With GAMP 4, a standard for the validation of computerised systems was
created that is by now established all over the world. Apart from this
document, Good or Best Practice Guides on particular aspects of the
validation of computerised systems are or will be published by GAMP working
groups. The most recent of these publications was the English version of the Good Practice Guide
"Validation of Process Control Systems."
The starting point is the GAMP4 Guideline with its basic principles and
methods for computer validation. The Good Practice Guide takes up these
principles and demonstrates how they can be applied to the various types of systems in process control technology. For this purpose, modifications,
extensions, but also reductions of the GAMP4 models are given.
The structure of this Guide is orientated towards that of GAMP4 and
consists of a main part and three sections with appendices. The main part
includes general information and basic concepts, like a life cycle that can be
adapted to the system type and the system complexity. The first appendix
block compiles some specific topics (manufacturing parameters and data
specifications for process control applications, software and hardware
categories for process control systems, postal audits). Appendix block 2
introduces a number of recommendations of the German GMA/NAMUR group for the
execution of projects that are subject to validation, for standard procedures
regarding operation and maintenance as well as for validation support by
control system functions and suppliers. Appendix block 3 contains
instructions by the US JETT group for writing user requirement specifications for
embedded systems (skid mounted systems).
Process control systems are used for the automation of manufacturing
processes (data collection, data supply, monitoring and controlling of the
manufacturing process, linking superimposed systems for manufacturing control
[MES] and general data processing [ERP]). Process control systems encompass a wide range of systems: from small
controls, e.g. built into manufacturing devices or equipment, to large,
distributed control systems, like those for the operation of plants for
manufacturing bulk materials or APIs. Correspondingly, the Guide defines
the two main categories "embedded systems" (including built-in
systems) and "standalone systems" (with their own housing).
Embedded and Standalone Systems
Examples for embedded systems are microprocessors, SPSs or PCs that are
used exclusively for controlling and monitoring manufacturing equipment.
Usually, they are delivered as built-in parts of a unit or a machine. For
engineering, several disciplines are required; the life cycle documentation
is largely created by the supplier.
Standalone systems are those systems that have their own housing, which is usually delivered separately for the connection to
field instrumentation and equipment. Often they are also connected to
superimposed systems (e.g. Supervisory Control and Data Acquisition (SCADA),
Manufacturing Executing Systems (MES) or Enterprise Resource Planning
(ERP)). So, individual project engineering and co-ordination are necessary.
The GAMP principles (e.g. life cycle, planning, including risk and impact
assessment, user-supplier relationship, specifications, traceability, draft
review, formal tests and verification, documented proof) can be transferred
to these systems, however, some additional aspects have to be taken into
account. During the planning phase, not only the software and the computer
hardware have to be taken account of, but also the complete field
instrumentation, the electrical devices and partly the mechanics of the plant.
The user requirement specification (URS) for a large application,
as e.g. a DCS or SCADA, can be a separate document, for a small built-in
application, it can be part of the device specification. In case of standalone
systems, the functional design specification (FDS) is
typically a separate document that lists functions, features, and design
requirements for the DCS hardware and software. Like the URS, the FDS for an
embedded system can be part of a superordinate device specification and refer
to devices, electric and mechanical elements. In both cases, it is often
written by the supplier on the basis of the URS and is mostly a contractual
As process control systems often contain pre-configured elements, the
draft specifications indicate frequently how these elements and packages
have to be configured. Such specifications are laid down not only for
software (software modules) and computer hardware, but also for field
instrumentation and devices. They are illustrated by means of process
diagrams depicting the process routines as well as piping and
instrumentation diagrams (P&ID), which show the function and location of the
related control and monitoring loops.
Acceptance tests verify that the system works as it should and
that the URS and FDS requirements on software, hardware, and instrumentation
are fulfilled. The tests are based on approved formal test specifications and are
as a rule carried out jointly by the supplier and the user (4-eyes
principle). The results are formally documented and released and can be used
as part of IQ and OQ. Especially in case of large systems, these
very detailed tests are conducted in two steps. The Factory Acceptance Test
(FAT) is carried out at the supplier's premises before delivery, for
standalone systems without field connection, if necessary with
appropriate field simulation. The FAT already includes extensive tests of
the system installation and function. The Site Acceptance Test (SAT)
is meant to prove that the delivered system is undamaged and identical with
the system tested at the factory. Parts of the FAT may have to be repeated.
In general, additional tests have to be carried out during the SAT when all field instruments,
interfaces, and service connections have been established. These tests can
be conducted when the system is commissioned for operation.
The GMA/NAMUR appendices compile recommendations for validating
process control systems. They comprise instructions for the execution of
projects concerning new and revamped plants subject to validation (NE58),
SOPs for operating and maintaining validated process control systems (NE71)
as well as advice on validation support by use of control systems as support
for planning and operation (NE72).
A specific software model for process control systems is introduced.
Software for control systems is characterised by the fact that, when the
control system is adapted to an individual application, programming is
reduced to a minimum; instead, standard functions are used that
can be modified individually by means of parameter sets. Such functions are
called pre-configured software modules or pre-configured functions; they are
not application-specific. The pre-configured functions are, for their part,
based on - also non-specific - control system operating systems, which may
themselves be based on commonly used standard operating systems. The
contribution introduces the corresponding layer model. It shows
schematically the mentioned software classes, their logic structure and the person
responsible for qualification.
For the purpose of project execution, the individual activities for
planning and qualification/validation, the input documents necessary for
this and the output documents to be created are represented in the form of a
table, based on the life cycle model. A checklist serves for project
management and indicates which activities have to be done when and by whom
as well as the activities' degree of completion.
The generic standard operating procedures (NE71) concern process
control facilities (to be equated with the electrical, measuring and control
engineering facilities) of processing plants. They include 8 SOPs
for operation, maintenance and change of process control systems and supplement the GAMP4 SOPs. The topics are structure and maintenance of the
process control system documentation, preventive maintenance and change
management, access control for process control systems, modem operation,
re-verification, procedures in case of system failures and system faults,
release changes, upgrade of hardware, update of firmware as well as
Control systems can effectively support the qualification of the
whole plant or the validation of the manufacturing process, the operation
and the maintenance of the validated state by means of appropriate
functions. From the qualification requirements it results that - apart from
their reputation - suppliers of control systems can offer corresponding
services for the assistance in qualification. These functions and services
are summarised in the recommendation "Validation Support by Use of
Control Systems" (NE72). They are classified in the recommendation
according to their significance for validation.
The appendices by the JETT group (JETT: Joint Equipment Transition Team)
deal with embedded systems. Originally, the group was founded by Lilly,
P&U and Rockwell in 1996 in order to improve the documentation provided
by equipment suppliers. To reach this aim, the group intended to develop
methods for creating URSs and FDSs, project planning, draft specifications
as well as acceptance tests (hardware, software, system) at the supplier's
factory and on site. The appendices contain instructions for the creation
process of URSs, for integrated (embedded) control systems (built-in systems) as well as
an example for the up-to-now created URS templates (18 of 30) for pure steam
generators, fluid-bed driers, filling machines, blenders, freeze dryers,
tablet coaters, multiple-effect stills, labelers, glassware washers,
bioreactors, HVAC systems. Additional documents are planned for 12 further
It remains to say that the GAMP principles can be applied efficiently
both to embedded and to standalone control systems. Good Engineering
Practice and the usual initial operation activities can support the call for
Specifically on the 'Validation of Process Control Systems,' we are
organising a GMP Education Course of the same title in Berlin, Germany, on
31 March and 1 April 2004. Please click here
to view the programme.
Prof. Dr.-Ing. Hartmut Hensel, Hochschule Harz, Wernigerode, Germany
The above text is a summary of his lecture given on the occasion of the CONCEPT HEIDELBERG
seminar "GAMP 4" held on 17-18 November 2003.