Académique Documents
Professionnel Documents
Culture Documents
Edition 09/2012
09/2012
A5E31420596-AA
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and main-
tenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and soft-
ware described. Since variance cannot be precluded entirely, we cannot guarantee full consistency.
However, the information in this publication is reviewed regularly and any necessary corrections are
included in subsequent editions.
Target groups
This manual is intended for all plant operators, those responsible for industry-specific system con-
cepts, project managers and programmers, servicing and maintenance personnel who use the
automation and process control technology in the GMP environment.
Disclaimer
This manual is a guide for system users and project engineers for integrating SIMATIC WinCC in
the GMP environment, with regard to validation, also taking into account the specific requirements
of international regulatory bodies and organizations, such as 21 CFR Part 11.
We have verified that the contents of this document correspond to the hardware and software de-
scribed. However, since deviations cannot be precluded entirely, we cannot guarantee full consis-
tency. The information in this document is checked regularly for system changes or changes to the
regulations of the various organizations and necessary corrections will be included in subsequent
issues. We welcome any suggestions for improvement, which can be directed to the I IA VSS
Pharma in Karlsruhe (Germany).
Additional support
Contact your local Siemens representative and offices if you have any questions about the prod-
ucts mentioned in this manual and do not find the right answers.
Find your contact partner at:
http://www.siemens.com/automation/partner
You can access technical documentation for various SIMATIC products and systems at:
http://www.automation.siemens.com/mcms/industrial-automation-systems-simatic/en/manual-
overview/tech-doc-hmi/Pages/Default.aspx
The online catalog and the online ordering system are available at:
http://mall.automation.siemens.com/
For questions about this manual, please contact I IA VSS Pharma:
Email: pharma@siemens.com
You can find additional information about the products, systems and services from Siemens for the
pharmaceutical industry at http://www.siemens.com/pharma
Training centers
We offer various courses to help you get started with SIMATIC WinCC (TIA Portal). Please contact
your regional training center or the central training center in 90327 Nuremberg, Germany.
Internet: http://www.sitrain.com
Technical support
You can contact the Technical Support for all I IA&DT products using the web form for Support Re-
quest:
http://www.siemens.com/automation/support-request
as well as the Center of Competence for WinCC in Mannheim for the mentioned WinCC Premium
Add-ons at
Email: WinCCAddon.automation@siemens.com
You will find more information about our technical support on the Internet at
http://www.siemens.com/automation/service&support
For example:
FAQs, technical manuals, etc. under Product Support
Examples of applications, performance, etc. under Applications and Tools
GAMP5 approach
The following figure shows the general approach of GAMP5 for the development of computerized
systems. It begins with the planning phase of a project and ends with the start of pharmaceutical
production following completion of the tests and reports.
The lifecycle approach illustrated here is known as the generic model in GAMP5. With this as the
basis, we will introduce several examples of lifecycle models for a variety of "critical" systems with
different stages of specification and verification phases.
Once production has started, the system lifecycle continues until decommissioning.
1.3 Responsibilities
Responsibilities for the activities included in the individual life cycle phases must be defined when
configuring computer systems in a GMP environment and creating relevant specifications. As this
definition is usually laid down specific to a customer and project, and requires a contractual agree-
ment, it is recommended to integrate the definition into the Quality and Project Plan.
See also
GAMP5 Guide, Appendix M6 "Supplier Quality and Project Planning"
Note
This chapter describes the general requirements for computerized systems. How to meet these
requirements with a specific system is dealt with starting at chapter 3.
Hardware categorization
According to the GAMP Guide, hardware components of a system fall into two categories "standard
hardware components" (category 1) and "custom built hardware components" (category 2).
Software categorization
According to the GAMP Guide, the software components of a system are divided into various soft-
ware categories. These range from commercially available and preconfigured "standard" software
products that are only installed to configured software products and customized applications ("pro-
grammed software").
See also
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"
Note
Only authorized persons should be allowed access to PCs or to the computer system. This can be
supported by appropriate measures such as mechanical locking and through the use of hardware
and software for remote access.
User ID
The user ID for a system must be of a minimum length defined by the customer and be unique
within the system.
Password
When defining passwords, a minimum number of characters and the expiry period for the password
should be defined. In general, a password should comprise a combination of characters that meet
the minimum length requirement as well as at least three of the criteria listed below.
Use of uppercase letters
Use of lowercase letters
Use of numerals (0-9)
Use of special characters
The configuration is described in chapter 4.3 "Setting up user administration".
See also
EU GMP Guidelines chapter 4.9 and Annex 11
21 CFR Part 11 "Electronic Records, Electronic Signatures", U.S. FDA
Note
During the production of all drugs and medical devices which enter the U.S. market, the FDA regu-
lations must be met; this also refers to 21 CFR Part 11 with respect to electronic signatures.
See also
GAMP5 Guide, Appendix M2 "Supplier Assessment"
2
"Electronic Records and Electronic Signatures Assessment". Chris Reid & Barbara Mullendore,
PDA 2001
Recommendation
We recommend the use of approved hardware from the current SIMATIC HMI Catalog ST 80 be-
cause it has been verified for compatibility in the test system from Siemens.
Note
The requirements in the hardware layout plan and the designation of hardware components must
be unique.
See also
GAMP5 Guide, Appendix D3 "Configuration and Design"
Note
This software specification serves as an acceptance criterion during subsequent tests (FAT, SAT,
IQ, OQ), see also 8.3 "Verification of software".
The SIMATIC WinCC (TIA Portal) software consists of engineering and runtime components (Run-
time) for HMI devices of varying sizes. The corresponding runtime components run on their corre-
sponding hardware. This is configured and programmed in the engineering interface.
The technical functions for WinCC Professional and WinCC Comfort/Advanced are described
separately in chapter 6 of this manual since the functions and applications to control on-site equip-
ment (panels) are in some cases significantly different from those in a SCADA environment (Su-
pervisory Control and Data Acquisition).
WinCC Advanced
component
WinCC Comfort
WinCC Basic
The respective engineering system contains all the basic functions for engineering the HMI de-
vices. The Project Navigator is the central component from which all devices belonging to the pro-
ject are managed. The editors to configure the various functions in each HMI device are opened in
the project navigator. Copy functions ease the adoption of configured data into other HMI devices.
Tag management
In the TIA Portal, automation systems and HMI devices are created in a project. Inputs and outputs
are maintained in a separate tag table for each controller (PLC). The HMI devices receive a proc-
ess driver connection by which external HMI tags are linked to the PLC tags in the PLC tag tables.
Tag management is done exclusively in the PLC. Corrections are transmitted into the project data
of the HMI devices after compilation. This ensures that consistency of the tags is maintained
throughout the project.
Libraries
The Project Library serves as a deposit of the configured data. Configured WinCC objects like
complete graphics, graphic elements, control objects, variables, messages and lots more can be
saved in the project library and used several times in the HMI devices. A cross-project data storage
is given by the Global Library.
Alarms
Many alarms occur in a plant. These are all of varying importance. To guide the user, even in criti-
cal situations, the alarms of the project are arranged in alarm classes. These and a concept for
alarm acknowledgment should be defined at the beginning of the project with the plant manager.
Note
With the functionality display suppression in the WinCC RT Professional runtime software, the
display of selected alarms can be suppressed, e.g. in the startup phases. The alarms are still re-
corded in the WinCC alarm log. For additional information please see the TIA Portal Information
System.
Use of this functionality is the responsibility of the system operator and should therefore be coor-
dinated with him.
Archives
In a regulated environment relevant production and quality data must be kept sometimes for 5, 10
or more years. This data must be defined, stored safely and placed in external archives according
to data volume or time period. A process should be implemented to define the corresponding data
and archive components. See also chapters 3.3.4 "Data archiving" and 6.7 Electronic recording
and archiving of data or 7.7 Electronic recording and archiving of data.
The WinCC RT Professional runtime software can also archive process values in compressed form
in compressed archives.
Recipes
A system should be developed to structure the recipes if recipe data or equipment data records are
required for ongoing operation. The individual recipe elements can be freely defined for each rec-
ipe. A variety of data sets can be stored for a recipe. The number depends on the selected HMI
device.
Audit trail
Operational input and changes to GMP-relevant data must be documented with time stamp, user
ID, old value and new value in the form of an audit trail. This can be configured according to the re-
spective values and is stored in the alarm history (WinCC RT Professional).
The audit option fulfills the required functionality of an audit trail, see chapter 5.1.5 "GMP project
setting in the Audit option" especially for panels and runtime software WinCC RT Advanced.
Note
Categorization even makes sense in the specification phase to facilitate the overview and review
of GMP-relevant inputs, values and changes in plant operation. The plant operator should be able
to name the GMP-critical values and define them in advance.
Batch-oriented archiving
The WinCC Premium Add-on PM-QUALITY is available For batch-based acquisition and archiving
of production data such as process values and alarms, see chapter 6.7.3 "Archiving batch data
with PM-QUALITY" and chapter 7.7.3 Archiving batch data with PM-QUALITY.
Batch-based reporting
The WinCC Premium Add-on PM-QUALITY is available for a batch-based reporting of the recorded
data, see chapter 6.8.2 "Batch-based reporting with PM-QUALITY" and chapter 7.8.2 Batch-based
reporting with PM-QUALITY.
See also
GAMP5 Guide, Appendix D3 "Configuration and Design"
The overall Design Specification can be devided, for example, as follows:
To achieve a cost-effective solution for both simple and more complex tasks, PM-CONTROL is
available in the "Compact", "Standard" and "Professional" variants.
The use of SIMATIC Logon as a central user administration can be enabled in the PM-CONTROL.
WinCC WebNavigator
Remote access to the WinCC project data is set up with the WinCC Web Navigator in combination
with the WinCC RT Professional runtime software. To view the process screens, users with the
necessary rights must authenticate themselves using their password. The details are checked by
SIMATIC Logon. Operation of the process screens is subject to access control, which is defined in
the WinCC project user administration.
See also
Online Support ID 49516052 "Documenting operator actions via the WebNavigator"
WinCC DataMonitor
WinCC Data Monitor is a dedicated display and analysis system for process data from WinCC and
data from the WinCC long-term archive server. WinCC DataMonitor provides a number of analysis
tools for interactive data display and analysis of current process values and historical data:
Excel workbooks
Published reports
Trends and alarms
Process screens
Web center
Note
The created images are used to restore the installed system, but not to secure online data.
Engineering software
SIMATIC WinCC (TIA Portal) engineering software is the common engineering interface for PLC
programming and visualization. It is staggered according to the performance range the HMI de-
vices:
WinCC Comfort for all panels
WinCC Advanced in addition to panels also for single-station PC systems
WinCC Professional also for multiple-station systems with server-client structure
Note
The engineering system provides updates for the operating system if the MS Windows CE version
installed on the panel does not correspond to the version level of the project data. For additional
information, refer to the TIA Portal Information System > Operating system update.
Panel PCs are available in various levels of configuration with the operating system installed. The
hardware and operating system requirements of the SIMATIC HMI software must be considered
when using standard PCs.
Details can be found in the current catalog, ST 80.
Current information on the operating system and installation can be found in the "Installation" sec-
tion of the of the TIA Portal Information System.
Note
The computer name must adhere to the naming convention of the SIMATIC software application.
You should read the information in the respective installation instructions and readme files of the
SIMATIC software to be installed on the computer, e.g. SIMATIC Net.
The computer name may no longer be changed after the WinCC RT Professional software is in-
stalled. This would require a complete re-installation of the runtime software.
Note
WinCC RT Professional is customarily enabled for operation in a domain or workgroup. Domain-
group policies and domain restrictions can hinder the installation. In this case, remove the com-
puter from the domain prior to installation. After the installation, the computer can be returned to
the domain if the group policies and restrictions do not prevent operation of the WinCC software.
Note
If the WinCC computer is incorporated into a different working environment (domain or work-
group), the settings must be re-configured by SIMATIC Security Control.
See also
TIA Portal information system "Installation instructions"
Note
The structure and authorizations of the user groups should be defined in the specification at the
start of the project and implemented in the early engineering phase.
Access authorizations and settings, such as password length, complexity and period of validity can
and should be appropriately configured to increase password security.
All permissions for working with the visualization user interface (faceplates, input boxes, buttons
etc.) must be set up according to the specifications.
Note
For distributed systems (in combination with panels) or single-station systems with WinCC RT
Professional, we recommend the implementation of user administration based on SIMATIC Logon
and MS Windows Administration.
User administration is set up locally for local HMI devices without any network connection. Users
and their user group assignment are then only known locally.
Both Windows user administration options are available here, centralized administration in a do-
main structure or in a workgroup with a central logon server.
See also
Operating system help of MS Windows or the appropriate Windows manual (for setting up
Windows workgroups and the domain)
TIA Portal information system "visualizing processes" (configuring user administration)
SIMATIC HMI, Process Visualization System WinCC V6, Security Concept WinCC, chapter 4
"User and Access Management in WinCC and Integration in Windows Management"
Windows domain
The one-time administration of the groups and users on the domain server enables all computers in
the domain access to group membership.
Note
When using multiple domain servers or when there are redundant servers, the domain structure
ensures that users will still be able to perform operations and/or log on even if one domain server
fails.
Windows workgroup
All user data is created and managed on the server of a workgroup. SIMATIC Logon compares the
logon data with the user administration data on this server and then provides the logon information
to the other computers in the workgroup.
Note
After installing Windows, default parameters are set for the password policy, account lockout pol-
icy and audit policy. These settings must be checked and modified according to the applicable
project requirements.
See also
Chapter 4.5.2 "Blocking the operating system level during ongoing operation"
Note
In case the logon server is unavailable during a network interruption, the local user administration
becomes active instead of the central one. To control the plant and the process safety, a local
user and a local user group with limited operating rights should be created for emergency opera-
tion since.
Note
Events such as a successful and failed logon/logout procedure or password changes are stored in
the EventLog database of SIMATIC Logon as well as in the WinCC alarm system.
See also
Chapter 4.4 "Administration of user rights"
Chapter 6.4.3 in the manual "Safety Concept", Online-Support ID 60119725
The use of SIMATIC Logon is activated in the "Runtime Settings > User Administration".
The base settings of SIMATIC Logon are carried out in the "Configure SIMATIC Logon" dialog box.
The settings are described in the configuration manual SIMATIC Logon and include, for example:
The logon of a "default user" after user logout
Logon server ("working environment")
Automatic logout with SIMATIC Logon
Note
No "auto-logoff" may be activated at the operating system level, otherwise the user interface will
be completely closed.
Furthermore, the activation of a screen saver is in combination with SIMATIC Logon is not al-
lowed.
The password settings, such as password, account lockout and monitoring policy are then defined
in the local user administration of the HMI device, see the following figure.
Note
The defined users and user groups must be made members of the corresponding authorized
SIMATIC user groups.
See also
WinCC Readme file
Chapter 4.3.2 "Security settings in Windows" applies here as well
The user rights are assigned via the WinCC user groups in the project data. Members of the "Op-
erator" group, for example, are then assigned the corresponding rights to operate in the WinCC
user administration.
Note
Access to the operating system level should be reserved exclusively for administrators or technical
service personnel.
The specified project is automatically activated at computer startup if the "Autostart" property is ac-
tivated. The "Allow Cancel during activation" property should not be selected, so that the project
start will not be interrupted.
Those editors which are required ongoing operation are activated in "Runtime Settings > Services".
Other applications that should be started automatically, such as the Premium Add-ons PM-
CONTROL or PM-QUALITY, are added under "Additional Tasks / Applications".
Note
After commissioning, the "Remote Control" property in the Control Panel under "Transfer" should
be disabled so that accidental automatic transfer from the engineering system is prevented.
See also
TIA Portal information system
Note
A button in the user interface is commonly used to deactivate the ongoing operations. This button
can only be actuated with the corresponding authorization, which then provides access to the op-
erating system.
Organizational measures
Planning and assigning the necessary access rights
Supplemented by codes of behavior, such as handling of USB sticks
Work instructions for archiving, retrieval and possibly data migration
See also
Chapter 4.2.2 "Installation of the SIMATIC WinCC RT runtime software"
See also
Manuals of the SCALANCE family
Comprehensive information about "Industrial Security" in the Online Support under
ID 50203404
Online Support ID 22376747 "Protecting an automation cell using Firewall" and the document
attached there
Online Support ID 22056713 "Security with IPsec-secured VPN tunnel and the document at-
tached there
A wizard assists each implementation process and opens the project view at a suitable point.
See also
TIA Portal information system
System manual "TIA Portal", chapter 9.1.2 "Working with objects",
Online Support ID 53385672
Note
Configured objects or groups of objects are created one-time for the particular application and
then tested with the client before they are copied to the configuration or instantiated.
5.2.2 Faceplates
A faceplate consists of a grouping of objects which are tailored to the special requirements of the
plant with respect graphic representation and dynamization. The object properties and events,
which are used to dynamize the faceplate, are individually defined in the faceplate editor. User data
types are recommended for connecting the interface to the process screens.
A faceplate is created as a type in the project library. A copy can be saved in the comprehensive
project global library under types. Thereafter, it is available in other projects as well.
The faceplate is based on the type-instance model. A local instance of the type is created when a
faceplate is included in a process screen. Changes in the type are automatically transferred to all of
its instances. If necessary, a faceplate instance can be disassociated from the type.
Faceplates are created for either the Panels / RT Advanced or RT Professional device family and
can only be used for the corresponding variant.
The options for designing and dynamization are more diverse with RT Professional.
5.2.6 Libraries
The engineering in the TIA Portal is supported by two libraries:
Project library
Global library
The project library is used to store all user-defined WinCC objects such as complete screens, tag
tables, alarms, etc. These user-defined objects are developed in detail, tested and qualified and
are then available as a project standard for repeated use in the project.
The global library is a cross-project library, the contents of which can also be used in other pro-
jects. By default, the global library contains master copies for buttons, control modules, and docu-
ment templates for the project documentation. User-specific global libraries can be set up for cen-
tralized storage of user-defined objects, e.g. from the project library.
Note
The activation of time synchronization is necessary in plants in which GMP is mandatory.
Note
The time on the clients in the domain is synchronized using Microsoft system services.
See also
http://www.siemens-edm.de/Siclock.zeitsynchronisationskonzept.0.html
SIMATIC HMI manual, Process Visualization System WinCC, Security Concept WinCC, chap-
ter 5 "Planning Time Synchronization".
Online Support ID 11377522 "Display format for the date"
5.3.2 Concepts for panels and HMI devices with WinCC RT Advanced
Direct time synchronization in NTP format can be configured between a CPU S7-1200 and panels
that support time synchronization. Here, the time can either be specified by the HMI device (mas-
ter) or by the controller (slave).
See also
TIA Portal information system> Visualize processes > Communicate with controllers > Config-
ure time synchronization
For all other HMI devices and CPUs, the time can be set in either the CPU or in the HMI device.
"Set time-of-day" does not have the same accuracy as the time synchronization, since message
frame and scripting runtimes are incorporated. The time master must be defined within the system.
Set time-of-day
The time is set with area pointers. Area pointers are parameter fields in which reading and writing
communication from the PLC and the HMI device takes place alternately. The PLC and the HMI
device trigger predefined actions when the stored data is evaluated.
The "Date/Time PLC" area pointer is used to transfer the CPU system time to the HMI device. This
is located under global area pointer and can be configured only for the connection to the CPU that
acts as a time master.
The system time of the HMI device is transferred to the CPU via the "Date/Time" area pointer. This
area pointer is configured for each connection to a CPU if the system time of the HMI device is the
time master.
The procedure to configure the area pointers is described in TIA Portal information system.
(Visualizing processes > Communicate with controllers > Device dependency > Communicating
with SIMATIC S7-1200 or SIMATIC S7 300/400 > Data communication > Data communication with
area pointer)
See also
Settings in Windows 7 in the Online Support ID 59203176 to change the system time of the PC
with WinCC RT Advanced V11
HMI alarms
Alarms from the CPU (AS) are displayed in the HMI device and logged. The alarm receives the
time stamp either from the HMI device upon arrival of the alarm (discrete alarms) or from the CPU
directly when it is created (control alarms).
A discrete alarm is detected based on a bit change in the alarm tag. The HMI alarm system assigns
the time stamp of the HMI device. The time stamp has a certain inaccuracy due to the acquisition
cycle, bus delay time and time required for processing the alarm. Alarms present for a time shorter
than the acquisition cycle are lost.
For monitoring the limits of tags in WinCC, an analog alarm is generated in the HMI alarm system if
the defined limits are violated. The assignment of the time stamp is similar that for discrete alarms.
Note
The discrete alarm procedure and limit monitoring are simply configurable alarm procedures for
panels, HMI devices with RT Advanced and single-station systems with RT Professional. In re-
dundant systems or system configurations with multiple operator stations (RT Professional),
chronological signaling is used for synchronized acknowledgment and sending.
For chronological signaling, the SFCs/SFBs Notify, Notify_8P,Alarm, Alarm_S/SQ, Alarm_D/DQ,
Alarm_8/8P in the SIMATIC S7 are used. Refer to the relevant CPU manuals and the block de-
scriptions in the SIMATIC STEP 7 online help for information on restrictions relating to the system
resources for simultaneously pending alarms.
See also
TIA Portal information system > PLC programming > References
(S7-300/400) > Extended instructions > Alarms
TIA Portal Information system > Visualize processes > Basics >
Alarm procedure > Overview alarm procedure
Online Support ID 23730697 "Chronological Signaling (in WinCC)
Archiving
Process values, which are acquired and evaluated in the HMI device receive by default the time
stamp at the time of the acquisition in the visualization system.
Logging cycles are defined for cyclic reading of process values. A time stamp that is assigned
when the process values are acquired, contains the inaccuracy of the configured logging cycle.
Note
The alarm block (AR_SEND) is available in SIMATIC S7-400 for logging cycles of less than
500ms in WinCC RT Professional.
With the alarm block AR_SEND, process values that should receive the time stamp from the CPU
are processed in the form of a message frame in the CPU and then transmitted as raw data to
WinCC RT Professional.
See also
TIA Portal information system > PLC programming > References (S7-300/400) > Alarms >
AR_SEND
Online Support ID 23629327 "Process-driven archiving" (for WinCC)
The specification (URS, FS) of a GMP-compliant plant must describe the way in which time stamp-
ing will be performed. The accuracy necessary for alarm and process value acquisition must be
checked in detail. The methods of time stamping mentioned above can be used alongside each
other. The hardware for the automation and visualization must be selected accordingly.
Note
Chapter 5.5 "Versioning application software" includes examples of how individual software ele-
ments can be versioned.
The change control procedure for a plant already in operation should be discussed in advance
with the owner of the plant, see chapter 9.2 "Operational change control".
See also
GAMP5 Guide,
Appendix M8 "Project Change and Configuration Management"
See also
TIA information system > Introduction to the TIA Portal > User interface and operation > Struc-
ture of the user interface > Overview window
Automatic versioning of the screens is not carried out; the version can be maintained manually in
the file.
Information for versioning, such as version ID, change date and name, can be stored in a static text
field. It is practical to place the text boxes for versioning in a separate screen level that can be
shown or hidden as required. The display of the static text field during the process operation is con-
trolled by the object property display or via the "Visibility" animation.
Note
Change details can be described, for example, in the relevant change request documentation.
Note
It is advisable to maintain a history in the scripts indicating any changes made. The history is en-
tered as comment before the start of the code.
Button
A system function is attached to an event of the button in order to change the values of tags via a
button. A set of system functions is available, which can also create an operator input alarm. How-
ever, the entry of a comment cannot be activated.
See also
TIA Portal information system > ...> Configuring user alarms
See also
Online Support ID 52329908 "Application Example for WinCC V7"
Note
When creating user-specific functions and scripts, the programming guidelines should be defined
in project / department specific instructions (SOP coding standards, naming conventions, style
guide, etc.).
See also
System manual "TIA Portal", chapter "Know-How Protection (page 1997),
Online Support ID 57341024
Note
The generated operator input alarm is a system alarm for which WinCC automatically enters the
old value in parameter block 2 and the new value of parameter block 3. Therefore, we recommend
renaming parameter blocks 2 and 3 accordingly.
The system alarms must be created in the "System alarms" tab in the "HMI alarms" editor before
logon and logout procedures can be accepted in the alarm system. The import dialog opens as
shown below when the tab is initially selected.
For the display of the operator input alarms, the "Alarm view" is placed in the process screen from
the Tools > Controls are by means of drag-and-drop. To ensure that only operator input alarms and
logon / logout procedures are displayed in the "Alarm view", the corresponding filters must be set.
User-defined alarms that are created can be filtered according to the alarm number as well.
Additional filtering according to the alarm numbers 1012400 and 1012401 must be provided to en-
sure that logons via a web connection are also displayed.
The icon in the comment column indicates that a comment is present. This can be displayed with
the corresponding menu icon.
See also
TIA Portal information system > Visualize processes> Working with recipes
Batch reporting can be carried out with PM-QUALITY, see chapter 6.8.2 "Batch-based reporting
with PM-QUALITY".
See also
PM-CONTROL system description at
www.siemens.com/process-management
Chapter 3.5.1 "WinCC Premium Add-ons"
Different solutions can be employed to backup these short-term archives into long-term archives
and store them for the period defined by the customer.
The signature activated property is activated under logging in the runtime settings editor for the
logging of interrupts and process values in a GMP environment. When the data is transferred, an
internal algorithm generates a checksum. This means that subsequent manipulation is detected by
the system and is displayed when a connection is established to a manipulated database.
A second backup path can also be specified as a precautionary measure against long-term archive
server failure.
For export in HTML or XML format, the subsequent manipulation of the data can be prevented
through restrictive rights on the drive (read only) or through automatic conversion to PDF format
using auxiliary tools.
See also
PM-QUALITY system description at
www.siemens.com/process-management
6.8 Reporting
Alarm sequence report Chronological listing of all alarms occurring since the start of WinCC Run-
time
Alarm report Alarms of the current alarm list
Log report Alarms from the alarm log, e.g. audit trail based on operator input alarms
Tag table Tag contents from process value / compressed logs in the form of a table
Tag trend / screen Tag contents from process value / compressed logs in the form of a trend
Recipes Data records of recipes in tabular form
Hardcopy Hardcopy of screen contents
Tag values Current process values at defined time
Note
WinCC reports support the reporting based on continuous archives.
The layouts for reporting are designed according to the requirements of the specification. In addi-
tion to detailed pages of content, a report may also include a front page, rear page, and a header
and footer. There are numerous tools available for the display of the contents. These can be simply
dragged and dropped into the detail area and then configured.
See also
TIA Portal information system > Visualize processes > Working with reports
Print jobs
When reports are printed on a printer, a print job must be defined in which the report name, time,
page area and the printer are specified. Activation of the print job can be time/event driven.
The audit trail entries are shown in the report as follows:
See also
PM-QUALITY system description at
www.siemens.com/process-management
See also
TIA information system > Visualizing processes > Interfaces > OPC
TIA information system > Visualizing processes > Working with alarms > Configuring alarm
logs
See also
TIA information system > Visualizing processes > Interfaces > Runtime API
See also
System manual "TIA Portal" chapter 3.1.2.4 "Installing WebNavigator,
Online Support ID 57341024
Note
The standard functions are used if operator input alarms in the form of audit trail should be gener-
ated with the Web client (see chapter 6.2 "Creating operator input alarms"). The script functions
described there are only supported by the Web client if SIMATIC Logon is installed on the com-
puter.
Note
The installation and licensing of each client for remote access is required on the computer for
viewing process images in which ActiveX controls of the WinCC Premium Add-ons for PM-
CONTROL and PM-QUALITY are integrated.
Remote access is enabled by selecting the "Web access" check box for the user group.
The user authorization between WebNavigator and DataMonitor is controlled with the "Web access
- view only" function. The process screens can be used if this feature is not activated and the
WebNavigator license is recognized. If this function is activated, the process screens can only be
monitored.
Note
This configuration is carried out separately for each user group. This means that authorization for
remote access, start page, language, and user authorization can be defined separately for each
user group.
See also
TIA Portal information system > Visualize processes > Options > Web Navigator > Basics >
WinCCViewerRT
The time configured here for the automatic logout is relevant for the logout behavior of remote ac-
cess. When using the WebViewer, the indicated logout time is sufficient for configuring the
WebViewer (see above). Based on the information configured here, the prompt to confirm Web
logout appears in the Web client one minute prior to the time indicated:
The settings are stored as default in the "WinCCViewerRT.xml" configuration file. The next time the
WebViewer is started, the parameter assignment dialog is not opened. If subsequent parameter
changes are required, the configuration dialog can be re-opened with the key combination Ctrl + Alt
+ P. In case this key combination is unwanted because of security reasons, the XML file can also
be deleted when having appropriate rights; then the configuration dialog will open again with the
next start of the WebViewer.
Logging on and off via the Web are reported in the WinCC alarm system, if the system alarms are
imported. (see also chapter 6.4 "Audit trail")
Operator actions through web access can be identified on the entry for the user. In this case, the
machine name on which the action was performed is preceded by the username.
To access already swapped out data archives, the Archive Connector tool is used to con-
nect/disconnect the archived databases with/from the MS SQL server.
See also
GMP Engineering Manual SIMATIC STEP7,
Siemens AG, I IA VSS Pharma
TIA Portal information system > Visualize processes > Create screens > Dynamic modification
of property animations
Both the process screens and the operator control philosophy must be described in the specifica-
tion (for example URS, FS and P&I) and created accordingly. These should be submitted to the
customer for approval in the form of screenshots.
Once the GMP-relevant property is activated for this tag, an operator input alarm is generated in
the audit trail if the value of the tag is changed (see 7.4 7.4"). The "Comment required" box is acti-
vated for making a comment.
The operator input alarms are displayed as follows in the audit trail:
Configuration-dependent records:
Value change of a GMP-relevant tag
GMP-relevant recipes, see chapter 7.6 "Recipe control"
Operator input alarms based on "NotifyUserAction" system functions
Note
The force function must be deactivated in the GMP environment so that all operator input alarms
are recorded in the audit trail. We recommend evaluating the events Little free space and Little
free space, critical and to configure a reaction in the function list. (e.g. generating a warning
alarm, moving the logs to a network drive)
If no storage space is available, GMP-relevant operator actions are no longer feasible.
See also:
TIA Portal information system >..> System function ArchiveLogFile
"Handling Large Archives" in the Online Support under ID 63042926
See also:
TIA Portal information system >..> System function ArchiveLogFile
The network drive can be protected against unauthorized access with Windows tools (see 4.5.2
"4.5.2") in order to prevent manipulation of the audit trail files.
The Audit Viewer application is used for the display of the audit trail on a PC and is included with
the engineering system product package. The Audit Viewer evaluates the checksums of the entries
and signals any manipulation of the file in a red display or a non-manipulated file in green.
The HmiCheckLogIntegrity.exe application that can be executed within a command prompt is an-
other way to verify checksums in the audit trail files.
See also:
TIA Portal information system> Visualizing processes > Options > Working with audit trail com-
pliant > Using audit trail > Audit trail > Evaluate audit trail with DOS program
The electronic signature requirement is configured either in the tags in the tag table in the GMP
property or with the "NotifyUserAction" system function. "Electronic signature" is selected from the
confirmation category. If an additional comment form is desired, the corresponding check box is se-
lected or the system function for comment required is configured with "yes".
The following actions are recorded in the audit trail for GMP-relevant recipes:
Creating and storing new recipe records
Changing and saving recipe data records
Transferring recipe data records to the PLC or reading from the PLC
Changing the setting online/offline for the synchronization of tag values when using recipe tags
All recipes and records can be displayed in the process screen with the recipe view control. How-
ever, changes to the records are not saved in the audit trail.
The recipe tags with activated "GMP-relevant property" are embedded in a recipe screen for FDA-
compliant tracking of changes to the recipe data records. The recipe view control can be used for
display by deactivating the "Allow editing" property.
See also:
TIA Portal information system > Options> Working with audit GMP compliance > Configure au-
dit functions > Recording recipe changes
TIA Portal information system > Visualize processes > Working with recipes > Viewing and ed-
iting recipes in runtime > Basics of the recipe screen
TIA Portal information system > Performance features > General technical data > Required
storage space for recipes
See also:
www.siemens.com/pm-control
In addition, actions are monitored and recorded in log files or databases in other parts of the sys-
tem:
WinCC reports
Change report at Step7 level for "Download to the PLC" and online parameter changes
SIMATIC Logon Event Log, on the computer with the SIMATIC Logon installation
Event Viewer under Windows computer management only for WinCC RT Advanced
(logon/logoff activities, account management, rights settings for the file system, etc. according
to the corresponding configuration)
All the files mentioned (and others, if required) must be considered in the archiving concept.
A checksum can be generated for each file entry for logging methods "Display system event at ..."
and "Trigger event ..." in combination with CSV and TXT formats. Any manipulation of the logs can
therefore be detected. The checksum is verified when opening the logs in the Audit Viewer applica-
tion, see chapter 7.4 "Audit trail" > View the audit trail.
The size of the log depends on the length of a single entry and the number of entries. It is defined
in number of entries. The size of the memory card must be taken into account here for HMI de-
vices.
See also:
TIA Portal information system > Visualize processes > Working with tags > Logging tags >
Working with data logging
(panels, RT Advanced)
TIA Portal information system > Visualize processes > Working with alarms > Logging alarms >
Configuring of alarm logging (panels, RT Advanced)
The CSV, TXT and RDB formats are available as archive formats. Archiving in RDB format, a pro-
prietary database, provides fast access to data for displaying the data in the controls during run-
time. For further evaluation of the data, the RDB format must be converted into the CSV format us-
ing the copy function. Archives in CSV / TXT format can be evaluated with other tools. The TXT
format is Unicode-compliant and therefore suitable for Asian fonts.
Note
For panels, we recommend logging of tags, alarms and audit trails locally on a memory card and
cyclically transfer the logs to a network drive.
See also:
Chapter 7.7.4 "Connection to a network drive with access control"
TIA Portal information system > ...> System function "Archive log file"
"Handling Large Archives" in the Online Support under ID 63042926
See also:
www.siemens.com/pm-quality
See also:
Online Support under ID 13336639 "Integration into a local network"
Note
The folder where the data is stored by the panel must be secured with Windows utilities since the
CSV and TXT do not offer protection against unauthorized user intervention.
The "Write" permission check box is selected under "Deny" for the user groups "Users" and
"Administrators".
The panel is authorized to store the log files in the directory based on this configuration. All other
users can only read the log files. But it maybe be considered to create a kind of HMI administrator,
who could access the folder with write permission in case of file damage etc.
Note
If the log data is placed in a subfolder of the shared directory, then the security settings for that
folder are sufficient.
The screenshots were taken in the Windows 7 operating system.
7.8 Reporting
The report layout can be designed with a title page, headers and footers, multiple detail pages and
a back page. For the display of process data, a number of objects and controls in the tool range are
available which can be dragged and dropped onto the report pages and then configured.
The scope of the data output can be specified as follows:
Alarms: Alarm buffer or the alarm log output.
A time range from .. to can be specified.
Recipes: Output of a particular recipe per integrated control
For this recipe, either all records, a specific
record or a volume number of data records is printed.
Audit trail: Output of the complete audit trail entries, which were logged on the
HMI device.
Hardcopy: Printout of the current screen content graphics with "PrintScreen" system function
See also:
TIA Portal information system > Visualize processes > Working with
reports > Basics of creating reports
Activation of a printout
The output to the default printer is organized with the "PrintReport" system function. The system
function can be launched either with a button or cyclically in the task scheduler.
Printer drivers for Comfort Panels are available in an options package for printing to PDF / HTML
files as well as the options for PostScript printing and Brother QL-650TD. These drivers can be in-
stalled on the HMI device using the application ProSave. Reports in the file format PDF / HTML can
also be stored on a USB stick or a network drive as an alternative to local storage.
See also:
List of shared printers and printer driver options package with
installation guide, Online Support ID 11376409
TIA Portal information system> Visualizing processes > Performance features > Recom-
mended printers and printing via print server
Setting up a network printer, Online Support ID 18720136
The process values are acquired cyclically or event-driven. At the end of the batch, alarm logs and
the audit trail are moved to a network drive or another drive on the PC and imported by PM-
QUALITY into its own database.
PM-QUALITY Report Editor provides a wide range of design and evaluation options for the presen-
tation of batch data in a report.
See also:
Chapter 6.8.2 "Batch-based reporting with PM-QUALITY"
Chapter 7.7.3 "Archiving batch data with PM-QUALITY"
www.siemens.com/process-management
The control can are integrated, for example, into a diagnostic screen.
See also:
TIA Portal information system > Visualize processes > Creating screens > Display and operat-
ing objects > Objects
7.10 Interfaces
See also:
TIA Portal information system > Visualize processes > Communicate with controllers > Device
dependency > Comfort Panels / PC systems with WinCC RT
Chapter 7.9.1 "Diagnostics of the communication link"
See also:
TIA Portal information system > Interfaces > OPC >
Basics of RT Advanced > Using OPC
See also:
Chapter 6.12.2 "Connection to other components and third-party suppliers"
Various standard functions of the TIA Portal engineering system can be used in support of verifica-
tion / qualification.
Note
The testing effort should reflect both the results of the risk analysis and the complexity of the com-
ponent under test.
A suitable test environment and time, as well as appropriate test documentation, can help to en-
sure that only very few tests need to be repeated, or even none at all.
The individual tests are planned in detail at the same time as the system specifications (FS, DS)
are compiled. The following are defined:
Procedures for the individual tests
Test methods, e.g. structural (code review) or functional (black box test)
The network configuration can be found under Control Panel > Network and Dial-up Connections:
The Automation License Manager program provides information about the licenses installed on
each WinCC computer.
The Automation License Manager program can also provide information about the SIMATIC li-
censes installed on panels. For this purpose, a connection between the panel and the Automation
License Manager needs to be done:
With TIA Portal Engineering System
Via the context menu HMI Device maintenance > Authorize/License
Without TIA Portal Engineering System
In Automation License Manager via the menu Edit > Connect target system > Connect HMI de-
vice
See also:
TIA Portal information system > Edit projects > Edit project data > Print project content
In the print dialog box, the printer, print layout and the extent of the documentation either total or
compact is selected.
See also:
TIA Portal information system > Edit projects > Create and administer projects > Save projects
Note
An image can only be imported on a PC with identical hardware. For this reason, the hardware
configuration of the PC must be adequately documented.
Images of individual partitions can only be exchanged between image-compatible PCs because
various settings, for example in the registry, generally differ from PC to PC.
The effects of the change to other parts of a WinCC application and the resulting tests must be
specified based on risk and documented.
Note
Support for software update and project migration is provided by
SIMATIC Product Support at http://support.automation.siemens.com.
A list of the released Windows updates e.g. for security gaps is published in the product support
under Online-Support at ID 18752994.
A H
Access control 17, 46 Hardware 22
Alarms 27, 62 Hardware category 15
API 87
Application software 69, 95
Archiving 19, 27, 28, 32, 37, 62, 80, 104 I
Audit trail 19, 28, 75, 85, 98, 113 Image 34
Automation License Manager 120 Import 27
Information security 23
B Installation 35
Operating System 35
Backup 20, 34, 126 SIMATIC components 36
Batch report 19, 31, 84, 110 SIMATIC WinCC options 37
Installed software 119
Interfaces 92, 112
C OPC 33
Category Process data 32
Hardware 15 S7 92, 112
Software 15, 118
Change control 125, 127 K
Change procedure 13
Configuration management 16, 63, 125 Know-how protection 74
D L
Data communication 87 Libraries 58
Data security 51 Life cycle model 12
Diagnostics 86, 111
Documentation of project data 122
M
E Maintenance 127
Mandatory comment 72
Electronic records 18 Master copies 56
Electronic signature 18, 78, 101 Migration 54, 132
EU GMP Guide Annex 11 11, 18 Monitoring 86, 111
Export 27
N
F
Network drive 107
Faceplates 57, 96
FDA 21 CFR Part 11 11, 18, 70, 78, 95
O
G Object-oriented configuration 56
Operating system 24, 35, 39, 46, 49, 50
GAMP5 12, 118 Operator input alarms 70, 95
GMP requirements 15 Overview diagrams 69
P T
Partition 34 Test planning 116
Password 17 Third-party components 20
Printer driver 34 Connection 93, 112
Printout 84, 109 Time stamp 62
Process screens 69 Time synchronization 20, 59
Project setup 53 Type/instance concept 16
Types 56
R
U
Recipes 27, 30, 78, 102
Regulations / Guidelines 11 Uninterruptible power supply (UPS) 129
Reporting 29, 83, 109 Updates 131
Restore 128 User administration 17, 38
Retrieving data 20 User data type 57
Risk assessment 13, 116, 131 User ID 17
User interface 69, 95
User rights 45
S
Screen window 57 V
Scripts 58, 67, 72, 73, 97, 98
Security Validation Manual 12
Network 23 Verification 115
SIMATIC Application software 122
Security Control 36 Hardware 116
SIMATIC NET SCALANCE S 51 Software 118
User groups 44 Software product 119
WinCC Premium Add-ons 30 Versioning 125
SIMATIC Logon 25, 38, 40 Application software 64
Software configuration elements 63
Engineering 26 Faceplates 66
Operating level 27 Reports 68
Software category 15, 118 Screens 64
Specification 21 Scripts 67
Application Software 29 Virus scanner 34
Basic software 24
Hardware 22
HMI 30 W
Software design 30 Web access 88
System 29 Data display 91
User administration 25 Remote 89
Startup characteristics 46 User authorization 88
Supplier audit 20 WinCC Add-on 125
PM-CONTROL 30, 79, 104
PM-OPEN IMPORT 32
PM-QUALITY 31, 32, 82, 83, 84, 106, 110
WinCC option
DataMonitor 32, 88
WebNavigator 32, 88
WinCC Option 125
www.siemens.com/automation