GMP Eng-Manual pcs7-v61 en PDF

s
Introduction
Contents
Prerequisites for Configuring
Automated Systems in a GMP 1
Environment
SIMATIC PCS 7 V6.1 Requirements for Automated
Systems in a GMP 2
Environment
GMP - Engineering Manual 3
Specification
Guidelines for Implementation
Guidelines for implementing in a GMP Environment with
automation projects Standard SIMATIC PCS 7 4
in a GMP environment Software
Supporting Functions during
Qualification 5
Additional Hardware /
Software Components 6
Glossary
Index
Edition 12/2006
A5E00362933-03
Safety-Related Notices
Notices that you should observe to ensure your own personal safety and to avoid damage to property
and equipment can be found in the relevant technical manuals. The safety of pharmaceutical products
of prime importance to the pharmacist must be evaluated by the pharmaceutical company itself. This
document provides information on this topic.
Qualified Personnel
Only qualified personnel should be allowed to install and work on this equipment. Qualified persons
are defined as persons who are authorized to commission, to ground, and to tag circuits, equipment,
and systems in accordance with established safety practices and standards.
Trademarks
SIMATIC®, SIMATIC HMI®, SIMATIC IT® and SIMATIC NET® are registered trademarks of
Siemens AG.
Third parties using for their own purposes any other names in this document which refer to trademarks
might infringe upon the rights of the trademark owners.
Copyright © Siemens AG 2006 All rights reserved

The reproduction, transmission or use of this document or its contents is not permitted without
express written authority. Offenders will be liable for damages. All rights, including rights created
by patent grant or registration of a utility model or design, are reserved.
Siemens AG
Automation and Drives Group
Competence Center Pharma (A&D CC P) © Siemens AG 2006
D- 76181 Karlsruhe Technical data subject to change.
Siemens Aktiengesellschaft A5E00362933-03

Introduction
Purpose of the Manual

This manual describes what is required of the system, the software and the
procedures for configuring SIMATIC PCS 7 from a GMP perspective. The
relationship between requirements and implementation is illustrated based on
practical examples.
Intended Audience
The manual is intended for all planners, plant operators, developers of branch-
specific control system concepts, project leaders and configuration engineers,
maintenance and service personnel who implement process control systems in a
GMP environment. It describes approaches to the implementation of automation
solutions with SIMATIC STEP 7 where GMP is mandatory.
Basic Knowledge Required

To understand this manual, you should be familiar with the basics of
SIMATIC PCS 7. Experience of GMP as practiced in the pharmaceutical industry is
an advantage.
Disclaimer
This manual is a guide for system users and configuration engineers that will assist
them in integrating the SIMATIC PCS 7 process control system in a GMP
environment with regard to validation and taking into account the aspects 21 CFR
Part 11.
We have checked the contents of this manual for agreement with the hardware and
software described. Since deviations cannot be precluded entirely, we cannot
guarantee full agreement. The information in this document is checked regularly for
system changes or changes to the regulations of the various organizations and
necessary corrections will be included in subsequent issues. We would be thankful
for any proposed improvements that should be sent to the Competence Center
Chemical, Pharma in Karlsruhe (Germany).
GMP - Engineering Manual

A5E00362933-03 iii
Introduction
Validity of the Manual

The information in this manual is valid for SIMATIC PCS 7 V6.1 incl. SP1. The
components examined are PCS 7-ES, PCS 7-OS, SIMATIC BATCH and the
options Central Archive Server, StoragePlus and SIMATIC IT Historian. Information
relating to the precise compatilbility between the individual components and PCS 7
V6.1 SP1 can be found on the CD-ROM Catalog CA01. The CD-ROM Catalog is
available on the Internet at: www.siemens.com/automation/ca01.
Further Sources of Information

The system documentation of the process control system SIMATIC PCS 7 V6.1 is
an integral part of the SIMATIC PCS 7 system software. It is available to all users
as online help (HTML Help) or as electronic documentation in Acrobat Reader
format (PDF):
• Electronic manuals SIMATIC PCS 7 V6.1 SP1
- The electronic manuals are on the PCS 7 Toolset DVD
Structure of the Guidelines

This manual supplements the existing SIMATIC PCS 7 manuals. The guidelines
are useful not only during configuration, but are also intended to provide an
overview of the requirements for configuration and what is expected of automation
systems in a GMP environment.
Laws and guidelines, recommendations and mandatory specifications that
represent the basis for configuration of automation systems are explained.
All the necessary functions and requirements for hardware and software
components are also described and this should make the selection of components
easier.
Based on examples, the use of hardware and software is explained and how it is
configured or programmed to meet the requirements. More detailed explanations
can be found in the standard documentation.
In the appendix, you will find a Glossary in which all the important terms are
described again briefly and an index of topics.
Conventions
The following conventions are used in this manual.
Activities involving several steps are shown in the form of a table and numbered in
the order in which the activities should be performed.
Activities involving only a few steps are indicated by a bullet (•).
References to other relevant literature are shown in bold italic.

iv A5E00362933-03
Introduction
Further Support
If you have questions on the use of the products described in the manual and
cannot find answers here, please speak to your Siemens contact in your local
office.
You can find addresses of contacts at:
http://www.siemens.com/automation/partner
You will find the guide to the range of technical documentation available for the
individual SIMATIC products and systems at:
http://www.siemens.de/simatic-tech-doku-portal
The online catalog and the online ordering system is available to you at:
http://mall.automation.siemens.com/
If you have questions on the manual, please contact the Competence Center
Pharma:
E-mail: pharma.aud@siemens.com
Fax: +49 721 595 6930
You will find more information on the range offered by Siemens for the
pharmaceutical industry at:
http://www.siemens.com/pharma
Training Center
To familiarize you with the SIMATIC S7 automation system, we offer a range of
courses. Please contact your regional training center or the central training center
in D 90327 Nuremberg, Germany.
Phone: +49 (911) 895-3200.
Internet: http://www.sitrain.com
Technical support
You can contact Technical Support for all A&D products
• using the Web form for a support request
http://www.siemens.de/automation/support-request
• Phone: + 49 180 5050 222
• Fax: + 49 180 5050 223
You will find more detailed information on our technical support on the Internet at
http://www.siemens.de/automation/service

A5E00362933-03 v
Introduction
Service & Support on the Internet

In addition to our documentation services, you can also make use of our know-how
on the Internet.
http://www.siemens.com/automation/service&support
Here, you will find:
• The Newsletter that keeps you constantly up to date with the latest information
on the products you use.
• The documents you need using the search features in Service & Support.
• A forum in which users and specialists worldwide exchange information and
experience.
• Your local contacts for Automation & Drives.
• Information on local service, repairs, and spare parts. If you look in "Services",
you will find much more information on a wide range of topics.

vi A5E00362933-03
Contents
Introduction iii
Contents vii
1 Prerequisites for Configuring Automated Systems in a GMP Environment 1-1

1.1 Life Cycle Model ............................................................................................... 1-2
1.2 Regulations and Guidelines.............................................................................. 1-9
1.3 Responsibilities............................................................................................... 1-11
1.4 Approval Process............................................................................................ 1-12
1.5 Software Categorization of Control Systems.................................................. 1-14
2 Requirements for Automated Systems in a GMP Environment 2-1
2.1 Software Categorization ................................................................................... 2-2
2.1.1 Software Creation ............................................................................................. 2-4
2.1.1.1 Use of Typicals for Programming ..................................................................... 2-4
2.1.1.2 Identification of Software Modules / Typicals ................................................... 2-4
2.1.1.3 Changing Software Modules / Typicals ............................................................ 2-4
2.2 Hardware Categorization .................................................................................. 2-5
2.3 Configuration Management .............................................................................. 2-5
2.3.1 Configuration Identification ............................................................................... 2-6
2.3.2 Configuration Control........................................................................................ 2-6
2.3.2.1 Version Control ................................................................................................. 2-6
2.3.2.2 Change Control................................................................................................. 2-6
2.4 Access Protection and User Management ....................................................... 2-7
2.4.1 Using Access Protection in a System............................................................... 2-7
2.4.2 Requirements for the User ID and Password ................................................... 2-8
2.4.3 Chip Cards and Biometric Systems.................................................................. 2-8
2.5 Electronic Signatures........................................................................................ 2-9
2.5.1 Conventional Electronic Signatures.................................................................. 2-9
2.5.2 Electronic Signatures Based on Biometrics.................................................... 2-10
2.5.3 Security Measures for User IDs/Passwords ................................................... 2-10
2.6 Audit Trail........................................................................................................ 2-11
2.7 Time Synchronization ..................................................................................... 2-11
2.8 Archiving Data ................................................................................................ 2-12
2.9 Data Backup ................................................................................................... 2-12
2.9.1 Application Software ....................................................................................... 2-13
2.9.2 Process Data .................................................................................................. 2-14
2.10 Retrieving Data Backups ................................................................................ 2-14
2.11 Use of Third-Party Components ..................................................................... 2-15

A5E00362933-03 vii
Contents
3 Specification 3-1
3.1 Criteria for Selecting Hardware ........................................................................ 3-2
3.2 Criteria for Selecting Software.......................................................................... 3-3
3.2.1 Basic Software for User Management.............................................................. 3-3
3.2.2 Additional Software - Image & Partition Creator............................................... 3-3
3.2.3 Basic Software for the Engineering System ..................................................... 3-3
3.2.3.1 Process Control Libraries ................................................................................. 3-4
3.2.3.2 Multiproject Engineering ................................................................................... 3-4
3.2.4 Additional Software - Engineering System ....................................................... 3-4
3.2.4.1 Version Cross Checker..................................................................................... 3-4
3.2.4.2 Import/Export Assistant..................................................................................... 3-4
3.2.4.3 Controller Tuning with the PCS 7 PID Tuner.................................................... 3-5
3.2.4.4 Simulation with S7-PLCSIM ............................................................................. 3-5
3.2.5 Basic Software - Operator Station .................................................................... 3-6
3.2.6 Additional Software for an Operator Station ..................................................... 3-6
3.2.7 Basic Software - SIMATIC BATCH................................................................... 3-7
3.2.8 Interfaces to Process Data with OS Software Connectivity Pack................... 3-10
3.2.9 Additional Software for Long-term Archiving .................................................. 3-12
3.2.9.1 Central Archive Server (CAS)......................................................................... 3-12
3.2.9.2 StoragePlus .................................................................................................... 3-12
3.2.9.3 SIMATIC IT Historian...................................................................................... 3-12
3.2.10 Basic Software of Higher-level Systems......................................................... 3-13
3.3 User Requirements Specification ................................................................... 3-14
3.4 Functional Specification.................................................................................. 3-15
3.5 Design Specification ....................................................................................... 3-16
3.5.1 Specification of Automation Hardware ........................................................... 3-16
3.5.2 Specification of Automation Software............................................................. 3-18
4 Guidelines for Implementation in a GMP Environment with Standard SIMATIC
PCS 7 Software 4-1
4.1 Introduction ....................................................................................................... 4-1
4.2 Software Categorization of SIMATIC PCS 7 .................................................... 4-1
4.3 Software Installation ......................................................................................... 4-3
4.3.1 Operating System ............................................................................................. 4-3
4.3.2 SIMATIC PCS 7 Software................................................................................. 4-5
4.4 Installation of Utilities and Drivers .................................................................... 4-8
4.4.1 Printer Drivers................................................................................................... 4-8
4.4.2 Virus Scanners ................................................................................................. 4-8
4.5 Multiproject ....................................................................................................... 4-9
4.5.1 Engineering....................................................................................................... 4-9
4.5.2 Views .............................................................................................................. 4-11
4.6 SIMATIC NET Settings .................................................................................. 4-14
4.6.1 Setting up the OS, OS Client, OPC Server, and SIMATIC BATCH ............... 4-15
4.6.2 Automation System (AS) ................................................................................ 4-15
4.6.3 Engineering Station (ES) ................................................................................ 4-15
4.6.4 Industrial Ethernet........................................................................................... 4-15
4.6.5 PROFIBUS ..................................................................................................... 4-16
4.7 Configuration Management ............................................................................ 4-17
4.7.1 Changes to the System Software ................................................................... 4-18
4.7.1.1 Updates, Service Packs, and Hotfixes ........................................................... 4-18
4.7.1.2 Upgrades (Migration) ...................................................................................... 4-18
4.7.1.3 How to Update System Software.................................................................... 4-19
4.7.2 Versioning the User Software......................................................................... 4-20
4.7.2.1 Initial Creation of the User Software............................................................... 4-20
4.7.2.2 Initial Creation of the OS................................................................................. 4-21
4.7.2.3 Versioning Project Data with "SIMATIC PCS 7 Version Trail" ....................... 4-21

viii A5E00362933-03
Contents
4.7.3 Changing the User Software .......................................................................... 4-22

4.8 Creating Software Modules ............................................................................ 4-23
4.8.1 General ........................................................................................................... 4-23
4.8.2 Example of a Process Tag Type .................................................................... 4-25
4.9 Setting up Process Value Archives ................................................................ 4-27
4.10 Import/Export Assistant (IEA) ......................................................................... 4-31
4.11 Automatic Generation of Block Icons ............................................................. 4-32
4.12 Activating and Deactivating Simulation Software ........................................... 4-34
4.13 OS Project Editor ............................................................................................ 4-35
4.14 Creating Overview Pictures ............................................................................ 4-36
4.15 Integrating SIMATIC BATCH .......................................................................... 4-37
4.15.1 BATCH Definition of Terms ............................................................................ 4-37
4.15.2 Conformity with the ISA-88.01 Standard ........................................................ 4-37
4.15.3 ISA-88.01 - Software Model SIMATIC PCS 7 ................................................ 4-38
4.15.4 Implementation of the ISA-88.01 Concept...................................................... 4-39
4.16 Configuring SIMATIC BATCH ........................................................................ 4-41
4.17 Setting up Access Protection.......................................................................... 4-42
4.17.1 How Access Protection Works under Windows and in PCS 7 Process Mode4-44
4.17.2 Permission Management in Windows ............................................................ 4-45
4.17.3 User Management .......................................................................................... 4-46
4.17.4 Security Settings of Password Policy ............................................................. 4-48
4.17.5 Security Mechanisms for Account Lockout Policies ....................................... 4-49
4.17.6 Security Settings for Audit Policy.................................................................... 4-50
4.17.7 Configuring SIMATIC Logon........................................................................... 4-52
4.18 Disabling the Windows Level in Process Mode (Runtime)............................. 4-62
4.18.1 Disabling on the SIMATIC PCS 7 OS............................................................. 4-62
4.18.2 Lockout by Configuration ................................................................................ 4-63
4.18.3 Security with Configuration Settings in WINDOWS........................................ 4-63
4.19 Audit Trail........................................................................................................ 4-64
4.19.1 PCS 7 OS ....................................................................................................... 4-64
4.19.2 SIMATIC BATCH ............................................................................................ 4-65
4.20 Time Synchronization ..................................................................................... 4-67
4.20.1 Concepts for Time Synchronization................................................................ 4-68
4.20.2 Example of Configuring Time Synchronization over Ethernet (OS Server as
Time Master)................................................................................................... 4-69
4.21 Lifebeat Monitoring ......................................................................................... 4-77
4.21.1 SIMATIC PCS 7.............................................................................................. 4-77
4.21.2 Third-Party Systems ....................................................................................... 4-78
4.22 Use of SIMATIC BATCH Reports................................................................... 4-79
4.23 Backing up the System/User Software ........................................................... 4-80
4.23.1 Backing up the User Software ........................................................................ 4-80
4.23.2 Backing up the Operating System and SIMATIC PCS 7................................ 4-80
4.24 Long-term Archiving........................................................................................ 4-82
4.24.1 Long-term Archiving with the Central Archive Server (CAS).......................... 4-82
4.24.1.1 How It Works .................................................................................................. 4-82
4.24.1.2 Integration in PCS 7........................................................................................ 4-84
4.24.1.3 Access Protection ........................................................................................... 4-87
4.24.1.4 Time Synchronization ..................................................................................... 4-87
4.24.1.5 Network Security............................................................................................. 4-87
4.24.1.6 Integrating the CAS in Lifebeat Monitoring..................................................... 4-88
4.24.1.7 OS Client for Visualizing CAS Data................................................................ 4-88
4.24.1.8 Audit Trail........................................................................................................ 4-88
4.24.1.9 Archiving and Transferring to the CAS ........................................................... 4-89
4.24.1.10 Data Display ................................................................................................... 4-89
4.24.2 Long-term Archiving with StoragePlus ........................................................... 4-90
4.24.2.1 How StoragePlus Works................................................................................. 4-90
4.24.2.2 Software Packages of StoragePlus ................................................................ 4-91

A5E00362933-03 ix
Contents
4.24.2.3 Installation of StoragePlus .............................................................................. 4-91

4.24.2.4 Security and Access Concept......................................................................... 4-92
4.24.2.5 Time Synchronization ..................................................................................... 4-93
4.24.2.6 Network Security............................................................................................. 4-94
4.24.2.7 Audit Trail........................................................................................................ 4-94
4.24.2.8 Configuration of Long-term Archiving ............................................................. 4-95
4.24.2.9 Configuration of the StoragePlus Database ................................................... 4-97
4.24.2.10 Transferring Archive Data (Backup) ............................................................... 4-98
4.24.2.11 Retrieving Data Backups .............................................................................. 4-101
4.24.2.12 Restoring the System ................................................................................... 4-101
4.24.2.13 Data Displays................................................................................................ 4-101
4.24.3 Long-term Archiving with SIMATIC IT Historian........................................... 4-102
4.25 Data Exchange with the Plant Management Level....................................... 4-103
4.26 Uninterruptible Power Supply ....................................................................... 4-104
4.26.1 Configuration of Uninterruptible Power Supplies.......................................... 4-106
4.26.2 UPS Configuration over Digital Inputs .......................................................... 4-108
4.27 Creating SCL, C, VB Scripts......................................................................... 4-110
4.28 SIMATIC PCS 7 Add-Ons............................................................................. 4-111
5 Supporting Functions during Qualification 5-1
5.1 Introduction ....................................................................................................... 5-1
5.2 Qualification of Automation Hardware .............................................................. 5-2
5.3 Qualification of Automation Software ............................................................... 5-5
5.3.1 Qualification of Standard Software ................................................................... 5-5
5.3.2 System Programs from SIMATIC PCS 7.......................................................... 5-7
5.3.3 Installed Authorizations of SIMATIC PCS 7 ..................................................... 5-8
5.3.4 Qualification of the Application Software .......................................................... 5-9
6 Additional Hardware / Software Components 6-1
6.1 Time Synchronization ....................................................................................... 6-1
6.2 Solutions for Special Automation Tasks ........................................................... 6-2
6.3 SIMIT Simulation Software ............................................................................... 6-3
6.4 Using MASTERGUARD UPS Systems ............................................................ 6-4
Glossary Glossary-1
Index Index-1

x A5E00362933-03
1 Prerequisites for Configuring Automated
Systems in a GMP Environment
Before automated systems can be configured in a GMP Environment, approved

specifications such as the user requirements and Functional Specification must
exist. When creating these specifications, requirments stipulated in standards,
recommendations and guidelines must be taken into account. This chapter lists the
most important of these regulations as well as various specifications (URS, FS,
DS).

A5E00362933-03 1-1
Prerequisites for Configuring Automated Systems in a GMP Environment
1.1 Life Cycle Model

Good engineering practice (GEP) means the use and adherence to defined
guidelines in the planning and configuration of systems. GEP includes the entire
life cycle of a system. The schematic below shows the life cycle model of a system.
This manual is oriented on the information contained in the GAMP ® 4 Guide for
Validation of Automated Systems. The procedures stipulated in GAMP ® 4 are
explained and illustrated by practical examples.

1-2 A5E00362933-03
Key to the life cycle model
Abbreviation/Acronym Description
VP Validation Plan1
QP Qualification Plan
QPP Quality and Project Plan
2
URS User Requirements Specification
FS Functional Specification
DS Design Specification (this includes, for example, P&I
charts, software and software module specification and
hardware design specification, etc.)
FAT Factory Acceptance Test
SAT Site Acceptance Test
IQ Installation Qualification
OQ Operational Qualification
PQ Performance Qualification
VR Validation Report
QR Qualification Report
1
To improve readability and recognition of familiar terminology, not all terms and
abbreviations/acronyms were translated in the German version.
2
The meaning of the terms used in GAMP ® 4 "User Requirements Specification" and
"Functional Specification" do not correspond to the German terms "Lastenheft" or
"Pflichtenheft" as used, for example, in VDI 3694 and VDI 2519.

A5E00362933-03 1-3
Validation Plan
The Validation Plan is used to specify the methods used for validation or
qualification and measures for validating, for example, an automation system. A
Validation Plan should specify all validation activities and name those responsible
for their implementation. Further topics that should be covered by a Validation Plan
include:
• Documentation of the results of the validation activities
• All standard operation procedures (SOP) that relate to the system
• Preservation of the validation status of the system
A system-specific Validation Plan may be preceded by a generic Validation Master
Plan (VMP or MVP).
Qualification Plan
In contrast to the Quality and Project Plan, a Qualification Plan (QP) describes all
the qualification measures while the Quality and Project Plan deals mainly with
project and quality management. The Qualification Plan contains detailed
descriptions of the necessary test measures and a description of the
interdependencies of the individual tests. References to other test documents such
as FAT or SAT and a description of the deviation management must also be
integrated in the Qualification Plan.
Quality and Project Plan

In contrast to the Qualification Plan, the Quality and Project Plan (QPP) documents
project and quality management. It documents, for example, procedures for
managing documents or the procedures for change control. It should also contain a
description of the individual test phases during the life cycle of a system. The
responsibilities within the project and the milestones must also be specified.
Specification:
The specification phase begins with the creation of a user requirements
specification. The User Requirements Specification is normally created by the user
and describes the requirements that the system should meet. On completion of the
user requirements specification, the Functional Specification is created, usually by
the supplier. The Functional Specification (FS) describes the implementation and
the functions of the system set out in the user requirements specification. This is
followed by the detailed planning and implementation in the Design Specification
(DS).

1-4 A5E00362933-03
The functional and Design Specification also form the test basis for later
qualification. The following aspects should also be specified in the functional and
Design Specification phase:
• Software structure
• Programming standards
• Name convention
• File naming convention
Implementation
The functions described in the Design Specification are implemented in the
implementation phase. The requirements of the pharmaceutical industry, in
particular, must be taken into account at this stage.
Based on the naming and file naming conventions decided in the specification
phase, the software, software blocks and variables must be named and
documented so that the program code can be structured clearly. Blocks or software
modules must be labeled uniquely with author, date created, version, and
comment. Versioning of these blocks is important to allow easier tracking of
subsequent changes. Software source code must be explained in comments.
"Dead code", in other words parts of the user program that are no longer called due
to changes in the programming must be removed or commented out.
User program code must be commented accordingly.
To be able to restore the last project engineering status if data is lost, regular
backups must be made:
• Backup of the user program
• Following changes to the settings of PC components - full backup of the
component involved
Project Change Control

Changes (deviations from the specification) during editing of the project must be
documented. Depending on the changes made, it may be necessary to agree the
changes with the system user. If errors occur or if changes are required, change
requests should be used as documentation.
During the project engineering phase, numerous small changes become
necessary. The changes should also be subject to a structured change control
process. Due to their numbers and the often minor effects, suitable handling must
also be devised for such changes. Here, for example, the grouping of several
changes or simplified documentation and procedure (for example in the form of
lists) would be conceivable.

A5E00362933-03 1-5
FAT
On completion of the implementation, a Factory Acceptance Test (FAT) is often
performed at the supplier's site. The purpose of this is to find and eliminate any
errors in the programming prior to delivery.
The aim of the FAT is the acceptance by the customer to allow the system to be
delivered in the tested status. The customer should follow the FAT and confirm that
it was completed correctly in a concluding report.
SAT
The Site Acceptance Test (SAT) shows that an automated system works within its
operating environment with interfaces to the instrumentation and plant sections
according to the specification. The SAT can contain additional tests during the
course of the FAT that are possible for the first time with connected field
instruments and plant sections as well as interfaces to neighboring systems. The
SAT can be combined with commissioning.
Qualification
The FAT is followed by the technical commissioning3 (commissioning phase). In
this phase, the system along with the user program that has been created is
installed at the system user's site, the technology is commissioned, tested and
qualified.
The commissioning phase and qualification phases can run sequentially or
simultaneously. It is advisable to synchronize the activities of commissioning and
qualification to save both time and costs.
The Qualification Plan should therefore be created in good time so that it is
possible to check whether or not tests already made during FAT or SAT need to be
repeated during qualification. In this case, the documented FAT / SAT tests must
be referenced in the qualification documents.
When creating the test documentation, tests and acceptance criteria must be
described so that they are easy to understand. Test documentation, for example
for FAT, SAT or qualification phases must be created according to the defined
methodology so that the system user will accept it as material that can be
referenced for qualification. Referencing previously performed tests during
qualification saves tests being repeated and reduces qualification costs. One
requirement for referencing test documentation is, however, that the test
documentation is approved according to schedule.
3
The technical commissioning must not be confused with the pharamceutical
commissioning. The aim is to put the technical system into operation for the first time,
for example to be able to run functional tests on the operational target system during
the OQ.

1-6 A5E00362933-03
To be able to reference test documentation, it must be completed in accordance

with GMP principles and handed over to the qualification team.
Correctly labeled software backups and the complete technical documentation
such as the process description, manuals etc. according to the agreed scope of the
delivery, must be handed over to the system user. Among other things, the
archiving must be verified in the course of qualification.
Qualification Report
Based on the Qualification Plan, the qualification report (QR) sums up the test
results of the tests performed and confirms the successful completion of the
qualification phases.
Validation Report
The Validation Report (VR) sums up the results of the individual validation steps
and confirms the validated status of the system. The creation of both the Validation
Plan and the Validation Report is the responsibility of the customer.
Operation
Following successful qualification and subsequent operation (start of production) of
the system, the plant must be serviced and maintained by the user. The
maintenance and service cycles must be defined and adhered to.

A5E00362933-03 1-7
Change Control during Operation

If changes are made to an existing system, the procedures of the user for change
control during operation must be used. Such changes must be clearly identified,
described before they are made and the planned change approved for
implementation. After making the change and completing the defined
accompanying measures (for example repeating tests), the revision of the software
must be incremented and the as-built documentation must be updated.
This is where good documentation of the software with suitable comments and
logically structured application software prove their value.
After approval of the change requests, change specifications must be created and
the life cycle is run through again. Depending on the extent and effects of the
planned change to the existing documentation and the risk assessment of the
change related to the existing plant, the effort involved during the life cycle and, in
particular, the effort required for testing may vary greatly.
Risk Analysis
Risk analysis is a methodical procedure in which the process, the system or
programs are analyzed in sufficient detail. The risks identified by the analysis for
new installations and changes to plants are examined in terms of their results and
effects on the (pharmaceutical) product are examined.

1-8 A5E00362933-03
1.2 Regulations and Guidelines

When configuring automated systems requiring validation in a GMP environment,
the recommendations and guidelines of various organizations should be adhered
to. These are usually based on general guidelines such as Title 21 Code of Federal
Regulations (21 CFR) of the American Food and Drug Administration (FDA) or the
EU GMP Guideline Annex 11.
Regulation / Issued by / Title Regulation / Where

Guideline Organization Recommendation Applicable
Title 21 Code of FDA Part 11 Electronic Regulation USA and
Federal records, electronic importers into
Regulations signature the USA
(21 CFR) Part 210 Current
good manufacturing
practice in
manufacturing,
processing, packing,
or holding of drugs;
General
Part 211Current
good manufacturing
practice for finished
pharmaceuticals
Annex 11 of the EU European Computer-aided Guideline Europe
GMP Guideline Commission Systems
Directorate
General III
Annex 18 of the EU European Good Manufacturing Guideline Europe
GMP Guideline Commission Practice for Active
Directorate Pharmaceutical
General III Ingredients
GAMP ® 4 ISPE GAMP ® 4 Guide for Guideline Worldwide
Validation of
Automated Systems
NAMUR NAMUR Execution of Process Recommendation Europe
Recommendation Control Projects
NE 58 Subject to Validation
NAMUR NAMUR Operation and Recommendation Europe
Recommendation Maintenance of
NE 71 Validated Systems
NAMUR NAMUR Validation Support Recommendation Europe
Recommendation by Use of Control
NE 72 Systems
Note
This manual is based on the requirements of GAMP ® 4 and FDA 21 CFR Part
11.

A5E00362933-03 1-9
Code of Federal Regulations Title 21 (21 CFR), Food and Drugs

The Code of Federal Regulations, Title 21 includes parts such as Parts 210 and
211. Part 11 (known as 21 CFR Part 11 is of particular importance for computer
validation). This part deals with electronic records and electronic signatures.
Annex 11 of the EU GMP Guideline

Annex 11 of the EU GMP guideline is divided into 19 points and covers topics
ranging from requirements for configuration, operation and change control for
computerized systems in a GMP Environment. An interpretation of Annex 11 can
be found in the GAMP ® 4 Guide in the form of an APV guideline for the validation
of automated systems.
Annex 18 of the EU GMP Guideline

Annex 18 of the EU GMP guideline deals with good manufacturing practice for
active pharmaceutical ingredients. This is intended as a GMP manual for the
manufacture of active pharmaceutical ingredients within the framework of a
suitable quality management system. Chapter 5 of Annex 18 deals with the
process equipment and its use.
GAMP ® Guide for Validation of Automated Systems "GAMP ® 4"

The GAMP ® (Good Automated Manufacturing Practice) Guide for Validation of
Automated Systems was compiled as a recommendation for suppliers and as a
manual for users of automated systems in the manufacturing pharmaceutical
industry. The current version "GAMP ® 4" was published in December 2001.
NAMUR Recommendations
NAMUR Recommendations are reports of the experience of the "Process Control
Systems Special Interest Group of the chemical and pharmaceutical industry" for
optional use by their members. They do not have the status of standards or
directives. The following NAMUR recommendations are of particular interest with
regard to configuration and the use of automated systems in a GMP Environment:
• NE58 "Execution of Process Control Projects Subject to Validation"
• NE71 "Operation and Maintenance of Validated Systems"
• NE72 "Validation Support by Use of Control Systems"

1-10 A5E00362933-03
1.3 Responsibilities
When configuring automated systems in a GMP environment and creating the
appropriate specifications, the responsibilities during the life cycle are defined as
follows.
Documentation Location Responsibility

User requirements User User creates and approves
specification
Functional Specification Supplier Supplier creates / user approves
Hardware Design
Specification Supplier Supplier creates / user approves
Software Design Supplier

Supplier creates / user approves
Specification
System implementation Supplier Supplier creates / ideally checked
by user
Factory Acceptance Test Supplier Supplier performs / user approves
FAT
Site Acceptance Test User User performs / supported by
SAT supplier
Installation Qualification User User responsible / supplier and/or
IQ user performes
Operational Qualification User User responsible / supplier and/or
OQ user performes
Performance User User performs / supported by
Qualification PQ supplier
Change control during User User performs / possibly supported
operation by supplier
Shutdown User User performs / possibly supported
by supplier

A5E00362933-03 1-11
1.4 Approval Process

When changes are made to existing systems or when new systems are installed,
certain approvals must be obtained during the various phases of system
configuration.
Several pertinent documents are listed below and the significance of their approval
explained.
Quality and Project Plan

In contrast to the Qualification Plan, the Quality and Project Plan (QPP) documents
project and quality management. It documents, for example, procedures for
managing documents or the procedures for change control. It should also contain a
description of the individual test phases during the life cycle of a system. The
responsibilities within the project must be defined.
Change control
Changes to an existing system (hardware / firmware, user software etc.) are
proposed by the system user in a change request. This is approved and released
by the user. This forms the basis of such a project.
User Requirements Specification

The User Requirements Specification describes the new requirements that the
system is intended to meet based on the request described above. The User
Requirements Specification is generally created by the system user but can also
be created by the system supplier or a third party. The User Requirements
Specification must always be checked and approved by the system user and the
quality assurance department.
The User Requirements Specification should be adapted to the current situation
during the planning phase and, if necessary, approved and released as a new
version.

1-12 A5E00362933-03
Functional Specification
The Functional Specification is normally created by the system supplier. Based on
the User Requirements Specification or the change request, it describes the
functions of the system in detail. The Functional Specification is created in
consultation with the system user and must be approved and released by the user.
The approved Functional Specification is used as the basis for creating the detailed
specifications and for subsequent configuration.
Design Specification
The Design Specification (DS) like the Functional Specification is normally created
by the system supplier. This is based on the Functional Specification and
supplements this with detailed descriptions, for example, of the hardware and
software used, process variable lists etc. The Design Specification is created with
the co-operation of the system user and must be approved and released by the
system user.
Qualification documents (test documents)

The test documents must provide evidence that the requirements are met and that
all functions were implemented as specified. This is done by creating suitable test
documents that document test planning, test execution and the test results.
The test documents must be created by the system supplier according to the
specifications of the Functional Specification or the detailed specification. The test
documents must be checked and approved by the system user.
If tests performed previously in the FAT or SAT are referenced within the
framework of qualification, this must be included in the Qualification Plan and
approved by the user.

A5E00362933-03 1-13
1.5 Software Categorization of Control Systems

As described in Section 2.1 "Software " and Section 4.2 "Software Categorization
of SIMATIC PCS 7", the software of a system can be divided into five software
categories according to the GAMP ® Guide for Validation of Automated Systems.
The software categories have a major influence on the effort involved during the
test and qualification phase and should be defined during the specification phase
for the software to be used.

1-14 A5E00362933-03
2 Requirements for Automated Systems in a
GMP Environment
In the context of GMP, automated systems must meet certain requirements.

Section 2 "Requirements for Automated Systems in a GMP Environment" lists the
main requirements that an automated system must meet in a GMP environment.
These requirements must be stipulated in the specification and implemented during
configuration. In general, it must always be ensured that proof of all changes (who
did what, when, to change what) is recorded at all times ("why" is optional). The
requirements involved in this task are implemented by various functions and are
described in the following sections.
The graphic below shows the life cycle model. The requirements focused on in this
section can be assigned to the specification area. This is illustrated in the following
graphic by the marking in the area on the left.

A5E00362933-03 2-1
Requirements for Automated Systems in a GMP Environment
2.1 Software Categorization

According to the GAMP ® Guide for Validation of Automated Systems, the
software components of a system can be divided into five software categories. The
five GAMP ® software categories are listed below:
Category 1, Operating Systems

Category 1, operating systems, covers established commercially available
operating systems. These are not subject to validation themselves, the name and
version of the operating system must, however, be documented and verified during
Installation Qualification (IQ).
Category 2, Firmware
Category 2 covers the firmware that is configured to match the local conditions.
Once again the name and version of the firmware and its configuration must be
documented and verified during an Installation Qualification (IQ). The functionality
of the software must be verified in an Operational Qualification (OQ).
Category 3, Standard Software Packages

Category 3 covers commercially available, standard software packages and "off-
the-shelf" solutions for certain processes. The configuration of the software
packages should be limited to adaptation to the runtime environment (for example
network and printer connections) and the configuration of the process parameters.
The name and version of the standard software package should be documented
and verified in an Installation Qualification (IQ). Special user requirements, such as
security, alarms, messages, or algorithms must be documented and verified in an
Operational Qualification (OQ).
Category 4, Configurable Software Packages

Category 4 covers configurable software packages that allow special business and
manufacturing processes. This involves configuring predefined software modules.
These software packages should only be considered as belonging to Category 4 if
they are well-known and mature. Normally, a supplier audit is necessary. If this is
not available, the software packages should be handled as Category 5 and the
supplier should use the GAMP ® 4 guide to provide the foundation for establishing
a suitable quality system.
The name, version, and configuration should be documented and verified in an
Installation Qualification (IQ). The functions of the software packages should be
verified in terms of the user requirements in an Operational Qualification (OQ). The
Validation Plan should take into account the lifecycle model and an assessment of
suppliers and software packages.

2-2 A5E00362933-03
Category 5 User-specific (tailored) Software

Category 5 covers user-specific software developed specifically to meet the needs
of the user company.
A supplier audit is normally required to confirm the quality systems to control
development and subsequent maintenance. Otherwise, the supplier should use the
GAMP ® 4 guide as the basis for a suitable quality system.
The name, version, and configuration should once again be documented and
verified in an Installation Qualification (IQ). A detailed software specification must
be created and the function of the software verified in an Operational Qualification
(OQ). The Validation Plan should specify a full life-cycle approach to validation.
The test effort when using software belonging to Category 5 is far higher than
when using software of the lower categories.
The effort required for validation and testing can be reduced by using standardized
software packages. The following graphic illustrates the effort required for
validation related to the software category being used.
Software
1 2 3 4 5 Kategorie

A5E00362933-03 2-3
2.1.1 Software Creation
When creating software, guidelines documented in the Quality and Project Plan
must be adhered to (GEP awareness). Guidelines on software creation can be
found in the GAMP ® 4 Guide for Validation of Automated Systems and in the
relevant standards and recommendations.
2.1.1.1 Use of Typicals for Programming

As seen in Section Fehler! Verweisquelle konnte nicht gefunden werden.
"Software CreationFehler! Verweisquelle konnte nicht gefunden werden.", the
validation effort increases considerably from GAMP ® software category to
category. While the validation effort for software of category 1 simply involves
checking software names and versions, the effort for validation of software in
category 5 involves verification of the entire range of functions and a supplier audit.
To keep the validation effort to a minimum, whenever possible only predefined
standard function blocks should be used during configuration. User-tailored typicals
are created from standard function blocks and tested according to Design
Specifications.
2.1.1.2 Identification of Software Modules / Typicals

During software creation, individual software modules should be given a unique
name, version number, and a brief description of the corresponding block.
Changes to software modules should be reflected in the identification.
2.1.1.3 Changing Software Modules / Typicals

Changes to software modules should be indicated in the identification of the
relevant module. Apart from the incremented version ID, the date and name of the
person making the change should also be included in the software module
identification. The program sections to be modified should, where necessary, be
identified with comments referencing the corresponding number of the change
request / order. See also Section 4.20 "Time Synchronization".

2-4 A5E00362933-03
2.2 Hardware Categorization

According to the GAMP ® 4 Guide, the hardware components of the system fall
into two hardware categories. The two hardware categories are listed below:
Category 1, Standard Hardware Components

Category 1, standard hardware components, covers established commercially
available hardware components. This hardware must also be subjected to relevant
quality and test mechanisms.
The hardware is accepted and documented by the IQ test.
Category 2, Custom-built (bespoke) Hardware Components

The functionality must be specified in documentation and tested and documented
in suitable documented tests.
2.3 Configuration Management

According to the GAMP ® Guide, configuration management is defined as the
activity necessary to define an automated system precisely at every point in its life
cycle from the first steps in development to its retirement.
Configuration management consists of the application of administrative and
technical procedures through the life cycle of a system to:
• identify, define, and baseline system components and to specify them in
general
• control modifications and releases of items
• record and report the status of the items and modifications to them
• ensure the completeness, consistency, and correctness of the items
• control storage, handling, and delivery of items.
Configuration management consists of the following activities:
• Configuration identification (WHAT is to be kept under control)
• Configuration control (how the control will be implemented)
• Configuration status accounting (how the control will be documented)
• Configuration evaluation (how the control will be verified).
This chapter covers the activities of configuration identification and configuration
control.

A5E00362933-03 2-5
2.3.1 Configuration Identification
Version and change management is only practicable with a suitable configuration

environment. Every software and hardware package must therefore be identified
by a unique product identifier (MLFB number) and a version number. For the user
software, the parts of an automated system that are subject to configuration
management must be clearly identified. The system should therefore be broken
down into configuration items. These should be identified at an early phase of
development so that a complete list of configuration items is defined and
maintained. The application-specific items should have a unique name or version
ID. The depth of detail when specifying the elements is decided by the needs of the
system, and the organization developing that system.
2.3.2 Configuration Control
The upkeep of the configuration items should be checked at regular intervals, for
example in reviews. Here, particular attention must be paid to the change control
and the related version control. Archiving and release of individual configuration
items should also be taken into account.
2.3.2.1 Version Control

To ensure correct change management, the configuration elements must be
versioned. The version must be updated with every change.
2.3.2.2 Change Control

During configuration, there must be suitable control mechanisms to achieve
transparency by documenting the current status. The control mechanisms are
described by SOPs and should include the following points.
• Software versioning
• Information such as programming guidelines, naming conventions etc.
• Guaranteeing the traceability of program changes
• Unequivocal identification of software and all the components it contains

2-6 A5E00362933-03
2.4 Access Protection and User Management

To guarantee the security of automated systems in the context of GMP, these
systems should be provided with an access control system. In addition to physical
access control (locked rooms etc.), access control systems also provide the option
of protecting systems from unauthorized access. Users should be put together in
user groups with which the user permissions are managed. The access rights of
individual users can be established in different ways:
• Combination of unique user ID and password. Configuration is described in
Section 4.17 "Setting up Access Protection".
• Chip cards in conjunction with a password
• Biometric systems
To ensure security, the assignment and management of the access permissions
should be controlled by the system owner or by an administrator named by the
user.
2.4.1 Using Access Protection in a System
Actions that can be performed on an automated system should always be

protected. Depending on the task, the user can be assigned various permissions.
Access to user administration should only be possible for the system owner or an
employee named by the system owner. Access by unauthorized persons to the
recording of electronic data must be prevented.
An automatic logout function should be installed in the system. The logout time
should be defined in consultation with the user and stipulated in the Functional
Specification.
Note
! It is important to make sure that only authorized persons can access PCs. This
can be achieved by suitable mechanisms such as remote kits. Process control
system PCs should be installed in control rooms with restricted access or
integrated in lockable switching cabinets.

A5E00362933-03 2-7
2.4.2 Requirements for the User ID and Password
User ID:
The user ID of a system should have a minimum length agreed with the customer
and should be unique within the system.
Password:
A password should always consist of a combination of numeric and alphanumeric
characters. When setting up passwords, the number of characters and a period
after which a password expires should be stipulated. The structure of the password
is normally selected to suit the specific customer. The configuration is described in
the section Security Settings of Password Policy.
Criteria for the structure of a password are as follows:
• Minimum length of the password
• Use of numeric and alphanumeric characters
• Case sensitivity
2.4.3 Chip Cards and Biometric Systems
Apart from the traditional methods of identification with a user ID and password,
users can also identify themselves with chip cards or with biometric systems, such
as fingerprint scanners.

2-8 A5E00362933-03
2.5 Electronic Signatures

Electronic signatures are computer-generated character strings that count as the
legal equivalent of a handwritten signature.
The regulations for the use of electronic signatures are set out in 21 CFR Part 11
of the FDA.
Each electronic signature must be assigned uniquely to one person and must not
be used by any other person.
It must be possible to confirm to the authorities that an electronic signature
represents the legal equivalent of a handwritten signature.
Electronic signatures can be biometrically based or the system can be set up
without biometric features.
Caution
! When exporting pharmaceuticals into the USA, the regulations according to 21
CFR Part 11 of the FDA must be adhered to.
2.5.1 Conventional Electronic Signatures
If electronic signatures are used that are not based on biometrics, they must be
created so that persons executing signatures must identify themselves using at
least two identifying components. This also applies in all cases in which a chip card
replaces one of the two identification components.
These identifying components, can, for example consist of a user identifier and a
password. The identification components must be assigned uniquely and must only
be used by the actual owner of the signature.
When owners of signatures want to use their electronic signatures, they must
identify themselves by means of at least two identification components. The
exception to this rule is when the owner executes several electronic signatures
during one uninterrupted session. In this case, persons executing signatures need
to identify themselves with both identification components only when applying the
first signature. For the second and subsequent signatures, one unique
identification component (password) is then adequate identification.

A5E00362933-03 2-9
2.5.2 Electronic Signatures Based on Biometrics
An electronic signature based on biometrics must be created in such a way that it

can only be used by one person. If the person making the signature does so using
biometric methods, one identification component is adequate.
Possible biometric recognition systems include systems for scanning a fingerprint
or the iris of the eye.
Note
The use of biometric systems is currently considered a secure identification
method. Nevertheless, there are reservations about the use of biometric
identification characteristics in the pharmaceutical industry (for example poor face
recognition due to protective clothing covering the face, no fingerprint scans with
gloves, the expense involved and the reaction times of retina scans).
2.5.3 Security Measures for User IDs/Passwords
To guarantee the security of electronic signatures when using a user ID and

password, the following points are important:
• Uniqueness of the user ID and password
• Supervised issue of user IDs
• Cancellation of rights if a user ID or password is no longer secure or
compromised
• Security measures to prevent unauthorized use of user IDs / passwords and to
report misuse
• Training of personnel with documented proof of courses

2-10 A5E00362933-03
2.6 Audit Trail

The audit trail is a control mechanism of the system that allows all data entered or
modified to be traced back to the original data. A reliable and secure audit trail is
particularly important in conjunction with the creation, change or deletion of GMP-
relevant electronic records.
In this case, the audit trail must archive and document all the changes or actions
made along with the date and time. Typical contents of an audit trail must be
recorded and describe the procedures "who changed what and when" (old
value/new value).
The archiving period must match the period stipulated in the specification.
There must be adequate hard disk space to allow the entire audit trail to be stored
until the next transfer to an external data medium.
Systems must be used that ensure adequate data security (for example redundant
systems, standby systems, RAID 5).
The audit trail of the SIMATIC PCS 7 process control system documents all actions
and entries made by the plant operator. All actions and entries are documented
and archived by SIMATIC PCS 7 with the date, time, user name, time of the entry,
and detailed information about which data was changed.
2.7 Time Synchronization

Within a system, a uniform time reference must be guaranteed to allow messages,
alarms etc. to be archived with unequivocal time stamps. Time synchronization to a
standard time is desirable, however not absolutely necessary. Time
synchronization when archiving data, analyzing problems, and optimizing a plant is
strongly recommended.

A5E00362933-03 2-11
2.8 Archiving Data

Archiving data involves the data backup of all the cGMP-relevant process data
during the manufacture of a batch. These include process values (often in the form
of trends), messages (alarms, warnings etc.), the audit trail (who undertook which
action and made which entries when) and, if applicable, other batch report data.
The storage space on the data media of a system is finite. To keep space available
on these data media, data such as measured values, message archives, or reports
should be transferred regularly to external data media.
Apart from keeping storage space available within a system, the archiving of
cGMP-relevant data, such as process data, batch reports, or trends is obligatory.
The period for which such data must be retained is generally laid down in
• Legal regulations (for example for the retention of pharmaceutical
documentation)
• Customer requirements
• International regulations
2.9 Data Backup

In contrast to the archiving of electronic data, data backup makes data available in
emergency situations, for example a defective hard disk. The aim of data backup is
to be able to recover a system completely following a system crash.
Data backups are created on external data media. The data media used should
comply with the recommendations of the device manufacturer.
When backing up electronic data, a distinction is made between software backups
(for example application software, hard disk backups) and archive data backups.
Here, particular attention is paid to the storage of data backup media (storage of
the copy and original in different locations, protection from magnetic fields, and
elementary damage).

2-12 A5E00362933-03
2.9.1 Application Software
Software backups should be created following any software change to the system.
They must document the last valid software version of a system. If changes are
made to software components, it is adequate to back up the modified components
of the application software. A complete backup of the software should nevertheless
be made at regular intervals. If software backups need to be created when
changes are made to the software of an existing system or during the installation of
a new system, they should be created after the installation. During the course of a
project, the software version should be backed up and documented in conjunction
with defined milestones, for example at the end of the FAT (in other words before
the system is supplied), on completion of the Installation Qualification (IQ) as a
basis for the tests for Operational Qualification (OQ) and, of course, on handover
of the system to the user.
Software generations should also be recorded during the creation of new software
versions at regular intervals in the form of software backups.
Software backups must be created for both the application software and the
configuration parameters.
Labeling Software Backups

According to the GAMP ® 4 Guide for Validation of Automated Systems, software
backups should be documented both on the label of the backup medium itself and
in a separate report containing the following information:
• Date of creation
• System designation
• Software designation
• Software or version designation
• Current number of the backup
• Reason for software backup
• Date of first usage
• Date of backup
• Date and signature of the person responsible
• Identity of the operator
Retention of Software Backups

At least the last two software backups should be archived. For reasons of safety,
these should be stored at a different location from the system (according to the
recommendations of the BSI (German authority responsible for security in
informtion technology), for example in a fire compartment separate from the
system).
A suitable backup strategy must be defined depending on the frequency at which
changes are made.
The storage life of the data medium should be defined (for example based on the
manufacturer's information or on publications of the relevant national authorities for
information technology) and before this expires, the backup should be migrated, for
example by copying it to a new data medium.

A5E00362933-03 2-13
2.9.2 Process Data
The data saved in the system, such as trends, measured values or alarms should
be backed up on external data media at periodic intervals. This measure can
minimize data loss if problems occur.
Labeling Data Backups

According to the GAMP ® 4 Guide for Validation of Automated Systems, data
backups should be documented either on the label of the backup itself or in a
separate report containing the following information:
• System designations
• Software / data designation
• Version and/or software/firmware build number, if available
• Date of creation
• Date of first usage
• Current number
• Date of the data backup
• Reason for the data backup
• Identity of the operator
Retention of Data Backups

The same guidelines apply as in the section with the same name in Chapter 2.9.1
"Application Software".
Since process data, in contrast to software, is not normally stored in "overlapping"
versions, suitable measures must be taken to ensure data integrity.
2.10 Retrieving Data Backups

Archived data must be retrievable at all times. Following system updates, care
must be taken that the data transferred to archive prior to the update remains
compatible.

2-14 A5E00362933-03
2.11 Use of Third-Party Components

When using predefined third-party components (hardware and software), a supplier
audit should always be performed and the supplier's quality management system
verified. The compatibility of the hardware components must be confirmed.
Even when using standard hardware and software components of other
manufacturers, compatibility must be confirmed.
Note
For auditing a product supplier, the NAMUR Recommendation 72 contains a
considerable amount of information. Approaches to auditing a service provider or
solution provider can also be found, for example, in the GAMP ® 4 Guide, Annex
M2.

A5E00362933-03 2-15

2-16 A5E00362933-03
3 Specification
This section focuses on the criteria for selecting hardware and software. The
activities involved in selecting products, product variants and system constellations
take place in the specification phase of an automated system. This is illustrated in
the lifecycle model shown below by the marking in the area on the left.
.

A5E00362933-03 3-1
Specification
3.1 Criteria for Selecting Hardware

Using hardware components from the PCS 7 catalog, guarantees the long-term
availability of hardware and spare parts.
Particularly during the design of PC-based systems such as ES, OS single stations
and OS or BATCH servers, attention should be paid to system availability and the
protection of data security/integrity, for example by using RAID systems higher
than class 1.
Note
Only released hardware from the current PCS 7 catalog must be used because
this has been tested by Siemens.
If PCs are distributed in switching cabinets, make sure that suitable hardware
components, such as operator channel extensions are used.
Among the automation systems (AS), a distinction is made between standard,

fault-tolerant and fail-safe systems.
Standard automation systems (AS) consist of one or more S7-4xx CPUs.
Fault-tolerant automation systems (AS) consist of at least two redundant
subsystems synchronized over fiber-optic cable.
Active redundancy means that all the redundant controllers are permanently in
operation and are also involved in the execution of the control task. The loaded
user program is identical on both CPUs and is executed by both CPUs
synchronously.
If the active CPU fails, the automation system automatically fails over to the
redundant CPU (CPU 414-4H, CPU 417-4H). The failover has no effect on the
active process that continues uninterrupted.
The function of fail-safe automation systems (AS) in plants with high safety
requirements is to detect errors/faults in the process as well as internal errors and
to bring the plant to a safe status if an error/fault occurs.
To configure fail-safe programs, the S7 F System engineering tool is required. This
provides the programmer with blocks approved by the TÜV (technical inspection
agency in Germany) that handle fault detection and the reaction if a fault occurs.
Fail-safe automation systems (AS) must be accepted by the TÜV or similar agency
following commissioning. To achieve this, S7 F Systems provides a reference sum
of the fail-safe program section that detects any change in the program. This sum
is recorded during acceptance by the TÜV and allows the detection of changes in
the fail-safe program.

3-2 A5E00362933-03
Specification
3.2 Criteria for Selecting Software

The aim of this chapter is to simplify the selection of standard PCS 7 V6.1
hardware and software that meets the requirements described in Chapter 2
"Requirements for Automated Systems in a GMP Environment".
3.2.1 Basic Software for User Management
Access to the SIMATIC PCS 7 system components and to third-party components

connected via the API is controlled by SIMATIC Logon, a user management
system based on Windows mechanisms. SIMATIC Logon meets the requirements
of 21 CFR Part 11 regarding access control and completes these requirements
with the additional tools described below.
SIMATIC Logon Service

With the SIMATIC Logon Service, the logged-on user can display the SIMATIC
Logon Service dialog. The logoff, user change, and password change functions are
then available. The SIMATIC Logon Service is required on all operator stations.
SIMATIC Logon Admin Tool

The SIMATIC Logon Admin Tool allows assignment of roles from the SIMATIC
PCS 7 applications to the Windows user groups. It is also possible to edit Windows
users and user groups.
SIMATIC Electronic Signature

With SIMATIC Electronic Signature, it is possible to enable operations by suitably
assigned Windows users or user groups. SIMATIC Electronic Signature must be
installed on all computers and is supported by SIMATIC BATCH.
3.2.2 Additional Software - Image & Partition Creator
The optional additional software "SIMATIC PC/PG Image & Partition Creator"
allows creation of data backups of hard disk contents. Fast recovery of the system
is then possible with these system and application software backups. Backed-up
hard disk contents can also be transferred to identically configured devices. This
simplifies replacement of computers or expansion of systems.
Apart from creating hard disk images, the Image & Partition Creator can also be
used to create, modify, and delete hard disk partitions.
3.2.3 Basic Software for the Engineering System
The SIMATIC PCS 7 engineering software includes the basic functions for
engineering with PCS 7. Some of the most important functionalities are described
below.

A5E00362933-03 3-3
Specification
3.2.3.1 Process Control Libraries

The process control libraries contain predefined and tested objects (blocks,
faceplates, and symbols). When using these libraries, project engineering is
generally restricted to the configuration of the corresponding objects. One major
advantage of using preassembled objects in the project engineering of automated
systems in the pharmaceutical industry is the lower-level software categorization
(see Section 4.2 "Software Categorization of SIMATIC PCS 7") of the blocks
according to the GAMP ® 4 Guide for Validation of Automated Systems. Rating
software as belonging to higher software categories means greater validation
effort.
3.2.3.2 Multiproject Engineering

Multiproject engineering allows a project to be divided into several projects so that
it can be worked on by more than one person. The multiproject is created in the
SIMATIC Manager. New projects can be added to the multiproject and other
projects removed from it.
3.2.4 Additional Software - Engineering System
3.2.4.1 Version Cross Checker

The Version Cross Checker (VXC) is an additional, standard software component.
The Version Cross Checker is used to compare versions of two AS programs with
each other. Differences in parameters, interconnections, and blocks are reported
and displayed.
Case 1: The Version Cross Checker can, for example, be used to verify the correct
implementation of a change within the framework of the change control procedure.
Comparing the software version with the current program version on the CPU of
the automation system prior to the change indicates changes in the system that
must match the change specification.
Case 2: A further application of the Version Cross Checker is to verify that the
archived software version matches the current program version on the CPU of the
automation system. A comparison of the current software backup and the
automation system must not reveal any discrepancies between the software
backup and the CPU of the automation system unless there is a change request.
3.2.4.2 Import/Export Assistant

The Import/Export Assistant (see Section 4.10 "Import/Export Assistant (IEA)") is a
tool for configuring systems that include plant sections that exist several times
within the plant. Process variable lists or CAD charts already created in the
planning phase are imported into the engineering system during configuration.
These are evaluated and used for the largely automatic creation of CFC charts for
process variables.
Apart from importing process variable lists or CAD charts, complete models
consisting of CFC and SFC charts can be imported. During import, replicas of the
models are generated and then supplied with specific data.

3-4 A5E00362933-03
Specification
3.2.4.3 Controller Tuning with the PCS 7 PID Tuner

The PCS 7 PID Tuner optimization tool is an additional software component. The
function integrated in the CFC editor is used to optimize controlled systems with
the CTRL_PID and CTRL_S software controllers. Based on the acquired controller
parameters, the response of the controllers can be tested by setting step changes.
Control parameters can be saved and called up again when necessary.
3.2.4.4 Simulation with S7-PLCSIM

The S7-PLCSIM simulation tool is a software component that must be installed
extra. User programs can be tested on a PG/PC using S7-PLCSIM. A SIMATIC
S7-CPU on a PG/PC is simulated with the aid of the software package. The
configured application software can then be tested without the use of AS hardware
(CPU and / or signal modules). You can test configured S7 user programs without
needing to download to an automation system. S7-PLCSIM is simply a simulation
tool for the S7 user programs. Hardware components such as communication
processors cannot be simulated.

A5E00362933-03 3-5
Specification
3.2.5 Basic Software - Operator Station
Systems for control and monitoring of automation systems (AS) are implemented
either as single or multiple workstation systems.
From a single workstation system, the entire operation and monitoring of an
automation system can be performed on one PC.
A multiple workstation system (client / server architecture) is made up of operator
stations (OS clients) and one or more OS servers that supply the OS clients with
data.
By setting up systems redundantly, availability can be increased compared with
single workstation systems.
Apart from selecting the single workstation system, OS client, or OS server, the
number of variables managed by the operator station also plays a role in the
selection of OS software. To make the selection easier, the OS software is offered
based on the number of process objects (PO). Process objects are objects such as
valves, motors, controllers etc displayed on the operator stations. To visualize
these objects, a number of variables must be managed on the operator stations.
The number of managed variables per process object differs but is taken as an
average of 32 variables for one process object.
License keys for operator stations are available in different sizes and depending on
the size of the project.
Note
The size of the variable archive of the operator stations can be increased later
using suitable power packs.
OS Archiving
OS archiving (short-term archives) uses a high-performance archive system based
on Microsoft SQL server technology. The licensing of the archive system is
scalable. Process values, messages, OS reports and batch data can be stored in
long-term archives (see Section 3.2.9 Additional Software for Long-term Archiving).
3.2.6 Additional Software for an Operator Station
SFC Visualization
An SFC (Sequential Function Chart) is used for sequential control (also known as a
sequencer) of processes. SFCs consist of a sequence of steps separated by the
relevant step enabling conditions (known as transitions). Using SFC Visualization,
the configured SFC charts can be displayed on the operator station and operator
control can be enabled. With SFC Visualization, processes can be displayed more
clearly.
No extra effort is required to configure SFC Visualization.

3-6 A5E00362933-03
Specification
3.2.7 Basic Software - SIMATIC BATCH
The SIMATIC BATCH software is integrated in SIMATIC PCS 7. It can be operated

as a single workstation system or as a client-server configuration and can be used
in plants of different sizes thanks to its modular architecture and scalability. BATCH
servers can also be structured redundantly.
The basic software for all SIMATIC BATCH system configurations is the basic
package with 150 Batch POs (instances of units and equipment modules), one
BatchCC (Batch Control Center) and one recipe system (recipe editor). This meets
all the requirements for implementing a small SIMATIC BATCH project on the
hardware of a single station or a client-server configuration consisting of one
BATCH client and one BATCH server.
Options for SIMATIC BATCH

To extend the client-server configuration with further BATCH clients, a suitable
number of the BatchCC and Recipe System optional packages are necessary.
With the aid of optional packages, single stations, BATCH clients and BATCH
servers can be functionally expanded.
The following table shows an overview of the various optional packages for single
stations, BATCH servers, and BATCH clients:
Single Station BATCH server BATCH Client

ROP Library X X
Hierarchical Recipe X X
Separation Procedures/
X X
Formulas
SIMATIC BATCH API X X
Batch Planning X X
SIMATIC BATCH works with the operator station and communicates with the
automation systems (AS) over the operator station. In small process cells,
SIMATIC BATCH can be installed along with the OS software on a single station.
ROP Library
The management of recipe operations (ROP) can be created using a ROP library.
Library recipe operations can be installed as references (software modules) in
recipe procedures. This guarantees that changes are made centrally and reduces
the effort for engineering and validation. Modified recipe operations are passed on
to all instances. By resolving the references, the recipe operation becomes a fixed
part of the recipe procedure and is therefore independent of further central
changes.

A5E00362933-03 3-7
Specification
Hierarchical Recipe Structure

In complex recipes/plant structures, a hierarchical recipe structure improves clarity
since the recipe consists of recipe unit procedures that are processed and
displayed at the same time. The sequence of the unit recipes is coordinated by
synchronization lines (see SIMATIC BATCH manual).
• Recipe procedure for controlling the process or production of a process cell
• Recipe unit procedure for controlling a process stage in a unit
• Recipe operation/recipe phase for achieving the process engineering
task/function in an equipment module
Separation of Procedures and Formulas

The option of separating the procedure and formula adds a further degree of
flexibility. Several sets of parameters (formulas) can be linked together with a
single recipe procedure to form a master recipe. Procedural modifications can be
made centrally in the recipe procedure representing a considerable saving in terms
of configuration and validation. The structure of the formula is defined by the
formula category defined by the user.
Formula 1 Formula 2 Formula 3

Formula 1 Formula 2 Formula 3
Menge 1000 Kg 500 Kg 900 Kg
Menge 1000 Kg 500 Kg 900 Kg
Temperatur 90 C 80 C 95 C
Temperatur 90 C 80 C 95 C
Zeit 10 min 15 min 12 min
Zeit 10 min 15 min 12 min
Salz Ja Ja Nein
Salz Ja Ja Nein
Pfeffer Nein Nein Ja
Pfeffer Nein Nein Ja
Zucker 100 g 150 g 50 g
Zucker 100 g 150 g 50 g
Grundrezept#1
Grundrezept#1 Grundrezept#2
Grundrezept#2 Grundrezept#3
Grundrezept#3

3-8 A5E00362933-03
Specification
SIMATIC BATCH API

The application programming interface SIMATIC BATCH API is an open interface
for customer-specific expansions. The SIMATIC BATCH API provides the user with
access to data and functions of SIMATIC BATCH and allows the programming of
special industry segment-specific or project-specific applications.

A5E00362933-03 3-9
Specification
3.2.8 Interfaces to Process Data with OS Software Connectivity Pack
PCS 7 allows access to the following process data via OPC:

• Alarms and events (messages)
• Process value archive (trends)
• Process variables (states)
PCS 7 ensures that access to alarms and events and process archives is read-
only.
Connectivity Pack
The Connectivity Pack allows standardized access by computer systems at the
process level to computer systems at the factory and enterprise level with OPC.
Since the PCS 7 operator system is OPC-compliant, operator stations as OPC
servers can serve as the data source for other applications. The Connectivity
Packs provide further interfaces for access to archive data and messages of the
operator system.

3-10 A5E00362933-03
Specification
OPC Direct Access (OPC DA)

OPC is the name of a vendor-independent software interface based on Windows
technology. The OPC standard was defined by the OPC Foundation. Further
information on the OPC Foundation can be found on the Internet at
"http://www.opcfoundation.org/".
Process variables can be read or written using OPC DA (Direct Access). OPC DA
is used, for example, in status queries, parameter exchange, or handshakes.
OPC Historical Data Access server (OPC HDA)

With the OPC HDA server, the PCS 7 server provides other applications with
historical data from the PCS 7 process value archive system (Tag Logging). The
OPC client, for example a reporting tool or higher-level MES system, can request
specific data from the historical process value archives by specifying the start and
end of a time period.
OPC Alarm & Events server (OPC A&E)

With the OPC A&E server, the PCS 7 operator station makes historical data from
the PCS 7 message archive system along with all associated process values
available to other applications (Alarm Logging). The OPC client, for example a
reporting tool or higher-level MES system, can request specific data from the PCS
7 message archive system by specifying the start and end of a time period.
Note
The basics of operation and working with the Connectivity Pack are described in
Section 4.25 "Data Exchange with the Plant Management Level".

A5E00362933-03 3-11
Specification
3.2.9 Additional Software for Long-term Archiving
3.2.9.1 Central Archive Server (CAS)

The central archive server (see also Section 4.24.1 "Long-term Archiving with the
Central Archive Server (CAS)") is used for long-term archiving of process values,
messages, batch data and reports from up to 11 servers. The archives managed
with CAS (process values, messages, BATCH batch data) can be cataloged and
transferred to an external medium. Process data can be accepted at a maximum
rate of 1,000 per second per server, from more than one server the overall rate is a
maximum of 10,000 per second.
3.2.9.2 StoragePlus
StoragePlus (see also Section 4.24.2) is used for long-term archiving of process
values, messages, BATCH batch data and reports from up to four servers. The
archives managed with StoragePlus (process values, messages, BATCH batch
data) can be cataloged and transferred to an external medium. Process data can
be accepted at a maximum rate of 1,000 per second per server, from more than
one server the overall rate is a maximum of 1,600 per second.
3.2.9.3 SIMATIC IT Historian

SIMATIC IT Historian belongs to the MES family. It allows long-term archiving and
evaluation and provides the basis for preparing customer-specific reports, data
analysis, trend analysis, tracking, and tracing etc. (see Section 3.2.10 "Basic
Software of Higher-level Systems" and Section 4.24.3 "Long-term Archiving with
SIMATIC IT Historian").
Integration of SIMATIC IT Historian in PCS 7 or SIMATIC BATCH represents no
problem. Both real-time and long-term data can be managed directly by the PCS 7
OS servers and archives. Real-time data can be acquired with PCS 7 tag browsers
and long-term data over an interface with WinCC tag archives. By using the
process cell information of SIMATIC BATCH, the integration of SIMATIC BATCH is
also possible. SIMATIC IT Historian saves all procedural elements and parameters
for each executed batch and therefore ensures electronic batch recording (EBR).
SIMATIC IT Historian allows reports to be created using the SIMATIC IT Report
Manager. This provides predefined reports that can be used as templates and
adapted to the project-specific requirements.

3-12 A5E00362933-03
Specification
3.2.10 Basic Software of Higher-level Systems
SIMATIC IT
With its numerous components, SIMATIC IT forms an MES (Manufacturing
Execution System) complying with the ISA 95 standard.
SIMATIC IT is used to optimize the interaction of planning, development, and
procurement within the framework of manufacturing and business processes.
The main elements of SIMATIC IT are:
• SIMATIC IT Framework (Plant Modeling)
• SIMATIC IT Components (Specific Functionality)
SIMATIC IT Framework connects the automation level to the operational
management and production control levels, as well as to the company
management and planning levels.
SIMATIC IT Framework is the cross-industry integration and coordination platform

for operating processes, data, and functions. It also includes options for plant and
production modeling in addition to the basic functions for internal sequences, user
administration etc. SIMATIC IT Framework is capable of integrating SIMATIC IT
Components as well as vendor-independent IT products.
Examples of SIMATIC IT Components include:
• Production Suite (basic MES functions such as material management,
production order management etc.),
• SIMATIC IT Historian (plant performance analysis and long-term archiving),
• SIMATIC IT Unilab (LIMS - laboratory information management system),
• SIMATIC IT Interspec (product specification management system).

A5E00362933-03 3-13
Specification
3.3 User Requirements Specification

The user requirements specification (URS) describes the requirements that a
system should meet. Writing the User Requirements Specification is the
responsibility of the user.
The user requirements specification is the basis for the creation of a functional
specfication and should not therefore contain any design solutions. The User
Requirements Specification should include the following points:
• Introduction
- Purpose of the user requirements specification
- Author
- References
• Overview
- Description of the process / system
- Aim of the project
- Regulations to be used
• Requirements
- System functions
- Interfaces
- Detailed process description
Note
For more information on the requirements, refer to GAMP ® 4, Annex D1.

3-14 A5E00362933-03
Specification
3.4 Functional Specification

The Functional Specification describes the implementation and the functions of the
system set out in the user requirements specification. Requirements contained in
the User Requirements Specification that will not be implemented must be listed in
the Functional Specification. The Functional Specification is normally created by
the supplier.
The Functional Specification should include the following points:
• Introduction
- Purpose of the functional specification
- Author
- References
• Overview
- Aims and uses of the system
- System interfaces
- Deviations from the user requirements specification (including differences
in functions)
• Functions
- Information on the performance of the system
- Access protection
- Response to failures
- Startup behavior after failure
- Disaster recovery
- xxxx
• Data
- Definition of data / critical parameters
- Data access protection
- Data archiving
• Interfaces
- Interfaces to other systems
- Interfaces to equipment, such as sensors and plant equipment
- User interfaces
• Service
- Availability
- Maintenance
Note
For more information on the requirements, refer to GAMP ® 4, Annex D2.

A5E00362933-03 3-15
Specification
3.5 Design Specification
3.5.1 Specification of Automation Hardware
The Design Specification of the hardware used serves as the basis for successful
automation in a GMP environment. The hardware design specification (HDS)
describes the architecture and configuration of the hardware. It defines the
equipment used ranging from the number of input and output cards to the OS
server and OS client to be used. Functions, serial numbers, order numbers,
destination location etc. are documented and can therefore be used as a test basis
for IQ and OQ.
Since the hardware is normally used in conjunction with other components,
hardware overview plans of the plant to be installed are an advantage. The HDS
can be formulated in the function specification or in a separate document.
The HDS should contain the following points:
• Introduction
- Purpose of the HDS
- Author
- References
• Overview
- Overview / configuration of the hardware system
• Specification
- Specification of the hardware used
- Specification of the inputs and outputs
- Specification of the operating environment
- Specification of the supply systems
- Specification of the grounding concept
- Specification of lightning protection measures
The description of the hardware required for automation serves as the basic
information. The implementation can be made in HW Config (the hardware
configuration of SIMATIC PCS 7). In HW Config, amounts, order numbers, address
areas, physical connections etc. must be configured exactly. The hardware used
must match the switching cabinet documentation.
Note
! The information in the hardware overview plan and the naming of hardware
components must be unequivocal. The name of each hardware component must
only exist once in the automation system.

3-16 A5E00362933-03
Specification
Specification of Field Devices

The description of field devices must include at least the following:
• Manufacturer
• Order number
• Function of the field device
• Destination location
• Tag name
• Type of connection electrical / bus type
• Physical connector type
• Address number
• Unit of measure
• Measuring range
Specification of the Network Structure

The description of the network structure is used as a basis, it is implemented in
SIMATIC NetPro. There, the network structures are mapped. The minimum
information that must be available is the station name, communications module,
frame etc.
Specification of the PC Hardware Used

A description of the hardware and software of each PC used in the process control
system must be created. The description of this PC hardware can, for example,
take the form of a PC pass. All hardware and software components along with the
necessary licenses are listed here. Configuration settings such as the TCP/IP
address, maximum monitor resolution etc. may also be listed.

A5E00362933-03 3-17
Specification
3.5.2 Specification of Automation Software
The Design Specification of the software used serves as the basis for successful
automation in a GMP environment. It describes all the software components used
for configuration, for example with their version numbers, order numbers etc. The
description serves as a template for tests (FAT, SAT) for IQ and OQ.
The standard software includes the following:
• Operating system
The following are recommended for new systems (you will find the current
recommendations in the relevant PCS 7 documentation):
- Windows XP Professional
- Windows Server 2003
• The components of the PCS 7 Toolset DVD
• SIMATIC PCS 7 Bundles (standard basic packages, for example, for OS
server, OS client, CAS, engineering system, BATCH server, BATCH client,
SIMATIC IT server etc.)
• Standard libraries (part of the engineering system)
• SIMATIC optional packages (SIMATIC BATCH, SIMATIC PDM, SIMATIC
Logon, SFC Visualization etc.). Separate license keys are necessary to use
some of the optional packages (if they are not included in the bundle)
The software design specification (SDS) or software module design specification
(SMDS) should cover the following aspects:
• Introduction
- Purpose of the software design specification
- Author
- References
• Overview
- Listing and purpose of the software modules
- Description of the software modules
- Interfaces
• Specification:
- Definition of data / data types
- Detailed description of the software modules
- Description of the subprograms
Note
The engineering software SIMATIC PCS 7 includes import/export functions with
which I/Os, parameters, CFC charts etc. can be adopted simply and without
errors. In the design phase, software tools (for example MS Office, EXCEL) can
be used to describe the plant to be automated.

3-18 A5E00362933-03
Specification
Software Design Specification

The Software Design Specification describes the architecture and configuration of
the software. The Software Design Specification must describe at least the
following:
• Name of the application software
• Plant hierarchy (process cell, unit, equipment module, single control element
etc.)
• Communication with other nodes (third-party controllers, MES systems etc.)
• The relationships between modes (MAN/AUTOMATIC changeovers, interlocks,
start, running, held, aborting, completed etc.)
• Tag names
• Visualization structure (P&I representation)
• Operator input philosophy (access control, group permissions, user rights)
• Archiving concepts (short- and long-term archives)
• Message concepts
• Trends, curves
• Description of the software structure (continuous / discontinuous process)
• Time synchronization
• Reporting
Description of the Software Structure

The process engineering requirements of the plant are the basis for the software
structure. When discussing software structure, a distinction is made between the
following:
• Continuous processes such as the manufacture and distribution of water for
injection in medicine
• Discontinuous processes such as the manufacture of batch products.
Detailed functional sequences must be defined in the software structure. These
include:
• Control module level (valves, pumps, motors, closed-loop controls etc.)
• Equipment phases as the modular sequence of single control elements (SFCs)
• Recipe hierarchy
Note
There are standards governing the description of software structures such as
ANSI/ISA-88.01 (1995) Batch Control, Part1: Models and Terminology.
SIMATIC PCS 7 uses the model of the ANSI/ISA-88.01 standard as the basis for
configuration of batch control. Refer to Configuration, Section ISA-88.01 -
Software Model SIMATIC PCS 7 4.15.3.

A5E00362933-03 3-19
Specification

3-20 A5E00362933-03
4 Guidelines for Implementation in a GMP
Environment with Standard SIMATIC
PCS 7 Software
4.1 Introduction
Chapter 4 "Guidelines for Implementation in a GMP Environment with Standard
SIMATIC PCS 7 Software explains configuration in a GMP environment based on
examples. The graphic below shows the life cycle model. This focus of this section
is indicated by the marking in the lower area.
4.2 Software Categorization of SIMATIC PCS 7

According to the GAMP ® 4 Guide for Validation of Automated Systems, the
software components of a system can be assigned to five software categories.
Below you will find examples illustrating how this categorization relates to SIMATIC
PCS 7.
Category 1: Permitted operating systems Windows XP Professional, Windows
Server 2003, (Windows 2000 Professional , Windows 2000 Server)

A5E00362933-03 4-1
Guidelines for Implementation in a GMP Environment with Standard SIMATIC PCS 7 Software
Category 2: Firmware, for example in the CPU, modules etc.

Category 3: PCS 7 software / PCS 7 library (the PCS 7 libraries are part of the
PCS 7 software (PCS 7 Toolset DVD))
Category 4: User software on the basis of the standard PCS 7 software/library
Category 5: Freely programmed user software
Kategorie 1
Betriebssystem wie
- WINDOWS 2000
- WINDOWS XP
- WINDOWS 2003
Kategorie 2
Firmware
- in der CPU befindlich Firmware
- in Kommunikationsprozessoren befindliche
Firmware
Kategorie 3
SIMATIC PCS 7 Standardsoftware/
Standardbibliotheken
- SIMATIC Manager, CFC-/SFC-Editor, etc.
- PCS 7 Library, Faceplates, etc.
Kategorie 4
SIMATIC PCS 7 Konfiguration
Erstellung der Applikationssoftware auf
Basis der Standardbibliotheken mit
PCS 7 Editoren
Kategorie 5
SIMATIC PCS 7 freie Programmierung

- Projektspezifische Bausteine, Funktionen,
Applikationen, etc.

4-2 A5E00362933-03
4.3 Software Installation

PCS 7 PC stations can be single station systems or part of client-server
configurations. When a SIMATIC PCS 7 bundle is supplied, the customer receives
a PC with fully installed software for a PCS 7 PC station suitable for the particular
application (operating system, SIMATIC PCS 7 software, service packages). All the
components of a bundle have been tested. If a SIMATIC PCS 7 PC comprising
components that have not been released is used (they are not included in the
current SIMATIC PCS 7 catalog), the user bears the responsibility and will not
receive free support if compatibility problems are encountered.
4.3.1 Operating System
All the information relating to operating system installation can be found in the
current function manual "PCS 7 – PC Configuration and Authorization". The
readme file on the SIMATIC PCS 7 Toolset DVD also contains information on the
hardware and software requirements.
The following table shows an overview of the operating systems to be installed for
SIMATIC PCS 7 PCs.
PCS 7 PC stations Microsoft Installation

Windows XP Professional
Windows Server 2003
Engineering station
(Windows 2000 Server)
(Windows 2000 Professional)
Operator system - single station Windows Server 2003
system (Windows 2000 Server)
(Windows 2000 Professional)
Windows 2000 Professional
Operator system - terminal (client)
Windows Server 2003
Operator system - server
Windows Server 2003
SIMATIC BATCH - server
Central archive server, Web server Windows Server 2003

A5E00362933-03 4-3
Note
!
The mixed use of operating systems within a plant is permitted only as of version
SIMATIC PCS 7 V6.1 SP1.
The mixed use of operating systems within a redundant server pair is not
permitted.
Note
You will find additional information relating to hardware and software requirements
of SIMATIC PCS 7 on the PCS 7 Tool Set DVD in the "pcs7-readme.wri" file.
Note
! When using domain servers, remember that following the installation of the
operating system, the domain clients are set up according to the specified
requirements (URS, FS, DS).

4-4 A5E00362933-03
4.3.2 SIMATIC PCS 7 Software
To install SIMATIC PCS 7, follow the on-screen setup instructions.
SIMATIC PCS 7 Engineering System

To install the engineering system, select the PCS 7 Engineering check box in
system setup in the “PCS 7 Setup: Packages“ dialog box. The screenshot below
shows the setting to be made to install "PCS 7 Engineering".
The installation program is started within the SIMATIC PCS 7 system setup. The
user has the option of making a package installation or a customized installation.

A5E00362933-03 4-5
PCS 7 Single Station, Process Device Manager, BATCH Engineering and BATCH
Single Station
Installing the following components is analogous to the installation of a SIMATIC
PCS 7 engineering system:
• PCS 7 Single Station (OS, BATCH, Route Control)
• Process Device Manager,
• Engineering (BATCH, Route Control)
The system components you want to install must be selected in the "Setup" dialog
box, in the section "Program Packages".

4-6 A5E00362933-03
SIMATIC PCS 7 Operator System Server

The system setup of SIMATIC PCS 7 must be started for the installation.
OS Server
To install an OS server (applies also when using a redundant server pair), select
the "OS Server" check box in the "PCS 7 Setup: Packages" dialog box. The
screenshot below shows the setting to be made to install the OS server software.
OS-Single Station, OS Client, BATCH Single Station, BATCH Client and

BATCH Server
The procedure for installing an OS single station, OS client, BATCH single station,
BATCH client, and BATCH server is analogous the procedure described above.
Note
Optional packages such as Simatic Logon Service, Electronic Signature etc. must
be installed in a user-defined installation.

A5E00362933-03 4-7
4.4 Installation of Utilities and Drivers
4.4.1 Printer Drivers
It is advisable to use the printer drivers integrated in the operating system and
therefore released for use. If external drivers are used, there can be no guarantee
that the system will operate trouble-free.
4.4.2 Virus Scanners
The use of virus scanners in process mode (runtime) is permitted. For more
information on configuration and selecting virus scanners, refer to the PCS 7
readme files.

4-8 A5E00362933-03
4.5 Multiproject
4.5.1 Engineering
When creating the project, care must be taken that the project name of the
application software matches the project name specified in the Software Design
Specification (see also GAMP ® 4). The "New Project" SIMATIC PCS 7 Wizard
supports you when you create projects.

A5E00362933-03 4-9
In many projects, functions are used such as valve, motor, analog value, and
sequencer functions that will be required several or even many times within the
project.
According to GAMP ® 4, these functions should be pretested in a software module
test and the results documented. Following this, instances of such functions can be
created.
To allow software module instances to be created, SIMATIC PCS 7 offers the
option of duplicating process tag types and models according to a defined software
procedure. Instances can, however, only be created in conjunction with a
multiproject with a master data library. This means that it is absolutely necessary to
work in the multiproject mode.
Master Data Libraries

Generating a master data library is important because this provides a defined
version of software modules and models that can be copied by everyone involved
in the project.
For more detailed information, refer to Section 2.3 Configuration Management.
A multiproject is a structure encompassing the individual segments of an
automation solution. In a multiproject, it is possible to work over a common network
or to check out individual segments and work locally.

4-10 A5E00362933-03
4.5.2 Views
When configuring with SIMATIC PCS 7, the configuration engineer has three views
available.
• Component view
• Plant view
• Process object view
Component View
The hardware of the control system made up of the following individual
components is configured in the component view:
• OS server
• ES
• I/O modules
• CPU
• Bus systems
The following screenshot illustrates the structure of the component view.

A5E00362933-03 4-11
Plant View
Here, the plant is configured hierarchically according to process engineering
aspects, for example in the hierarchy:
• Plant (process cell)
• Unit
• Function (phase)
The plant view is used to store flow charts and to structure individual functions and
CFC and SFC charts. The assignment of Batch objects is also made in this view.
The following screenshot illustrates the structure of the plant view.

4-12 A5E00362933-03
Process Object View

The process object view is used for detailed editing of process variables, CFCs
and SFCs. It is the central development environment for the following:
• Parameters
• Signals
• Messages
• Picture objects
• Configuration and release of archive tags
• Reading back in-out and input parameters for example of valves, closed-loop
controllers, analog values etc.
• Configuring MIS/MES-relevant parameters
Filter functions can be used here for the parameter assignment or the assignment
of comments. The following screenshot illustrates the structure of the process
object view.
Overview of the Areas of Application of the Process Object View

A5E00362933-03 4-13
4.6 SIMATIC NET Settings

The SIMATIC NET network addresses and the settings for the AS, OS, distributed
I/O etc. described in the Functional Specification must be used. SIMATIC NET
reflects the gateways used in the project.
The gateways are configured using the "Advanced PC Configuration" tool. With
Windows, all the automation systems (AS) and operator stations can be configured
on a central engineering station and the configuration files can be downloaded.
You will find more detailed information in the SIMATIC NET documentation. The
following screenshot illustrates the basic structure of a project in NetPro.

4-14 A5E00362933-03
4.6.1 Setting up the OS, OS Client, OPC Server, and SIMATIC BATCH
Each SIMATIC PCS 7 OS, each SIMATIC PCS 7 OS client, each OPC server and
each SIMATIC BATCH server is managed and configured as a SIMATIC PC
station in the SIMATIC Manager. After they have been inserted and configured in
the SIMATIC Manager, these PC stations are handled in the same way as
automation systems (AS). In SIMATIC NET, S7 connections must be configured to
guarantee the data exchange between the individual stations.
4.6.2 Automation System (AS)
Each SIMATIC PCS 7 AS is configured and managed in the SIMATIC Manager.

Data is exchanged between the individual AS systems over configured, logical S7
connections. Fault-tolerant connections are also possible. The user programs
communicate with each other over standard function blocks (SEND and
RECEIVE).
4.6.3 Engineering Station (ES)
To allow central OS test operation with the AS data from the engineering station,
an S7 connection or a fault-tolerant S7 connection must be configured between
each automation system (AS) and the ES system.
4.6.4 Industrial Ethernet
Industrial Ethernet is used as the system bus. The Industrial Ethernet network uses
the access method CSMA/CD (Carrier sense multiple access with collision
detection) standardized in IEEE 802.3.
Industrial Ethernet provides a wide range of network components for electrical and
optical data transmission. In SIMATIC PCS 7, a distinction is made between the
plant bus and the terminal bus. To guarantee a high degree of security and
performance, the separate installation of both buses is recommended.
Industrial Ethernet Plant Bus

The automation systems (AS) are connected with the OS servers and the
engineering station over the plant bus. The ISO protocol is usually used as the
transport protocol for route control servers and maintenance servers.
Industrial Ethernet Terminal Bus

The PCS 7 servers with the clients, archive servers and higher-level MES systems
are connected over the terminal bus. The TCP/IP protocol is normally used as the
protocol.

A5E00362933-03 4-15
4.6.5 PROFIBUS
To connect the distributed I/O, a communication network with PROFIBUS should

be used. Access is implemented with the Token Bus and master–slave
mechanisms according to EN 50170–1–2. For more detailed information, refer to
the SIMATIC NET PROFIBUS Networks manual.
Note
All existing configured and programmed automation and operator systems are
stored in a common project in the SIMATIC Manager on the engineering system.
A backup of the engineering project therefore contains the entire user software.
From the perspective of validation, the advantage of this is that verification within
the framework of the IQ/OQ is restricted to a central backup.

4-16 A5E00362933-03
4.7 Configuration Management

SIMATIC PCS 7 distinguishes between the system software SIMATIC PCS 7 and
the application software.
The software version provides information on the current version of the system and
application software. Change control provides information on changes made to the
application software (who changed what, when, where).
The version of the standard software cannot be influenced by the user.
Configuration of the application software would be extremely difficult to trace back
without version or change management. Right from the start of software creation,
professional configuration management should therefore be used.
The configuration management should be described in a SOP. All the persons
involved in the project must be trained to use the SOP so that there is a common
basis for creating software.
Note
The following sections contain an example of software versioning and change
control. The procedure for changes made to a plant/process cell during operation
must always be agreed with the plant user.

A5E00362933-03 4-17
4.7.1 Changes to the System Software
4.7.1.1 Updates, Service Packs, and Hotfixes

A PCS 7 update is an update within a PCS 7 version, for example, incrementing
from version 6.0 to 6.1.
• A service pack is a bug fix that includes several hot fixes.
• A hotfix fixes bugs temporarily. Hotfixes are prepared only in special situations.
The validation effort relating to the changes is specified within the framework of a
risk assessment.
4.7.1.2 Upgrades (Migration)

When a version is incremented, for example, from version 5.x to 6.x, this is
achieved by migration. In this situation, only the software released by Siemens
must be used. When migrating, follow the installation instructions from Siemens
(for example the migration guidelines for PCS 7).
Existing projects implemented with SIMATIC PCS 7 V6.x can be migrated to
version V6.1 without any configuration effort as long as no new functions are used.
Apart from full migration to PCS 7, mixed configurations, for example automation
systems (AS) with version V5.x and operator stations (OS) or engineering stations
(ES) with a higher version are possible. Migrating operator stations (OS) is also
possible online with redundant OS servers. It is not necessary to stop the
automation system.
The validation effort must be specified in a risk assessment in consultation with the
system user. Possible test points are the new functions available in PCS 7 and the
correct installation of the software components required for migration.
Note:
! Further information on migration to PCS 7 can be found in the manual "SIMATIC
Process Control System PCS 7 Software Update V6.0 to V6.1 with Utilization of
the New Functions".

4-18 A5E00362933-03
4.7.1.3 How to Update System Software

When updating PCS 7 system software (and/or system hardware), certain
measures are necessary to retain the validated status of the plant:
• The basis of a change is always the change request of the user
• Description of malfunctions or restrictions
• Description of the new functions
• Information on compatibility with the previous version
• Updating of the technical documentation
• Installation according to manufacturer's instructions
• It is advisable to perform a risk assessment prior to the update to specify the
main test points for the qualification.
• Qualification

A5E00362933-03 4-19
4.7.2 Versioning the User Software
4.7.2.1 Initial Creation of the User Software

During software creation, make sure that the author is entered in the "Author" field
and the configuration management (version, function, date etc.) is entered in the
"Comment" field. This applies to the following components
• Hardware Config
• SIMATIC NET
• CFC and SFC charts
• STL, SCL
Additional text fields for a more precise description of functions should also be
included. The version number must be assigned in the object properties of the
CFC/SFC chart.
Note
The author and comment fields can be written using the IEA File Editor.
The following screenshot shows the dialog box of the "Plant View"; entries have
been made in the Author and Comment fields.

4-20 A5E00362933-03
The following screenshot shows the dialog box of a CFC chart with a text box.
4.7.2.2 Initial Creation of the OS

During software creation, care must be taken that all the graphics, reports, C
scripts, VB scripts created by the user have the entries for author, date, comment,
and version ID in Tag Logging. You must also make sure that all the configuration
settings are described in the configuration management so that a reference is
possible for validation/qualification.
In OS runtime mode, it is possible to make changes to parameters such as valve

monitoring times, controller constants etc. The following table describes step 2 of
the flow chart (see previous page) in detail.
No. Action Remarks

1 Check the current user Activating the test mode checks whether the
program by activating the current backup matches the version of the
test mode automation system.
2 Comparison with Version To use this function, the current parameters
Cross Checker must be uploaded. The online DBs are written
back to the offline ES project. The Version Cross
Checker is then used to compare the current
backups with ES project.
4.7.2.3 Versioning Project Data with "SIMATIC PCS 7 Version Trail"

Will follow in the next version of this document.

A5E00362933-03 4-21
4.7.3 Changing the User Software
When application software is changed, this must be versioned and described. With
the Version Cross Checker (VXC), PCS 7 provides the ability to compare changes
made in CFC and SFC charts in different version of a user program..
Operational Changes
The following flowchart describes an example of the procedure for implementing a
change while the plant is in operation. The stipulations of the user must be taken
into account.
1. Initative und Freigabe der

Änderungsspezifikation durch
Anlagenbetreiber
2. Überprüfung der aktuellen

Software durch Version Cross
Checker und Online-Vergleich
3. Beschreibung der
Softwareänderung (z.B. FS)
4. Durchführung der
Softwareänderung inkl.
Dokumentation auf Basis der
akuellen Version
5. Test der Änderung inkl.

Dokumentation (z.B. FAT)
6. Sicherung der
Anwendersoftware
7. Einspielen der gesicherten

Anwendersoftware im
Automatisierungssystem
8. Test der Änderung inkl.

Dokumentation (z.B. SAT)
9. Überprüfung der gesicherten

Software mit der eingespielten
Software durch Version Cross
Checker und Online-Vergleich

4-22 A5E00362933-03
4.8 Creating Software Modules
4.8.1 General
The use of software modules is common in process control engineering. They are
used in the form of function blocks or complex sequencers that can be copied and
duplicated within the projects. In SIMATIC PCS 7, a distinction is made between
process tag types, models and SFC types, for example:
Process tag type A CFC chart

• Valves
• Pumps
• Motors
Model Several CFC and/or SFC charts
• PID temperature control of a tank
• Level monitoring including safety shutdown to prevent
overflow of a tank
SFC Type SFC instance / representation of a CFC block as
interface to SIMATIC BATCH to operate equipment
phases / equipment operations.
• Heating
• Stirring
• Draining
The mode of operation of the modules must be described in a specification in

which the parameter assignments (MES-relevant, archiving, block comment, unit of
measure etc.) and interconnections are defined. For more detailed information,
refer to Chapter 2.1.1.1 "Use of Typicals for Programming". Before instances of the
blocks are created, they must be put through a module test.
Process Tag Type/Model

With SIMATIC PCS 7, process tag types/models can be created consisting of one
or more CFC and/or SFC charts for subcomponents of the same type. Creating
process tag types or models for similar parts of the plant saves engineering effort.
After testing a process tag type or a model, these can be duplicated quickly as
often as required in the multiproject in the form of replicas (instances). For each
replica, the plant hierarchy, CFC name, messages, I/Os for parameters or signals
as well as the general, parameter, signal, and message properties of the module
can be adapted. It is also possible to assign a picture icon to each instance, which
can then be copied automatically along with its tag interfacing into the flow chart
defined in the SIMATIC Manager by deriving it from the screen hierarchy. This
saves work and ensures that the icon is connected to the correct instance. Models
can contain pictures and reports.

A5E00362933-03 4-23
Note
The color coding of the graphics modules and the representation of the faceplates
(for example for valves, motors, closed-loop controllers, etc.) must be defined in
the specification in consultation with the user. Faceplates that differ from the
standard, should be edited in the Faceplate Designer editor as a copy of the
standard or as a newly created faceplate. These faceplates should be tested as a
process tag type/typical along with the corresponding software module and
approved by the customer before they are instantiated and used in large numbers!
SFC Type
With SIMATIC PCS 7, types of sequential control systems can be created using
the type/instance concept of SIMATIC PCS 7.
In SFC, there is not only the object type "SFC chart" but also "SFC type". The SFC
type allows the definition of sequential control systems including an interface in the
form of a CFC block. The sequence logic of the SFC type is based solely on the
interface I/Os of the SFC type; in other words, in contrast to an SFC chart, an SFC
type cannot access all process signals.
For more detailed information, refer to the manual "SFC for S7 Sequential
Function Chart" .
Alone, the SFC type cannot execute. An SFC type, just like a function block type,
must be placed in a CFC chart before it contains an executable object, in this case
an SFC instance. The SFC type and the SFC instances are compiled when the
program is compiled. To run an SFC instance, both the SFC type and the SFC
instance are downloaded to the automation system. Seven messages requiring
acknowledgment and five messages not requiring acknowledgment can be
configured for an SFC type. The SFC type itself requires the remaining available
messages (one per message type and 10 notify messages for SIMATIC BATCH).
Note
The naming and functionality of the modules is uniform according to the
stipulations in the Functional and the Design Specification.
Note
When using software modules, a document should be created and maintained
that lists the modules and identifies their versions for each AS (configuration
management).

4-24 A5E00362933-03
4.8.2 Example of a Process Tag Type
In the first step, the CFC chart is created as the template for each software
module. After the software module test, this CFC chart is released for instantiation
and can be used within the framework of the configuration.
For a spring-closing valve, the module might appear as follows.
The valve to be controlled has an activation signal for the OPEN function and two
return messages for the statuses opened and closed and monitoring of the module
I/O errors for the statuses of the return messages open/closed. For the example
above, the following blocks from the "PCS 7 Library V61" standard library were
used:
• VALVE (FB73)
• CH_DI (FC277)
• CH_DO (FC278)
The parameter assignment and the interconnection of the inputs and outputs must
be described in detail in a suitable specification (for example, "Software Module
Design Specification") according to the GMP requirements and checked in a test
("Software Module Test" or "Typical Test").

A5E00362933-03 4-25
In the second step, the IEA file editor (IEA = Import/Export Assistant) is used to
enter the parameters and signal processing in a table for each instance according
to the stipulations in the URS, FS or DS.
Note
! The interconnections and parameter settings meet the project-specific
requirements that must be defined in the URS, FS or DS.
In the third step, the instances are included in the project according to the P&I flow
charts taking into account the requirements defined in the URS/FS. The inclusion
of type instances should be assigned for the specific instance using the automatic
generation of block icons, in other words, each instance-specific module (valve,
pump, controller etc.) is assigned a block icon in the flow diagram being
implemented via the IEA file. Block icons can only be generated when the picture
and the charts for the blocks represented in the picture are configured in the same
plant hierarchy folder or in a folder of the same name.

4-26 A5E00362933-03
4.9 Setting up Process Value Archives

The configuration of a process value archive involves the following steps:
• Creating the new process value archive and selecting the tags to be stored in
the short-term archive.
• Configuring the process archive by specifying or selecting the permission
levels for access to the storage location.
In every plant structure, tag-related process values (analog and binary values) are
recorded in a database. This is achieved with the process value archive. The
process value archive is a short-term archive. The size of the short-term archives is
stipulated by the specifications (URS, FS, DS).

A5E00362933-03 4-27
How It Works in Principle

Process values and messages are sent from the sensors to the SIMATIC OS
server and/or to the BATCH server over the I/O modules and the automation
system and stored in the process value and message archive. The process values
and messages received at the OS server can be transferred to the archive server
for long-term archiving. Batch data and reports can also be passed on to the
archive server by the BATCH server. The graphic above is further explained in the
following table.
Order Device Signal form Remarks

1 Sensor 1 through 10 V PT 100
2 Transducer 1 through 10V -> 4 Signal conversion
through 20 mA
3 ET 200M 4 through 20 mA -> digits Signal conversion
4 AS Digits -> -10 °C through Signal conversion
140°C
5 OS server Archiving in SQL server Short-term archive
BATCH server process value archive
Processing in Batch Short-term archive
reports
6 Archive server Long-term archiving Long-term archiving on
suitable medium
Note
If the connection to the archive server is interrupted, the data is buffered in the
short-term archive of the station involved.
The size of the database is decided by the number of process value archives and
the process variables they contain. The size of the process value archive depends
on the measurement with the fastest acquisition cycle. The cycle acquisition should
be uniform within a process value archive
It is therefore advisable to store process tags with the same acquisition cycle in
one process value archive (for example 500 ms, 1 s, 10 s., 1 min). A separate
process value archive is therefore configured for each acquisition cycle.

4-28 A5E00362933-03
Configuration from CFC to the Archive Server:

The configuration of process values begins in the CFC chart. When creating the
software module, you must specify whether archiving is necessary or not (see
graphic).
The archiving cycles are specified in the process object view (see graphic). When
the OS is compiled, PCS 7 automatically stores the process values in the tag
logging archive of the server so that archiving is always guaranteed.

A5E00362933-03 4-29
Stipulations
The stipulations for process value archives are made by the plant owner and
suppliers in the specifications in the EMSR process tag list or Functional
Specification.
The following parameters can be defined in the stipulations.
• Classification into quality-relevant and non quality-relevant measurements
• Scaling 4 through 20mA with a range of values of for example -10°C through
140°C
• The type of acquisition (cyclic, cyclic-continuous, on changes, etc.)
• Cycle time
• Frequency of archiving
• Type of value (instantaneous value, mean value, maximum value etc.)
Note
For further information, refer to the SIMATIC PCS 7 product documentation
manuals "WinCC". The settings must be agreed with the plant user.

4-30 A5E00362933-03
4.10 Import/Export Assistant (IEA)

The Import/Export Assistant is used for two tasks.
The Import/Export Assistant is used to reproduce process tag types or models.
This is achieved by defining project-dependent typicals from standard libraries that
can then be copied as often as required with the instantiation options of the Import-
Export Assistant.
You will find an example in Section 4.8 "Creating Software Modules".
Caution
! The IEA is a separate optional package in SIMATIC PCS 7. The IEA, the plant
hierarchy and the process object view are part of the PCS 7 Toolset DVD and are
installed with the general setup. It does, however, require a separate license.

A5E00362933-03 4-31
4.11 Automatic Generation of Block Icons

By automatically generating block icons, errors can be avoided when creating
software. The following table describes an example of the assignment of a block
icon.
Order Functionality Activity

1 Make the Assign icon to the @@PCS7Typicals.pdl graphic, for
assignment to example by entering a 1 in the block icon field for
the function VALVE FB73, the vertical valve is selected
block (@Valve/1)
2 Derive the icons
from the
structure of the
plant hierarchy
With the Create/Update Block Icons command, the block icons are assigned to the
higher-level hierarchical pictures.

4-32 A5E00362933-03
By entering the block icon, the @@PCS7Typicals.pdl picture is accessed. The

valves in the @@PCS7Typicals.pdl graphic have the names @Valve/1 or
@Valve/2. If the value "1" is assigned, a vertical valve is derived from the
technological hierarchy and assigned to the graphics of the higher-level
hierarchical folders (if the value "2" is assigned, a horizontal valve is obtained).
Central Changeability of Objects

In the type definition, SIMATIC PCS 7 provides the option of central changeability
of objects, in other words, subsequent changes to SFC types, models and process
tag types that are then adopted automatically for all instances and their replicas.
This applies to ES, OS and SIMATIC BATCH data.

A5E00362933-03 4-33
4.12 Activating and Deactivating Simulation Software

SIMATIC PCS 7 allows input and output variables of various blocks to be
simulated. The simulation is important for test purposes, for example within the
framework of FATs, because it allows the configuration engineer to influence digital
and analog inputs and outputs to represent and check complex functions (for
example temperature control).
Activating Simulation
Simulation for test purposes can be activated in the channel input drivers or
channel input driver blocks.
Sample valve
Simulation is activated at the inputs SIM_ON and the input can be simulated at the
input SIM_I.
Deactivating Simulation
Caution
! The activated simulations should be noted according to GEP. A table allows an
overview of the active simulations. On completion of the test phase, make sure
that all simulations are deactivated again.
Ideally all simulation inputs are connected to an OP_D allowing simulation to be
turned on and off.
Recommendation
Where possible, central switches can be configured for specific units to
disable/enable simulation and be interconnected with all input drivers. On
completion of the test, this central switch can be deleted and simulation turned off
centrally.

4-34 A5E00362933-03
4.13 OS Project Editor

The OS Project Editor is used as a basis for creating the operator input philosophy.
The screen layout, screen resolution etc. are specified in the OS Project Editor.
The requirements for the functionalities listed below are described in the Design
Specifications. All important functionalities such as those below are set in the OS
Project Editor:
• Creating the PCS 7 message classes and message types
• Creating the message blocks
• Creating the PCS 7 messages
• Display of PCS 7 messages
• Configuring the startup lists and the start picture
• Copying the dynamic wizards and the actions
• Creating tags for controlling the response in process mode
• Copying screen layouts
• Creating the process mode configuration file
• Layout of the hierarchical structure and the area to be displayed
• Number and appearance of the process windows
• Management of basic data such as pictures, actions and libraries

A5E00362933-03 4-35
When creating an OS project in the SIMATIC PCS 7 ES, the OS Project Editor is
started in the background and initialized with the default settings. Modifications due
to customer requirements are made in the configuration of the Project Editor. The
following screenshot shows the layout of the OS Project Editor.
4.14 Creating Overview Pictures

The overview graphics must be created based on the stipulations in the
specifications (for example URS, FS and P&I). After creating the graphics these
should be presented to the customer for approval in the form of screenshots.
Note
You should only start to create the overview graphics for visualization when the
module test of the project is completed.

4-36 A5E00362933-03
4.15 Integrating SIMATIC BATCH
4.15.1 BATCH Definition of Terms
The following information is recorded in recipes:

• Method or procedure for manufacture
• Relevant process variables
• Setpoints
Commonly used BATCH terminology is described below.
Master Recipe
Set of rules and information required to define how a product is manufactured.
Control Recipe
Copy of the master recipe with extra information specific to a process cell.
Batch
Equipment-dependent amount of a product manufactured in a defined
discontinuous production sequence.
Process
A sequence of chemical, physical, or biological activities for the manufacture
materials or products.
4.15.2 Conformity with the ISA-88.01 Standard
ISA-88 is an international standard. This consists of models and technologies that

separate products from the process of production. The standard allows the reuse
and flexibility of equipment and software. SIMATIC BATCH was developed based
on the ANSI/ISA-88.01 (1995) Batch Control, Part 1: Models and Terminology
standard.
In the "Technical Report" ISA-TR88.0.03-1996, the use of SFC (Sequential
Function Charts, DIN/IEC 1131) as a graphic language for describing recipe
procedures is also recommended. The creation of recipes with the BATCH Recipe
Editor follows the structures and functionalities described in this standard.

A5E00362933-03 4-37
4.15.3 ISA-88.01 - Software Model SIMATIC PCS 7
ISA-88.01 describes various models that can be implemented completely with PCS
7 and SIMATIC BATCH.
Rezept
Anlage Rezept
Prozedur
Anlage Prozedur
Teilrezept
Teilanlage Teilrezept
Prozedur
Teilanlage Prozedur
Technische Rezept
Technische Rezept
Operation
Einrichtung Operation
Einrichtung
Einzelsteuer Rezept
Einzelsteuer Rezept
Funktion
Einheit Funktion
Einheit
The process cell model describes the process cell, unit, equipment module and
control module level that is mapped using the plant hierarchy in the plant view of
the SIMATIC Manager.
The process cell model described above is provided by SIMATIC BATCH so that
the procedural model in the form of recipes can be mapped on it.
Recipe Procedure
A recipe procedure runs on a process cell to control a process and to create a
batch of a product.
Recipe Unit Procedure

A recipe unit procedure runs on a unit to control a recipe stage. A unit can only be
occupied by one batch at any one time.
Recipe Operation
A recipe operation or a recipe phase runs on an equipment module to implement a
process engineering task or function.
Control Module Level

The control module level is not within the scope of the Batch system and is
addressed only over the equipment module. The control module level exists
completely within the automation system.

4-38 A5E00362933-03
4.15.4 Implementation of the ISA-88.01 Concept
The ISA S88.01 software model divides the process into various modules
simplifying the process of validation and qualification. The process model is split up
hierarchically into the following parts.
General Implementation According to ISA-88.01

A5E00362933-03 4-39
Practical Implementation in SIMATIC PCS 7:
Physical Graphics Procedural Implementation in Implemented

model elements PCS 7 as
Control - CFC component: Supplier
module (CM) Use of the PCS 7
library and use of
CFC charts.
Equipment Phase/ Component SFC Supplier
module (EM) Operation (SFC type) and CFC
(SFC instance):
Use of SFC types to
allow instantiation.
(equipment phases,
equipment
operations)
Unit Unit procedure Batch component: User /
Unit recipe supported by
supplier
Process cell Procedure Batch component: User /

Recipe supported by
supplier
SIMATIC BATCH can be integrated in two ways:

• Equipment phase with SFCs and the interface blocks IEPH/IEOP
These ae interface blocks that control the sequence of the process. They must
be inserted in the sequences in the CFC chart before the processing block.
• Equipment phase with SFC types
The SFC type or the instances of SFC types are the preferred interfaces of
PCS 7 / SIMATIC BATCH versions.
Note
! The names and functionality of the modules are uniform according to the
stipulations in the URS, FS or DS.
Further Information
How to create this equipment phase is described in "SIMATIC BATCH Getting
Started".
The "SIMATIC BATCH Getting Started Part 3 and Part 4" documents describe the
interaction between the various levels (control module level and phase).

4-40 A5E00362933-03
4.16 Configuring SIMATIC BATCH

"SIMATIC BATCH Getting Started Part 2" describes the configuration steps in
detail.
Configuration can be divided into tasks as follows:
SIMATIC Manager
• Creating and configuring BATCH systems
• Creating the plant hierarchy
• Compilation of OS data
• Generating BATCH types (SFC type)
• Propagation of BATCH types
• Compilation of instances
• Transfer of data to OS
• Downloading process cell data
Working in the BATCH Control Center (BCC) and Recipe Editor (RP)
• Reading in process cell data from the SIMATIC Manager
• Creating ROP libraries (typicals)
• Creating the master recipes
• Creating the recipe structure
• Releasing master recipes for production
• Creating an order
• Releasing a batch

A5E00362933-03 4-41
4.17 Setting up Access Protection

A major requirement in the pharmaceutical industry is the security of the system
(see 21 CFR Part 11 Section 1.2 "Regulations and Guidelines" and Section 2.4
"Access Protection and User Management"). This includes setting up user groups.
SIMATIC Logon allows process input within the SIMATIC PCS 7 system including
SIMATIC BATCH and the transfer of software modifications from the engineering
system to the automation components to be divided into levels.
SIMATIC Logon is structured on the basis of Windows user management.
SIMATIC OS, SIMATIC BATCH, and the engineering system of SIMATIC PCS 7
use SIMATIC Logon for access protection.
OS SIMATIC BATCH ES andere
SIMATIC Logon
Konfiguration
Windows 2000
Benutzerverwaltung
Administration der
Benutzerverwaltung
Note
! The setting up of access protection must be completed before configuration starts
and must also be integrated in the typical description.
All password levels of the visualization interface (faceplates, input boxes, buttons
etc.) must be set up according to the specifications in the URS and FS.
Note
! The access security of the monitoring mechanisms (password age, password
length, password generation, password disable threshold etc.) must be configured
and set in Windows. The operating system user should also only have power user
or user rights but should not have administrator privileges. This ensures that only
PCS 7 has access to the database. Access by the operating system to the SQL
database is not therefore possible.

4-42 A5E00362933-03
The following order must be adhered to:

• Setting up access protection under Windows (creating user groups and users)
• Setting up SIMATIC Logon
Following this, the individual applications should be configured (any order):
• Setting up access protection in PCS 7 OS
• Setting up access protection under SIMATIC BATCH (SIMATIC Logon Admin
Tool on the BATCH client for role management)

A5E00362933-03 4-43
4.17.1 How Access Protection Works under Windows and in PCS 7

Process Mode
The mechanisms of the Windows user management are used to administer
operating system users and PCS 7 process mode (runtime).
In a productive SIMATIC PCS 7 system, there are generally to users logged on.
One is the operating system user who controls coordination of the SIMATIC PCS 7
runtime software, the other is the SIMATIC PCS 7 runtime user who controls and
monitors the process.
Operating System Users

Operating system users are those who
a) change the application software under SIMATIC PCS 7 (OS server, OS client,
BATCH server, BATCH client etc.) to an active (process mode) status. In this
status, the applications must have at least power user rights under Windows so
that the applications have read and write permissions for drives, folders,
databases etc.
b) can make changes to the engineering system, can shut down the process
control system, have access to all drives, can create, modify and delete
directories and set up new users.
SIMATIC PCS 7 Runtime Users

SIMATIC PCS 7 runtime users are those who
a) operate the process in the productive system (runtime), check processes, write
or change recipes, create batches etc.
b) have only guest rights under Windows in the operating system and must not
have the opportunity of ending the runtime of SIMATIC PCS 7.
Note
When the Windows audit trail is activated (see Section 4.17.2 Permission
Management in Windows), all changes made by an operating system user are
recorded.
SIMATIC PCS 7 runtime users with Windows guest rights cannot start any
SIMATIC PCS 7 applications, delete directories or shut down PCs.

4-44 A5E00362933-03
4.17.2 Permission Management in Windows
Since the user management of SIMATIC Logon is based on the mechanisms of the
Windows operating system, two options are available for permissions management
in Windows:
• in a domain
• in a workgroup
Windows Domain
Within a domain, the AGLP strategy recommended by Microsoft is used (Access
Global Local Permission, basic principle in the management of access to
resources using trusts in Windows), in other words, if users of a domain with the
same tasks are placed in one global group, they are also placed in a local group
and then adopt the necessary permissions. If a domain server is used in the
working environment, the advantages of the group and user management can be
used in conjunction with SIMATIC Logon. The central administration of groups and
users on the domain server allows all computers that belong to the domain access
to the groups and users. To increase availability, domains can be set up with
multiple domain servers.
Windows Workgroup
Within a workgroup, local users with the same tasks should be placed in a local
group and the group should then be given the required permissions and rights.
If a computer is a member of a Windows workgroup, the computer acting as server
of the workgroup must be specified. All user data is created and managed on this
server. From here, it is made available to other computers in the system. When
selecting the server, the PCS 7 OS server can be considered, for performance
reasons however separate computers are often selected that are used only to
manage users.
In the Login list box, the local computer or a domain can be selected. This displays
all groups of this server. Administration of the groups and users of the computers
belonging to the workgroup is not necessary. A redundant configuration is not
possible in this case. Emergency operation is possible using the local user
management.

A5E00362933-03 4-45
SIMATIC PCS 7 supports the Windows permissions model. As soon as SIMATIC

PCS 7 is installed, the following local groups are also set up:
• SIMATIC HMI
• SIMATIC HMI CS
• SIMATIC HMI VIEWER
• SIMATIC BATCH??
SIMATIC PCS 7 manages the security settings and enable permissions
automatically. During configuration, only the local users and global users must be
made members of the SIMATIC user groups.
You will find further information in the manual Simatic Process Control System
PCS 7 - Security Concept PCS 7, Chapter 3 "Managing Computers and Users".
Note
! The Windows domain must be used when several servers or redundant servers
are involved to make sure that if a domain server fails, operator control and
system access of users can be guaranteed.
4.17.3 User Management
Users and groups are configured in the user management of Windows as specified
in the URS or FS. With the PCS 7 PC logon assigned to the particular tasks, the
following is achieved:
a) When logging on in Windows, users are assigned exactly the permissions that
are required to execute the particular task, for example, they must be members
of the power users and SIMATIC HMI group to edit the PCS 7 project.
b) With the login in process mode, users have the right to control the plant
according to their group permissions.

4-46 A5E00362933-03
The following screenshot shows the "Local Users and Groups" dialog box in which
the users and user groups are defined.
To open Computer Management, select the Start menu followed by Settings and
then click on Control Panel. Then select Administrative Tools and double-click
on the Computer Management menu command to open the following window.
To operate correctly, the following settings must be made for SIMATIC Logon:
• To configure SIMATIC Logon, a Windows group with the name
"Logon_Administrator" must be created. All users assigned to this group have
permissions to configure SIMATIC Logon.
• The full name of every user must be entered in "Local Users and Groups" in
the Windows Computer Management. This name is used by the application for
display in SIMATIC PCS 7 after logging on.
Further Information
• Manual SIMATIC Process Control System PCS 7 - Security Concept PCS 7 ;
Chapter 4 "User and Access Management in PCS 7 and Integration in
Windows Management"

A5E00362933-03 4-47
4.17.4 Security Settings of Password Policy
For the monitoring mechanisms of the password policy of Windows, the previously
specified settings (URS, FS or DS) must be made. The following security settings
and password policy settings must be configured in the operating system.
Guideline Description of the security setting

Enforce password Specifies the number of unique new passwords that must
history be assigned to a user account before an old password can
be used again.
Passwords must When activated, the password must be made up of at least
meet the complexity three or four of the following categories:
requirements
1. A-Z uppercase letters
2. a-z lowercase letters
3. 0-9 numeric characters
4. !,$,%, etc. special characters
Maximum password Specifies the minimum number of characters in a
length password.
Maximum password Specifies how long a password may be used unchanged
age (maximum time).
Minimum password Specifies how long a password must be used (minimum
age time).
The following screenshot shows the "Password Policy" dialog box. The settings are
simply examples.
You can open Computer Management with the following menu command: Start >
Settings > Control Panel > Administrative Tools > Security Settings.

4-48 A5E00362933-03
4.17.5 Security Mechanisms for Account Lockout Policies
For the monitoring mechanisms of the account lockout policy of Windows, the
settings as required in the user requirements or Functional Specification must be
made. The following security settings must be configured in the account lockout
policy.

Account lockout threshold Specifies the number of failed logons before the
account becomes locked out.
Account lockout duration Specifies how long an account remains locked out
before the lockout is canceled automatically. If the
value 0 is set, the account remains locked out until
the administrator unlocks it. This is the
recommended setting.
Reset account lockout Specifies how many minutes it takes after failed
counter after logon attempts before the account lockout counter
is reset to zero.
The following screenshot shows the "Account Lockout Policy" dialog box.

A5E00362933-03 4-49
4.17.6 Security Settings for Audit Policy
For the audit policies of Windows, the following settings must be made to create an
audit trail of logon attempts. The audited events are stored in the Event Viewer in
the security report and are available for analysis.

Audit logon events Specifies whether or not the instance of a user logon on
at a computer is audited
Audit account Specifies whether or not the individual events of account
management management are audited (creating or changing a user
account, changing or setting passwords)
Audit account logon Specifies whether or not each instance of a user logging
events on or off at a computer is audited.
Audit policy change Specifies whether or not the occurrence of changes to
the policy for assignment of user rights, audit policy or
policy for trust settings is audited
You can open Computer Management with the following menu command: Start >
Settings > Control Panel > Administrative Tools > Security Settings.
Note
To monitor the Logon activity, the required settings must be made in the audit
policy of the local policies of Windows.
Note
! After installing Windows, default parameters are set for the password policy,
account lockout policy and audit policy. The settings must be checked and
adapted to the requirements of the current project.

4-50 A5E00362933-03
Further Information
For more detailed information on setting up Windows workgroups and Windows
domains, refer to the online help of the Microsoft Windows operating system or the
Windows 2000/XP manual Windows 2000/2003 Server - Technical Reference.

A5E00362933-03 4-51
4.17.7 Configuring SIMATIC Logon
Note
To configure SIMATIC Logon, a Windows group with the name
"Logon_Administrator" must be created. All users assigned to this group have
permissions to use the "Configure SIMATIC Logon" tool for configuration
purposes.
The basic settings for configuring SIMATIC Logon are made with the "Configure
Simatic Logon" tool. When the tool is started, the following dialog opens.
The language is specified in the "General" tab. You can also define whether a
default user should be logged on (by the user or automatically by the system) after
the user logs off. You can also set the number of days after which the user will be
reminded that a change of password will be required.
Note
!
In contrast to all other users, the "default user" does not need to be created as a
Windows user. The "default user" is a member of the "DefaultGroup"
"Emergency_Operator" roles. The rights for these groups are specified in the
relevant PCS 7 OS (server/client) applications.

4-52 A5E00362933-03
In the "Working Environment" tab, the user specifies whether the information
relating to groups and users relates to a Windows domain or a Windows workgroup
server. The name of the domain or workgroup server must be entered.
In the "Logon Device" tab, the user specifies whether the logon is via the keyboard,
chip card or other procedure such as biometric user identification, for example by
fingerprint.
The "Automatic Logoff" tab is used to specify whether or not the automatic logoff
function is used. If this is selected, the delay before a user is automatically logged
off must also be specified.

A5E00362933-03 4-53
If automatic logoff is enabled, the user is logged off automatically if there is no

activity within the specified time. Before the user is logged off, a dialog warns of the
automatic logoff - this prevents inadvertent logging off.
Caution
! Activating a screensaver is not permitted in conjunction with SIMATIC Logon.
Integration in SIMATIC PCS 7 ES

If the SIMATIC Logon optional package is installed on the ES, the option for
tracking changes must be activated. The change log can be activated in the object
properties of the chart folder:
• SIMATIC Manager > Component View > Project > Chart Folder >
Properties
• Select the "Change log active" check box.
Software modifications can be made by the configuration engineer as follows.
• Download
With the Download function, the modification can be downloaded to the AS.
• Logon
After calling the Download function, SIMATIC Logon requests a logon. Only
persons with suitable permissions can use the Download function.
• Comment field
The software programmer is automatically prompted to enter the type of
modification in the comment field.

4-54 A5E00362933-03
Below, you will see an example of the change log showing a change made by the
user administrator.
Note
The change log records the user, the timeand the comment entered by the
configuration engineer.

A5E00362933-03 4-55
Integration in SIMATIC PCS 7 OS

Since SIMATIC Logon is an option, the following project-specific adaptations must
be made. These adaptations are made using the "WinCC Adapter" tool.
Procedure:
• Open the "OS Server" in the SIMATIC Manager
• Open the "User Administrator" and activate SIMATIC Logon
• Open "WinCC Adapter"
• The adaptations are then made automatically (see dialog box)
The following selections can be made:

1. John Example @CurrentUserName (full user name)
2. jexample @CurrentUser (user ID)
3. The first option should ideally be used.
The changes in the project must be confirmed in the "Adapt project" list box.

4-56 A5E00362933-03
The following screenshot shows the "WinCC Adapter" dialog after successful
project adaptation.
Note
To ensure that operator input in the productive system is possible, user groups
must also be configured in the WinCC User Administrator.
In the PCS 7 OS "User Administration" of the relevant PCS 7 OS computer, the

check mark for activating SIMATIC Logon must be set.
Windows groups are assigned to PCS 7 OS groups by creating groups with the
same name. If, for example, a Windows group called "Operator" is required, a
group with the same name "Operator" must be created in the PCS 7 OS User
Administrator and the required permissions assigned.

A5E00362933-03 4-57
The following procedure must be adhered to:

• Open PCS 7 OS project
• Open the User Administrator in the WinCC Control Center
• Create the group(s)
• Assign the permissions per group
Integration in SIMATIC BATCH

The SIMATIC Logon Admin tool is used to assign permissions and roles in the
SIMATIC BATCH application. Role management is fully integrated.

4-58 A5E00362933-03
You assign the individual roles to the operator rights directly in SIMATIC BATCH.
Here, the assignment of rights can be made in groups.

A5E00362933-03 4-59
Electronic Signature
An Electronic Signature optional package is available for SIMATIC BATCH,
however this can also be used with other applications as a basis for developing an
electronic signature function. The following screenshot shows a configuration
dialog for setting up electronic signatures. In the following example, two electronic
signatures are required. These are specified in the SIMATIC BATCH Recipe Editor
in the "Configured roles" box
Recipes, formulas, and recipe operations can also be released using the electronic
signature of the SIMATIC BATCH Recipe Editor.

4-60 A5E00362933-03
In electronic signatures, a distinction is made between plant-wide settings and

object-specific signature rules. The graphic below shows the signature rules for a
batch. The settings are made in the recipe properties.
The electronic signatures made are entered in the change log of SIMATIC BATCH
and are available there for analysis.
For more information, refer to the What's New in SIMATIC BATCH V6.1 manual.
Further Information
Manual Process Control System PCS 7 SIMATIC Logon; Section SIMATIC
Logon Admin Tool

A5E00362933-03 4-61
4.18 Disabling the Windows Level in Process Mode

(Runtime)
Since access to the Windows operating system level should be avoided for security
reasons, additional configuration settings are required. These settings prevent
illegal access out of SIMATIC PCS 7 process mode to sensitive data of the
operating system.
Note
! Access to the operating system level should be reserved solely for administrators
or technical maintenance personnel.
4.18.1 Disabling on the SIMATIC PCS 7 OS
Access to the operating system during process mode can be configured using the
parameter properties of the OS. The necessary settings are shown in the
screenshot below. Make sure that clicking the button for disabling process mode
(system change) is possible only with the appropriate permission. After disabling
and restarting, the operating system can be accessed.

4-62 A5E00362933-03
4.18.2 Lockout by Configuration
Make sure that no OLE objects are configured that, for example, call the Windows
Internet Explorer etc. With Windows OLE objects, unauthorized access to folders,
files and programs may be possible.
4.18.3 Security with Configuration Settings in WINDOWS
You must also make sure that any hot key assignments are deactivated. Normally,
hot keys are used, for example, to influence the properties of the graphics card. By
influencing the graphics card properties, it is possible to go to the operating system
user interface.

A5E00362933-03 4-63
4.19 Audit Trail
4.19.1 PCS 7 OS
Audit trail of operator input

SIMATIC PCS 7 records all operator input and parameter changes in process
mode. The archiving of operator input and messages takes place in the message
system. All entries made by the operator are stored in the operator input message
class and are available for further evaluation.
The following screenshot shows an extract of the operator input list. In row 24, a
parameter change is shown. The operator Siemens_MT changed the setpoint 0 to
1. The previous value was 0. The user ID of the currently logged-in user can be
seen in the overview area.
Note
Select the hard disk capacity so that it is possible to store the entire audit trail until
it is transferred to an external data medium.
Audit Trail of Alarm Acknowledgments

SIMATIC PCS 7 archives the acknowledgment of all alarms, warnings, system
messages, etc. All messages are available for further research in the chronicle of
the process control system.

4-64 A5E00362933-03
4.19.2 SIMATIC BATCH
In SIMATIC BATCH, there is a distinction between the online and offline audit trail.
In the online audit trail, a batch report is created containing the information on
operator input (who, when, what).
In the offline audit trail, the changes to recipe data and batch data (for example
deleted batches) are logged in the change log. Here, the user, the time and the
action are entered. To log changes to recipes, it is necessary to increment the
recipe version automatically. For this reason, the property Allow editing of
recipes in the "Release revoked" status can be selected; see screenshot below.
While changes are being made, the recipe is available to only one person. Saving
a change to a recipe forces a new version of the recipe.

A5E00362933-03 4-65
Deleting recipes is recorded in the log; see screenshot below.

4-66 A5E00362933-03

In SIMATIC PCS 7, the default time transmitted on the bus always corresponds to
the standardized UTC (Universal Time Coordinated). This corresponds to standard
Greenwich meantime.
Time stamps are generated in UTC and stored in the archive of the OS server. In
runtime, all the process data stored in the archive (messages and trends) are
displayed converted to local time from UTC. This allows a system configuration in
PCS 7 to extend beyond time zones.
Activating time synchronization in PCS 7 means that an active time master takes
over the synchronization of all servers, operator stations, automation systems (AS)
and the engineering station. To ensure synchronized time, all the stations
belonging to the PCS 7 system must be synchronized so that messages can be
processed in the correct chronological order throughout the plant (archiving of
trends, messages, redundancy synchronization of servers).
Note
Activating time synchronization is an absolute necessity in plants subject to GMP
and this must be taken into account and implemented even in the basic
configuration (HW Config, OS etc.) to ensure a correct audit trail in process mode
(runtime).
Note
!
Time synchronization must be activated on the engineering stations otherwise
problems may be encountered when downloading changes.

A5E00362933-03 4-67
4.20.1 Concepts for Time Synchronization
The structure of time synchronization must be carefully planned. Each time

synchronization in the project depends on the requirements. The requirement for
time synchronization must be described in the Functional Specification. Time
synchronization can be implemented as described below:
Time Synchronization in a Windows Workgroup

Time synchronization in a workgroup should be implemented over the OS server.
Time synchronization of the OS server can also be implemented using a time
master, for example the DCF77 service or GPS service.
Time Synchronization in a Windows Domain

If the automated system is operated in a Windows domain, the domain must be
used as the time master. Time synchronization of the domain server can also be
implemented using a time master, for example the DCF77 service or GPS service.
If a less accurate time is used, this can result in domain clients being rejected in
the domain. This would make further operator input to the process control system
impossible.
If a time difference of 5 minutes between domain and clients is exceeded, the
operating system assumes that an attacker has decoded the logon and is
attempting to take over the session. This is prevented by the logon of the client
being rejected in the domain.
Note
Time synchronization of the domain clients uses Microsoft system services.
Further Information
How to configure time synchronization is described in the following documents:
• Configuration manual "Process Control System PCS 7 Operator Station" in the
section "Time Synchronization and Lifebeat Monitoring"
• OS online help in Release Notes > Process Control Options > Time
Synchronization
• PCS 7 online help in Configuration – Engineering Station > Performing PCS 7
Configuration > Configuring Hardware > Setting Time Synchronization
Refer to the manual SIMATC PCS 7 Security Concept Chapter 5 "Planning and
Time Synchronization".

4-68 A5E00362933-03
4.20.2 Example of Configuring Time Synchronization over Ethernet

(OS Server as Time Master)
The following example explains the configuration of time synchronization over

Ethernet. The OS server is declared as time master. It is, however, also possible to
supply the OS server with an external time signal. The automation system and the
OS clients then obtain the time from the OS server.
1.Configuration on the AS (HW Config)
The following settings must be made in the properties of the CP 443-1

communications processor.
The "Activate SIMATIC time synchronization" check box must be selected

A5E00362933-03 4-69
The procedure for configuring the CPU as a time slave is as follows:

The type of synchronization (as slave) is set in the properties of the S7-416-3 DP
CPU in the "Diagnostics/Clock" tab.
Note
If other automation systems (AS) are used, the settings must be transferred to all
other hardware systems.
The settings must be saved, compiled and downloaded to the hardware.

4-70 A5E00362933-03
2.Configuring in the OS (PCS 7 OS Explorer)

A5E00362933-03 4-71
In the WinCC Explorer, the time synchronization must be set with the "Time
Synchronization" tool.

4-72 A5E00362933-03
a) Time synchronization over the plant bus (OS server is time master).
By selecting the "Synchronization over Plant Bus (Master, Slave)" check box,
you can define the access point of time synchronization. You then also define
the OS server as time master.
b) Time synchronization of the clients

By activating the "Synchronization via Terminal Bus (Slave)" check box, you
can specify, for example, that the client is synchronized over the terminal bus.
As the source, you can specify whether the time is obtained from a connected
OS server or from a defined computer (in this case, from the computer with the
name "OS").
Note
! When using domain controllers, make sure that the domain controller acts as the
time master.

A5E00362933-03 4-73
In the properties of every operator station, time synchronization must be configured

to be activated before process mode (runtime). To achieve this, the
"CCTMTimeSync.exe" application must be linked into the runtime properties.

4-74 A5E00362933-03
The time basis for the time must also be set to Universal Time Coordinated (UTC)
in the properties of the computer in the "Parameters" tab.
When using communication processors of the type SIMATIC CP 1613, additional

settings must be made in HW Config in the engineering system to ensure time
synchronization.

A5E00362933-03 4-75
The time mode must also be selected in the properties of the CP 1613 in the
"Options" tab. After compiling and downloading the hardware again, time
synchronization is activated.

4-76 A5E00362933-03
4.21 Lifebeat Monitoring
4.21.1 SIMATIC PCS 7
SIMATIC PCS 7 Lifebeat Monitoring allows the monitoring of the functionality of

automation systems (AS) and operator stations. To allow this, all automation
systems (AS) and operator stations must be configured in HW Config and the OPC
connections to the operator stations must be created.
The nodes to be monitored are configured in the WinCC Explorer with the menu
command Editor > Lifebeat Monitoring > Open. Here, you can set up all the
nodes to be monitored along with the monitoring cycle with which lifebeat
monitoring is performed.
Lifebeat Monitoring is activated automatically when the OS starts up.
As an alternative, all the process control equipment can also be managed using
PCS 7 Asset Management. A maintenance station (MS) can be used to provide an
overview of the diagnostic and service information of all equipment. Asset
Management does not involve any additional configuration. The configuration data
is generated from the hardware and software configuration data.

A5E00362933-03 4-77
4.21.2 Third-Party Systems
Lifebeat Monitoring for third-party systems must be configured manually. Its use
depends on the communication partner of the third-party system. If the third-party
system represents an important interface to SIMATIC PCS 7, Lifebeat Monitoring is
absolutely necessary.
The graphic shows an example of a solution for Lifebeat Monitoring with a third-
party system. SIMATIC PCS 7 sets a defined OPC variable bit from logical 0 to 1.
After a defined time X, the third-party system must reset the OPC variable bit from
logical 1 to 0.
This is repeated cyclically. If the third-party system does not bring about a state
change within the specified time, a process control message is generated in the
SIMATIC PCS 7 Process Control System. This indicates to the operator that
communication between SIMATIC PCS 7 and the third-party system is not
functioning.

4-78 A5E00362933-03
4.22 Use of SIMATIC BATCH Reports

Within SIMATIC BATCH, recipes and batch data can be logged and reported. The
following graphic shows an example of the structure of a batch report.
SIMATIC BATCH stores the batch data in XML format allowing straightforward
processing of the data by external systems. This data can be archived or
processed with a different report system for batch reports. The XML files are
protected by checksum.
The batch data is available either as a file in an area "protected" by the Windows
security mechanism on the hard disk or in a database and is accessible only to
authorized persons or systems. For more detailed information, refer to the
Windows manual.
The batch data report can be printed out or displayed with an integrated browser
while the batch is running or after the end of the batch.

A5E00362933-03 4-79
4.23 Backing up the System/User Software

To be able to access software created by the user, backup copies of the software
versions must be made at regular intervals during the configuration phase.
It is also advisable to make a backup of the system partition containing the
operating system, SIMATIC PCS 7 process control system software, etc.
4.23.1 Backing up the User Software
Backing up Application Software in the Engineering System

It is advisable to create a backup of the project data following modifications using
the SIMATIC Manager only. Archiving is started in the SIMATIC Manager with the
menu command file > Archive. By specifying the required project in the tab and
the path in the next dialog the selected project is saved in a ZIP file.
Backing up Recipe Data in SIMATIC BATCH

It is recommended that you make a backup of the configured user data following
changes (libraries, master recipes, materials, user rights, etc.). The backup is
made from within the SIMATC BATCH Control Center. Select the "Backup"
command from the Options menu and the data will be stored in SBB format.
With the "Restore" command that is also available in the Options menu, you can
copy the backup data back again in the BATCH Control Center.
4.23.2 Backing up the Operating System and SIMATIC PCS 7
Hard disk images should be used to backup the operating system and the PCS 7
installation. Using such images, it is relatively simple to restore the original status
of the PC.
Which images are necessary?

• Create an image of the operating system installation with all drivers and all
settings relating to the network, user management, etc. without SIMATIC
PCS 7
• Create an image of the installed PCs with SIMATIC PCS 7
• the Create an image of the installed PCs with SIMATIC PCS 7 including all
projects

4-80 A5E00362933-03
How to Create an Image

You create an image in DOS mode. Make sure that the image is written to a free
partition.
Note
The backups of the application software and the backup of the operating system
with and without SIMATIC PCS 7 should be stored on external storage media (for
example MOD, CD, DVD, network backup).
Note
! An image can only be copied back to a PC with identical hardware. For this
reason, it is advisable to document the hardware configuration of the PCs.
Images of individual partitions cannot be exchanged between PCs since various
settings, for example in the registry, differ from PC to PC.

A5E00362933-03 4-81
4.24 Long-term Archiving
4.24.1 Long-term Archiving with the Central Archive Server (CAS)
The Central Archive Server is a dedicated server PC without a direct connection to

the process. It is used for long-term archiving of message archives, process value
archives and reports within PCS 7.
4.24.1.1 How It Works

Among other things, the central archive server also uses the StoragePlus software
(see also Section 4.24.2) although in this case with other, much higher
performance data.
Through the integration of the CAS in PCS 7, the currently implemented standard
allows access to the process archive values by displaying them in trends and
tables (Tag Logging) on the OS clients. The only requirement for this is that the
server data (package) of the CAS is stored on the OS clients.
Access to archive data of Tag Logging with a selected time period is handled
internally and automatically in the system. This means that the user does not need
to worry whether selected archive data is still on the OS servers or has already
been transferred to the CAS.
If selected archive data has been transferred to an external storage medium as a
backup and is therefore no longer "connected" to the database of the CAS (see
also Section 4.24.2.11), a message is generated to reconnect the relevant time
period of the external storage medium back to the CAS.

4-82 A5E00362933-03
The example shown in the schematic below illustrates the access possibilities for
displaying trends and tables (Tag Logging) on the OS clients.

A5E00362933-03 4-83
4.24.1.2 Integration in PCS 7
Integration in SIMATIC Manager

Due to the integration as the central archive server of PCS 7, the required
configurations – as standardized for the system concept – are made at a central
point in the engineering system.
To allow this, a suitable WinCC application "CAS" must be inserted in SIMATIC
Manager using HW Config. The CAS can only be used once for an existing plant
project.

4-84 A5E00362933-03
In the "Properties" dialog of the CAS, the configurations required for the
implemented PCS 7 standard as mentioned above (common area of StoragePlus)
are made in the "CAS Options" tab.

A5E00362933-03 4-85
To be able to keep the database files resulting in the CAS in the "connected" status
for as long as possible, – making access to them possible – it is, for example,
possible to select a particular percentage of the hard disk capacity as the limit at
which the automatic storage of the long-term segments starts.
Other activities relating to the destination paths, creation of server data (packages),
start and execution of the Project Editor in the WinCC Explorer and finally
download to the CAS computer are essentially the same as for an OS server.
The OS clients must be supplied with the package created by the CAS to allow
access to the long-term archive data of Tag Logging.
Runtime can be activated after the download to the CAS.
If the central archive server is deactivated, the PC must be restarted before the
central archive server can be activated again.

4-86 A5E00362933-03
4.24.1.3 Access Protection

The central archive server is a dedicated server; in other words, it is not a station at
which the process can be controlled or monitored as, for example, is possible on a
PCS 7 OS server. CAS is used only for archiving data. The access protection of
the CAS must be implemented using standard Windows mechanisms. Here, the
following Windows security settings are particularly important.
• Security settings of password policy
• Security mechanisms for account lockout policy
• Security settings for audit policy
Using the security settings of Windows, all access to the CAS is protected, audited
and changes recorded in the Windows event log. The settings are project-
dependent. You will find additional information in Section 4.17 "Setting up Access
Protection" and in the Simatic Process Control System PCS 7 Security Concept
PCS 7, Chapter "User and Access Management in PCS 7 and integration in
Windows Administrative Tools".
An OS client can be used to visualize the data of the CAS. The client itself has the
access protection provided by Simatic Logon.
4.24.1.4 Time Synchronization

The CAS must be included in the project-dependent time synchronization concept.
In this time synchronization concept, a time master must be declared that supplies
all components of the system including the CAS with a uniform time. For more
detailed information on setting up the time synchronization concept with a time
master, refer to Section 4.20 "Time Synchronization".
4.24.1.5 Network Security

The central archive server requires access to the PCS 7 terminal bus to obtain
data from the OS servers.
To allow this, there is only one shared folder called "ArchivDir" on the CAS to which
the completed database segments of the OS servers are transferred.
Îf there is access from outside an OS system, for example by displaying
StoragePlus views in an Internet Explorer window (see Section 4.24.2.10), the
information in the SIMATIC PCS 7 Security Concept manual must be taken into
account.

A5E00362933-03 4-87
4.24.1.6 Integrating the CAS in Lifebeat Monitoring

By running the Project Editor, the standard process control messages are also
generated for the CAS and can be viewed by all OS clients in the message display.
If a central archive server is operated in a plant in which Lifebeat Monitoring is
configured, the following internal tags must be configured manually on the central
archive server:
• Tag "@OPCServer_WinCC", type unsigned 32-bit value", start value 65537
• Tag "@LBMRTConfigState", type unsigned 32-bit value", start value 65537
The integration of the CAS is analogous to the integration of SIMATIC PCS 7
components in Lifebeat Monitoring as described in Section 4.21 "Lifebeat
Monitoring". An OPC connection to the CAS must simply be set up over which
Lifebeat Monitoring can take place.
4.24.1.7 OS Client for Visualizing CAS Data

The process archive values of the CAS can be displayed on OS clients in the form
of trends or tables.
To visualize messages already stored on the CAS, the integrated StoragePlus
Viewer software package is required. With this software package, it is possible to
define views of the databases of the CAS. The data made available in this way is
then published using the Internet Information Server and can be viewed over an
intranet.
4.24.1.8 Audit Trail

It is not technically possible to modify the data archived by the CAS. With the
StoragePlus Viewer, users only have read access to the archived data. For this
reason, the CAS does not support an audit trail in the sense of 21 CFR Part 11. All
events such as the transfer of data to external media or failed transfers are
nevertheless saved in the log file folder of the CAS.

4-88 A5E00362933-03
4.24.1.9 Archiving and Transferring to the CAS

Process data is initially archived in single segments locally on the PCS 7 OS
servers in Tag Logging or Alarm Logging. Once a single segment is completed, it is
copied to the CAS. On the CAS, data that has accrued during a specified period is
first stored in a temporary archive. Once the data is older than a specified period, it
is moved to long-term segments of the long-term archive on the CAS.
Data in the long-term archive can be transferred to external media at regular
intervals or when certain events occur. The following mechanisms are available for
automatic transfer:
• Directly following creation of a long-term archive
• Regularly at a defined time
• When a certain level is reached on the hard disk
• When a certain event occurs
Note
• The period for the single segments on the OS servers in Tag Logging must be
selected so that it is significantly shorter than the period of temporary
archiving on the CAS.
• The period for the entire archive on the OS servers in Tag Logging must be
selected so that it is at least one day longer than the period of temporary
archiving on the CAS.
• The period for all segments of the message archive on the OS servers in
Alarm Logging should be selected so that it is long enough to allow all
historical messages that must still be directly accessible to be kept on the OS
servers.
4.24.1.10 Data Display

As shown in the previous sections on StoragePlus, the Internet Explorer is used to
display views even though it can only be used locally on the StoragePlus PC.
With the CAS, it is, however, possible to use this to display long-term data of
Alarm Logging / reports of the CAS

A5E00362933-03 4-89
4.24.2 Long-term Archiving with StoragePlus
4.24.2.1 How StoragePlus Works
StoragePlus collects completed archive data segments from the servers in a

separate database according to chronological criteria so that they can be backed
up on CD or DVD when a certain size has been reached.
The database segments resulting from archiving by StoragePlus have the status
"connected" and this changes to "disconnected" when they are transferred for
backup. For StoragePlus to display archive data, the database segments must be
"connected".
Archive data that has already been transferred to backup can be "connected" to the
database of StoragePlus again. The "Catalog" call integrated in the administrator
console in StoragePlus provides an overview of the current status of the database
segments.

4-90 A5E00362933-03
4.24.2.2 Software Packages of StoragePlus

StoragePlus consists of three software components:
• The Administrator console (server application) allows the user to assign
rights to use various users / groups in StoragePlus.
The database settings are configured here and the way in which backups are
handled is specified.
Administrator privileges are required for access. Since the settings are made
and the system initialized here, access should be restricted to an authorized
group of people.
• The View Editor is used to configure trends, message displays and batch
reports that are saved in a view.
• The Web Viewer is used to display views created with the View Editor and
published for this display.
4.24.2.3 Installation of StoragePlus
Operating Systems
StoragePlus can be used with three different Microsoft operating systems.
• Windows Server 2003 (Standard Edition) SP1
• Windows XP SP2
• Windows 2000 SP4
The MS SQL Server software must also be installed.
Note
The updates and service packs for Windows or MS SQL Server and other
software components necessary to install StoragePlus can be found in the
installation instructions. When installing, make sure that you keep to the specified
order.
You will find the relevant documentation on the PCS 7 Toolset DVD in the
"StoragePlus/Install/Documentation" folder.

A5E00362933-03 4-91
General Order of Installation:

• The general insallation rules for von PCS 7 apply. For more information, see
the "Readme file" on the PCS 7 Toolset DVD.
• Internet Information Service (IIS) and Message Queuing
• Server function (IIS and Asp.net for Windows Server 2003)
• MS SQL Server 2000 SP3a
• PCS 7 packages
• Microsoft components
• StoragePlus
Note
We recommend that you set up at least two partitions on the hard disk.
Partition C contains the operating system, the StoragePlus software components
and the path for storage of the archive data of the OS servers / SIMATIC Batch
servers.
The second partition should contain the database files created by StoragePlus.
4.24.2.4 Security and Access Concept

The security and access concept involves two levels as illustrated in the graphic
below.
Betriebssystem Benutzer mit Zugriff auf das

Betriebssystem und Applikationen
StoragePlus Benutzer
mit Zugriff auf die
StoragePlus Applikation.
- Administrator - Administrator
- Power User - Power User
- User - User

4-92 A5E00362933-03
The following default user groups exist in the administrator console of StoragePlus:
• Administrator - full access to the StoragePlus system
• Power user - can read and create StoragePlus views
• User - can read StoragePlus views
• Guest - no rights. Neither access to StoragePlus views nor to the StoragePlus
system
To install StoragePlus, administrator privileges are required at the operating
system level. The user who performs the installation is automatically the default
user who can make the administrative settings for the first time in the administrator
console of StoragePlus.
We recommend that the individual users planned for StoragePlus have equivalent
group rights at the operating system level (see graphic). This ensures that the
functions associated with the rights required or assigned in StoragePlus can be
performed from the perspective of the operating system.
The user rights assigned reflect the maximum access rights. Assuming that a user
is a member of the "Administrator" group and also a member of the "User" group,
the "Administrator" group has greater access rights than the "User" group. In this
case, such a user would always have administrator rights in StoragePlus.
Note
We recommend that users are only assigned to one group.
Note
Do not delete all the groups to which an existing user is assigned in StoragePlus.
There should always be at least one group to which the user belongs.
For more detailed information on user access, management and the Windows
security settings, refer to Section 4.17 "Setting up Access Protection".
4.24.2.5 Time Synchronization

StoragePlus generates events in its own log files. To ensure precise time
information, the StoragePlus computer must be integrated in the PCS 7 time
synchronization of the entire plant. For descriptions of the concepts and the use of
the DCF77 client software, refer to Section 4.20 "Time Synchronization".

A5E00362933-03 4-93
4.24.2.6 Network Security

StoragePlus requires access to the PCS 7 terminal bus to be able to receive
archive data and reports from the OS servers / Batch servers. To allow this, there
is a shared folder called "ArchivDir" in which this data is stored using file transfer.
4.24.2.7 Audit Trail

It is not technically possible to modify the data archived by StoragePlus. With the
StoragePlus Viewer, users only have read access to the archived data. For this
reason, the CAS does not support an audit trail in the sense of 21 CFR Part 11.
User activities in the View Editor and StoragePlus application events are
nevertheless recorded.
The recording of both activities can be reviewed in the "Log Viewer".
There are two log files provided by StoragePlus and that can be displayed with the
Log Viewer in the administrator console:
• Application log; This presents the events recorded by StoragePlus when, for
example, a backup is created or archives are connected or disconnected.
• Activity log: This contains the events recorded by StoragePlus as a result of
operator input such as changes to the configuration or publishing views.

4-94 A5E00362933-03
4.24.2.8 Configuration of Long-term Archiving
Transferring the Archive Data of OS Servers for Backup

The size of the entire short-term archive and the size of a single segment are set in
the archive configuration of the OS servers.
The backup is also activated here in the Backup Configuration tab. The default
share name of the target folder following installation of StoragePlus is ArchiveDir.
These settings need to be made for
• Slow Archive (Tag Logging)
• Fast Archive (Tag Logging)
• Messages/Events (Alarm Logging)
An alternative destination path should not be specified otherwise transferred data

will no longer be accessible to StoragePlus. If the target computer (StoragePlus
computer) is not available for the transfer of completed segments for a limited time,
the PCS 7 OS will attempt the transfer again later. This is possible without any loss
of data for the time until segments in the short-term archive are overwritten again.

A5E00362933-03 4-95
Transfer of OS Reports
With the report editor, PCS 7 OS allows configuration and online data to be printed
out in the form of documentation. To make such reports available to StoragePlus
as well, additional output in the form of *.emf files (printer settings) is necessary in
the OS project used for the logging.
For the transfer, there is a C script in Global Script ÆStandard Functions ÆSplit
Screen Manager with the name "StoragePlus_ExportReports". This standard script
must be called by the user with a global action and cyclic trigger.
The destination path for StoragePlus in this case is:
"’\\\<destinationcomputername>\\ArchiveDir\\"
At cyclic intervals, the standard script checks whether a report has been output in
the PRT_OUT folder of the project. Any *.emf files found are transferred and then
deleted in the OS project.
The long-term storage of OS reports would only be useful in the case of one-off
reports that could not be recreated from individual archived events using suitable
views in StoragePlus.

4-96 A5E00362933-03
Transferring SIMATIC Batch Reports

To integrate SIMATIC Batch reports into the long-term archiving of StoragePlus,
the batch data must be transferred manually on completion of a batch.
The default in the SIMATIC Batch Control Center (BCC) can be found in
"Options Æ Settings" in the "Customize" dialog.
The option of saving as an XML file must be set in the "Archive" tab.
The storage location is once again the shared folder of StoragePlus:
\\<targetcomputername>\ArchiveDir
An alternative destination path is not used for the reasons explained in section on
the OS servers.
4.24.2.9 Configuration of the StoragePlus Database

Common area in the administrator console

A5E00362933-03 4-97
The backup size in MB relates to the space available on the intended memory
medium such as a CD or DVD. The StoragePlus database than creates the
database segments with approximately this size. A transfer is always
straightforward if, for example, (keeping to the example of a CD) a backup size of
650 MB is selected while the medium to be used has 700 MB available.
The interval for the online archiving segment relates to the part of the database
that integrates and arranges the incoming transferred files of the individual OS
servers. When this time expires, a further database segment is opened until the set
backup size is reached. This is then closed and a new segment created with the
"opened" status. All the database files have the status "connected" to the
StoragePlus database and created Views can access them.
As of PCS 7 version V6.1, it is possible to add an identifier at the signal source in
the CFC chart or in the process object view of the SIMATIC Manager that indicates
how measured values will be archived.
• No archiving
• Archiving (short-term, storage on OS)
• Long-term archiving (storage on StoragePlus archive computer)
The setting "only long-term data" in StoragePlus filters out only the signals with this
identifier.If this setting is missing, all the data of Tag Logging archived and
transferred by the OS servers is included.
4.24.2.10 Transferring Archive Data (Backup)

"Closed" database segments can be transferred manually or automatically.
Database segments are given the status "backed up & disconnected".
As can be seen in the screenshot above, a device with a suitable writing program
can be specified as the primary storage location. The data is transferred to an
alternative location, for example a hard disk area on the secondary storage
location only when this primary device is not available.
The criteria for automatic storage include time periods that range from immediate
transfer to delayed transfer, for example, only when a certain percentage of the
hard disk is full.
They must be selected taking into account their availability (status "connected")
and the need to be able to display them in views.

4-98 A5E00362933-03
In the Archive area of the administrator console, it is possible to transfer to backup

manually using the "Backup" button.
An overview of the content and statuses within the database is possible with the
"Catalog" button.

A5E00362933-03 4-99
Backing up Configuration Data

StoragePlus maintains a table of contents (AMT table) of all database files that
have been created without which access to backed up data (CD / DVD) is not
possible. This data is necessary if the system needs to be restored (hard disk
defective). To restore the system, the created views and other system settings are
also necessary. All this configuration data is stored with the "Configuration Data" ,
"Save" button.
Recommendation
Backup this configuration data regularly, for example each time archive data is
transferred to backup

4-100 A5E00362933-03
4.24.2.11 Retrieving Data Backups

Database files that have already been transferred to backup can be returned to the
database with StoragePlus using the "Connect" button (status backed up &
connected). This allows views to access the time period of this data again.
Data connected to the system again in this way can be disconnected again with the
"Disconnect" button (status backed up & disconnected).
Taking into account the available hard disk space, the user must decide how long
data should be accessible to the system.
4.24.2.12 Restoring the System

To avoid data losses due to defects on hard disks, RAID systems must be
considered first since they allow work to continue with the currently available data.
Regular checks of the event log by the operating system and a RAID controller with
adequate performance are additional requirements.
Restoration on a new hard disk with a new installation of StoragePlus is also
possible if the configuration data of StoragePlus is currently available.
Data that has not yet been transferred to backup by StoragePlus is not lost, at least
the part originating from the OS servers, since (depending on the overlapping of
the times) it normally still exists in the part of the short-term archive on the OS
servers that has not yet been overwritten.
Manual transfer of the period in question to segments of the OS archive *.ldf- /
*.mdf files) can reconnect this data to StoragePlus.
4.24.2.13 Data Displays

Views are preprogrammed and exist as
• Diagram (trend display)
• Alarm (message display)
• Report (OS reports)
• Batch report
These off-the-shelf views are displayed using the Web Viewer.
This means that the views must be "published" before they can be displayed on the
StoragePlus computer.
Created views adopt the rights of the user who created them. Changes can
therefore only be made by this user. In View Management in the Administrator
Console, however, other users can also be given this right.
For more detailed information, refer to the documentation "SPViewEditor" and
"SPAdmin" that can also be found on the PCS 7 Toolset DVD in the
"StoragePlus/Install/Documentation" folder.
Since it is only possible to access the local PC with StoragePlus, the address for
the Internet Explorer is http://localhost/StoragePlus/Frame.aspx at the start of the
WebViewer.exe application.
A login is necessary here if the user is not already logged on with the Windows
operating system.

A5E00362933-03 4-101
4.24.3 Long-term Archiving with SIMATIC IT Historian
Will follow in the next version of this document.

4-102 A5E00362933-03
4.25 Data Exchange with the Plant Management Level

Data exchange with the plant management level must be handled by system
functionality. To do this, various possibilities are available. Starting with the
standard OPC connection, OPC Direct Access connection up to OPC Historical
Data Access connection.
Data exchange with Connectivity Pack

The Connectivity Pack from SIMATIC PCS 7 allows standardized access to the
plant management level to the process control system. The following mechanisms
are used.
• OPC Direct Access (online access to process values and process states)
OPC DA. Process parameters can be modified and current states queried
• OPC Historical Data Access (historical access to the process value archive)
OPC HDA. All or selected process value archives can be read out. The
process value archives can be read out cyclically or user-controlled to
correspond to certain events or at certain specific times. It is not possible to
write to the process value archives.
• OPC Alarms and Events (historical access to the message archive)
OPC A&E. All or selected messages can be read out. The message archive
can be read out cyclically or user-controlled to correspond to certain events or
at certain specific times. It is not possible to write to the message archive.
The data exchange is handled as shown in the schematic below.
Process values and control statuses are recorded online. Depending on the
specifications ,the online process values and messages (alarm, warning, system
message, operator messages etc.) are entered in the short-term Tag Logging and
Alarm Logging archive for the defined short-term archiving time and are then
available to be read from the plant management level.
Configuration of the Connectivity Pack

It is not necessary to configure the Connectivity Pack in SIMATIC PCS 7.

A5E00362933-03 4-103
4.26 Uninterruptible Power Supply

An uninterruptible power supply (UPS) is a system for buffering the main power
supply. If the power supply fails, the battery of the UPS supplies the required
power. When the power supply returns, the UPS battery stops supplying power
and is recharged. Some UPS systems provide the option of main power supply
monitoring in addition to the buffering function. They guarantee an output voltage
at all times without interference voltages.
UPS systems are necessary so that process and audit trail data can continue to be
recorded during power failures. The design of the UPS must be agreed with the
system user and must be specified in the URS, FS or DS. The following points
must be considered:
• Energy requirements of the systems to be supplied
• Power of the UPS
• Required duration of UPS buffering
The energy requirements of the systems to be buffered decide the size of the UPS.
A further selection criterion is the priority of the systems.
Systems with high-priority include:
• Automation system (AS)
• Archive server
• Operator station (OS) server
• Operator station (OS) clients
• Network components
Field devices that generally have relatively high energy requirements may also be
included in the buffering depending on the power of the UPS. This must be decided
in consultation with the system user and related to the classification of the process.
Whatever is decided, it is important that the systems for logging data are included
in the buffering. The time at which the power failure occurred should also be
recorded.
The use of UPS systems involves the installation of software. This must be
installed and configured on the PC-based computers of the process control system
to be buffered.
• Configuration of the power failure alarms
• Stipulation of the time before the PC is shut down
• Stipulation of the time during which UPS buffering is provided
The automation systems (AS) must be programmed so that the process control
system changes to a safe state after a selectable buffer time if a power failure
occurs.
Due to the different requirements of the various devices involved, three classes
have established themselves as stipulated by the International Engineering
Consortium (IEC) in product standard IEC 62040-3 and the European Union EN
50091-3:

4-104 A5E00362933-03
Standby or offline IPS
Eingang Filter Schalter Ausgang
Wechsel-
Gleichrichter Ladung Batterie
richter
The simplest and least expensive UPS systems (according to IEC 62040-3.2.20,
UPS class 3) are standby or offline UPS systems. They protect only against power
outages and brief voltage fluctuations and peaks. Undervoltage and overvoltage
are not compensated. Offline UPS systems switch to battery supply automatically if
there is overvoltage or undervoltage.
Line-interactive UPS
Elektronischer Umschalter
Eingang Filter Spannungsregulierer
Ausgang
Ladung
Wechselrichter / Wechsel-
Batterie
Ladekontrolle richter
The way in which line-interactive UPS systems (according to IEC 62040-3.2.18,

class 2) function is similar to standby UPS systems. They protect against power
outage and brief voltage peaks and can compensate voltage fluctuations
continuously using filters.
Online UPS
Eingang Filter Bypass Ausgang
Wechsel-
Gleichrichter Ladung Batterie
richter
Double conversion or online UPS systems (according to IEC 62040-3.2.16, class

1) count as genuine power generators that continuously generate their own line
voltage. Connected consumers are therefore supplied permanently with line power
without restrictions. At the same time, the battery is charged.

A5E00362933-03 4-105
4.26.1 Configuration of Uninterruptible Power Supplies
Uninterruptible power supplies (UPS) must be configured for the specific case and
described in the URS, DS or FS.
The two screenshots below are examples of the configuration of a UPS in
Windows 2000/2003/XP.

4-106 A5E00362933-03
The following table describes an example of the configuration of an uninterruptible

power supply for an operator station in a process control system. The same basic
procedure can be used with the automation systems (AS).
Cas Action Reaction

e
1 Power outage The process control computers are buffered by the UPS.
<10 seconds An alarm using a digital input in the process control
system documents the power down.
2 Power outage The process control computers are buffered by the UPS,
>20 minutes. for example for 20 minutes. An alarm in the PCS
Power returns documents the power outage and the shutdown of the
after 25 minutes process control computers after 20 minutes. The UPS
stops supplying power after a defined time (for example
25 minutes) so that an independent restart of the process
control system computers is possible following return of
the power supply.
3 Power outage The process control computers are buffered by the UPS,
> 1 hour for example for 20 minutes. An alarm in the PCS
documents the power outage and the shutdown of the
process control computers after 20 minutes. The USP
stops supplying power after a defined time so that an
independent restart of the process control computers is
possible when power returns.

A5E00362933-03 4-107
4.26.2 UPS Configuration over Digital Inputs
In addition to the standard backup provided by UPS devices, the option of

monitoring the power supply should be used. This is done by monitoring the phase
over one or more digital inputs. The advantage of this is that power downs can be
registered, signaled and archived.
L1
überwachungsmodul
L2
Phasen-
L3
24V / Faild Safe Eingang

Phasenüberwachung
USV-Modul
24V
USV-Modul
220V
Digital Eingangskarte
PS-Baugruppe 24V
AS CPU 41x
Ethernet CP
OS-Server
USV backup load voltage

The automation system CPU is supplied with power by the UPS, for example 24 V,
module during voltage dips and longer power outages. The phase monitoring
module monitors the status change during a power down from a digital input that
should be designed as a fail-safe input signal. If a power down occurs, an
additional alarm is available to inform the operator of the power down (alarm
message). By logging it in the message system, this power down can then be used
for subsequent investigations. With power down concepts, safety-related statuses
can also be implemented immediately or after a certain delay (for example,
equipment phase hold, establishing a safe plant status even after return of power
etc.).

4-108 A5E00362933-03
USV backup main power supply

As well and phase monitoring, the OS server is also backed up by standard UPS
modules, for example 220 V.. This ensures that the server remains operational
even following a power down.
The operator is made aware of the power down by the UPS backup, for example
by an alarm message. Safe statuses can be initiated by the operator or by
automated concepts.
The reliable shutdown of the OS server can be indicated and initiated by PCS 7
alarm messages if the power does not return within a specified time. This
functionality increases the availability of the system when power returns.

A5E00362933-03 4-109
4.27 Creating SCL, C, VB Scripts

SCL, C, und VB scripts are programs written by the user that count as class 5 in
the software categorization. This type of software is developed to meet customer-
specific requirements that cannot be covered by the standard library.
Sequence of creating category 5 software:

1. Creation of a functional description for the software
2. Specification of the function blocks used
3. Specification of the inputs and outputs used
4. Specification of the operator control and monitoring capability of the block
Caution
! The creation of category 5 software should be avoided because it significantly
increases the test and validation effort.

4-110 A5E00362933-03
4.28 SIMATIC PCS 7 Add-Ons

Install only released and approved add-ons on a SIMATIC PCS 7 system. For
more detailed information, refer to Chapter 5 "Supporting Functions during
Qualification ".
Note
You will find an overview of the approved SIMATIC PCS 7 add-ons in the current
Add-Ons catalog ST PCS 7.A or CA01 catalog. More detailed information is
available on the Internet at: http://www.siemens.com/simatic-pcs7

A5E00362933-03 4-111

4-112 A5E00362933-03
5 Supporting Functions during Qualification
5.1 Introduction
The graphic below shows the life cycle model. The focus of this chapter, selection
criteria, is typified by system test / qualification.
The aim of qualification is to provide documented proof that the system was set up
according to the specifications and that all specified requirements have been met.
The qualification describes, executes and finally evaluates all the activities
necessary for this. Various standard functionalities of SIMATIC PCS 7 can be used
as support in qualification during IQ and OQ.

A5E00362933-03 5-1
Supporting Functions during Qualification
5.2 Qualification of Automation Hardware

The design specification of installed hardware is used to set up the system
according to detailed stipulations and adherence to these specifications must be
verified during the subsequent system tests. The design specification describes all
the hardware components used with information such as order number, firmware
version, installation location, serial number etc. Components such as the servers
and clients used, interfaces to automation systems etc. are also listed.
Qualification of Field Devices

In the qualification of field devices, checks are necessary to ensure that the
stipulations of the Hardware Design Specification were implemented. This means
verifying the following:
Manufacturer
Order number
Serial number
Function of the field device
Destination location
Tag name
Type of connection electrical / bus type
Physical connector type
Address number
Unit of measure
Measuring range
Note
The asset management of SIMATIC PCS 7 can be used in support to verify that
the hardware used matches the Design Specifications. A visual inspection of the
field device can be performed at the same time.

5-2 A5E00362933-03
Qualification of the Automation Hardware

In the qualification of automation hardware, checks are necessary to ensure that
the stipulations of the Hardware Design Specification were implemented. All the
hardware components as specified in the hardware configuration of SIMATIC PCS
7 must be configured. This includes:
• Number of racks
• Verifying the hardware components used (CPU, CP, etc.)
• Number of distributed I/O stations
• Interfaces to other systems
• Verifying the order numbers of the hardware used
• Address description
• Symbolic naming of inputs/outputs
• etc.
Note
The hardware configuration (HW Config) can be printed out and used to verify
qualification (IQ/OQ) of the installed hardware components. A visual check of the
installed hardware can be made at the same time. The hardware used must
match the switching cabinet documentation.
Qualification of the Network Structure

In the qualification of the network structure, checks are necessary to ensure that
the requirements defined in the Hardware Design Specification were implemented.
All the connections must be configured in the SIMATIC NetPro configuration of
SIMATIC PCS 7. This includes:
• Name of: station, PC, AS, clients etc.
• Communications modules, type of connection and communication partner
(Ethernet, PROFIBUS, serial etc.)
• MAC address (when using the ISO protocol on the plant bus)
• TCP/IP address and subnet mask (when using clients)
• PROFIBUS addresses
• etc.
Note
The SIMATIC NetPro configuration can be printed out and used to verify
qualification (IQ/OQ) of the configured network structure. A visual check of the
configured network structure can be made at the same time.

A5E00362933-03 5-3
Specification of the PC Hardware Used

In the qualification of the PC hardware used, checks are necessary to ensure that
the stipulations of the Hardware Design Specification were implemented. The PC
pass is useful for qualification. The PC pass should list all installed hardware and
software components.
This includes:
• Order number of the PC hardware used
• Additionally installed hardware components (additional network card, printer,
etc.)
• Checking the configured network addresses, screen resolution, etc.
Note
The PC pass can be printed out and used to verify qualification (IQ/OQ) of the PC
hardware used. A visual check can be performed at the same time.

5-4 A5E00362933-03
5.3 Qualification of Automation Software
5.3.1 Qualification of Standard Software
In the qualification of the standard software used, checks are necessary to ensure
that the requirements defined in the Software Design Specification were
implemented. This includes:
• Operating system
• SIMATIC IT server, SIMATIC PCS 7 standard basic packages (OS server, OS
client, CAS, Engineering system, BATCH server, BATCH client etc.)
• SIMATIC standard options (SIMATIC PDM, SIMATIC Logon, SFC Visualization
etc.)
• Standard libraries
Note (operating system)

The installed software can be verified by operating system functions. The
information can be found in the Control Panel > Add/Remove Programs. All
installed software components are displayed here. A screenshot can be printed
and used for the qualification (IQ/OQ).
Note (SIMATIC software)

The verification of installed SIMATIC software can be performed with the "Installed
software" software tool. The tool provides information on the currently installed
SIMATIC software on the computer. The installed components can be printed and
used for the qualification (IQ/OQ). For more information, refer to Section 5.3.2
System Programs from SIMATIC PCS 7.

A5E00362933-03 5-5
Note (software licenses)

The "Automation License Manager" SIMATIC tool, provides information on the
licenses currently installed on the process control system PC. To view the
licenses, open the Automation License Manager and select the PC partition on
which the licenses are installed on the left hand side of the Explorer bar. On the
right-hand side of the window, all available licenses of the system are now
displayed.
The installed licenses can be printed and used as documentation for the
qualification (IQ/OQ). For more information, refer to Section 5.3.3 Installed
Authorizations of SIMATIC PCS 7.

5-6 A5E00362933-03
5.3.2 System Programs from SIMATIC PCS 7
When SIMATIC PCS 7 is installed, the current status of the installed system
programs is saved in the "citamis.str" file. Reinstallations are also documented.
The "citamis.str" file is located in the WINNT folder. The following screenshot
shows an excerpt of the "citamis.str" file.
The file is structured so that the product name is recorded first. This is followed by
the version, the time, and the date stamp of the installation. The ----> symbol
means that the installation was completed successfully. If this symbol is missing,
installation was not completed successfully and must be repeated.

A5E00362933-03 5-7
The Simatic>Product Notes>Installed software software tool provides

information on the currently installed SIMATIC software on the computer.
The following screenshot "Installed SIMATIC software" shows the installed

software products, software components, and DLLs on the local computer. This
information can, for example, be used to include the installed software in the
Installation Qualification.
5.3.3 Installed Authorizations of SIMATIC PCS 7
The Automation License Manager program provides information on the installed

licenses on the PCS computer. The installed licenses must match the requirements
defined in the specification.

5-8 A5E00362933-03
5.3.4 Qualification of the Application Software
In the qualification of application software, checks are necessary to ensure that the
requirements defined in the Software Design Specification were implemented. Test
descriptions must be agreed with the user (for example for FAT/SAT) and
generated. These test descriptions must be created individually to meet the
software design stipulations.
As a minimum, the following must be checked and tested and can be used as a
reference for the qualification:
• Checking the name of the application software
• Checking the plant hierarchy (process cell, unit, equipment module, single
control element etc.)
• Software module test (typical test)
• Checking communication with other nodes (third-party controllers, MES
systems etc.)
• Checking all inputs and outputs
• Checking all control modules (control module level)
• Checking all equipment phases and equipment operations (equipment phase)
• Checking the relationships between modes (MANUAL/AUTOMATIC changes,
interlocks, start, running, held, aborting, completed, etc.)
• Checking the process tag names
• Checking the visualization structure (P&I representation)
• Checking the operator input philosophy (access control, group permissions,
user rights)
• Checking archiving concepts (short-term archives, long-term archives)
• Checking the message concept
• Checking trends, graphs
• Checking time synchronization

A5E00362933-03 5-9

5-10 A5E00362933-03
6 Additional Hardware / Software
Components

Time synchronization is an important feature in automated systems in a GMP
environment. During the interaction between several automation systems (AS)
and/or several operator stations (OS), messages, alarms, trends, and audit trail
data must be archived with synchronized time stamps.
The Siemens SICLOCK system provides the option of time synchronization by
receiving highly accurate time signals (GPS or DCF77).
When using GPS, the time information (Greenwich Meantime) of the GPS satellite
system is evaluated. Due to the high operating frequency (1.574 GHz), there is
good reception even in rough environments.
The reception of time information provided by the German time signal transmitter
DCF77 on long wave 77.5 kHz in Mainflingen near Frankfurt is restricted to central
Europe within a radius of approximately 2.000 km around Frankfurt/Main. It is
suitable for industry due to the extremely narrow bandwidth of the installed
receiver.
In small to medium sized automated systems, the PCS 7 operator station can be
used as the time master. In this case, a suitable antenna is connected directly to
the COM port of the personal computer.
In larger systems, the time is synchronized using SICLOCK TM/TS. The SICLOCK
TM/TS central system clocks supply several PCs or automation systems (AS) with
a highly accurate time over Industrial Ethernet. SICLOCK TS provides the same
functions as SICLOCK TM, but does not have the additional interfaces for IRIG A,
B and J. If the antenna fails, the SICLOCK TM/TS central clocks switch
automatically to quartz operation and therefore still retain a high degree of
accuracy.
Note
! When using time signals (GPS or DCF77) with automatic daylight-saving /
standard time adjustment, the automatic daylight saving / standard time
adjustment must also be activated in the operating system of the process control
computer so that all messages are archived with the correct time stamps. This
adjustment must be activated in the Control Panel > Date/Time > Time Zone tab.

A5E00362933-03 6-1
Additional Hardware / Software Components
6.2 Solutions for Special Automation Tasks

The modularity, flexibility, scalability and openness of SIMATIC PCS 7 lay the
foundations for the use of additional hardware components or the use of software
packages for special processes. SIMATIC PCS 7 offers numerous additional
components known as PCS 7 add-on products. PCS 7 add-on products are
software packages and hardware components tailored to the requirements of
specific applications.
Hardware Components
Special solutions are required to interface hardware components that do not exist
in the SIMATIC hardware manager. These components can be integrated using
specially created device master data (GSD). Examples of the integration of these
hardware components include:
• Integration of weighing modules (SIWAREX)
• Integration of frequency converters for drives (master drives, micromaster etc.)
• Integration of user-specific field devices
To keep the validation effort to a minimum, tested and described hardware
components from the PCS 7 Add-on catalog should be given preference.
Software Packages
For the configuration phase, a variety of blocks are available in the PCS 7 standard
libraries. If additional blocks are necessary to configure special processes or
functions, whenever possible, the block libraries (function blocks FBs, functions
FCs and data blocks DBs) from the PCS 7 Add-on catalog should be used.
Compared with user-created blocks, these significantly reduce the validation effort.
The PCS 7 block libraries for technological functions are examples of software
packages of the PCS 7 Add-on catalog. These blocks cover a wide spectrum and
were developed specially for the requirements of the pharmaceutical and chemical
branches. Among other things, the block library provides functions for controlling
valves, motors and closed-loop controllers.
Note
! The "SIMATIC PCS 7 Add-ons for the Process Control System SIMATIC PCS 7"
catalog, contains solutions for various areas of application such as the
pharmaceutical industry. If special solutions are required that cannot be handled
by these functions, you will find addresses of persons to contact in the catalog.
The scope of validation of SIMATIC PCS 7 add-on products in terms of validation
stability must be checked and specified in cooperation with the system user.

6-2 A5E00362933-03
6.3 SIMIT Simulation Software

The SIMIT simulation software allows a software test on a simulation platform
without needing the actual field devices. SIMIT simulates field devices and allows
not only simple signal tests at the touch of a button but also complex tests at the
drive level. Along with the S7-PLCSIM programmable controller simulation software
for simulating the CPU of an automation system, cost-effective software tests can
be performed without automation systems (AS) and field devices. This means, for
example, that a Factory Acceptance Test (FAT) can be performed by the software
provider. The Factory Acceptance Test is used to detect and fix possible bugs prior
to commissioning and brings about a reduction in the commissioning time.

A5E00362933-03 6-3
6.4 Using MASTERGUARD UPS Systems

ll MASTERGUARD UPS systems belong to the online UPS category. They supply
an output voltage free of noise, electromagnetic interference, frequency variations,
and voltage distortion. For more detailed information on MASTERGUARD, refer to
the CA01 catalog. USV systems from Masterguard can be ordered directly from
Siemens in the A&D Mall on the Internet: https://mall.ad.siemens.com/.
MASTERGUARD USP systems are available in the following series:

Series A:
The online MASTERGUARD UPS devices 0.7 - 3 kVA as standalone device.
Series A-19:
Suitable for installation in 19-inch racks; power range: (0.7 - 3 kVA); Advantage low
installation height, simple expansion and system integration
Series EI:
Powerful online technology (6 - 20 kVA) with single- or three-phase current input;
the backup time can be extended by using suitable battery packs.
Series EI –19:
Online technology with 6 kVA output power for compact installation in 19" racks
requiring only 3 height units.
Series C:
Online technology (10 - 60 kVA) with 3-phase input and output; technical peak
values and optimum connectivity (extremely cost-effective). Additional variant with
input transformer and integrated batteries or available as 208 V version.
Series SIII:
Top of the range MASTERGUARD USP devices (60 - 800 kVA) with 12-pulse
rectifier and input filter (standard for 250 - 800 kVA); for greater power
requirements and particularly critical applications; connected in parallel supplying
up to 6400 kVA.
When selecting USP systems, not only the performance but the installation site is
important. The UPS system can be included in the rack planning or can be used as
a "standalone" device in control rooms.
When using small to medium sized process control systems, UPS systems of
series A are suitable. These are used to back up computers of both the switching
cabinet types and desktop types. For larger process control systems in which the
field devices are also included in the backup, UPS systems of series E, C and SIII
should be used.

6-4 A5E00362933-03
Glossary
Access Protection
Access protection involves the enabling or disabling of certain functions for the
user at the operator stations of the process control system.
Audit trail
The audit trail is a system control mechanism that monitors access to data. Every
access must be documented.
Automation system (AS)

An automation system is a programmable logic controller (PLC) in SIMATIC S7, a
complete device (PLC with integrated control unit) in SIMATIC C7 or a SIMATIC
M7 automation system.
Block
Blocks are separate parts of a user program that are distinguished by their
function, their structure or purpose.
CFC operates with "off the peg" block types that can be inserted in a CFC chart.
When you insert the block, an instance of the block type is created. These block
instances and their graphic representation are blocks in the sense of CFC.
Bus
A path for electrical systems allowing the exchange of data and control information
between various components of a computer architecture.
Bus system
Generic term for hardware components and the transmission specification for
buses.

A5E00362933-03 Glossar-1
Glossary
Chart
Software object in which continuous automation functions can be created with the
CFC configuration tool or sequential control systems with SFC.
CFC
Continuous Function Chart.
1. Continuous function chart (CFC chart)with the graphic interconnection of
technological functions (blocks).
A software package (CFC editor) for plant-oriented, graphic configuration of an
automation task. Using CFC, ready-made blocks are put together to form an entire
software structure (CFC chart).
CFR
Code of Federal Regulations. The Code of Federal Regulations is the statute book
of the United States of America. Title 21 (abbreviated to 21 CFR) deals in particular
with the regulations for the branches foodstuffs, drugs, and cosmetics.
21 CFR Part 11 that deals with electronic records and electronic signatures is
particularly important for process control engineering.
Cycle time
The cycle time is the time that the operating system requires to execute the
program once; in other words, one OB 1 run through – and all the interrupting
program sections and system activities.
Component View
Device-oriented view in the SIMATIC Manager. The project is displayed with its
components (station, module, program ...); alternative to the plant view.
CPU
Central Processing Unit - Module in a programmable controller or automation
system with control and arithmetic unit, memory and operating system. The user
programs are stored and executed in the central processing unit.
DCF 77
Time transmitter in Frankfurt/Mainflingen. This provides the highly accurate official
time for the Federal Republic of Germany based on a cesium clock.

Glossar-2 A5E00362933-03
Glossary
Electronic records
Electronic records are recordings that are stored in electronic form.
Electronic signature
Electronic signatures are computer-generated characters or strings that count as
the legal equivalent of a handwritten signature.
ES
Engineering Station. Station for configuring an automation process.
ET 200M
This is a modular I/O system for single-tier configuration with the degree of
protection IP 20. The ET 200M can be extended with the signal, function and
communication modules of the S7-300 programmable controller. Communication
between ET 200M and the AS is over PROFIBUS DP.
Faceplate
A software block written in Visual Basic or Visual C that allows a block instance to
be controlled and monitored during run-time on an operator station.
FAT
Factory Acceptance Test. The factory acceptance test is an initial verification of the
automation system at the system provider's premises . The test is carried out prior
to commissioning so that bugs can be fixed before starting the installation.
FDA
Food and Drug Administration. The Food and Drug Administration (FDA) is the
organization responsible for regulations regarding food and medicines in the United
States of America.
Fault-tolerant connection
An AS (S7-400H) in which all the essential components exist twice. If one of the
subsystems fails (for example a component failure) the other takes over
automation of the plant without any interruption.

A5E00362933-03 Glossar-3
Glossary
Function (FC)
According to IEC 1131-3, functions are logic blocks without memory. A function
allows parameters to be passed on in the user program. Functions are ideally
suited for programming commonly occurring complex functions, for example
calculations. Note: As there is no memory available, the calculated values must be
processed immediately following the FC call.
Function block (FB)

According to IEC 1131-3, a function block is a logic block with static data. An FB
allows you to pass parameters in the user program. This means that function
blocks are suitable for programming complex functions that are required frequently,
for example controllers, operating mode selection. As function blocks have a
memory (instance data block) its parameters (for example outputs) can be
accessed at any time and any point in the user program.
GAMP
Good Automated Manufacturing Practice. The GAMP 4 guideline for validation of
automated systems provides instructions and templates to help and support
companies from the pharmaceutical, biotechnical and medical equipment
industries to set up qualified or validated automation systems.
GMP
Good Manufacturing Practice Good manufacturing practice ensures that products
are produced and tested according to consistent quality standards.
GPS
Global Positioning System – satellite system for precise localization of positions on
the earth. GPS satellites orbit the earth at a height of approximately 20.000 km in
different orbits. Each satellite has a highly accurate atomic clock.

Glossar-4 A5E00362933-03
Glossary
Hot Restart
When an S7 CPU starts up ( for example after changing the mode selector from
STOP to RUN or when the power supply is turned ON), before cyclic program
execution (OB1) is started either the organization block OB 100 ( warm restart) or
organization block OB 101 (hot restart, only on the S7-400) or OB102 (cold
restart) is executed (( Startup of an S7-CPU). In a warm restart the process image
of the inputs in read in and execution of the STEP 7 user program is continued at
the point at which it was last stopped (STOP, power down ).
The "hot restart" is only possible when the CPU is battery-backed.
Note: All data areas (timers, counters, memory bits, data blocks) and their contents
are retained.
I/O
Input and output signals of the controller.
I&C process tag list

Instrumentation and control process tag list. Standardized name for graphic
symbols and identification letters in process control engineering.
Import/Export Assistant (IEA)

Software component in PCS 7 for handling models and generating replicas of the
models.
Interconnection
(CFC) Connection between an interface I/O and another element. The value of an
interconnected input is fetched from the other end of the interconnection during
runtime.
IQ
Installation Qualification. The purpose of an installation qualification (IQ) is to verify
the correct installation of an automation system.

A5E00362933-03 Glossar-5
Glossary
Library
A folder for objects that can be used more than once and that is not project-related.
Blocks are made available according to certain criteria (block families, alphabetical
arrangement etc.) in block libraries. Different block libraries are used depending on
the target system or particular situation.
Lifebeat Monitoring
Program belonging to the run-time system (operator station) for monitoring the
automation systems, OS servers and OS clients connected to an OS server. The
connected systems are visualized in a plant picture.
Master Data Library

Library in a multiproject for storing project master data. The project master data are
• Block types
• Process tag types
• Models
that will be used in the project and may need to be adapted.
Message types (OS message system)

Message types are subgroups of message classes and can differ from each other
in the color selected for the message status. You can create up to 16 message
types in each message class on the OS.
Message blocks (OS message system)

Status changes of a message are displayed in run time in a message line. The
information to be displayed in the message line is specified using message blocks.
There are three different types block:
• System blocks (for example, date, time, period, comment, ...) allow predefined
and not freely usable information to be specified. They are displayed in the
message line.
• User text blocks allow you to assign up to ten freely definable texts to a
message that are displayed in the message line when the message occurs.
• Using process value blocks, you can display the values of variables in the
message line. You can also define the formatting used.

Glossar-6 A5E00362933-03
Glossary
Messages
A message system is used for the chronological signaling and archiving of sporadic
events occurring in the process at a central location. The cause of a message can
be an event or a message frame.
In general, a distinction is made between operating messages, fault messages,
and system messages. Operating messages are used to indicate a status in the
process. Fault messages are used to indicate a problem in the process. System
messages are used to indicate error messages from other applications.
In the message system (Alarm Logging), messages that behave in a similar way
(acknowledgment philosophy, color scheme for message states) can be grouped
together in message classes and message types.
MOD
Magneto Optical Disc, storage medium for data archiving of the process control
system
Model
A model consists of hierarchy folders with CFC/SFC charts, pictures, reports, and
additional documents from which any number of replicas can be created.
Multiproject
Folder for all projects of an automation solution. Cross-project functions can be
used in projects that are part of a multiproject.
NAMUR
NAMUR is the process control engineering association of the chemical and
pharmaceutical industry. It is an organization of users in process control
engineering. Manufacturers of process control technology are not represented in
NAMUR.
NAMUR recommendations
The NAMUR recommendations and work sheets are reports of experience and
working documents that the NAMUR association for process control engineering in
the chemical and pharmaceutical industry prepares for its members.

A5E00362933-03 Glossar-7
Glossary
Operating message
Following a change made to a parameter on the operating station, the parameter,
the old value, the new value, and, if applicable, the unit of the value is displayed in
a message page.
Operating System
A collective term for all functions which, in conjunction with the hardware, control
and monitor the execution of the user programs, the distribution of the operational
equipment among the individual user programs, and the maintenance of the
operating mode (for example standard operating systems Microsoft Windows, real-
time operating system M7 RMOS32).
OQ
Operational Qualification. The purpose of the operational qualification (OQ) is to
verify the correct functioning of the automation system.
OS
Operator Station. A station for controlling and monitoring the process. In PCS 7,
the WinCC software system is used for the OS with which all the process
monitoring and control functions can be implemented.
Parameters
A parameter is:
• the value of a CFC block/chart I/O.
• a variable of an S7 logic block (actual parameter, formal parameter)
P&ID
Piping and instrumentation diagram. A diagram in which the components required
for a plant and the connections between them are stipulated.
PCS
Process Control System. A process control system consists of at least one
automation system (AS) and at least one operator station (OS) networked over a
bus system.

Glossar-8 A5E00362933-03
Glossary
Plant Hierarchy (PH)

Program structure organized in the form of a hierarchy according to technological
aspects.
Plant View
View in the SIMATIC manager according to technological aspects ( plant, unit,
function ...); an alternative to the component view.
PQ
Performance Qualification. The purpose of the performance qualification (PQ) is to
verify the performance of the automation system.
Process tag type

A process tag type is created to duplicate process tags. The process tag type can
be instantiated in the form of replicas.
PROFIBUS
PROcess Field Bus – A fieldbus complying with EN 50170 Vol. 2 PROFIBUS (DIN
19245; bus system for industrial application based on PROFIBUS).
Project
A folder containing all the objects belonging to an automation solution regardless of
the number of stations, modules and how they are networked.
Replicas
During import with the Import/Export Assistant, replicas are created from the
models. Each line in an import file creates a replica in the destination project.
Among other things, a replica differs from the model (or from a copy of the model)
because it has an assignment to a model instead of to an import file.
Runtime
Process control; the operator controls and monitors the process online on the
operator station (OS).

A5E00362933-03 Glossar-9
Glossary
SAT
Site Acceptance Test. The purpose of the site acceptance test is to verify the
automation system at the premises of the system user during the commissioning
phase.
SCL
High-level language complying with IEC 1131-3 and resembling Pascal for
programming complex tasks on a PLC, for example algorithms, data processing
tasks.
Script
A program written in ANSI-C for solving user tasks. Scripts run cyclically/acyclically
in the background of the OS run-time or following an event (for example mouse
click) on a picture object within a plant picture.
SFC
Sequential Function Chart. An SFC chart represents a sequential control system
that runs as an independent sequence on the programmable logic controller.
Sign-of-life monitoring
see Lifebeat Monitoring
SIMATIC BATCH
Software for automating recipe-controlled batch processes. As a functional unit,
SIMATIC BATCH and SIMATIC PCS 7 fully cover the models described in the ISA
S88.01 standard.
SIMATIC Manager
The SIMATIC Manager is the central engineering tool. With the SIMATIC Manager,
for example, you create projects and access libraries.
Source
Part of a program created with a graphic or textual editor and from which the
executable user program is produced following compilation.
Statement List (STL)

Statement List is a text-based programming language resembling machine code
(complying with IEC 1131–3).

Glossar-10 A5E00362933-03
Glossary
Tag Logging
An editor in the control center of the OS for creating and editing trends.
Time synchronization
An editor in the control center of the OS. Time synchronization makes sure that all
the PLCs and operating stations of the bus operate with the same time of day (
time of day synchronization).
UPS
Uninterruptible Power Supply. An uninterruptible power supply (UPS) is a system
for buffering the main power supply. If there is a power outage, the power supply
remains available for a certain time. Some UPS systems also provide the option of
line voltage monitoring and therefore an output voltage free of interference.
User Administrator
Editor in the control center of the OS for creating and editing access permissions
for operator control and monitoring during runtime.
User program
The user program contains all the statements and declarations and the data
required for signal processing to control a plant or a process. The program is
assigned to a programmable module (for example, CPU, FM) and can be
structured in smaller units.
In S7, the user program on the ES consists of the symbol table, the source files,
the blocks and the charts.

A5E00362933-03 Glossar-11
Glossary

Glossar-12 A5E00362933-03
Index
2 D
21 CFR Part 11 1-9 Data display CAS 4-89
Data display StoragePlus 4-101
A Data exchange with the plant management
level 4-104
Access Protection 2-7, 4-42 Design Specification 3-16
Access protection StoragePlus 4-92 Disabling the Windows level 4-62
Access protection under Windows and
SIMATIC PCS 7 4-44
E
Account security setting 4-49
Archiving 2-12 Electronic Signature 2-9, 4-60
Archiving operating system 4-80 Engineering Station (ES) 4-15, 4-54
Audit trail 2-11 EU GMP Guideline 1-9, 1-10
Audit trail CAS 4-88
Audit trail OS 4-64 F
Audit Trail security setting in Windows 4-50
Audit trail StoragePlus 4-94 FAT 1-6
Automation system (AS) 4-15 FDA 1-9
Functional Specification 1-13, 3-15
B
G
Backing up user software 4-80
Backup 2-12 GAMP 1-9, 1-10
Backup process data 2-14
Backup StoragePlus 4-98 H
Backup user software 2-13
Hardware categorization 2-5
Batch report 4-79
Biometric systems 2-8
I
C Implementation 1-5
Import/Export Assistant 3-4, 4-31
CAS access protection 4-87
Industrial Ethernet 4-15
Central archive server 3-12, 4-82
Integration of third-party systems 4-78
Change control 1-12, 2-6
Interfaces to Process Data 3-10
Change Control during Operation 1-8
ISA-88.01 – implementation in
Change control user software 4-22
SIMATIC PCS 7 4-39
Chip card 2-8
ISA-88.01 – software model
Configuration control 2-6
SIMATIC PCS 7 4-38
Configuration identification 2-6
Configuration management 2-5, 4-17
Conformity with ISA-88.01 standard 4-37 L
Connectivity Pack 3-10 Life cycle model 1-2
Criteria for selecting hardware 3-2 Lifebeat Monitoring 4-77
Criteria for selecting software 3-3 Lifebeat Monitoring CAS 4-88
Long-term archiving 4-82

A5E00362933-03 Index-1
Index
M SIMATIC Electronic Signature 3-3

SIMATIC IT 3-13
Master Data Libraries 4-10 SIMATIC IT Historian 3-12, 4-103
Multiproject Engineering 4-9 SIMATIC Logon 3-3, 4-42
SIMATIC Logon Configuration 4-52
N SIMATIC NET 4-14
SIMATIC PCS 7 add-ons 4-113
NAMUR 1-9, 1-10
Software categorization 1-14, 2-2
Software categorization of
O SIMATIC PCS 7 4-1
OPC Alarm & Events server 3-11 Software installation 4-3
OPC Direct Access 3-11 Software module 4-23
OPC Historical Data Access server 3-11 Software updates 4-19
Operating System 4-3 Specification 1-4
Operator station (OS) 4-56 Specification - Design Specification 1-13
OS archiving 3-6 StoragePlus 3-12, 4-90
OS Project Editor 4-35
T
P Third-party component 2-15
Password 2-8, 2-10 Time synchronization 2-11, 6-1
Password security setting 4-48 Time synchronization CAS 4-87
PCS 7 PID Tuner 3-5 Time synchronization concept 4-68
Printer Drivers 4-8 time synchronization configuring 4-69
Process value archives 4-27 Time synchronization StoragePlus 4-93
PROFIBUS 4-16 Typicals 2-4, 4-23
Project change control 1-5
U
Q Uninterruptible power supply (UPS) 4-106
Qualification 1-6, 5-1 Uninterruptible power supply configuration
Qualification documents 1-13 4-108
Qualification Plan 1-4 Updates, Service Packs, and Hotfixes 4-18
Qualification report 1-7 Upgrades (migration) 4-18
Quality and Project Plan 1-4, 1-12 User ID 2-8, 2-10
User management 4-46
User Requirements Specification 1-12, 3-
R
14
Retrieving CAS data 4-88
Retrieving data backups 2-14 V
Retrieving data backups StoragePlus 4-
101 Validation Plan 1-4
Risk analysis 1-8 Validation report 1-7
Version control 2-6
Version Cross Checker 3-4
S
Version Trail 4-21
S7-PLCSIM 3-5 Versioning the user software 4-20, 4-21
SAT 1-6 Virus Scanners 4-8
SFC Visualization 3-6
SIMATIC BATCH 4-37, 4-58 W
SIMATIC BATCH audit trail 4-65
SIMATIC BATCH configuration 4-41 Windows Domain 4-45
Windows Workgroup 4-45

Index-2 A5E00362933-03

GMP Eng-Manual pcs7-v61 en PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GMP Eng-Manual pcs7-v61 en PDF

Uploaded by

Copyright:

Available Formats

s

Copyright © Siemens AG 2006 All rights reserved

Siemens Aktiengesellschaft A5E00362933-03

Purpose of the Manual

Basic Knowledge Required

GMP - Engineering Manual

Validity of the Manual

Further Sources of Information

Structure of the Guidelines

GMP - Engineering Manual

GMP - Engineering Manual

Service & Support on the Internet

GMP - Engineering Manual

1 Prerequisites for Configuring Automated Systems in a GMP Environment 1-1

GMP - Engineering Manual

GMP - Engineering Manual

4.7.3 Changing the User Software .......................................................................... 4-22

GMP - Engineering Manual

4.24.2.3 Installation of StoragePlus .............................................................................. 4-91

GMP - Engineering Manual

Before automated systems can be configured in a GMP Environment, approved

GMP - Engineering Manual

1.1 Life Cycle Model

GMP - Engineering Manual

Key to the life cycle model

GMP - Engineering Manual

Quality and Project Plan

GMP - Engineering Manual

Project Change Control

GMP - Engineering Manual

GMP - Engineering Manual

To be able to reference test documentation, it must be completed in accordance

GMP - Engineering Manual

Change Control during Operation

GMP - Engineering Manual

1.2 Regulations and Guidelines

Regulation / Issued by / Title Regulation / Where

GMP - Engineering Manual

Code of Federal Regulations Title 21 (21 CFR), Food and Drugs

Annex 11 of the EU GMP Guideline

Annex 18 of the EU GMP Guideline

GAMP ® Guide for Validation of Automated Systems "GAMP ® 4"

GMP - Engineering Manual

Documentation Location Responsibility

Software Design Supplier

GMP - Engineering Manual

1.4 Approval Process

Quality and Project Plan

User Requirements Specification

GMP - Engineering Manual

Qualification documents (test documents)

GMP - Engineering Manual

1.5 Software Categorization of Control Systems

GMP - Engineering Manual

In the context of GMP, automated systems must meet certain requirements.

GMP - Engineering Manual

2.1 Software Categorization

Category 1, Operating Systems

Category 3, Standard Software Packages

Category 4, Configurable Software Packages

GMP - Engineering Manual

Category 5 User-specific (tailored) Software

GMP - Engineering Manual