Information Management within “Change Management” Applied to Industrial Control

Most production processes implemented in factories are subject to a continuous change process due to new requirements of the final product, format changes, changes in facilities, optimizations, etc.

From the idea of the change, the design, the tests, validations until reaching the implementation, each author defines more or less steps according to their point of view, but any implementation of changes within the industrial world must face the problem of how to manage the information, preserve the tracking of said changes and have the possibility of returning to a previous situation. In addition, access to said information must be strictly controlled, since we must also take into account aspects derived from the security of the plant itself, its intellectual property, or the qualifications of the personnel involved.

The information generated by a change within an industrial process can be composed of files of very different formats: PLC, Robot, SCADAS or DCS Programs; Recipes and configuration parameters; Assembly instructions; electrical wiring, etc., generating hundreds of files for a medium or even small installation.

Many maintenance managers design, with varying degrees of success, methods for controlling these changes, which normally consist of storage and backup strategies using nomenclature in the name of files and folders, lists of changes and verifications… Compliance with these methods is generally subject to the good work of the personnel involved without any automation facilitating them to follow the defined regulations. These operations are impossible to use when the number of devices, the disparity of models and the complexity of the structures increase or when the modifications are carried out by personnel not trained in a procedure that can become complicated or cumbersome.

It must also be taken into account that, in regulated industries such as pharmaceutical, veterinary or cosmetics, each change must go through the different states required by the regulations: Approval, verification, testing… with the consequent electronic signature and trace.

It is also essential to have a fast, simple and effective system to be able to act in case of incidents that involve the loss of a specific program, such as:

• Breakdowns: In case of the need to replace a device, it will be necessary to have the appropriate version of the programs and configurations.
• Sabotage: Many industrial devices are not protected in an effective way, so they can suffer modifications in the program. An adequate comparison between the current version and the one saved in the repository could give a warning about the problem.
• Inadequate programming or parameterization: It is frequently necessary to undo changes made by returning to a version established as correct.

Therefore, it is evident that it will hardly be possible to reach an implementation of an effective change control and safeguard process without the use of a tool specifically designed for this function. There are already some solutions on the market, but not all have the different functionalities that would be desirable.

“Some suppliers (mainly in DCS installations) already incorporate change control processes in their programming tools, but their use is limited to their own device without being able to integrate other brands into it.”

In this post we are going to review the characteristics that we should demand from a change control application to be able to implement a solution that allows us to back up the applications and information related to our industrial facilities, based mainly on the application and parameterization programs of PLCs, Robots and HMI Screens, as well as the files related to the installations: assembly instructions, electrical wiring, etcetera.

Required specifications:

• The change control application must store the information and applications in a centralized and secure location, but at the same time offering a fast and secure access system to minimize downtime. Within the different versions stored, it must offer a clear and effective procedure for the identification and selection of the appropriate version. Even in the event of a server failure, the information should be accessible directly from the backups. Said server must be configured to guarantee: The protection of the files against malicious or unauthorized manipulations; Secure access to it and automatic backups of the information.
• The application must manage the roles of the different users controlling the permissions on the access, copy and deletion of the different files and devices, keeping track of the different modifications and/or approvals made by each person. Within regulated industries the application should perform said control in accordance with current regulations (for example FDA or GMP). User control can be specific to the application but should also contemplate the company’s Active Directory.
• For greater effectiveness of the solution, it must be capable of performing the maximum number of unattended operations by communicating directly with the devices. Said communication should extend to the different brands and models of devices installed in the plant and included in the installation. Thanks to this communication the tool must be able to detect, in an autonomous way, changes in the program made outside the established procedure through comparisons programmed periodically and indicating, for example via email, the result to the appropriate people. You can also perform specific comparisons at the user’s request.
• The user interface must be simple offering uncomplicated operation so that the programmer must perform the minimum of actions for the generation of a new version, but offering the administrator powerful control and reporting tools.
• The installation must be versatile, expandable and updatable in a simple and fast way to be able to adapt to future needs of the plant. The final administrator must be able to perform maintenance and expansion tasks without having to access the supplier or integrator.
• The system must have a complete reporting system with automatic notification systems with the result of the automatic comparisons made and an on-demand reporting system for consulting activity reports.
• The operating systems supported by the clients must be in accordance with those used by the programming tools of the devices. Likewise, the impact on the client computers of the tool should be minimal both in terms of resources and hard disk.
• The communication between clients and servers should meet the minimum cybersecurity requirements through secure connections so that access (for reading, modification or deletion) to the information located in the program repository is protected.
• The reports on comparisons should be shown in a clear format and, if possible, detailing the changes as much as possible. The presentation will be made, preferably, in web format with the possibility of remote access without the need for specific viewing software.

Simple example of programmed comparison showing the differences between two applications:

Additional specifications:

Outside of the specifications indicated above, we should value other additional ones such as the standard origin of the hardware used, the possibility of using current operating systems or what percentage of the solution corresponds to a standard solution (that does not require the writing of specific code for the application).

“It must also be taken into account that, in regulated industries such as pharmaceutical, veterinary or cosmetics, each change must go through the different states required by the regulations: Approval, verification, testing… with the consequent electronic signature and trace.”

Conclusion

In conclusion, the installation of a change control tool is essential in plants with a medium or high number of devices and where different people, with different computers, modify the programs and files of different devices and installations.

The automation of control will immediately produce tangible benefits, such as:

• A greater level of security in safeguarding information.
• Greater control over changes made through or not through the application
• Faster and more secure access to the appropriate version of the program, which will result in shorter downtimes in the event of an incident.