Presentation
Regulated Facility Solution Set Matrix
Siemens Industry, Inc. Document ID: A6V11273355 Revision 2, Sept 2017
Regulated
Facility
Firmware
Desigo CC Software
Datamate Advanced Software
Network
Data Integrity
The APOGEE Automation System data integrity is verified through system validation. This ensures that the APOGEE Automation System meets the User Requirement specifications. Siemens has developed standard specification and IQ/OQ templates to aid in the validation of the APOGEE Automation
System. Templates based on current industry practices save time and money on the project. To ensure the APOGEE Automation System operations are maintained at a “Validated state” throughout the lifetime of the APOGEE Automation System; we have developed a comprehensive service offering.
Protection of Records
11.10 (b), 11.10 (c)
Password security and physical security must be
enabled at the field panels. It is recommended that a
binary door monitoring switch be added to each field
panel used to collect information and that local access
capability be disabled.
It is recommended that power be sourced from an
uninterrupted power supply (UPS) and the UPS is
sourced from emergency power grid. This practice
eliminates loss of data due to power blackouts,
brownouts, surges or dips.
Desigo CC software retains complete copies of system records in both human readable and electronic
form, available for inspection, review and copying.
It is recommended that power be sourced from an uninterrupted power supply (UPS) and the UPS is
sourced from emergency power grid. This practice eliminates loss of data due to power blackouts,
brownouts, surges or dips.
Install robust server designs with built-in redundancy to protect data stored on the server hard disk.
Execute adequate SOPs that regularly back up critical electronic records.
Access to the system is controlled using Windows integrated security. Users do not have to manage a
unique set of usernames and passwords. Using each individuals Windows account name and
password, the system can detect user access and can grant them access to only those functions they
are authorized to use. This access control is used to determine what functions a user can use, what
they can view, print or otherwise have access.
Datamate Advanced software retains complete copies of system records in both human readable
and electronic form, available for inspection, review and copying.
It is recommended that power be sourced from an uninterrupted power supply (UPS) and the UPS
is sourced from emergency power grid. This practice eliminates loss of data due to power
blackouts, brownouts, surges or dips.
Install robust server designs with built-in redundancy to protect data stored on the server hard disk.
Execute adequate SOPs that regularly back up critical electronic records.
Access to the system is controlled using Windows integrated security. Users do not have to
manage a unique set of usernames and passwords. Using each individuals Windows account name
and password, the system can detect user access and can grant them access to only those functions
they are authorized to use. This access control is used to determine what functions a user can use,
what they can view, print or otherwise have access.
Desigo CC and Datamate Advanced
Servers are synchronized with Network
Time.
All components with time functions in
the APOGEE Automation System are
automatically synchronized to the
system server daily.
Redundancy of network components is
recommended to ensure protection of
records.
Trend
It is necessary to collect Trend Data from field panels
as often as possible to mitigate and/or significantly
reduce possible loss of data stored in panel RAM.
This design consideration must be considered in
detail in specifications and validated.
The ability to change Trend Definitions is restricted by Desigo CC Access and Privileges. It is
recommended that access capability be limited to a single individual and their supervisor.
The ability to change Trend Definitions is restricted by Datamate Advanced Access and Privileges.
It is recommended that access capability be limited to a single individual and their supervisor.
Database changes made at Datamate Advanced are automatically managed by the Datamate
Advanced application.
Not Applicable
Alarms
Alarm configuration is part of the Point Definition
database.
System alarm transaction records are automatically managed by the Desigo CC application. The
ability to change Alarm parameters in Point Definitions is restricted by Access and Privileges. It is
recommended that access capability be limited to a single individual and their supervisor.
The ability to change Alarm parameters in Point Definitions is restricted by Access and Privileges.
It is recommended that access capability be limited to a single individual and their supervisor.
System Activity
At the field panel, local system access is not
recommended. All system changes should be made
using Desigo CC software or Datamate software to
ensure a complete audit trail of all changes.
Desigo CC software will acquire records as they are created, lock them down in a secure database,
provide the ability to retain them for a user definable and/or indefinite time and provide modern
reporting functionality.
Records of changes made using Datamate Advanced software must be printed periodically for
secure, long-term storage. Records can be printed to paper, or saved as PDF files.
Point
Definitions
The ability to change Point Definitions is restricted
by BLN Access and Privileges. It is recommended
that access capability be disabled.
The ability to change Point Definitions is restricted by Desigo CC Access and Privileges. It is
recommended that access capability be limited to a single individual and their supervisor.
The ability to change Point Definitions is restricted by Datamate Advanced Access and Privileges.
It is recommended that access capability be limited to a single individual and their supervisor.
Not Applicable
PPCL
At the field panel, PPCL programs are stored in the
EEPROM memory and protected from data loss by
battery within the field panel. The ability to change
PPCL programs is restricted by BLN Access and
Privileges. It is recommended that access capability
be disabled.
The ability to change PPCL is restricted by Access and Privileges. It is recommended that access
capability be limited to a single individual and their supervisor. It is recommended that PPCL
modifications be accomplished with Datamate Advanced to ensure a complete audit trail of changes.
The ability to change PPCL is restricted by Datamate Advanced Access and Privileges. It is
recommended that access capability be limited to a single individual and their supervisor.
Records of changes made using Datamate Advanced software must be printed periodically for
secure, long-term storage. Records can be printed to paper, or saved as PDF files.
Audit Trails
11.10 (e)
BACnet (Firmware) is an open communication
protocol that supports changes from devices external
to the system. These types of changes do not leave an
audit trail. The BACnet network must be secured
procedurally to prevent users at external devices from
making changes. See Using BACnet in Regulated
Facilities (A6V10394681) technical reference for
additional information.
Desigo CC software provides an automatic audit trail of any changes made to, Point Definitions and
other critical objects designated for enhanced audit trails. The Desigo CC application captures and
documents changes to APOGEE Automation System operations.
Desigo CC software will acquire records as they are created, lock them down in a secure database,
provide the ability to retain them for a user definable and/or indefinite time and provide modern
reporting functionality. Desigo CC software manages system activity and operator transaction
records.
Datamate Advanced software provides an audit trail of any changes made to PPCL, Point
Definitions and other critical point classification information. The Desigo CC application captures
and documents changes to APOGEE Automation System operations.
Records of changes made using Datamate Advanced software must be printed periodically for
secure, long-term storage. Records can be printed to paper, or saved as PDF files.
Not Applicable
System Security
11.10 (d), 11.10 (f),
11.10 (g), 11.10 (h),
11.10 (j), 11.10 (k),
11.30
Password security and physical security must be
enabled at the field panels. It is recommended that a
binary door monitoring switch be added to each field
panel used to collect information. This demonstrates
compliance with US FDA regulations and that the
BLN system access is limited to a single individual
and their supervisor.
Systems that use Desigo CC web clients and click-once clients must incorporate additional security
authentication measures, encryption mechanisms, firewall, and/or SSL (secure socket layer) type
technologies into building automation design.
Access to the system is controlled using Windows integrated security. Users do not have to manage
a unique set of usernames and passwords. Using each individual’s Windows account name and
password; the system can detect user access and can grant them access to only those functions they
are authorized to use.
Access to the system is controlled using Windows integrated security. Users do not have to
manage a unique set of usernames and passwords. Using each individuals Windows account name
and password; the system can detect user access and can grant them access to only those functions
they are authorized to use. This access control is used to determine what functions a user can use,
what they can view, print or otherwise have access.
Access rights to system records, reports,
report templates, and client applications
are all controlled using Windows
integrated security. Windows integrated
security is designed and configured
properly to limit system access through
an SOP.
Electronic Signatures
11.50(a)(b), 11.70,
11.100, 11.200,11.300
Not Applicable
Not Applicable
Not Applicable
PDF based report output option can be
combined with Adobe’s or a third-party
signature handler and\ or a document
management system.
Establish Procedures
11.10(j)
The customer must develop their own Standard Operating Procedures (SOPs) for the proper use and operation of the BAS. Siemens recommends that the following SOPs be developed for a customer site: System Operating Procedures, Backup Procedures, Change Control/Upgrade Procedures, Hardware
Maintenance Procedures, Calibration Procedures, Software Maintenance Procedures, System Security Procedures, Training Procedures, Electronic Records/Data Management Procedures, Incident Management Procedures and Disaster Recovery Procedures.
Control Documents
11.10(k)
The customer must have the required documentation available and protected. Revision and change control procedures should be in place for all the required documentation. The list of the required documentation includes, but is not limited too: User Requirements, Functional Specification, Configuration
Specifications, Operations and Maintenance Manuals, Training Records, Calibration Records, System Drawings, Completed Protocol Documents, System Acceptance and Sign-off and Maintenance Records.