Imagine a world where countless operators meticulously monitored dials and switches, ensuring the precise production of life-saving pharmaceuticals. This labor-intensive, error-prone scenario was once reality…
Today, however, SCADA automation systems orchestrate a symphony of automation, ensuring both efficiency and regulatory compliance in pharmaceutical manufacturing.
Curious about how SCADA systems achieve this remarkable feat? In this blog post, you will learn more about SCADA automation and SCADA validation in pharma.
What is a computerized system?
Before diving into the world of computerized SCADA systems, let’s establish a common ground by defining a computerized system according to GAMP5.
It’s a system that encompasses one or more computers and their corresponding software, network components, the functions they control, and all relevant documentation.
In simpler terms, it’s the harmonious integration of hardware and software, working together with the processes they’re designed for within their operational environment.
What is a SCADA system?
SCADA, standing for Supervisory Control And Data Acquisition, is a system that utilizes software to centralize the reception of signals from various sensors and equipment.
This facilitates the automation of data acquisition, monitoring, and remote control of industrial processes. It accomplishes this through a combination of several components.
Components of the system
- Instrumentation and electrical cabinets
- Hardware:
- Network infrastructure
- Programmable Logic Controllers (PLCs)
- Client/server PCs
- Physical servers
- Software:
- PLC control
- SCADA
- Batch control software
Relevance of SCADA Automation
Before industrial automation, all controls were manual. This necessitated a significant number of operators, driving up costs. Thankfully, automation has evolved considerably over the last century.
Today, streamlined operations are achieved through PLCs and SCADA systems. PLCs are specialized computers dedicated to managing, controlling, storing, and transmitting data to oversee production processes.
Batch Control Software
Alongside SCADA software, which excels in real-time system control, batch control software plays a vital role in automating and managing production recipes.
These recipes provide structured instructions for controlling multiple PLCs and their associated components in a sequential manner.
While SCADA and batch control software may sometimes be integrated into the same program or modules, it’s important to remember that they serve distinct purposes.
Components of the system
- PLC (Programmable Logic Controller): A specialized computer responsible for managing sensors or equipment. It can be programmed locally from human-machine interfaces (HMI).
- Batch control software: This software facilitates the creation of recipes for orderly and automated control of PLCs.
- SCADA software: Provides continuous monitoring and allows for manual adjustments of PLC parameters.
- Human-Machine Interfaces (HMI)
HMIs on PLCs empower operators to control the machines through a user-friendly graphical interface. This interface displays comprehensive data, simplifying interaction and operation.
Batch Process Control: ISA88
ISA88 offers a valuable set of guidelines for designing and operating batch control systems. It emphasizes process characteristics like standardization, modularity, flexibility, efficiency, and error reduction. Additionally, it ensures traceability, which is crucial for regulatory compliance and maintaining a complete audit trail.
Categories of SCADA systems
SCADA systems can be configured differently depending on how the hardware and software elements are installed. We therefore differentiate between DCS (Distributed Control System), remote/client SCADA or Cloud SCADA:
- DCS (Distributed Control System)
- Remote SCADA: Utilizes a client/server model with remote PLCs connecting to data processing centers.
- Cloud SCADA: Connects PLCs to cloud services, centralizing necessary software and database functions.
DCS Infrastructure
These types of systems are based on combinations of control circuits. Within these circuits, various PLCs (Programmable Logic Controllers) are connected to the sensors and equipment they control, which are, in turn, linked to servers and workstations (control PCs).
A key advantage of DCS (Distributed Control Systems) from its inception is the ability to manage all process signals in a centralized manner.
Fig. 1 Schematic diagram of DCS installations
Remote SCADA
In a client/server remote SCADA control system, the architecture is similar to the one previously described.
In this setup, the PLCs that control the reception of signals are remotely connected to servers at a data processing center (DPC), where they transfer the information.
Subsequently, client PCs can connect to the SCADA servers to monitor and control the PLCs through them.
Fig. 2 Remote SCADA/clients
Cloud SCADA
The infrastructure of this SCADA system is characterized by the integration of various PLCs with a cloud service. This service functions both as a database and as a centralized software hub, enabling operators to connect to the system and perform the required operations.
Fig. 3 Schematic of a SCADA infrastructure in the cloud (SCADA Cloud)
Characteristics of a SCADA system
For optimal process control and minimal errors, a SCADA system should possess essential characteristics like remote management, automation capabilities, incident alarms, data transmission functionalities, and secure access controls.
1. Remote Management
As mentioned earlier, remote management allows for the centralization of signal reception, management, and control, thereby simplifying the process.
2. Automation
The system must enable the automation of tasks, such as batch management and recipe creation, as previously discussed. This not only facilitates system control but may also minimize the risk of errors or incidents.
3. Incident Alarms
The system must be capable of notifying users in the event that received values are out of specification. It is generally advisable to configure two alarm levels:
- an initial one to alert when values are approaching a threshold
- and a second one for when this threshold is exceeded.
4. Ability to Receive and Send Data
A SCADA system must not only collect information from sensors and equipment but also be able to process it and enable operators to send orders and commands to modulate the equipment’s activity.
5. Access and Security
Like any other computerized system, a SCADA system must permit each user to execute their functions without accessing or interfering with workflows outside their role.
This should be encompassed within both physical and logical security measures to ensure the system’s robustness in the event of unforeseen incidents or unauthorized access.
Validation of SCADA systems
Applicable Regulations and Guidelines
Like any other system in the pharmaceutical industry, SCADA systems are subject to very strict validation standards. These regulations, defined by governmental entities such as the EMA, FDA, MHRA, and others, provide a framework that must be strictly adhered to in order to operate legally.
To complement these regulations, there are non-governmental organizations that offer additional information and guidelines. While these are not considered mandatory, they constitute good practice guidelines and quality standards that, if followed, facilitate compliance with regulatory requirements. Examples of these organizations include ISPE, ISO, ICH, among others.
A SCADA system consists of an automated, computerized system and associated hardware components, which may be directly or indirectly related to the pharmaceutical industry. The following chart summarizes, in a non-exhaustive way, the main guidelines for a SCADA system:
ISO | ISO 9000 Family: Quality Control and Quality Management System
ISO 2700 Family: Information security management ISO/IEC 12207:2017 – Systems and software engineering – Software life cycle processes |
ASTM | ASTM Standard E2500-20: Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipments |
ICH | ICH – Quality Guidelines: Q8 (Pharmaceutical development) Q9 (Risk Management), Q10 (Pharmaceutical QS) |
PICS/S | PI 011-3 Good Practices for Computerized Systems in Regulated “GxP” Environments (2007)
PI 041-1 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments |
ISPE | GAMP 5: A Risk-based Approach to Compliant GxP Computerized Systems- 2nd Edition (2022) |
ISA | ISA18: Management of Alarms
ISA88: Batch Process Control ISA101: Human Machine Interface ISA112: SCADA Systems |
SCADA Validation Approach
An interesting validation approach for a SCADA system is the “Life Cycle Approach” as defined by GAMP5. This approach, illustrated in Figure 4, provides a framework for validation throughout the entire lifetime of the system:
- Before system implementation, the project definition along with the requirements and specifications of the system are established.
- Initial validation allows the system to be released into the operational environment.
- Modifications and updates are implemented throughout the SCADA system’s lifecycle via change control management.
- The system reaches its end of life and is decommissioned.
Fig. 4 GAMP5 ‘A Risk-Based Approach to Compliant GxP Computerized Systems’, Second Edition, 2022, Project Stages and Supporting Processes within the Life Cycle
Along with the aforementioned approach, another method recommended by GAMP5 is the “V-model“, widely used in computerized system validation within the pharmaceutical industry.
This method outlines the sequence of activities involved in the software validation process based on their complexity, focusing on the relationship between the tests conducted and the software requirements with their associated specifications (refer to Figure 5).
This methodology is applied during both initial validation and the implementation of changes throughout the lifecycle, though it is scaled down in complexity during the latter.
It is important to note that this is not the only validation model available; for example, the Agile model can also be used. However, we will use the V-model to illustrate a case of SCADA system validation.
Fig. 5 GAMP5 ‘A Risk-Based Approach to Compliant GxP Computerized Systems’, Second Edition, 2022, Approach for a Custom Application (Category 5)
Validation Overview
Although each SCADA system validation process is different, subject to the particularities of each case, there are certain generalities that can be applied to the vast majority of situations.
Required Documentation
As explained in previous sections of this post, it is necessary to have the User Requirement Specifications (URS) and System Specifications (FS, DS…) documented.
Along with requirements and specifications definition, it is also important to analyze and define the risks associated with the process. The objectives of Risk Analysis (RA) are manifold:
- Establish which risks are associated with the user requirements and trace them to the technical specifications that will define the characteristics and/or functionalities of the system.
- Evaluate the risks detected based on objective criteria.
- Establish conditions and methodology for the mitigation of the detected risks to acceptable levels.
All this must be included in a validation plan for the SCADA system. Additionally, users must have access to sufficient user manuals, instructions, and Standard Operating Procedures (SOPs) to be able to execute their respective functions.
Features to Validate
Regarding the validation of a computerized SCADA system, we can classify the validation process depending on whether it affects the hardware, software, or the regulated process:
Hardware validation
- Hardware Installation Verification: Ensure the correct installation of the different hardware components (control hardware, field equipment…) according to the technical documentation.
Software validation
- Software Installation Verification: Ensure the correct installation of the SCADA software according to the technical documentation.
- User Permissions Verification: Ensure that the different roles for the users within the SCADA system have been correctly established and that they effectively limit the permissions within the program.
- Parameter Configuration Verification: Ensure that the system allows the correct management of the parameters of the different associated equipment.
- Reports Verification: Ensure that the system is able to create reports properly with the associated readings and data.
- Electronic Signature Verification: Ensure that all applicable processes are unambiguously traced back to the originator and that there is a correctly implemented electronic signature flow.
- Access Verification: Ensure that the system adequately limits access to unauthorized users.
- Audit Trail Verification: Ensure that the Audit Trail of the SCADA system allows access to the log of actions performed in the system, complying with data integrity standards (ALCOA+).
Process validation
- Signal Verification: Ensure that the signals, whether digital or analog, processed in the SCADA system are properly identified, making the readings traceable.
- Alarm Verification: Ensure that alarms function correctly and are configurable only by users with the appropriate role.
- Security Verification: Ensure that the system correctly implements the necessary security measures against potential unforeseen incidents.
- Recipe Verification: Ensure that the system allows the correct creation and execution of recipes from batch software.
- End-to-End Verification: Ensure that the workflow functions correctly from start to finish.
Need Help with Your SCADA Automation and Validation?
A SCADA validation may be as complex, as it is essential, to ensure correct control of processes in the pharmaceutical industry. It requires verifying that all the elements composing it are functioning properly.
Do you need help preparing the documentation for your validation process, or during the execution of protocols? Or would you prefer an expert to support you throughout the entire process? Our SCADA experts will be happy to assist you. Do not hesitate to contact us.