individual configuring steps.

The use of SIMATIC Route Control becomes economical with as few as 5 parallelmaterial transports. The main benefit of this is in engineering. The engineering issimilar to the configuration of SIMATIC BATCH. With the SIMATIC Route ControlCenter, routes and partial routes are easily assembled.

The easy-to-understand visualization in SIMATIC Route Control Center makes iteasy to allocate production and cleaning paths, whereby the work involved invalidation is significantly reduced. Furthermore, the material tracking is ensured bySIMATIC Route Control (Route Control Log).

Particular requirements for SIMATIC Route Control:Testing of material compatibilityAlternative transfer paths in case of malfunction (automatic)Status check of lineScaling depending on plant size



See alsoProgramming and Operating Manual SIMATIC Route Control (V8.1),Online support under Entry ID 90682959Description of the product on the Internet which includes e-Learningunder http://www.automation.siemens.com/mcms/automation/de/

Import / exportYou can use the CSV interface (CSV export/import) to simplify and accelerateconfiguring in Route Control. For example, partial routes and additional data canbe edited conveniently in Excel and then imported in Route Control Engineering.The option to edit data in Excel can also be used to efficiently define routes in thespecification phase and then import them.

Graphical route searchAnother added feature is the graphical route search. This can be used to checkroute networks graphically.

In addition, routes can be saved and stored as preferences instead of being calledusing the automatic route search.

6.8 Alarm managementAn alarm system must be able to perform the following basic functions:

Warn the operator in the event of problems in the plantProvide information about the characteristics of the problemGuide the operator to the most significant problemSupport the operator in evaluating multiple pending problems

6.8.1 SpecificationThe specification of an alarm system includes the following:

Definition of formats for alarm line and alarm pageMessage classes, colors, and prioritiesAcknowledgment concept (e.g. single acknowledgment)Event texts, e.g. "too high" for a high alarm



Process-dependent alarm suppression, e.g. suppression of flow monitoring if apump is switched off

These points must be defined if they deviate from standard specifications.

The preassigned standards for displaying message classes, colors, andpriorities should be retained if possible and only be changed upon customerrequest.

NoteIf the alarm system configuration differs from the standard configuration, thedifferences must be documented and an update procedure described; see alsochapter 10 "System Updates and Migration".

See alsoManual "PCS 7 Compendium Part A", chapter 7.1.4 "Changing the messageclass, priority and message text" Online support under Entry ID 107196780

6.8.2 Message classesThe different message classes, such as fault, alarm, warning, or process controlmessage are usually defined on a function and event-specific basis. For example,if a measurement is taken, reaching the high limits will trigger an alarm, the lowlimits a warning, and a runtime error on a valve, for example, will trigger a faultmessage.

See alsoManual "PCS 7 Compendium Part A", chapter 9.3.1 "Message classes andmessage types", Online support under Entry ID 107196780

6.8.3 PrioritiesTo ensure that the plant operator can still perform actions even in critical situations,messages can be additionally prioritized in PCS 7 in accordance with their possibleeffect (plant standstill, reduction in product quality, or production delays) and theavailable reaction time (e.g. < 5 minutes, 5 – 20 minutes, > 20 minutes).

The priority is defined on an instance-specific basis in PCS 7 during messageconfiguration and is initially set to "0".

It is preferable for the priorities to be set in the process object view.



6.8.4 Suppressing, filtering, hiding

Locking messagesWhen the appropriate permission is granted, in process mode the plant operator isable to set individual process tags to the "out of service" status, thus suppressingall messages of this process tag.

This function is used, for example, if a process tag is being used for the first time.The operator can use this feature to suppress messages which are of noimmediate use, allowing him to focus his full attention on the relevant messages.

On all levels, operators are able to identify objects whose message reaction hasbeen suppressed.

Filtering messagesMessage filtering within alarm lists can be adapted on a user-specific basis. Thefilter criteria are message properties (date, time, message class, message text,etc.). The point of changing filter criteria online is to enable the user to temporarilyfocus on a particular period, event, etc. when analyzing errors.

Hiding messages (Smart Alarm Hiding)This function allows alarms to be hidden on a situation-specific basis.

These messages are not taken into account when generating the collective status,i.e. the collective status of a measurement with a pending, hidden alarm does notindicate an alarm status in the process picture, is ignored when the collective-status display is generated for the diagram, and does not output an audible signal(alarm horn).

The currently pending, hidden messages can be viewed at any time in the list ofhidden messages. All messages hidden by the current setting are summarized inthe "Messages to be hidden" list. The messages are only hidden in terms of thedisplay, i.e. hidden messages are still archived and taken into account duringarchive synchronization if a server redundancy failover is performed.

"Smart Alarm Hiding" offers two ways of hiding alarms:Manual hiding and displaying of alarmsAutomatic showing and hiding of alarms, depending on process states

Hiding alarms manually:The alarms are shown again after a defined period of time has elapsed.Manually hidden alarms are acknowledged automatically.Manual alarm hiding applies to all clients of the relevant OS server.An operator message is triggered if alarms are hidden and shown manually.



Hiding alarms automatically:

Automatic alarm hiding must be configured and is always controlled via statusblocks in the AS, which hide or show state-dependent alarms in conjunction with ahiding matrix. Technological (messaging) blocks are assigned to a status block viathe new "block group" block property.

NoteThe main difference between message suppression and alarm hiding is thatsuppressed (blocked) messages are not even generated at the respective processtag and they are therefore not sent to the OS. Neither are they recorded orarchived.Alarm hiding, on the other hand, only affects the visualization.

6.8.5 Monitoring PCS 7 components – Lifebeat MonitoringSIMATIC PCS 7 Lifebeat Monitoring allows the functionality of automation andoperator stations to be monitored. To facilitate this, all automation and operatorstations must be configured in HW Config and the OPC connections to theoperator stations must be created.

To configure the nodes to be monitored in WinCC Explorer, select the menucommand Editor > Lifebeat monitoring > Open. Here, all the nodes to be monitoredand the monitoring cycle in which lifebeat monitoring will be performed can beconfigured.

The lifebeat monitoring is activated automatically when the OS starts up.

NoteAlternatively, all process control equipment can also be managed in the PCS 7Asset Management. A maintenance station (MS) provides an overview of thediagnostic and service information for all equipment. Asset management does notrequire any additional configuration. The configuration data are generated fromthe hardware and software configuration data, see also chapter 9.1.2 "AssetManagement".



6.8.6 Monitoring PCS 7 components – SMMCThe SIMATIC Management Console (SMMC) is a program package, whichsupports the monitoring, documentation and management of the hardware andsoftware installed. To use the SMMC, the software package is to be installed on aPC. In doing so, either a separate computer or the existing ES should be used. The"SIMATIC Management Agent" is also to be installed on computers to bemanaged.

The SMMC can now be used to created detailed reports on the currently installedhardware and software. The data required for this purpose is taken directly by theSMMC from computers and AS systems of the plant. The documentation alwayscorresponds to the actual "As Built" state of the plant.

NoteThe authorizations for the SIMATIC Management Console must be set upseparately, for this purpose see "SIMATIC Management Console (V8.1), chapter3.1 "Managing rights"; Online support under Entry ID 90683240.

6.8.7 Monitoring connected systemsLifebeat monitoring for connected systems must be configured manually. Its usedepends on the corresponding communication partner. If the connected systemrepresents an important interface to SIMATIC PCS 7, lifebeat monitoring isabsolutely necessary.

The graphic shows an example of a solution for lifebeat monitoring with a third-party system. SIMATIC PCS 7 sets a defined OPC variable bit from logic 0 to 1.After a defined period of time X, the connected system must reset the OPCvariable bit from logic 1 to 0.

This operation is repeated in cycles. If the connected system does not perform astate transition within the specified time, a process control message is generated inthe SIMATIC PCS 7 process control system. This message indicates to theoperator that communication with the connected system is not functioningcorrectly.

Coupling third-partysystems to PCS 7 viaEthernet and OPC



6.9 Audit trail and change controlTraceability of operator intervention and critical parameters and data changes mustbe recorded with information about the operator (audit trail). The requirements ofthis topic are defined by 21 CFR Part 11 of the U.S. Food and Drug Administration,for example.

In a controlled environment, changes to the project configuration or usermanagement, for example, are subject to change control. This change control issupported by recording log files.

In a PCS 7 system, this is implemented by a multilayered approach to the topics ofaudit trail and change control.

6.9.1 PCS 7 ES

Audit trail on PCS 7 ESTypically, configuration data on the engineering level is not directly subject to theextremely strict requirements of 21 CFR Part 11. Having said that, systemcomponents are usually concerned, which must be validated and controlled.

The traceable online parameter change feature also enables certain quality-relateddata to be accessed directly via the ES. However, it is practical and advisable in aregulated environment for such interventions to only be performed on the operatorcontrol level with the corresponding operator permission. Such changes are thenbeing recorded in the central audit trail of the OS.

SIMATIC LogonAudit Trail / Change Log

Recording events, e.g. logon / logoffAuto logoffPassword and change dialogLogon device (e.g. keyboard, smart card reader)Interface to 3rd-party and project-specific applications

WindowsAudit Trail / Change Log

For system access (e.g., creating new users)

BATCHAudit Trail / Change Log

Batch controlRecipe administration

ESAudit Trail / Change Log

Download to CPUProject access

OSAudit Trail / Change Log

Operator entriesSystem messages



NoteParameter changes made on the OS interface are not automatically transferred tothe offline project. To do this, the relevant parameters must be selected and thefunction executed.Depending on the customer, controlled online parameter changes made via theES may sometimes be accepted, or even desired, during the commissioningphase. However, once a plant has been validated, such parameter changes mustonly be made via the OS level or on the ES by means of a change request.

See also"Labeling parameters for readback", Online support under Entry ID 23967880

Change control of the ES configuration and ES project engineeringThe Version Cross Manager is suitable for controlling the offline configuration inthe ES, when used in conjunction with a defined change process and anappropriate strategy for backing up project data. This enables different projectversions to be compared against one another; see chapter 7.4.3 "Versioncomparison with Version Cross Manager (VXM)".

The current status of the offline/online configuration can also be verified byactivating "test mode" in the ES. Parameter readback also has to be taken intoaccount here, see "Note" above.

Project access activities and online changes performed on the ES are recordedwith the aid of the SIMATIC Logon change log, in a similar way to an audit trail(who has changed what and when). The following are logged:

Events relating to access protection (open project, access to project denied,activate/deactivate access protection, etc.)Target system events (AS configuration loaded, software application loaded,online mode activated/deactivated)Events relating to online value changes (old value, new value)Version changes (archiving of versioned projects)



Change control for AS downloadIn addition to protection against unauthorized access to the ES configuration viathe "Activate Access Protection" project setting, a CPU password can also be usedto protect against unauthorized downloads to the CPU.

However, as with online value changes, downloads made to the CPU are notrecorded unless the change log file is activated, see chapter 6.9.1 "PCS 7 ES"above regarding ES change control.

NoteThe time at which this access protection should be activated and the activation ofthe change log file must be defined together with the customer at an early stage.Depending on the configuration environment, it may be practical to have accessprotection in place even as early as the configuration phase, with the change logfile being activated at the start of the FAT.Once access protection is configured, you can often forgo the additional CPUpassword, if the customer agrees to it.

6.9.2 PCS 7 OS

Audit trail in PCS 7 OSSIMATIC PCS 7 records all operations and parameter changes performed inprocess mode, assigning them to the "Operating messages" message class in themessage archive.

Acknowledgments of alarms, warnings, system messages, etc. are available in thehistory of the process control system.

The figure below shows an extract taken from the operation list. The user ID of theuser who is currently logged on can be seen in the overview area.

NoteIf parameter changes are made via input/output fields, message output must beconfigured separately.



NoteSelect the hard disk capacity so that the entire audit trail can be stored there untilit is exported to an external data medium.

Change control for the OS configuration and OS project engineeringThe OS configuration, as well as the project engineering of OS elements (pictures,scripts, etc.), is versioned on the ES (SIMATIC Version Trail) and archived,together with the overall project. Changes made to individual OS elements must becontrolled in accordance with the applicable change procedure following their initialrelease.

6.9.3 SIMATIC BATCH

Audit trail in SIMATIC BATCHOperator actions performed in SIMATIC BATCH are recorded in the samemessage archive as OS operator actions (see above).

A batch report containing information on the operator actions performed for eachbatch (who, when, what) is also created in SIMATIC BATCH.

The changes to recipes, formulas, libraries, batches, and materials aredocumented in the change log (audit trail).

Change control for recipes and batch objectsThe change control for recipes is supported by:

Change log for essential processing stepsVersion assignment and release workflow including signaturesAuthorizations and project settingsRecipe comparer

Changes made to recipe data and batch data (deleted batches, for example) arelogged in the change log; see previous chapter. The user, the time of day, and theaction are entered in this log.



To ensure consistent version management, the following project settings must bemade:

"System-aided versioning" option is selected

andThe property "Allow editing of recipes with 'Release revoked/invalid' status" isdeactivated (default is "yes").

If these settings are made, the message below is output if a change is to be madeto a recipe.

The recipe can only be edited after "Save As" has been used:



… ->

NoteThe above setting ensures that once a recipe is released, it cannot be edited laterwithout changing the version or name.

See also"Saving recipes", Online support under Entry ID 23378328Operating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 13.1.2.5"Versioning", Online support under Entry ID 106471750

The Comparison of recipe objects in the BatchCC enables a comparison ofvarious versions of master recipes, libraries and formulas.

See alsoOperating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 8.5.9 "Comparingrecipe objects", Online support under Entry ID 106471750

If recipes are deleted, this is recorded in the log:



6.10 Configuration for electronic signaturesIf electronic signatures are to be used in a computer system instead of handwrittensignatures, certain legal regulations must be complied with, such as thosecontained in 21 CFR Part 11 of the U.S. Food and Drug Administration, or evenAnnex 11 of the EU GMP Guidelines.

Other laws and regulations define the actions of the process owner for whichsignatures are required. The process owner is always the one who decides theactions for which signatures will be provided electronically.

6.10.1 Electronic signature in SIMATIC BATCHWith the installation of SIMATIC Logon an “Electronic Signature” package will alsobe available, whose basic function is to enable electronic signatures to be used inSIMATIC BATCH. The figure below shows the "Properties" dialog window forconfiguring electronic signatures. Two electronic signatures are required in thisexample; they are specified in the SIMATIC BATCH Recipe Editor in the"Configured roles" box.

The project settings can also be used to make an electronic signature necessaryfor releasing recipes, parameter sets (formulas), and recipe operations, forexample.



A comment can also be entered for each electronic signature; this comment can beforced in the mask shown above.

In addition to these global project rules, object-specific rules can also be createdfor electronic signatures. The figure below shows some example signature rules fora batch.

The settings are made in the recipe properties.



The electronic signatures provided are stored in the change log of SIMATICBATCH and are also available in the report.



6.10.2 Electronic signatures on PCS 7 OSThere are different ways to configure an electronic signature for the operating levelof PCS 7 OS.

Example of a single electronic signature with SIMATIC Logon dialogSIMATIC Logon offers a dialog to specify an electronic signature. This dialog isopened if the Show Dialog function is called in a VB or C script.

Example of a multiple electronic signatureAn application example for configuration of several electronic signatures for onededicated action on PCS 7 OS is available in the Online Support.



See alsoApplication example "Configuring electronic signatures",Online support under Entry ID 66926225Further notes in "GMP Engineering Manual WinCC V7.3",Chapter 6.4 "Electronic signature"FAQ "Verifying a logged-on user"Online support under Entry ID 24458155Chapter 3.5.2 "OPD – User dialogs and electronic signatures"

6.10.3 Electronic signature on PCS 7 ESConfiguration data in the engineering system are subject to change control, andchanges must be documented in a traceable manner. The requirements of 21 CFRPart 11 for audit trails and electronic signatures usually do not apply to engineeringsystems.

If individual items of data or any inputs or changes made in relation to them have abearing on quality, they must only be entered via the operator control level (OS)and, if required, assigned an electronic signature at that same location.



6.11 Recording and archiving data electronicallyIt is very important to provide consistent quality evidence relating to quality-relevantproduction data, especially for production plants operating in a GMP environment.

The following steps are involved in electronic recording and archiving:Definition of data to be archived, the archive sizes and the suitable archivingstrategy, see chapter 6.11.1Set up process value archives for the online storage of selected processvalues, see chapter 6.11.2Archiving batch data, see chapter 6.11.3Long-term archiving, definition of parameters for exporting to the archive server(time period or amount of storage space used), see chapter 6.11.4

6.11.1 Determining the data to be archivedVarious factors, such as those listed below, must be taken into account whendefining the archiving strategy and determining the required storage space:

Definition of the data to be archived coming from different sources: processvalues, messages, batch data and batch reports, audit trail data, log files, etc.Definition of the relevant recording cyclesSpecification of the period of storage online and offlineDefinition of the archiving cycle for transfer to external storage

In PCS 7, this data is stored in various archives:Process value archive "Tag Logging fast", archiving of process values <1 minProcess value archive "Tag Logging slow", archiving of process values >1 minMessage archive "Alarm Logging"OS and batch reports

On top of this, in other parts of the system, further actions are monitored andrecorded in log files or databases:

Change log on ES level for "Downloading the target system" and onlineparameter changesSIMATIC Logon database "EventLog.mdb"Event Viewer under Windows Computer Management (logon/logoff activities,account management, permission settings for the file system, etc. according tothe corresponding configuration)

NoteAll the files mentioned (and others, if required) must be considered in thearchiving concept.

6.11.2 Setting up process value archivesThe procedure for configuring a process value archive is broken down into thefollowing steps:

Creating the new process value archive and selecting the tags to be stored inthe short-term archive.



Configuring the process value archive by specifying or selecting accesspermission levels or the storage location, for example.

The process value archive is used to record tag-related process values (analogand binary values) in a database in the form of a short-term archive. The size ofthe short-term archive is defined in the specifications (URS, FS, DS).

NoteThe segments in the short-term archive must be created in such a way that theyare exported at regular intervals, ensuring that no data can be lost.

The process values and messages saved in the OS server can be exported to anexternal drive or transferred to an archive server for long-term archiving.

Accumulated batch data and reports can also be passed on to the archive serverby the BATCH server.

NoteIf the connection to the archive server is interrupted, the data is buffered in theshort-term archive of the station concerned.



The size of the database is determined by the number of process value archivesand the process tags they contain. The size of each process value archivedepends on the measurement with the fastest acquisition cycle. Cycle acquisitionshould be performed uniformly within a process value archive.

It is therefore advisable to always store process tags with the same acquisitioncycle (e.g. 500 ms, 1 s, 10 s, 1 min) together in one process value archive. As aresult, a separate process value archive is configured for each acquisition cycle.

Archiving cycles are specified in the process object view.

The specification documents (process tag list, design specification, etc.) containdefinitions for the following process value archive parameters, for example:

Classification of messages which have a bearing on quality and those which donotType of acquisition, cyclic, cyclic-continuous, upon change, etc.Cycle timeType of value (instantaneous value, average value, maximum value, etc.)

See alsoSystem manual "WinCC: Working with WinCC", chapter 6 "Archiving processvalues", Online support under Entry ID 102754925Manual "PCS 7 Compendium Part A", chapter 9.4.1 "Archiving – Introduction"Online support under Entry ID 107196780

6.11.3 Archiving batch dataBatch data is stored in XML format in SIMATIC BATCH for long-term archiving.You can choose from several formats. A PDF report can be created regardless ofthe format.

When specifying the archive path, it should be ensured that the batch data isstored in a directory "protected" by Windows security mechanisms or in a databaseand is therefore only accessible to authorized persons or systems.



6.11.4 Long-term archiving on a central archive serverLong-term archiving takes place on a standalone server PC (e.g. ProcessHistorian), which can also be designed redundantly. It does not require aconnection to the plant bus. It is used for the long-term archiving of messages,process values, and reports.

Process values and messages exported from the OS archives as well as OSreports and batch data of SIMATIC BATCH can be displayed in the system later.

Segment data remains available even after it has been copied to the specifiedbackup location. The segment is only deleted if the associated "Time period of allsegments" or "Max. size of all segments" parameter is exceeded for it.

Network securityFor information on accessing from another network segment (Internet/Intranet),refer to Manual "SIMATIC PCS 7 and WinCC Security Concept".

Integration in Lifebeat MonitoringThe integration of the long-term server is the same as described in chapter 6.8.5"Monitoring PCS 7 components" for integration of SIMATIC PCS 7 componentsinto Lifebeat Monitoring. An OPC connection simply needs to be set up, via whichlifebeat monitoring can be performed.

Audit trailChanges to archived data are generally not desired. By default, users only haveread access to the archived data. The long-term server therefore does not supportan audit trail in accordance with 21 CFR Part 11. All events, such as exporting ofdata to external media or failed exports, are nevertheless saved in a log filedirectory with the Process Historian.

See alsoConfiguration manual "PCS 7 Operator Station (V8.1)",Online support under Entry ID 90682677Manual "PCS 7 Engineering Compendium Part A", chapter 9.4 "Archiving",Online support under Entry ID 107196780"Calculation of storage space requirements",Online support under Entry ID 22413908

6.12 Uninterruptible power supply (UPS)UPS systems are necessary so that process and audit trail data, for example, cancontinue to be recorded during power failures. The design of the UPS must beagreed with the system user and specified accordingly. The following items mustbe taken into consideration:

Energy consumption of systems to be suppliedPerformance capability of the UPSDesired duration of the UPS battery backup

The energy consumption of the systems with battery backup determines the size ofthe UPS. A further selection criterion is the priority of the system. Systems withhigher priority are:



Automation system (AS)Archiving serverOperator station (OS) serverOperator station (OS) clientsNetwork components

In each case, it is important to include the systems for data recording in the batterybackup. The system should also record the time of the power failure.

The use of UPS systems is linked to the installation and configuration of software.The following must be taken into account:

Configuration of alarms regarding power failureDetermination of the time frame for shutting down the PCSpecification of the time frame of the UPS battery backup

The process control system must be programmed so that it is brought to a safestate after a specified buffer time in the event of a power failure.

6.12.1 Configuration of a UPSThe following table contains an example of the configuration of an uninterruptiblepower supply for an operator station in a process control system. The same basicprocedure can be used with automation stations.

Case

Action Response

1 Power failure<10 seconds

The process control system computers are supplied bybackup battery power of the UPS. An alarm using adigital input in the process control system documentsthe power failure.

2 Power failure> 20 minutes.Power returns after25 minutes

The process control system computers are supplied bybackup battery power of the UPS. An alarm in theprocess control system documents the power failure andthe shutdown of the process control system after 20minutes. The UPS stops supplying power after a definedhold time to ensure that the process control systemcomputers can restart independently after restoration ofpower.

3 Power failure> 1 hour

The process control system computers are supplied bybackup battery power of the UPS. An alarm in theprocess control system documents the power failure andthe shutdown of the process control system after 20minutes. The UPS stops supplying power after a definedhold time to ensure that the process control systemcomputers can restart independently after restoration ofpower.



6.12.2 UPS configuration via digital inputsIn addition to the standard buffering provided by UPS devices, the option ofmonitoring the power supplies should be used. In this case, the phase is monitoredvia one or several digital inputs. The failure of the energy supply can be registeredvia alarm messages and archived during production in the batch report. Thisguarantees a complete record of the plant problems.

UPS battery backup of load voltageThe automation CPU is supplied with power by the UPS 24 V module both duringvoltage dips and longer power failures. The phase monitoring module monitors thestatus change during a power failure using a digital input that should be designedas a fail-safe input signal. If a power failure occurs, an additional alarm can begenerated to inform the operator of the power failure (alarm message). By loggingit in the message system, this power failure can be used for subsequentinvestigations.

With power failure concepts, safe states can also be implemented immediately orafter a certain delay (for example, equipment phase hold, establishing a safe plantstatus even after power has returned, etc.).



UPS battery backup of power supplyIn addition to phase monitoring, the OS server is also buffered by standard UPS220 V modules. This ensures that the server continues to operate even after apower failure.

UPS buffering informs the operator of the power failure, by means of alarmmessages, for example. Safe states can be introduced by the operator or throughautomated concepts.

The safe shutdown of the OS server can be indicated by PCS 7 alarm messagesand initiated if the power does not return within a specified time. This functionalityincreases the system availability after power restoration.

6.12.3 MASTERGUARD UPS systemsAll MASTERGUARD UPS systems belong to the "online UPS" category. Theysupply an output voltage free of interference voltage, electromagnetic interference,frequency variations, and voltage distortion. More detailed information on thedifferent MASTERGUARD ranges can be found in the SIMATIC PCS 7 catalog.

Support for Verification


7 Support for Verification

The following graphic shows an example of a lifecycle approach. After creation ofthe system, it must be tested. GAMP5 calls this phase the "Verification". The aim ofverification is documented proof from testing (e.g. FAT, SAT) to ensure that thesystem meets specified requirements (URS, FS). The terms "validation" and"qualification" are not replaced by this but rather supplemented. The areas coveredby tests performed by the supplier and suitably documented can be used for thevalidation activities of the pharmaceuticals company.

Various standard functionalities of SIMATIC PCS 7 can be used as support forsuch verification.

7.1 Test planningIn defining a project life cycle, various test phases are specified. Therefore, basicactivities are defined at a very early stage of the project and fleshed out in detailduring the subsequent specification phases.

The following details are defined at the outset of the project:Parties responsible for planning and performing tests and approving theirresultsScope of tests in relation to the individual test phasesTest environment (test design, simulation)



NoteThe work involved in testing should reflect not only the results of the risk analysis,but also the complexity of the component to be tested.A suitable test environment and time, as well as appropriate test documentation,can help to ensure that only very few tests need to be repeated, or even none atall.

The individual tests are planned in detail at the same time as the systemspecifications (FS, DS) are compiled. The following are defined:

Procedures for the individual testsTest methods, e.g. structural (code review) or functional (black box test)

7.2 Verification of hardwareTests are performed to verify whether the installed components and the overallsystem design meet the requirements of the Design Specification. This coverssuch aspects as component designations, firmware/product version, location,server and clients used, interfaces, etc.

NotePrintouts and screenshots can each be used as evidence. Use of the SIMATICManagement Console proves useful here.A visual inspection of the hardware can also be performed.

Verification of field devicesField devices are specified and tested by means of the following information, forexample:

Identification of manufacturer and typeOrder numberFunction / installation locationProcess tag name / measuring range / unit of measureConnection typeAddress number

NoteThe Asset Management from SIMATIC PCS 7 can offer support here.



Verification of the automation hardwareAutomation stations are specified and tested by means of the following information,for example:

Identification of manufacturer and typeOrder numberNumber of racksVerification of the hardware components used (CPU, CP, etc.)Number of distributed I/O stationsInterfaces to third-party systemsAddress number

NoteHW Config printouts and those with SIMATIC Management Console support therelevant documentation.The control cabinet documentation must also comply with HW Config.

Verification of the network structureThe information below is an example of the data which should be specified andtested for verification of the network structure:

Name of station, PC, AS, clients, etc.Communication module, type of connection, and communication partner(Ethernet, PROFIBUS, serial, etc.)MAC address (when using the ISO protocol on the plant bus)TCP/IP address and subnet mask (when using clients)PROFIBUS addresses

NoteThe SIMATIC NetPro configuration can be printed out.

Verification of the employed PC hardwareThe information below is an example of the data which should be specified andtested for verification of the PC hardware:

Manufacturer/type designation/essential componentsAdditionally installed hardware components (additional network adapter,printer, etc.)Verification of the configured network addresses, screen resolution, etc.

NoteUtilities can read detailed information about the configuration of the computer andprint it as a documented proof. SIMATIC Management Console can be used toperform this from a central point across the entire plant.



7.3 Verification of software

7.3.1 Software categorization according to GAMP GuideAccording to the GAMP5 Guide, the software components of a system areassigned to one of four software categories for the purpose of validating automatedsystems.

In terms of a PCS 7 system, this means that the individual components requiredifferent amount of effort for specification and testing depending on their softwarecategory.

Category 1: Infrastructure softwareScope of the testing:- Check and document the version number- Check and document the correct installation

AS-OS Engineering Basic installation including editors (CFC, SFC,Graphics Designer, Faceplate Designer, etc.)

Import/Export Assistant Check / read installation

PCS 7 Library Check / read installation

Version Cross Manager Check / read installation

PCS 7 Faceplates Check / read installation

WinCC Basic System Check / read installation

BATCH Base Check / read installation

BATCH ROP Library Check / read installation

Route Control Base Check / read installation

Category 3: Non-configured productsScope of the testing:- Check and document the version number- Check and document the correct installation- Function test

Batch Server Redundancy Set up redundancy and check functionality

WinCC redundancy Set up redundancy and check functionality

Web Server Set up and check Web connection

Lifebeat monitoring Function test

Time synchronization(Time master, SICLOCK)

Set up time synchronization andcheck functionality

SIMATIC PDM Basic Software Documentation of the configuration, testfield components in IQ/LoopCheck

SIMATIC Logon Test in the context of access control and userpermissions, user management

SIMATIC Management Console Documentation of configuration, test access tomanaged computers



Category 4: Configured productsScope of the testing:

- Check and document the version number- Check and document the correct installation and configuration- Risk-based test for proof of correct operation in the test environment and within the

business processes

Function block diagrams CFC templates (process tag types), CFC instances,FBD (function block diagram), LAD (ladder diagram)

SFCs SFC Type / SFC Instances

Graphics Designer, Alarm and TrendControl

Graphics, faceplates, trend pictures, etc.

SIMATIC BATCH Engineering Create and test recipes, unit recipes,equipment modules, etc.

Process Historian Set up archiving

Route Control Engineering Configuring and testing routes

OPC Server/Client, Open PCS 7 Configure interface and test data therein

Category 5: Customer-specific applicationsScope of the testing:

- Check and document the version number- Planning and releasing the design- Check and document the correct installation, the functions of the source code- Risk-based test for proof of correct operation in the test environment and within the

business processes

Create blocks STL (statement list)

WinCC scripts VB and C scripts

BATCH API Interface Applicative interface to SIMATIC BATCH

While a PCS 7 system configured customer-specifically as a whole would usuallyhave to be assigned to category 4 or sometimes even 5, the individual standardcomponents to be installed (without configuration) should be treated in the sameway as category 3 or 1.

The configuration part based on installed products, libraries, function blocks etc.then corresponds to category 4.

If "free code" is also programmed, this corresponds to category 5.

Procedure for functions of category 5Provision must be made to expend more effort for specification and testing:

1. Creation of a functional description for the software2. Specification of the function blocks used3. Specification of the inputs and outputs used4. Specification of the operator control and monitoring capability5. Creation of software in accordance with specifications and programming

guidelines6. Testing of the structure for compliance with programming guidelines7. Testing of the function for compliance with the functional description8. Approval prior to use and/or duplication



Verification of software productsDuring verification of the "Standard software products" in use, checks are made toverify whether or not the installed software meets the requirements of thespecifications. These are usually products that are not specifically designed for acustomer and which are freely available on the market, for example:

Operating systemSIMATIC PCS 7 software packages (OS Server/Client, Engineering System,etc.)SIMATIC options such as SIMATIC BATCH, SIMATIC Route Control, etc.Standard librariesThird-party software such as Acrobat Reader, MS Office (Word, Excel), etc.

Operating system and other software packagesThe installed software can be verified by means of operating system functions. Theinformation can be found in the Control Panel > Add/Remove Programs. Allinstalled software components are displayed there.

Installed SIMATIC softwareInstalled SIMATIC software can be verified using the "Installed SIMATIC software"software tool. The tool provides information about the SIMATIC software currentlyinstalled on the computer; the listing can also be printed or exported.

By using the SIMATIC Management Console, the installed software of all managedcomputers can be centrally recorded. The work involved in creating suchdocumentation is therefore significantly reduced.



SIMATIC software licensesThe SIMATIC "Automation License Manager" tool provides information on thelicenses currently installed on the PC. For this, the partition of the PC on which thelicenses are installed must be selected in the Automation License Manager. Theavailable system licenses are then shown on the right side of the window.

The SMMC also enables central access to the licenses of the managed computers.

SIMATIC PCS 7 installation logWhen SIMATIC PCS 7 is installed, the current status of the installed systemprograms is saved in the "citamis.str" file. Retro-installations are also documented.Depending on the operating system installed, this file is located in either the"WINNT" or the "WINDOWS" folder.



7.3.2 Verification of the application softwareDuring verification of the application software, checks are made to verify whetheror not the created software meets the requirements of the specifications (FS/DS).You need to consult with the user to agree upon and create the test descriptions(for example for FAT/SAT). These descriptions must take into account thecomplexity of the software and the design specifications.

The aspects listed below are usually tested; therefore this list can be used as areference for qualification:

Check the name of the application softwareCheck the plant hierarchy (plant, unit, technical equipment, individual controlelement, etc.)Software module test (typical test)Check the communication with other nodes (third-party controllers, MESsystems, etc.)Check all inputs and outputsCheck all control modules (individual control level)Check all equipment phases and equipment operations (technical functions)Check the relationships between operating modes (MANUAL/AUTOMATICswitchovers, interlocks, start, running, stopped, aborting, completed, etc.)Check the process tag namesCheck the visualization structure (P&ID representation)Check the operator control policies (access control, group permissions, userpermissions)Check the archiving concepts (short-term archives, long-term archives)Check the message conceptCheck the trends, curvesCheck the time synchronization

NoteIf other blocks are needed in addition to the PCS 7 standard libraries in order toconfigure specific processes or functions, the block libraries (FB, FC, DB) of thePCS 7 Add-on catalog should be used if possible.If blocks created by the user are to be employed, significantly more work will berequired in terms of specification, creation, and verification; this fact should betaken into consideration.

The process object view can be used for testing revisions for verification purposes.The software versions can also be modified there (see figure).



Analyzing the CPU loadAsset management can be used to analyze and document CPU utilization.

CPU connection utilizationAsset management can also be used to analyze and document CPU connectionutilization. This can prove particularly relevant, for example, if certain reserveshave been agreed with the customer.



DOCPRODOCPRO is a tool for creating and managing plant documentation. DOCPROenables the structuring of project data, the editing in form of circuit manuals andthe printout in a uniform print layout.

As default, footers are available that comply with DIN 6771. The layout canhowever be adjusted to the requirements in the wide range.

7.3.3 Simulation for test modeSIMATIC PCS 7 enables the input and output variables of various blocks to besimulated. The simulation is important for test purposes, for example in the contextof the FAT, because it allows the project engineer to influence digital and analoginputs and outputs in such a way that complex functions (e.g. temperature control)can be represented and checked.

Enabling simulationSimulation for test purposes can be enabled at the channel input or channel outputdriver blocks.

Using the example of a valve, simulation is enabled at the SimOn inputs, and theinput can be simulated at the SIMPV_In input.

Disabling simulationEnabled simulations should be documented in accordance with good practice.After conclusion of the test, all simulations must be deactivated before the plantoperation is enabled.

NoteWhere possible, central software switches, which are interconnected with all inputdrivers, can be configured for specific units to enable/disable simulation. Oncompletion of the tests, this central switch can be deleted or disabled, thusswitching simulation off from a central location.

Forcing variablesIn SIMATIC Manager, one can compile inputs and outputs using a variable tableand specify a value using the menu (Variable -> Force). It is also important here todeactivate the forcing again for ALL variables once the test has been performed.



SIMIT simulation softwareSIMIT enables a software test to be performed via a simulation platform, withoutthe need for the actual field devices. SIMIT simulates field devices and facilitatesversatile use of simple signal tests at the touch of a button, through to complexfunction tests (such as temperature control).

Used in conjunction with the S7 PLCSIM PLC or SIMIT Virtual Controller (VC)simulation software, which emulates the CPU of an automation system, it enablessoftware tests to be performed without an automation station or field devices andcan be used by the software provider to perform the Factory Acceptance Test(FAT), for example.

Use of SIMIT:I/O simulationProcess simulationVirtual acceptance tests and commissioning supportOperator training

NoteSIMIT is ideally suited for use on a test or simulation system. Almost all design-specific and functional errors can be detected early and remedied before theactual commissioning. In production, changes requiring validation can besimulated and tested beforehand, for example.

See alsoConfiguration-manual "SIMIT (V8.1)", Online support under Entry ID 93842565Configuration manual "SIMIT Virtual Controller", Entry ID 107196877

SIMBA simulation hardwareIn connection with SIMIT software, SIMBA simulation hardware enables a softwaretest without requiring field devices. SIMBA basically provides a hardware interfacefor SIMIT.

SIMBA features PROFIBUS and PROFINET interfaces, which are connected to theAS in a similar way to PROFIBUS or PROFINET and simulate the hardware. Theadvantage here is that the real hardware interface of the AS is directly addressed,which makes the test more realistic. This increases the probably of discoveringerrors prior to commissioning and therefore reducing them.

7.4 Configuration control

7.4.1 Versioning of projects with Version TrailSIMATIC PCS 7 Version Trail can be used to save and archive multiprojects, singleprojects, and project-specific libraries with a unique version ID. This is performed inaccordance with the PCS 7 archiving procedure. Project-specific libraries are alsobacked up when a multiproject is archived and thus remain associated with thecorresponding multiproject.



SIMATIC PCS 7 Version Trail ensures continuous incrementing of the versionaccording to validation factors. A completed version can no longer be changed.However, any archived version can be reloaded in the system using Version Trailor in SIMATIC Manager.

Since GMP requirements demand that SIMATIC Logon be used, all relevantactions are saved with details of the logged-on user.

InstructionsBefore a multiproject is archived, a check must be performed to ensure that noprojects or libraries belonging to the multiproject have been removed. This isbecause only projects and libraries contained in the multiproject at the time ofarchiving will actually be archived.The projects to be archived must not be open in the SIMATIC Manager.In a validated plant, previous project versions can be read back (retrieved) only inexceptional cases and after joint planning with the plant operator.

See alsoConfiguration Manual "PCS 7 Engineering System (V8.1)" chapter 14.5.3Online support under Entry ID 90663380Online help of SIMATIC PCS 7, topic "Version Trail"

NoteThe project structure is only adopted once when an archive is created.Subsequent changes in the actual project will not be adopted by Version Trail andmust be handled manually.The representation in Version Trail does not affect the actual archiving. However,automatic archiving operations can only be created from the visible elements.

Automatic archiving following downloadAs of PCS 7 V8.1, the "Archive project after successful download" function isavailable. In doing so, when using SIMATIC Version Trail, once the project hasbeen successfully downloaded, a project backup is made of the downloadedsoftware version.



Automatic archiving in a time-controlled mannerIn PCS 7 V8.0 and higher, Version Trail also allows automatic archiving andversioning of multiprojects, projects, and libraries at defined times, including time-controlled readback of block parameters. The Windows Task Manager initiates theexecution of the respective jobs.

For this it is necessary to select "Create archiving job..." in the shortcut menu of thedesired object (multiproject, project, library).

Only one single archiving job can be created for each object! If an archiving jobalready exists for an object, this procedure can also be used to modify it.

In the displayed dialog window, click the "Create/edit archiving job" button to openthe Windows Task Manager. Here, you can modify the parameters and initiateexecution of the created jobs.

In Windows Task Manager, double-click the relevant job in the "Simatic VT" folderto select it. This opens its properties.



The appropriate settings must be made on the "General" and "Triggers" tabs. In sodoing, special attention must be paid to the security options for the user account onthe "General" tab. At this point it can be specified whether or not the user has to belogged on for the archiving to run and the privileges with which archiving will berun. The user under which the archiving was run then also appears in the versiontable in Version Trail.

NoteDescriptive information about the task should be entered in "Description" on the"General" tab. This includes the name of the action, the name of the versionedobject to be archived, the name of the person who created the job, and the datethe job is created/modified.

The archiving job must now be activated in the "Create archiving job" dialogwindow. Here, it can also be specified whether the CPUs will be read back beforethe archiving operation.

A notice appears on the screen 20 seconds before an automatic job is run. It canstill be canceled during this period.

NoteVersion Trail must not be open at the time a job is run, since this will prevent thejob from running.

Automatic readbackThe Windows Task Manager also initiates the automatic readback of onlineparameters if a corresponding readback job exists. This job can be created via theshortcut menu of a CPU.



The same procedure is used to create a readback job as for an archiving job. Theonly difference is in the selection of the readback scope. Here, it is possible toselect between all parameters, parameters that can be controlled and monitored,or marked parameters.

Manual archiving and readbackVersion Trail also offers the option to perform manual archiving and/or readback.To do this, "Archive..." or "Readback..." must be selected in the shortcut menu ofthe desired object.



The respective dialog then opens. When manual archiving is performed, it is alsopossible to specify whether or not the CPUs are to be read back beforehand. Adescriptive comment is helpful.

RetrievingArchived objects (multiprojects, projects, libraries) can be retrieved at any time; seehowever the note at the start of chapter7.4.1 "Versioning of projects with VersionTrail".

The appropriate entry in the version project window of Version Trail must beselected, and the "Retrieve..." item must be selected in the shortcut menu.

DeleteThe procedure used to retrieve archived objects can also be used to delete them.To do so, the "Delete" command must be selected in the shortcut menu of theselected entry. Only the selected entry is deleted.

To delete all entries of a versioned archive, the appropriate element must beselected directly in the tree structure and the "Delete" command must be selectedin the shortcut menu.



Comparing archived projectsThe Version Trail interface enables archived projects to be compared with oneanother or with online versions. Version Trail makes use of the Version CrossManager here, by calling it and displaying any differences, see chapter 7.4.3"Version comparison with Version Cross Manager (VXM)" for more information.

Version historySIMATIC PCS 7 Version Trail manages all actions relating to a versioned project,such as creating, archiving, and deleting versions, in the version history. Theversion history can be called up using the Options > Version Trail menu. Allactions relating to the archiving of projects and deletion of versions are logged. Thefigure below shows the version history, from the creation of versioned project to thearchiving of different versions.

When using SIMATIC PCS 7 Version Trail for continuous archiving, the versionhistory is a good way of documenting different software versions during anautomation system’s life cycle.

All software versions are listed in chronological order, together with their archivingdate and version. This ensures that the latest software version can be copied backin case the application software got lost.

7.4.2 Recipe comparisonThe Comparison of recipe objects in the BatchCC enables a comparison ofvarious versions of master recipes, libraries and formulas.

See alsoOperating Manual "SIMATIC BATCH V8.1 (SP1)", chapter 8.5.9 "Comparingrecipe objects", Online support under Entry ID 106471750



7.4.3 Version comparison with Version Cross Manager (VXM)The Version Cross Manager compares the following objects within projects:

LibraryHardware configurationCFC/SFC engineering data such as charts, types, chart folders, block foldersShared declarationsBlock sequencesS7 programS7 blocksS7 symbolsMessages

The projects to be compared are executed synchronously, i.e. the object trees ofthe corresponding software structures are compared attribute by attribute. Anydifferences detected by the comparison are highlighted in color in a results treeand can be printed in PDF format.

The color display setting can be customized.

NoteThe Version Cross Manager retrieves the archived projects in a temporary folderfor the comparison and then deletes them after the comparison.



Saving or printing differences between projectsThe differences between projects detected by the comparison can be saved in a.csv file or printed out.

The following information is displayed:Additional objects contained in project AAdditional objects contained in project BDifferences between project A and project B

Application examples for the VXMCase 1:The Version Cross Manager can be used to verify that a change has beenimplemented correctly in the context of the change control system, for example. Bycomparing the software version before the change with the current programversion in the CPU of the automation system, the changes in the system areidentified. These changes must match the specified changes.

Case 2:The VXM can be used to demonstrate that an archived software version matchesthe current program version in the CPU of the automation system. Without achange request, deviations between the software backup and the CPU are notpermitted.

For information on operational change control, see chapter 9.2 "Operationalchange control".

7.4.4 Configuration control with "versiondog"The PCS 7 Add-on "versiondog" combines the functionalities of SIMATIC VersionTrail and Version Cross Manager and its scope of functions goes beyond this. Itcan be used as a central tool for data backup, change control and softwareversioning.

Further notes can be found in chapter 3.5.1 "versiondog – Version assignment andconfiguration control" as well as the PCS 7 Add-on catalog.

7.4.5 Write protection for CFCs/SFCs and SFC typesCFC/SFCs and SFC types can be provided with write protection to ensure safeoperation of the plant after commissioning and verification. If the write protection isenabled, the operating and maintenance personnel can only open CFC/SFCs andSFC types and monitor process values online. They cannot perform intentional orunintentional changes to charts and types.

To enable write protection, "Write-protection for charts" can be selected in theproperties of the chart folder for each automation station.



The project staff also has the option of enabling or disabling write protection forindividual charts or SFC types.

The check box for "Write-protection for charts" can be shown here in two differentways.

White background with black check mark:write protection is selected for all charts

Shaded background and gray check mark:at least one chart or SFC type is write-protected.

If the write protection is not enabled for all charts, disabling and enabling writeprotection for the "Charts" folder once enables write protection for all CFC/SFCsand SFC types of each automation station.

If the chart of a CFC/SFC or SFC type is open, you will see the following noticewith write-protected charts:

NoteIn the process object view, changes can then be made even when the chartfolders are read-only.



7.4.6 Block encryption with "S7 Block Privacy"The "S7 Block Privacy" package can be used to encrypt and decrypt functionblocks (FB) and functions (FC). It is not possible to encrypt other blocks, such asorganization blocks (OB), fail-safe blocks, or blocks with "Know-how protection".The encryption occurs directly in the database of a project. All FBs and FCs thathave been encrypted and downloaded to the AS have the status "S7 BlockPrivacy".

InstructionsIn order to process encrypted blocks, the AS CPU 4xx with firmware version V6.0or higher is required."S7 Block Privacy" is a new function of PCS 7 V8.0. For this reason, encryptedblocks cannot be processed with an older version of PCS 7.It is not possible to use S7-PLCSIM with encrypted blocks.

"S7 Block Privacy" provides greater security than the previous Know-Howprotection and should therefore be used preferentially for sensitive areas inparticular.

Procedure

To encrypt blocks, the "Block Privacy" command must be selected in the shortcutmenu of a block folder.



The tree structure of the encryption tool lists all blocks and SCL sources in theproject. The selection marked with a check mark can be encrypted using the"Encrypt Block..." command in the shortcut menu. This opens a dialog whoseinstructions must be followed.

SCL sourcesSCL sources that are contained in the project and whose blocks have beenencrypted should be deleted before transferring the project to third parties. Thisaction can also be performed in the "S7 Block Privacy" application. The "Deletesource" function must be selected in the shortcut menu of the source.

NoteOnce the sources have been deleted and are removed from the tree structure, thesource folder still has to be reorganized. It is the reorganization step that actuallydeletes the sources. Before that, the sources are merely designated for deletionand removed from SIMATIC Manager. However, they are still present at thememory location of the project.

DecryptingThe procedure used to encrypt blocks is also used to decrypt them. However,decryption of blocks requires the correct key and the decompilation information.

Data Backup


8 Data Backup

Periodic data backups are not only necessary to avoid data loss during theconfiguring phase.

They are also necessary during the operation phase to ensure a smooth systemrestoration in the event of data loss or system failure. An emergency plan is alsorequired for this case.

In addition to the backup of the system installation, the configuration data shouldalso be backed up on a regular basis in order to be able to revert back to the lastsaved system configuration in the event of a hardware defect or data loss.

The following data backups should be considered:Backups of system installation, see chapter 8.1Backup of the installation, including all project files (image)following system updates and major project changesas well as periodically, e.g., every 12 monthsChange-driven backup of project data before/after every changePeriodic backup or "recopying" of all archived data every 3 to 5 years, forexample, to ensure the readability of the data.

NoteThe backup of the user software and the backup of the system partition with andwithout SIMATIC PCS 7 should be stored on external media (for example, CD,DVD, network backup).

See alsoChapter 9.4 "System restoration"

8.1 Backup of system installationHard disk images should be used to back up the operating system and the PCS 7installation. These images allow you to restore the original state of PCs.

Which images are advisable?Creation of an image of the operating system installation with all drivers and allsettings for the network, user administration, etc., without SIMATIC PCS 7Creation of an image of the installed PCs with SIMATIC PCS 7Creation of an image of the installed PCs with SIMATIC PCS 7, including allprojects

Data Backup


NoteAn image can only be imported on a PC with identical hardware. For this reason,the hardware configuration of the PC must be suitably documented, for exampleusing SIMATIC Management Console.Images of individual partitions can only be exchanged between image-compatiblePCs because various settings, for example, in the registry differ from PC to PC.

8.2 Data backup for application softwareWe recommend generating regular data backups of project data. In this storageconcept, it might be specified, for example, that the project is backed up followingevery change. The project backup can be performed in various ways.

See alsoManual "PCS 7 Service Support and Diagnostics", chapter 3.2,Online support under Entry ID 90682682

Backing up user software in the engineering systemThe SIMATIC Manager "Archive Project" system function should be used for thispurpose or the "Version Trail" optional package, which includes version-specificarchiving.

With the SIMATIC Version Trail option, the project can be backed up manually or ina time-controlled manner and at the same time the versions can be checked. Anolder version can also be copied back via the interface.

See alsoChapter 7.4.1 "Versioning of projects with Version Trail"

NoteIf data backups are to be created during plant operation, consideration must begiven to whether and, if so, which online parameters must be read back prior togenerating the backup.Parameter changes which are not read back will be lost if the system or project isrestored.

Backing up recipe data in SIMATIC BATCHThe project configuration must be backed up in PCS 7, as must application data inSIMATIC BATCH (libraries, master recipes, materials, user rights, etc.). Thisbackup is created from within the SIMATIC BATCH Control Center.

SIMATIC BATCH supports automatic and time-controlled backup of BATCH projectdata. This includes, for example:

Plant settingsProject settingsLibrariesFormulasMaster recipesMaterials

Data Backup


The backup data can be copied back again using the "Restore" command.

Operation, Maintenance and Servicing


9 Operation, Maintenance and Servicing

9.1 Operation and monitoring

9.1.1 Process visualizationSIMATIC PCS 7 provides extensive process visualization. Individually configureduser interfaces can be created for each application – for reliable process controland optimization of the entire production sequence.

Runtime data can be output by the system based on reports.

9.1.2 Asset ManagementIn the context of process engineering, asset management aims to use appropriatemethods to ensure that a production plant benefits from maximum availability at thelowest possible operating costs. The most efficient strategy is without doubt status-oriented maintenance, which must be based on a status detection procedure that isas continuous as possible. Asset management relies on having access to preciseinformation relating to the current plant status, which can then be used todetermine exactly which maintenance activities need to be carried where and atwhat time.

Implementation in PCS 7The asset management integrated in SIMATIC PCS 7 is used for plantmaintenance. Additional hardware and software tools are not required. Plantoperators and maintenance engineers use the same SIMATIC PCS 7 tools anduser interfaces, along with information which has been filtered and preparedaccording to the field of activity concerned. While the plant operators operate andmonitor the process on the PCS 7 operator station (OS), the maintenance engineeruses the maintenance station (MS) to control the hardware structure of theproduction facility in order to handle the diagnostics and maintenancerequirements.

The various components of a PCS 7 plant can be monitored with the diagnosticand maintenance functions integrated in SIMATIC PCS 7.

PCS 7 Maintenance Station (MS) is available in the following forms:MS BasicMS StandardMS PDM



NoteAs PCS 7 V8.1 is possible in connection with PDM V8.2, use the MaintenanceClient functionalities from each OS Client. A Client Server architecture makes thispossible. In each case, the requirement is that an engineering station is switchedon with a running Asset Service, as this functions as a server for the PDMrequests to the device.The device parameters can be read out and processed via a maintenance client.

For documentation about this, seeFunction Manual "PCS 7 Maintenance Station"Online support under Entry ID 90683051Service Manual "PCS 7 Service Support and Diagnostics"Manual "PCS 7 Help on PDM V8.2", Entry ID 109217860

The maintenance engineer has access to all details of the components anddevices when needed, beginning with an overview display (plant view). Theoverview display uses the standardized symbols to visualize the condition of acomponent itself and also provides collective information on the conditions of alldevices in the lower-level hierarchies.

There are four areas on the top level:HMI area (IPCs, server, clients, ES, PH)Network area (network switches)AS area, which is divided into two subareas

CPU areaIO range (field devices, field distributor, Remote IO)

User range (monitoring of system parts based on configured variables such asoperating hours or switching cycles)

The group status message shows the OK condition or the seriousness of theproblem in traffic light colors.

Maintenance work can be requested directly via the diagnostic faceplate of amonitored component. Furthermore, the status of the work can be specified andmonitored. This is recorded in the form of an operating message and indicated bythe symbols. A work instruction number and a comment can be entered for eachwork request. Service appointments or intervals can also be determined. Once theset interval expires, a system message is automatically created, which indicatesthe service required, such as calibration necessary.

A report can be created and printed out for each component. The creation of logsfor entire device groups can be useful. In this case, it is possible to filter devices bytheir priority. The requirement here is the corresponding identification of devices,which is performed in SIMATIC Manager. Currently it is possible to identify devicesas "important" or "SIF" (safety relevant).



Condition MonitoringIt is often necessary to take into account certain process engineering, chemical,and mechanical conditions in a plant’s maintenance concept. Condition monitoring(e.g. pump operating points, motor bearing monitoring) is generally used in apreventive capacity in this regard, as the user receives an automatic notificationbefore critical conditions are reached.

PCS 7 Asset Management enables user-specific, maintenance-relevant processvariables or parameters to be integrated into the existing diagnostic structure.PCS 7 provides the appropriate interfaces for this: a function block on the AS and afaceplate on the OS.



9.2 Operational change controlAny changes to validated plants must always be planned in consultation with theplant operator, documented, and only executed and tested once they have beenreleased.

The following chapters use examples to describe how to make changes:1. Initiation, description and approval of planned change by plant user2. Check and backup of the current application software version (project data)3. Adjustment of system specification4. Performing the change, including documentation of the performed change

(poss. support using tool comparison)5. Testing the change, including test documentation in suitable form6. Backup of the changed project with new version ID

The effects of the change to other parts of the application and the resulting testsmust be specified based on risk and documented.

It is advisable to categorize various actions and measure the change effort for therisk. In the case of a 1:1 exchange of a hardware component, for example, the riskmust be lower than with different components.

Furthermore, for software updates an assessment may be needed between systemsecurity and conformity with regulations, see also chapter 10.2 "Updating thesystem software".

9.3 Remote maintenanceVarious technical options are available for remote access. Depending on theprogram, to dial in to an external PC station, not only must the user have theappropriate access permission (user name and password), but the Allow remoteaccess authorization must also be enabled. This should however be planned anddocumented within the scope of the entire system, as access must be controlled.

NoteIn a controlled GMP environment, many control systems are configured as closedsystems or "singular solutions". Thorough discussions must be held with the plantoperator before a remote maintenance functionality is set up. Those responsiblefor the plant must give their express consent for each individual connection that isestablished to the system (logon).

See alsoReadme PCS 7 V8.1, chapter 3.4.17; Online support Entry ID 101094704

A practical solution could be to assign the logical access permission, but to onlyestablish a physical connection when necessary, and then only when on-sitemaintenance staff are present.



9.4 System restorationThe procedure described in this chapter should enable the end user to restore thesystem after a disaster.

Disasters are taken to mean the following cases:Damage to the operating system or installed programsDamage to the system configuration data or configuration dataLoss or damage to runtime dataDamage or failure to hardware

The system is restored using the saved data. The backed up data (medium) and allthe materials needed for the restoration (basic system, loading software,documentation) must be saved at the defined point. There must be a DisasterRecovery Plan which must be checked on a regular basis.

Restoring the operating system and installed softwareThe operating system and installed software are restored by loading thecorresponding images (see chapter 8 "Data Backup"). The instructions provided bythe relevant software supplier for the data backup application should be followed.

If a PC with an identical hardware configuration is not available, the installation hasto be run again from scratch. The documentation that contains descriptions of theinstalled software and the updates, upgrades and hot fixes also installed, can beused to qualify the software.

Restoring the application softwareThe process for restoring the application software depends on the kind of backup.

Reading back the data using the software version trailVersion Trail lists all backup statuses with major and minor version and timestamp. To retrieve the data, the corresponding backup status is selected andthe action started using the Retrieve button.Reading back the data from a manually created backupA manually created backup copy can also be used.Retrieving recipesRetrieving archivesThis concerns the following, depending on the system configuration and thescope of the problem: process data, messages, batch data, log files, etc.

Project-specific adaptationsProject-specific project adaptations that are not stored with the project file must berestored.



Backup/restore for the SIMATIC BATCH databaseWhen a data backup of the SIMATIC BATCH database is read, a start batch IDcan be assigned; this prevents batch IDs being assigned more than once.

This dialog box also specifies whether or not the associated log is to be imported.

System Updates and Migration


10 System Updates and Migration

10.1 General procedureIt is essential that system software updates for a validated plant are agreed withthe user or initiated by him. An update such as this represents a system change,which must be planned and executed in accordance with the applicable changeprocedure. Similar to the description in chapter 9.2 "Operational change control",this roughly means the following steps:

Describe the planned changeEffect on functions / plant units / documentation ,for example, including thesystem description of the new and modified functions in the readme file/releasenotes for system updatesEffect on readability and availability of archived dataAssess risksDefine the tests which need to be performed to obtain validated status, basedon the risk assessmentApprove/reject the change (in accordance with defined responsibilities)Update of technical documentationCheck availability of current data backupsMake the change (following plant release)Document the activities performedPerform and document the necessary tests (verification)Perform new data backup, possibly including system image

In considering possible influences on the application, the following may berelevant:

Modules and libraries, classes and instancesProcess images, graphic settings, objects, script-based dynamizationAlarm system and process value logging in function and displayOperator authorizationsInterfacesEffects during downloadSystem performanceDocumentation (specifications)Verification tests to be repeated or performed for the first time

10.2 Updating the system softwareThe system software is updated with an upgrade or service pack. This means itsrange of functions is expanded or improved.

When there is a version change or a software update of the system software, itmay be necessary to migrate or convert data created with the older version, seechapter 10.3 "Migration of application software" for this purpose.

System Updates and Migration


In the case of a larger version change, it is also possible that an upgrade must bemade to an interim version and then to the target version afterwards.

See also"Software update", Online support under Entry ID 39980937"Microsoft security updates", Online support under Entry ID 18490004GAMP5 Guide, Appendix S4 "Patch and update management"

NoteThe SIMATIC Industry Support provides support for software updates and projectmigration at http://support.industry.siemens.com.

10.3 Migration of application softwareDue to growing requirements and upcoming enhancements to existing systems,many plants will be modernized, or at least expanded in the next few years. Forthis reason, the issue of migration, which refers to the transition to a newgeneration of products featuring updated technology, is becoming more and moreimportant for a number of plant operators, particularly in terms of process controlengineering.

Siemens offers optimized migration solutions for the transition to SIMATICPCS 7. This means that both users of previous Siemens control systems and ofthird-party control systems can utilize the benefits of Totally Integrated Automationin their processes, see "Migration to PCS 7" online:http://w3.siemens.com/mcms/process-control-systems/de/simatic-pcs7-migration/Pages/simatic-pcs7-migration.aspx

A customized migration strategy is designed, taking into account the necessaryqualification measures and based on a system analysis, risk analysis, and therelevant general conditions (existing installed base, scheduled plant shutdownperiods, etc.). In so doing, the activities for the system update described in chapter10.1 must also be taken into consideration.

10.4 Validation effort for migrationThe validation effort is decided in consultation with the plant operator. Possible testpoints are the new system functions in the version and the correct installation ofthe software components required for migration.

The migration functionality provided by the system is a product feature, whichdoes not need to be tested in greater detail in the project application.Nevertheless, sample tests should be performed, in particular for criticalfunctions. In this case, the steps are to be considered according to chapter10.1 "General procedure".Manual adjustments which are performed in addition to the automaticmigration, must be planned, documented and tested according to the ChangeControl procedure (see chapter 9.2 "Operational change control") or within thescope of a separate project.

Abbreviations


Abbreviations

Abbreviation DescriptionAdvES Advanced Engineering SystemAS Automation stationCFR Code of Federal Regulations (USA)DCS Distributed control systemDS Design specificationES Engineering StationFAT Factory acceptance testFDA Food and Drug Administration (USA body)FS Functional specificationGAMP Good Automated Manufacturing PracticeGMP Good Manufacturing PracticeHDS Hardware Design SpecificationIEA Import/Export AssistantIQ Installation QualificationOLE Object Linking and EmbeddingOPC OLE for Process ControlOQ Operational QualificationOS Operator StationSAT Site Acceptance TestSSC SIMATIC Security ControlSDS Software Design SpecificationSMDS Software Module Design SpecificationSOP Standard Operating ProcedureURS User Requirements SpecificationUPS Uninterruptible power supplyUTC Universal Time CoordinatedVPN Virtual Private NetworkVXM Version Cross Manager

Index List


Index List

AAccess control........................................... 14, 45Access protection............................................ 41Access rights................................................... 43Add-on ............................................................ 32Advanced Engineering System................. 26, 79Alarm Management......................................... 94Application software........................................ 72Archiving ................................................. 18, 110

Batch data................................................. 112Long-term archiving .................................... 29OS............................................................... 29Process values.......................................... 110

Asset Management ............58, 97, 118, 125, 142Audit................................................................ 19Audit trail............................................. 16, 17, 99

Archiving ................................................... 113PCS 7 OS ................................................. 101SIMATIC BATCH ...................................... 102

Automation License Manager ....................... 123

BBackup .......................................................... 139Batch data....................................................... 17Batch log......................................................... 92Block encryption............................................ 137Block icons...................................................... 75Block protection .............................................. 26Bulk engineering ............................................. 77

CCAS .............................................................. 113Category

Hardware .................................................... 13Software .............................................. 13, 120

CFC .................................................. 25, 65, 135Change control.......................................... 12, 99

Operational ............................................... 145Condition Monitoring ..................................... 144Configuration management....................... 13, 64Configuration Studio ....................................... 25Continuous Function Chart ...................See CFC

DData backup...................................... 18, 34, 139Data security ................................................... 47Disaster recovery .......................................... 146DOCPRO ...................................................... 126

EElectronic record ..................................... 16, 110Electronic signature ................................ 16, 105

PCS 7 ES.................................................. 109SIMATIC BATCH ...................................... 105SIMATIC Logon ........................................ 105

EU GMP Guidelines Annex 11 .......... 10, 16, 105

FFDA 21 CFR Part 11 ................... 10, 16, 99, 105Firewall ............................................................48Foundation Fieldbus ........................................58

GGAMP5.................................................... 10, 120GMP requirements ..........................................13Guidelines .......................................................10

HHardware.........................................................21Hardware category ..........................................13

IImage ...................................................... 34, 146Import/Export Assistant ....................... 26, 65, 77Industrial Ethernet ...........................................56Information security ...................................23, 47Information Server...........................................30Installation .......................................................35Installed software ..........................................122Interfaces.........................................................82ISA-88.01 ..................................................32, 87

KKnow-how protection .....................................135

LLibrary .......................................................25, 52Life cycle model...............................................10Lifebeat Monitoring .................................. 97, 113Load Balancing................................................83

MMaintenance..................................................142Master data library...........................................52Messages

Message class.............................................95Message filter ..............................................96Priority .........................................................95

Migration................................................ 148, 149Multiproject ......................................................50

OOPC...........................................................31, 85OPD................................................................. 33Open PCS 7 ..............................................31, 85Operating system ................................ 24, 35, 45OS Project Editor.............................................61

Index List


PPackage unit ................................................... 63Partition ........................................................... 34Password ........................................................ 15PDM ................................................................ 60Plant hierarchy................................................ 54Printer driver ................................................... 33Process Historian............................................ 30Process pictures ............................................. 81Process tag type ............................................. 73Process value archives ................................. 110PROFIBUS...................................................... 57PROFINET...................................................... 58

RRecipes........................................................... 86Referenced OS station.................................... 51Regulations..................................................... 10Remote maintenance.................................... 145Report ............................................................. 30Report Designer.............................................. 30Restoration ................................................... 146Retrieval.................................................. 19, 130Risk analysis..............................12, 72, 118, 148ROP Library .................................................... 29Route Control............................................ 27, 92

SS7-PLCSIM ..................................................... 27SCALANCE S ................................................. 48Scripts ............................................................. 82Security

Access control............................................. 14Network................................................. 23, 48Settings....................................................... 37

Security Control .............................................. 48Sequential Function Chart .................... See SFCSFC ..............................................25, 54, 65, 135

Type............................................................ 73Visualization................................................ 28

Shared declarations ........................................ 53SICLOCK .................................................. 62, 63SIMATIC BATCH .........28, 86, 89, 105, 112, 140

Audit trail ................................................... 102Recipes....................................................... 86

SIMATIC Logon ...........................24, 39, 83, 105SIMATIC Management Console ..................... 98SIMATIC NET ................................................. 56SIMBA ........................................................... 127SIMIT ...................................................... 27, 127Simulation ............................................... 27, 126SIWAREX ................................................. 23, 57Smart Alarm Hiding......................................... 96

SMMC .............................................................98Software category ...................................13, 120Software modules............................................72Specification .................................................... 20

Application software .................................... 31Hardware .....................................................21HMI.............................................................. 31Operation level ............................................ 27Software ......................................................24Software Design ..........................................32System ........................................................31

Startup behavior ..............................................46System updates.............................................148

TTCiR ................................................................77Test planning.................................................117Thin Client .......................................................84Third-party components...................................19Time synchronization................................. 19, 62Type/instance concept......................... 14, 73, 79Typicals ...........................................................72

UUPS...............................................................113User ID ............................................................15User management............................... 14, 24, 35User rights .................................................41, 44

VValidation Manual ............................................11Verification.....................................................117

Application software ..................................124Hardware ...................................................118Software ............................................ 120, 122

Version assignment.........................................32Version Cross Manager................... 26, 100, 134Version Trail .................................... 26, 127, 140versiondog............................................... 32, 135Versioning .................................................26, 65

Configuration elements................................64Images.........................................................69Scripts .........................................................70Software elements.......................................64

Virtualization....................................................84Virus scanner ..................................................33Visualization ..................................................142VPN ................................................................. 49VXM........................ See Version Cross Manager

WWeb Client.................................................28, 82

♦♦♦⟩←∂≡″≡±←⟩…°″ñ♠↔°″↔∂°±

⊂♠∝≡…↔ ↔° …•±÷≡ ♦∂↔•°♠↔ ↓↑∂°↑ ±°↔∂…≡⟩

⇒∨∫⇒⇒

ϖ ⊂∂≡″≡±← ⇒¬

⊂∂≡″≡±← ⇒¬

∉↑°…≡←← √±≈♠←↔↑∂≡← ±≈ ⇔↑∂♥≡←

∉•↑″…≡♠↔∂…≥ ±≈ ∂≠≡

⊂…∂≡±…≡ √±≈♠←↔↑ƒ

↑≥←↑♠•≡

¬∨⊆⇒∇∅ ⊂∂≡″≡±←

∉•↑″ √±≈♠←↔↑ƒ

∧♠↑↔•≡↑ ∂±≠°↑″↔∂°±

∨∫∂≥∑

↓•↑″⇓←∂≡″≡±←⟩…°″

√±↔≡↑±≡↔∑

♦♦♦⟩←∂≡″≡±←⟩…°″ñ↓•↑″

Documents

· · 2016-07-07Proper use of Siemens products ... servicing and maintenance personnel who use the automation and process control technology in ... the use of the hardware and