!

$MRK @Proprietary

Autoclave AUTO 04
Configuration Specification

Document ID: RET-CS-200-2021-002-001

Document Revision: 1.0
Issue Date: 17-Dez-2021
System Version: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

Document Signatures

BUSINESS UNIT APPROVAL:

Kleitton Antunes Ferreira
Mgr, Operations {Signature/Date Captured Electronically – See Appended Signature
Produção Bacteriológica
Page}
By affixing their signature, the individual representing the IT Business Unit/Area above acknowledges that they have reviewed and approve the
contents of this document and attest that they are accurate. IT Business Unit/Area representative is responsible for ensuring alignment with policies,
guidelines, and procedures governing System Development Life Cycle Methodologies and current regulations.
TECHNICAL UNIT APPROVAL:
Rafael Almeida Franca {Signature/Date Captured Electronically by Midas – See Appended
Spclst, Business/Tech. Analysis
GAHM IT - Montes Claros
Signature Page}
Arley Fabiano Froes {Signature/Date Captured Electronically by Midas – See Appended
Spclst, Engineering
Engenharia e Manuteção
Signature Page}
By affixing their signature, the individual representing the IT Technical Unit/Area above acknowledges that they have reviewed and approve the
contents of this document and attest that they are accurate. IT Technical Unit /Area representative is responsible for ensuring alignment with current
documented IT best practices, technical guidelines, and procedures governing System Development Life Cycle Methodologies.

Revision History

Version Author Name Date Description Assinatura

1.0 Ronaldo da C. Faria 17-Dez-2021 Version of Configuration
Júnior Specification is 1.0 under
CR023273 Initial

Document ID: RET-CS-200-2021-002-001 Page 2 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

TABLE OF CONTENTS
1.1 Purpose ................................................................................................................................................... 4
1.2 Scope ...................................................................................................................................................... 4
1.2.1 Audience.................................................................................................................................... 4
1.3 Definitions & Acronyms ........................................................................................................................ 4
2.1 System Description Overview ................................................................................................................ 6
2.2 Configuration Decisions ......................................................................................................................... 7
2.3 Software Functionality Used Within the System ................................................................................... 7
2.4 Software Functionality Not Used Within the System ............................................................................ 7
2.5 Assumptions ........................................................................................................................................... 7
2.6 Constraints/Dependencies ...................................................................................................................... 9
3.1 System Architecture ............................................................................................................................. 10
3.2 External Interfaces ................................................................................................................................ 10
3.3 Requirements Fulfillment ..................................................................................................................... 11
4.1 Hardware Configuration ....................................................................................................................... 11
4.1.1 Hardware Components ............................................................................................................ 11
4.1.2 Hardware Interface Configuration........................................................................................... 11
4.2 Equipment/ Instrumentation/ PLC Configuration ................................................................................ 11
4.2.1 Equipment/ Instrumentation/ PLC Components ..................................................................... 11
4.2.2 Equipment/ Instrumentation/ PLC Interface Configuration .................................................... 12
4.3 Communication Configuration ............................................................................................................. 13
4.3.1 Communication Devices ......................................................................................................... 13
4.4 Software Configuration ........................................................................................................................ 13
4.4.1 System Software Components / Interfaces .............................................................................. 13
4.4.2 System Operational Configuration .......................................................................................... 13
4.4.2.1 Security Configuration ............................................................................................................ 13
4.4.2.1.1 User Defined Levels ................................................................................................................ 13
4.4.2.1.2 Security Permissions ............................................................................................................... 13
4.4.2.1.3 Security Parameter Configuration ........................................................................................... 14
4.4.2.2 Performance Configuration ..................................................................................................... 14
4.4.2.3 Reports .................................................................................................................................... 14
4.4.2.4 Audit Trail Configuration........................................................................................................ 14
4.4.2.5 Electronic Signatures............................................................................................................... 15
4.4.2.6 Fault Tolerance/Recoverability/Backup and Recovery ........................................................... 15
4.4.2.7 System Availability ................................................................................................................. 15
4.4.2.8 Archiving Configuration ......................................................................................................... 16
4.4.2.9 Auto 04 Parameters/Options ................................................................................................... 16
4.4.2.10 Additional Configurations ....................................................................................................... 16
5.1 Attachment 1 ........................................................................................................................................ 16

Document ID: RET-CS-200-2021-002-001 Page 3 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

1 Introduction

1.1 Purpose
The purpose of this Configuration Specification (CS) is to define the specific current hardware and
software configuration needed to operate the Autoclave AUTO 04 as required by the MSD Site
Montes Claros.

1.2 Scope
This document addresses the Autoclave AUTO 04 system, which is developed and supplied by
Coaltech. The system runs on a COTS (commercial off-the-shelf) application package utilizing a
standard interface and operator functionality that is configurable. In this case, this System
Configuration Specification defines only those configuration items that are used by Merck & Co., Inc.
for the Autoclave AUTO 04 within MSD Site Montes Claros.

1.2.1 Audience
This document is written for all individuals required to support the Autoclave AUTO 04.

1.3 Definitions & Acronyms

Abbreviation Definitions

AIQ Automation Installation Qualification

AOQ Automation Operation Qualification

cGMP Good Manufacturing Practices

CR Change Control

ER Expetion Report Number

FAT Factory Acceptance Test

FL Functional Logic

FS Functional Specification

GES Global Engineering Services

GDP Good Documention Pratices

Physical equipment used in the processing, storage or transmission of
Hardware
data or software
N/A Not applicable

Document ID: RET-CS-200-2021-002-001 Page 4 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

Abbreviation Definitions

P&ID Piping and Instrumentation Diagram

PLC Programmable Logic Controller

QAP Automation Quality Assurance Plan

QASR Quality Assurance Summary Report

RIO “Remote Input/Output”

SAT Site Acceptance Test

SDLC System Development Life Cycle

Computer program, procedures and associated documentation pertaining
Software
to the operation of a computer system
SOP Standard Operating Procedure

TAG Equipment Identification

TOP Turn Over Package

URS User Requirements Specifications

Document ID: RET-CS-200-2021-002-001 Page 5 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

2 Configuration Considerations

2.1 System Description Overview

The operation / monitoring system is composed of:

- Server virtualized with MS Windows 2016 Server, containing FactoryTalk View Studio SE
(used to develop and launch SCADA applications), FactoryTalk Historian (where they are
stored as process variables) and Microsoft SQL 2016 (database) for stored such as audit trail
information, alarms and parameters).

- SCADA client with MS Windows 10 used to visualize process variables, alarms, reports and
configuration of system parameters.

- PLC Rockwell Automation, Micro850, used to control and exchange information with
equipment in the field.

- Field equipment and instruments.

The server and client are connected to an ethernet switch on the Shop Floor network. All print jobs
are directed to a local printer connected to the client.

Document ID: RET-CS-200-2021-002-001 Page 6 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

2.2 Configuration Decisions

The autoclave automation system (AUTO04) will be based on PLC installation, programming and
configuration (MICRO850) and the development of a SCADA system (FACTORYTALK), which will
perform the local control and supervision of instruments, which will be connected via analog inputs
and digital to the PLC.

In addition to local supervisory control, the SCADA system must store historical system data regarding
instrument instructions, parameter changes and generation of alarms and warnings. The autoclave's
Supervisory control system must be able to ensure correct functionality.
The supervision and automation system will be composed as follows:

• Application / Data Server;

• 1 Operation Station;
• 1 PLC;
• I/O modules.

2.3 Software Functionality Used Within the System

The system has a virtualized server and a client for the operation and monitoring of the entire system,
this is integrated with Rockwell Automation's Micro850 PLC, which controls the autoclave and
exchanges information with the equipment in the field. The system has a Rockwell Automation
historian for storing process variables and an SQL database for saving audit and alarm data

2.4 Software Functionality Not Used Within the System

This section does not apply once the Sutoclave SUTO 04 will be a system fully developed through
Rockwell Automation PLC, Micro850, which controls the autoclave and exchanges information with
field equipment

2.5 Assumptions
All necessary settings for the Autoclave System AUTO 04 are defined in the requirements mentioned
below from User Requirements Specification RET-URS-200-2021-001-001 and will be tested during
the Automation Installation Qualification Protocol tests.

UR-15: The system must be able to configure and generate trend graphs for all process variables in
each sterilization cycle performed.

UR-9: Alarm / warning thresholds and time delays must be configured individually for each sensor as
per specifications.

UR-7: The system must use one of the following date formats when displaying dates on screen and
on prints:

- DDxMMxYYYY
- DD: Dia (01 - 31)
- MM: Mês (01 – 12)
- YYYY: Ano

Document ID: RET-CS-200-2021-002-001 Page 7 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

- x: Separador (/).

UR-12: Each report page must contain the following information.

- Company Name;
- System name / ID;
- Charge number;
- Material name;
- Printed by (User ID);
- Date / time printed;
- Page number (Ex: Page 1 of 5);
- Departure / batch of the product;
- Sterilization time: hh/mm/ss;
- Drying time: hh/mm/ss;
- "Performed by" and "Checked by" fields;
- Date/Time of start and end of autoclaving;

UR-19: Authentication (login) must be based on at least two authentication factors (eg User +
Password).

UR-20: All users must be associated with a unique personal identifier (User ID)

UR-21: Privileges/permissions must be associated with User Groups, corresponding to the tasks
related to the process.

UR-32: For each user input or action, an electronic record in the audit trail must contain:

- WHO: The user ID.

- WHEN: Timestamp with date/time of entry or action.
- WHAT: Identification / traceability for electronic record created or modified.

UR-34: The following information must be shown at each event:

- Tag;
- Classification (alarm, warning, message);
- Description;
- Date / Time of the last occurrence;
- Recognition status.

UR-35: The System must be able to indicate to the operator that the alarm/warning is:

- active/unrecognized
- active/recognized
- not active/not recognized

UR-36: Alarms and warnings must be activated in case of sensor/equipment failure and if the
measured value exceeds the defined limits.

UR-37: Alarms/warnings/messages must have individual acknowledgment.

Alarms/warnings/message should remain on the alarm screen until it is acknowledged by the user
and the event returns to normal state.

Document ID: RET-CS-200-2021-002-001 Page 8 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

UR-38: User commands in the system intervention must have a double confirmation to avoid
unintentional commands.

UR-39: Temperature sensor values must be shown to 1 decimal place on the graphic displays.
Pressure sensor values must be displayed without decimal places.

UR-46: It must be possible to back up the program and all parameters, such as alarm limit values.

UR-48: The system must have the function that can print the material sterilization chart and report.

2.6 Constraints/Dependencies
There is no constraints or dependencies onde the Autoclave AUTO 04 is a specific system with a
local supervision of instruments connected to the equipment, which will be connected via analog and
digital inputs to the PLC.

Document ID: RET-CS-200-2021-002-001 Page 9 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

3 System Analysis

3.1 System Architecture

System Archtecture

The Autoclave AUTO 04 System Archtecture is defined by the following elements:

- PLC Micro850
- Switch Stratix 2000
- Factory Talk View Servidor
- Factory Talk View Client
- I/O Modules

3.2 External Interfaces

There is no external system that has to communicate with the Autoclave AUTO 04 system.

Document ID: RET-CS-200-2021-002-001 Page 10 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

3.3 Requirements Fulfillment

According to User Requirements Specifications RET-URS-200-2021-001-001, the Autoclave AUTO
04 Automation System shall be based on programming and configuration of Allen Bradley's
MICRO850 PLC, developing a SCADA system (FACTORYTALK), which will perform the local control
and supervision of the Autoclave instruments, which will be connected via analog and digital inputs
to the MICRO850 PLC.

Based on these requirements, a table of requirements was assembled in document RET-URS-200-

2021-001-001 to meet them. In order to prove that all these requirements were met, a qualification
protocol will be created where it will be exposed through evidence that the requirement was met.

4 Functional Configuration

4.1 Hardware Configuration

4.1.1 Hardware Components

The following table defines the specific hardware components of the system.

Component Number Manufacturer Model Number Serial Number

PLC Allen Bradley Micro850 896-TP-96
Switch Stratix 200 Allen Bradley Stratix 2000 RTB-521-09
Factory Talk View Server Allen Bradley N/A N/A

4.1.2 Hardware Interface Configuration

All hardware is identified with unique TAGs. All components were specified during design and are in
accordance with MSD standards.

The SCADA server and the client are connected to the PLC through the Shop Floor network, using the
Ethernet TCP / IP protocol.

The manageable switch connects the PLC, server and client.

4.2 Equipment/ Instrumentation/ PLC Configuration

4.2.1 Equipment/ Instrumentation/ PLC Components

The following table defines the specific equipment, instrumentation, and PLC, and/or
other components of the system. The base unit and all modules/peripherals that form the
system are listed.

Component Number Manufacturer Model Number Serial Number

2085-ECR Rockwell Automation Micro 800 18963-AY-D75
2080LC5024QWB Rockwell Automation Micro 850 06381-PW-D30

Document ID: RET-CS-200-2021-002-001 Page 11 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

Component Number Manufacturer Model Number Serial Number

2085IF8 Rockwell Automation IN006C XW89-RT12
2080OB4 Rockwell Automation UM004D 19385-EW-96
2085ECR Rockwell Automation MICRO830 109-Y85-RGY
1783US5T Rockwell Automation Stratix 2000 967-YTR2-896

4.2.2 Equipment/ Instrumentation/ PLC Interface Configuration

The HMI model will have the displays and alarms organized in a specific hierarchy.
There are four levels that are used in the display and alarm hierarchy, each level
providing more details than the previous level.

• Level 1 displays are high-level overviews. These displays provide an overview that
can be assimilated quickly, provides clear indication of current performance, and
immediately highlights anything that needs the attentionof a viewer.

• Level 2 displays are the main displays for users to perform their tasks. They contain
information and control required to perform most user tasks. We recommend that you
create these displays first.

• Level 3 displays contain more detail and controls. These displays showdetails of
subunits, individual equipment items, components, and related controls and indications.
The displays are used for detailed investigations and interventions, and for
troubleshooting or manipulating items not accessible from Level 2 displays.

• Level 4 displays provide the most detail of subsystems, individual sensors, or

components. A faceplate is a type of level 4 display.

Document ID: RET-CS-200-2021-002-001 Page 12 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

4.3 Communication Configuration

4.3.1 Communication Devices

The following table defines the communication components associated with the system.

Component Function
LAN Interface Ethernet Card Merck LAN communication
Com Port Adapter RS 232 Instrument/PC communication
Component Component Function

4.4 Software Configuration

4.4.1 System Software Components / Interfaces

The following table defines the software components associated with the system. All
software packages associated with the system, including but not limited to, the operating
system, the application, and all associated programs that are required are listed.

Software Name Software Vendor Version Function

Autoclave AUTO 04 Coaltech 1.0 Factory Talk

4.4.2 System Operational Configuration

4.4.2.1 Security Configuration

4.4.2.1.1 User Defined Levels

The following user defined access levels are defined for this system and must be
available for the administrator to create and assign to new users.

Access Level Privilege Overview

Administrator Grants full administrative privileges to the system and software

Manager Grants full access to the system with the exception of the right to sign
record
User Grants limited system access with the ability to read and print
4.4.2.1.2 Security Permissions
The access levels are assigned permissions as detailed.

System Privileges Visualizador Operador Supervisor Administrador

Permission View level without Access level to Access level to Unrestricted
operational operational system engineering/mai access to the
access. Note: The functionalities, ntenance system.

Document ID: RET-CS-200-2021-002-001 Page 13 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

“Viewer” does not such as features, such

have operational acknowledgment of as changing
permission, it is alarms/warnings. parameters and
automatically user control
logged in when functions.
the system is
booted.
Key: "X" = Enabled "-" = Disabled "N/A" = Not Applicable

4.4.2.1.3 Security Parameter Configuration

The System is configured with the following general parameters for security:

Parameter Setting
System idle logout 5 minutes
Password minimum length 8 characters
Access Level Diferent types of Users
4.4.2.2 Performance Configuration

Performance Configuration does not apply to the Auto 04

Parameter Setting
N/A N/A
4.4.2.3 Reports

Through the report screen it is possible to generate reports of

alarms/warnings/messages, autoclaving and audit trail. These system-generated reports
contain a header with the company name, system name/ID, equipment tag, report
version, printed by (user ID), date/time of printing and number of pages (Ex.: Page 1 of
2). For autoclaving reports, the sterilization time, drying time, load number, cycle,
"Performed by (user ID)" and "Checked by" field, material that has been autoclaved,
product batch/batch are still required and the start and end date/time of the autoclaving

Parameter Setting
N/A N/A

4.4.2.4 Audit Trail Configuration

The SCADA system communicates with SQL. SQL is used for storing alarms and audit
trail data.

Parameter Setting
N/A N/A

Document ID: RET-CS-200-2021-002-001 Page 14 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

4.4.2.5 Electronic Signatures

Electronic Signatures is based on login and logout, where access to each button and
command function is restricted to authorized persons only. System access depends on
each user's security level.

User rights can be configured in FactoryTalk View Console Application. The system starts
with “default user”, only having the right to view the SCADA monitoring screen and alarm
banner. Only user with admin rights is able to gain access to the operating system.

Access Level Signature Designation Distinct Identification Meaning of Signature

Components
Visualizador View level without N/A N/A
operational access.
Note: The “Viewer”
does not have
operational
permission, it is
automatically logged in
when the system is
booted.
Operador Access level to N/A N/A
operational system
functionalities, such as
acknowledgment of
alarms/warnings.
Supervisor Level of access to N/A N/A
engineering/maintenan
ce features, such as
changing parameters
and user control
functions.
Administrador With unrestricted N/A N/A
access to the system.

4.4.2.6 Fault Tolerance/Recoverability/Backup and Recovery

Fault Tolerance/Recoverability/Backup and Recovery does not apply to the Auto 04

Parameter Setting
N/A N/A

4.4.2.7 System Availability

System Availability does not apply to the Auto 04

Parameter Setting
N/A N/A

Document ID: RET-CS-200-2021-002-001 Page 15 of 16

Document Revision: 1.0
!$MRK @Proprietary

Configuration Specification for Autoclave AUTO 04, 1.0

Issue Date: 17-Dez-2021

4.4.2.8 Archiving Configuration

Archiving Configuration does not apply to the Auto 04.

Parameter Setting
N/A N/A

4.4.2.9 Auto 04 Parameters/Options

The Auto 04 must possess the following parameters/options and meet their
specifications

Parameter/Options Parameter Description Specification

N/A N/A N/A

4.4.2.10 Additional Configurations

There is no additional configuration for the Auto 04

Parameter Setting
N/A N/A

5 References

Reference Identification / Description Source / Location

SDLC-DOC-01 – System Development Life Cycle SDLC IT Life Cycle Management
Lexicon
Policy 13.5 – System Development Life Cycle Policy SDLC IT Life Cycle Management
SDLC-SOP-02 – System Development Life Cycle - SDLC IT Life Cycle Management
Initiate and Planning Phase

5.1 Attachment 1

N/A

Document ID: RET-CS-200-2021-002-001 Page 16 of 16

Document Revision: 1.0