Compliance Response 21 CFR Part 11SIMATIC PCS 7 V7.0

De

cla

rati

on

of

Co

nfo

rmit

y–

Ed

itio

nA

ug

ust

2007

2

CONTENTS3 Introduction

4 1. The requirements 21 CFR Part 11 in short

5 2. Response of SIMATIC PCS 7 V7.0 to 21 CFR Part 11

5 2.1 Technological solution for access control

6 2.2 Technological solution for audit trail

9 2.3 Technological solution for archiving and retrieval

10 2.4 Technological solution for electronic signatures

11 3. Evaluation list for SIMATIC PCS7 V7.0

15 3.1 Additional procedures and controls for open systems

16 3.2 Signed electronic records

16 3.3 Electronic signatures (general)

17 3.4 Electronic signatures (non-biometric)

18 3.5 Electronic signatures (biometric)

18 3.6 Controls for user IDs and passwords

3

Introduction

In August 1997, the regulation 21 CFR Part 11 “Electronic Records; Electronic Signatures”of US Food and Drug Administration (FDA) took effect. 21 CFR Part 11 (Part 11 in short)defines the acceptance criteria of the FDA for the use of electronic records and signaturesinstead of records in paper form and handwritten signatures on paper. In this regard,electronic records and signatures must be as trustworthy, reliable and effective as tradi-tional records.

The implementation of this regulation for electronic records and signatures ismandatory. However, Part 11 only applies to records maintained in accordance with theguidelines of the FDA (as defined in the “predicate rules”) or to records which are to besubmitted to the FDA in electronic form. There are various interpretations and recom-mendations from the FDA as well as from the ISPE and PDA. Beyond the use of electronicrecords and signatures, traditional paper documents and handwritten signatures, or acombination of both, can still be used.

To help our clients, Siemens as supplier of SIMATIC PCS 7 evaluated Version 7.0 of thesystem on the basis of these requirements. This paper presents the results of this assess-ment for the process control system SIMATIC PCS 7 V7.0. The components examinedwere the operator station (client and server), engineering system, SIMATIC BATCH (clientand server), and S7-400 CPUs.

SIMATIC PCS 7 V7.0 fully meets the functional requirements of 21 CFR Part 11.Operation in conformity to the regulations is ensured in conjunction with administra-

tive measures and procedures to be established by the customer.The Siemens recommendations for the system architecture, design and configuration

assist the customer in achieving compliance. You can find additional information and as-sistance in the document “GMP-Engineering Manual: SIMATIC PCS 7 Guidelines for Im-plementing Automation Projects in a GMP Environment”.

The FDA requirements are applied beyond the pharmaceuticals industry in other lifesciences (such as the food industry, cosmetics and consumer care).

The requirements of Part 11 are open to interpretation. This document supports theinterpretation of the ISPE CoP GAMP and PDA that are accepted worldwide. If the inter-pretation of a requirement by a company differs from the requirement specified here,please contact the Competence Center Pharmaceuticals of Siemens AG A&D in Karlsruhe(Germany) for more information.

This document comprises three parts. The first part provides a brief overview of therequirements of Part 11, the second part provides the solutions for the main technical re-quirements from the viewpoint of SIMATIC PCS 7 V7.0, and the third part contains a de-tailed system evaluation according to ISPE/PDA1.

1 Good Practice and Compliance for Electronic Records and Signatures;Part2 “Complying with 21 CFR Part 11, Electronic Records and Electronic Signatures”; ISPE and PDA 2001/2002

4

1. The requirements 21 CFR Part 11 in short21 CFR Part 11 assumes that the risk of manipulation, misinterpretation, and changeswithout trace is higher with electronic records and electronic signatures than with con-ventional paper records and handwritten signatures are more difficult to detect. Addi-tional measures are required for this reason.

“Electronic Record” / “Electronic Document” means any combination of text, graphics,data, audio, pictorial or other representation of information in digital form that is creat-ed, modified, maintained, archived, retrieved or distributed by a computer system.

“Electronic Signature” means a computer data compilation of any symbol or series ofsymbols executed, adopted, or authorized by an individual to be the legally bindingequivalent of the individual’s handwritten signature.2

All GMP-relevant automated systems must be validated to ensure precise, reliable and consistent

data preparation in accordance with the standards.

Validation

DescriptionRequirement

All operator actions which create, modify or delete an electronic record must be recorded in a

secure, time-stamped, computer-generated audit trail.

Audit Trails

Systems must have capability to retain, protect and readily retrieve records throughout the

established retention period. Systems must be able to reproduce electronic records in both

human readable and electronic form.

Record Retention, Protec-

tion, Reproducibility and

Retrievability

Controls must exist over access, revision, distribution and use of documentation for system

operation and maintenance.

Document Controls

Systems must limit access to only authorized, qualified personnel. In open systems, addition-

al security measures must be implemented to ensure this (see also 21 CFR Part 11.30).

Access Control

2 Good Practice and Compliance for Electronic Records and Signatures;Part2 “Complying with 21 CFR Part 11, Electronic Records and Electronic Signatures”; ISPE and PDA 2001/2002

5

2. Response of SIMATIC PCS 7 V7.0 to 21 CFR Part 11

The requirements which can be fulfilled by technological solutions can be summarizedunder four topics:• Access Control• Audit trail• Archiving and retrieval of archived data• Electronic signature

2.1 Technological solution for Access Security

User management is provided with the SIMATIC Logon software package based on MSWindows security mechanisms:• Based on user groups, user rights are defined in the PCS 7 OS user management.• Individual users and their assignment to Windows user groups are defined in the

Windows user management.• SIMATIC Logon provides the link between the Windows user groups and the PCS 7 OS

user groups.The following requirements for access control are fulfilled in this way:• Centralized management of users (setup, deactivation, blocking, unblocking, assign-

ing to groups) is performed by the administrator.• Unique combination of user identifier (user ID) and password.• Definition of access permissions for groups and users.• Access and permission levels based on the plant area.

Systems must provide measures to ensure that utilization is limited to genuine owners only

and that attempted use by others is promptly detected and recorded. Non-biometric systems

must employ two distinct identification mechanisms (user identifier / password). Both the

user identifier and password must be entered before a signing session and at least the pass-

word is entered at each subsequent signing during the same session. Electronic signatures

can not be reused or reassigned. The purpose of an electronic signature must be clearly indi-

cated. Finally, systems must include measures to prohibit falsification of electronic signatures

using standard tools. Written policies must be in place which holds individuals responsible

for actions initiated under their electronic signatures.

Electronic Signature

Written certification must be provided to the FDA Office of Regional Operations that all elec-

tronic signatures in use are the legally binding equivalent of traditional handwritten signa-

tures.

Certificate to FDA

6

• Password aging: the user is forced to change his/her password after a configurabletime; the password can be reused only after “n” generations.

• The system can force the user to define a new password during the first logon (initialpassword).

• The user is automatically blocked after a configurable number of failed logon at-tempts and can only be unblocked by the administrator.

• Automatic logoff after a configurable time, in which neither the keyboard nor themouse is used.

• Log functions for actions related to access control, such as logon, manual and auto-matic logoff, wrong user ID, wrong password, user blocked after several attempts toenter wrong password, password change by user.

• Projects in a multiproject can be protected from unauthorized access using SIMATICLogon. Access can then be configured in such a way that enables access only with apersonalized combination of user identifier and password.

SIMATIC Logon fulfills the requirements of 21 CFR Part 11 regarding access control incombination with procedures, such as those for “clarifying the responsibility and accessof the system users”.

In addition, unauthorized access to the directory structures of the individual systemprograms should be prevented using the rights allocation of the Windows operating sys-tem, thus excluding the possibility of unwanted manipulation.

If system access is not controlled by persons who are responsible for the content ofthe electronic records, the system is defined as “open”. If there is an “open path”, thispath can be secured using standard tools.

2.2 Technological solution for audit trail

Audit trails are particularly important in situations in which production relevant datais created, modified or deleted by user actions during normal operation.

If electronic recording is generated automatically and cannot be altered or deletedby the operator, an audit trail is unnecessary. These electronic recordings are saved bythe applications of PCS 7 (with access control, for example).

Figure 1:

SIMATIC Logon Configuration

7

The following section describes how the SIMATIC PCS 7 process control system sup-ports the implementation of the 21 CFR Part 11 requirements with regard to the audittrails during runtime operation. They also describe the resources provided by the sys-tem for tracing changes made in the engineering system.

Runtime operation

Changes in the batch systemSIMATIC BATCH supports versioning of recipes, formulas and ROP library objects.

All batch-relevant records are documented in a batch log, including operator actionsand electronic signatures.

The batch logs are saved in XML file format. SIMATIC PCS 7 and SIMATIC BATCH donot provide any option for the operator to change this data. Direct manipulation of theseXML files must be prevented using the security settings of the operating system. If thesefiles are nevertheless changed, the manipulation is detected and is reported by a mes-sage when the batch log is opened.

Events and changes in runtime operationOperator actions performed on the PCS 7 operator stations (OS) are stored in messagearchives. All events (old value, new value, user ID, date and time stamp, operation, batchname, etc.) are recorded in a complete audit trail (operator log). The audit trail can beprinted.

All process data (such as process values, process or operator messages) are storedwithout any option for the operator to change this data.

Engineering system

Configuration of user managementSettings and changes in the user management system (e.g. creating new users, blockingusers, etc.) are logged in the event log of SIMATIC Logon.

Figure 2:

Operator actions

User ID

User ID

8

Project archivingThe option SIMATIC Version Trail supports archiving of PCS 7 projects and the assign-ment of a version number. It distinguishes between major and minor versions. Olderconfiguration data can be retrieved. Actions such as the creation, alteration, deletion ofold projects data are recorded in a version history together with the archive name, dataand comments. This ensures continuous documentation of the various revisionsthroughout the system.

Version comparisonDetailed structural comparisons can be performed using the option SIMATIC VersionCross Manager (VXM). Structural comparisons can be made for:• Complete projects (no multiprojects) including the hardware configuration using

SIMATIC Version Trail. The current project and an archived project or two archived proj-ects

• Changed project data and the data loaded in the AS (online – offline comparison)• Synchronized SFC types (sequential function chart) via the project

These comparison results are saved in CSV file format and can be printed as a report.The report lists the changes organized according to categories.

Changes to installed PCS 7 system softwareA full log file of the installation history including version number and software update isrecorded.

Figure 3:

Project versioning and archiving

with SIMATIC Version Trail

Figure 4:

Visualization of a comparison

for a parameter change in the

SIMATIC Version Cross Manager

9

2.3 Technological solution for archiving and retrieval

Continuous archivingSIMATIC PCS 7 offers a configurable and scalable archiving concept. Messages and meas-ured values are continuously stored in local PCS 7 OS archives. These locally stored datacan be automatically transferred to long-term archives (Central Archive Server (CAS) orSIMATIC IT Historian). The archived data can be retrieved throughout the entire durationof the defined retention period. The call can be made within PCS 7 with standard func-tions or from standard interfaces or add-on packages (e.g. OpenPCS 7).

Batch-oriented archivingBatch-oriented data archiving can be performed with SIMATIC BATCH. The data can bemanaged for long-term archiving using the tools mentioned above.

SIMATIC PCS 7 and SIMATIC BATCH offer standard interfaces to other archiving tools(from Siemens and third-party manufacturers).

Figure 5:

Visualization of a comparison

for a changed object in the

SIMATIC Version Cross Manager

Figure 6:

Excerpt from a version

comparison report

10

2.4 Technological solution for electronic signatures

SIMATIC Electronic Signature is an integral part of the SIMATIC Logon software packageand is used for creating an electronic signature. The dialog for performing the electronicsignature is provided by SIMATIC Logon.

By default, the execution is integrated in SIMATIC BATCH (e.g. recipe release, changeof operating mode for batches, input in the operator dialog). The execution is configuredwith the setting for the plant or object properties. SIMATIC Logon requests and verifiesthe information to be entered (user ID, password).

The technical properties of the signature can be configured as follows within SIMATICBATCH:• What is to be signed• The persons / groups who have to sign• The sequence of signatures, when applicable• The timeout for performing a signature, when required

The audit trail for the performed action releases is ensured by including the electron-ic signature in the batch log.

Figure 7:

Configuration of the electronic

signature for releasing and

starting a batch

11

Electronic signatures can be implemented in the PCS 7 OS with project methods (API)using SIMATIC Logon (for example, when starting a step sequencer or changing a con-troller parameter).

3. Evaluation list for SIMATIC PCS 7 V7.0

The following checklist for evaluating SIMATIC PCS 7 is taken from a document devel-oped by the “GAMP Special Interest Group”.

The checklist for system assessment involves all requirements, not only those whichcan be fulfilled by technological solutions. Customers must introduce correspondingprocedures in their company to satisfy certain requirements of the 21 CFR Part 11 regula-tions. The specifications of 21 CFR Part 11 always relate to the customer-specific applica-tion, which was implemented with PCS 7. Consequently, the solutions then specified arevalid only in conjunction with specific procedures and organizational measures.

Procedures and controls for closed systems

If system access is controlled by persons who are responsible for the content of the elec-tronic records, the system is defined as “closed” and must be assessed against the re-quirements of this section.

Figure 8:

Logging the electronic

signatures for an operator

dialog

1 Good Practice and Compliance for Electronic Records and Signatures;Part2 “Complying with 21 CFR Part 11, Electronic Records and Electronic Signatures”; ISPE and PDA 2001

12

11.10(a)detail 2

Is it possible to discern

invalid or altered records?

Yes.

The solutions for the individual SIMATIC PCS 7 components

are as follows:

SIMATIC BATCH:The batch record itself can no longer be altered and therefore

does not require an audit trail. Unauthorized changes are

prevented by the system through access control. Additional-

ly, the SIMATIC BATCH XML records are protected with a

checksum mechanism to detect illegal alterations.

OS:An entry can be generated in the audit trail for any operator

action (if, for example, the operator changes setpoints / alarm

thresholds / the monitoring mode or acknowledges alarms).

All relevant changes are recorded including time stamp, user

ID, old value and new value and comment. Unauthorized

changes are prevented by the system through access control.

Archived records are protected with a checksum mechanism

to detect any unauthorized changes.

ES:A change log of the online changes made in engineering (e.g.

parameters of CFC - Continuous Function Charts) can be gen-

erated for each AS. Each download process can be logged

(when it was performed and by whom). The change log can

be evaluated on screen, saved as XML or CSV file and printed.

The verification of changes is determined by the SIMATIC

Version Cross Manager and displayed, e.g. for comparing two

project revisions (see section 2, Technological solution for

audit trail).

Project versions (multiprojects or subprojects) can be

archived with version number using SIMATIC Version Trail.

PCS 7 also offers the option for versioning (CFC, SFC) on the

plant level and for function blocks and enumerations. Pre-

liminary versions can be commented in order to describe a

change.

11.10(a)detail 1

Is the system validated? The customer is responsible for the validation of the applica-

tions or system. The validation should follow an established

system life cycle (SLC) methodology, e. g. as described in

GAMP 41.

SIMATIC PCS 7 has been developed according to Siemens’

Quality Management system (ISO 9001:2000 certified). The

validation of the application can be supported by Siemens

during projects.

Question / RequirementParagraph/ detail Comments

1 GAMP Guide for Validation of Automated Systems

13

11.10(b)detail 1

Is the system capable of pro-

ducing accurate and com-

plete copies of electronic

records on paper?

Yes.

Standard reports are provided by the system for both PCS 7

OS and SIMATIC BATCH.

ES:The change log can be saved as an XML or CSV file and print-

ed. The comparison results from SIMATIC Version Cross

Manager (see 11.10(a) detail 2) can be printed.

11.10(b)detail 2

Is the system capable of pro-

ducing accurate and complete

copies of records in electronic

form for inspection, review

and copying by the FDA?

Yes.

All reports can be converted to XML, PDF, or CSV format,

depending on the application.

ES:The change log can be exported as CSV or XML.

11.10(c) Are the records readily

retrievable throughout their

retention period?

Yes.

Records can be archived in a readable format, on CD or DVD.

We assume that these devices and formats will be readable in

the future.

In addition, the customer should specify retention periods

and also define procedures for archiving, backup and

retrieval for electronic records.

11.10(d) Is system access limited to

authorized individuals?

Yes.

By implementing SIMATIC Logon, all options for user man-

agement from Windows are provided (see section 2, Solution

for Access Control).

Subprojects can be protected against unauthorized access

using SIMATIC Logon (individual access control using user ID

and password).

The download to the automation systems (S7 400) can be

configured on security levels.

The customer should ensure that only persons who have a

legitimate business requirement to use the system should be

allowed physical access to the system (e. g. server, system

console).

Since this requirement is virtually the same as 11.10(g), it is

generally interpreted to refer to both physical access and log-

ical access.

14

11.10(g) Does the system ensure that only

authorized individuals can use the sys-

tem, electronically sign records, access

the operation or the computer system’s

input or output devices, alter a record,

or perform other operations?

Yes.

The SIMATIC Logon software package integrated in PCS 7 and

SIMATIC BATCH is based on the MS Windows security system. A

user ID and password are used.

Centralized user management is used in this regard for managing

users and user groups.

In addition, the customer should define how access is limited to

authorized individuals only (e.g. who has access to specific objects

or functions), including the special rights for administrators.

11.10(e)detail 1

Is there a secure, computer-generated,

time-stamped audit trail that records

the date and time of operator entries

and actions that create, modify, or

delete electronic records?

Yes.

SIMATIC PCS 7 provides an audit trail.

The audit trail is secure within the system and cannot be changed

by a user.

Changes during production can be traced back by the system itself

and contain information with time stamp, user ID, old and new

value and comment.

11.10(e)detail 2

If a change is made to electronic data, is

previously recorded information still

available (or is it, for example, obscured

by the change)?

Yes.

Recorded information is not overwritten and is always available in

the database.

11.10(e)detail 3

Is an electronic record’s audit trail

retrievable throughout the record’s

entire retention period?

Yes.

The audit trail is archived together with the appropriate record.

The archived records are retrievable throughout the record’s

retention period.

11.10(e)detail 4

Is the audit trail available for review

and copying by the FDA?

Yes, see 11.10(b)

11.10(f) If the sequence of system steps or

events is important, is this also taken

into account by the system (e.g. as

would be the case in a process control

system)?

Yes.

On the lowest level (CFC), sequencing can be defined with the help of

interlocks (e.g. mixer motor cannot run if vessel is empty).

When SFC are created, the guidelines for IEC 1131 standard for func-

tion charts or recipes are implemented according to ISA-88, to force

the system to execute program steps in a predefined sequence.

Operator actions can be configured to require confirmation and veri-

fication.

The system itself has integrated functions to force individual steps,

e.g. batch data cannot be deleted before they are archived, and control

recipes cannot be created/planned before the master recipe is

released.

11.10(h) If it is a requirement of the system that

input data or instructions can only

come from certain input devices (e.g.

terminals), does the system check the

validity of the source of any data or

instructions received?

(Note: This applies where data or

instructions can come from more than

one device, and the system must there-

fore verify the integrity of its source,

such as a network of weigh scales, or

remote, radio-controlled terminals.)

Yes.

The PCS 7 OS and SIMATIC BATCH workstations can be engineered

so that special input of data / commands can be performed only

from a dedicated workstation or from a group of workstations. All

other workstations then have only read-access rights at the most.

Question / RequirementParagraph/ detail Comments

15

11.10(i) Is there documented training, includ-

ing on-the-job training for system

users, developers, IT support staff?

Yes.

Siemens offers either standard training courses or training related to

customer projects which must be planned and executed separately.

Customers are responsible for determining the need for training and

organizing the required training courses.

11.10(j) Is there a written policy that holds indi-

viduals fully accountable and responsi-

ble for actions initiated under their

electronic signatures?

The customer is responsible for providing procedural controls.

11.10(k)detail 1

Is the distribution of, access to, and use

of system operation and maintenance

documentation controlled?

The customer is responsible for providing procedural controls.

11.10(k)detail 2

Is there a formal change control proce-

dure for the system documentation,

which stores an audit trail in a time

sequence for changes made by the phar-

maceutical organization?

The customer is responsible for providing procedural controls.

3.1 Additional procedures and controls for open systems

If system access is NOT controlled by persons who are responsible for the content of the electronic records, the system isdefined as “open” and must in addition be assessed against the requirements of this section. SIMATIC PCS 7 can be oper-ated in both a closed and an open environment. Additional requirements must be met in the implementation for opensystems.

11.30detail 2

Are digital signatures used? In open systems, standard tools are available in the market to

enable digital signing of the records / reports.

Question / RequirementParagraph/detail

Comments

11.30detail 1

Is data encrypted? In open systems, standard tools are available in the market to

encrypt records / reports in order to secure the “open path”.

Question / RequirementParagraph/detail

Comments

16

11.100(b) Is the identity of an individ-

ual verified before an elec-

tronic signature is allocated?

The customer is responsible for providing procedural con-

trols.

11.100(a)detail 2

Are electronic signatures ever

reused by or reassigned to

anyone else?

The customer has to ensure and is responsible that a user ID

is assigned to one person only.

11.50detail 2

Is the information mentioned

above shown on displayed

and printed copies of the elec-

tronic record?

Yes.

The displayed and printed copies of the signed electronic

records contain the printed name of the signer, the date and

time of signing, and the meaning.

11.70 Are signatures linked to their

respective electronic records to

ensure that they cannot be cut,

copied, or otherwise trans-

ferred to other records for the

purpose of falsification?

Yes.

After an electronic signature is performed, the logical link

between signature and electronic record can no longer be

changed in PCS 7.

Question / RequirementParagraph/ detail Comments

11.50detail 1

Do signed electronic records

contain the following infor-

mation?

a) Printed name of the signer

b) Date and time of signing

c) Meaning of the signature

(such as approval, review,

responsibility)

Yes.

Signed electronic records include the following information:

a) Printed name and/or user ID of the signer

b) Date and time of signing

c) Including the meaning

Question / RequirementParagraph/ detail Comments

11.100(a)detail 1

Are electronic signatures

unique to an individual?

Yes.

The electronic signature uses the ID and the password of the

user. The uniqueness of the user ID is ensured by the MS

Windows security system. It is not possible to define more

than one user with the same user ID within a workgroup /

domain.

In addition, the customer must ensure the uniqueness of the

electronic signature to an individual.

3.2 Signed electronic records

3.3 Electronic signatures (general)

17

11.200 (a)(1)(i) Is the signature made up of at

least two components, such as a

user ID and password, or a smart

card and password?

Yes.

The SIMATIC Logon tool identifies the person with two dis-

tinct components: User ID and password.

11.200(a)(1)(ii)

When several signatures are made

during a continuous session, is the

password entered for each signa-

ture? (Note: both components

must be provided at the beginning

of the session)

Yes.

Each signature requires at least two components (user ID and

password).

11.200(a)(1)(iii)

If signatures are not entered in a

continuous session, are both com-

ponents of the electronic signature

executed for each signature?

Yes.

Each signature requires at least two components (user ID and

password).

3.4 Electronic signatures (non-biometric)

Question / RequirementParagraph / detail Comments

11.200(a)(3)

Would an attempt to falsify an

electronic signature require the

collaboration of at least two

individuals?

Yes.

It is not possible to falsify an electronic signature during signing

and after the system has written it into a record. The administra-

tor cannot misuse the signature, although he configures the user

ID and password, because SIMATIC Logon forces the user to

change his password at the first login (optional security setting).

Unauthorized use of user IDs / passwords is detected immediately

and recorded.

In addition, the customer needs procedures to ensure that users

do not divulge their electronic signatures.

11.200(a)(2)

When several signatures are

made during a continuous ses-

sion, is the password entered for

each signature? (Note: both com-

ponents must be executed for the

first signature in a session)

Customers must ensure that staff only uses their own elec-

tronic signature.

18

11.200(b) Can biometric electronic sig-

natures be used only by their

real owner?

Tools from third-party manufacturers can be used to create

biometric electronic signatures. The integrity of such a solu-

tion should be specifically assessed.

Question / RequirementParagraph / detail Comments

11.300(a) Are controls in place to main-

tain the uniqueness of each

user ID and password combi-

nation which ensure that no

other individual can have the

same combination of user ID

and password?

See 11.100(a)

11.300(b)detail 1

Are procedures in place to

ensure that the validity of user

IDs is periodically checked?

The customer is responsible for providing procedural con-

trols.

11.300(b)detail 2

Do passwords periodically

expire and need to be

revised?

Yes.

A password expires after a specified number of days and can-

not be reused for a specified number of generations accord-

ing to MS Windows security parameters. Password aging

does not influence the previous use (records, signatures).

Question / RequirementParagraph / detail Comments

3.5 Electronic signatures (biometric)

3.6 Controls for user IDs and passwords

If smart cards, tokens or other devices containing or generating user ID or password information are used on this auto-mated system for electronic signatures, the system must be assessed against the requirements in this section.

19

11.300(b)detail 3

Is there a procedure for cancel-

ing identification codes and

passwords if a person leaves

the company or is transferred?

The customer is responsible for providing procedural con-

trols.

The user accounts can be disabled using the MS Windows

security system.

11.300(c) Is there a procedure for elec-

tronically changing a user ID or

password if it is potentially

compromised or lost?

The customer is responsible for providing procedural controls.

The user accounts can be changed using the MS Windows

security system.

The user can change his password at any time using SIMATIC

Logon.

11.300(d)detail 1

Is there a procedure for detect-

ing attempts at unauthorized

use and for informing the secu-

rity system?

Yes.

Unauthorized attempts are logged within the MS Windows

security log. The user account is blocked after a specified

number of unauthorized attempts.

In addition, the customer is responsible for providing appro-

priate organizational measures.

11.300(d)detail 2

Is there a procedure for

reporting repeated or serious

attempts at unauthorized use

to the administrator?

The customer is responsible for providing procedural con-

trols.

API Application Programming Interface

AS Automation System

CAS Central Archive Server

CD Compact Disk

CFC Continuous Function Chart

CFR Code of Federal Regulations

CoP Community of Practice

CSV Comma Separated Values

DVD Digital Versatile Disc

ES Engineering System

FDA Food and Drug Administration

GAMP Good Automated Manufacturing Practice

GMP Good Manufacturing Practice

ID Identification

IEC International Electrotechnical Commission

ISA Instrumentation, Systems, and Automation Society

ISPE International Society for Pharmaceutical Engineering

ISO International Standards Organization

OS Operator Station

PCS Process Control System

PDA Parenteral Drug Association

ROP Recipe Operation

SFC Sequential Function Chart

SLC System Life Cycle

VXM Version Cross Manager

XML eXtensible Markup Language

Abbreviations:

PU

BL

ICIS

Siemens AG

Automation and Drives GroupCompetence Center Pharmaceutical IndustrySiemensallee 84D-76187 KARLSRUHEGERMANY

www.siemens.com/pharma

The information provided in this brochure contains merely generaldescriptions or characteristics of performance which in case of actualuse do not always apply as described or which may change as aresult of further development of the products. An obligation toprovide the respective characteristics shall only exist if expresslyagreed in the terms of contract.

All product designations may be trademarks or product names ofSiemens AG or supplier companies whose use by third parties fortheir own purposes could violate the rights of the owners.

More information:

www.siemens.com/pharma

E-mail: pharma@siemens.com

Fax: +49 7 21 5 95-63 90

Subj

ect

toch

ange

wit

hou

tpr

ior

not

ice

08

/07

|O

rder

No.

E20

00

1-A

53

0-P

20

0-V

1-7

60

0|

DIS

PO2

79

03

|4

9RZ

51

9M

K.A

S.C

P.X

XX

X.5

2.5

.02

DS

08

07

0.4

|Pr

inte

din

Ger

man

y|

©Si

emen

sA

G2

00

7