Validation autoclave

January 21, 2017 | Author: Jose Aviles | Category: N/A
Share Embed Donate


Short Description

Download Validation autoclave...

Description

Thema4 control system - VALIDATION PACKAGE – COVER

Page 1 / 2

THEMA4 CONTROL SYSTEM

VALIDATION PACKAGE COVER Document Rev.1

EQUIPMENT Serial number

Model

Customer

TECNOQUIMICAS NA2403AW

FOA8/DA (Colombia)

Library config.

HW/SW configuration

C# 160

Panel PC

H

20

OS/D

G

63 F4

Rem I/O Appl. SW

O W L

11 Sb1

Lang.

f1

K 151

40.2 71

Type -

Cover (template of this document)

# 223225

2

1 2 3 4 5 6 7 8 9 10 11 12

Validation Package Letter Life Cycle of Process Controller - GAMP 5 Approach 21 CFR Part 11 Compliance Assessment Critical Review and Risk Management Report Software Validation Certificate Functional Design Specification (FDS) Software Design Specification (SDS) Hardware Design Specification (HDS) Configuration Manual (CM) Change Control Manual (CC) Libraries Configuration Manual (CM_LIB) Library Change Control Manual (CC_LIB)

#223213 #102179 #110434 #339022 #339032 #221815 #222852 #86791 #188843 #201698 #205684 #205878

3 6 2 1 1 20 8 32 36 34 65 65

General

Wxx

Last change CH

FEDEGARI AUTOCLAVI SpA S.S. 235 km 8 - 27010 Albuzzano (PV) - ITALY +39 0382 434111  +39 0382 434150  http://www.fedegari.com Fedegari Autoclavi SpA

DM#223225.2 - March 2010

Thema4 control system - VALIDATION PACKAGE – COVER

Page 2 / 2

This page is left intentionally blank

Fedegari Autoclavi SpA

DM#223225.2 - March 2010

Thema4 control system – VALIDATION PACKAGE LETTER

Page 2 / 11

DECLARATION After more than fifty years in the business, Fedegari still holds an unquestionable technological supremacy among sterilizer manufacturers worldwide. This achievement stems exclusively from its continuing commitment to control every aspect of its machines and of the process. Fedegari is in fact the only manufacturer that still produces in-house all the critical components of its sterilizers. This has allowed Fedegari to acquire, over the years, a deep knowledge and understanding of everything that directly or indirectly affects the overall performance of the machine in terms of both process and maintenance. Nowadays, the process controller of a sterilizer is a highly critical element, both in terms of performance and in terms of safety and assurance that the processes carried out cannot be tampered with. Moreover, pharmaceutical industry is responding to the challenge of significantly improving the way drug development and manufacturing is managed, by means of the adoption of new concepts and technologies of production, aiming to the integration of the manufacturing processes and to match “Product quality & Patient safety” with “Delivery business benefit”. In this new scenario, computerized systems are regarded as components of a wider manufacturing process/system, where “Quality verification” and “cGMP compliance” requires an approach based on “Integrated Quality by Design”, where separate validation may not be sufficient or necessary. Thema4 is the process controller of Fedegari pharmaceutical machines (dry- and moist-heat sterilizers, washing machines, pass box, …) released to the market as a completely configurable standard product, classified for user, as Category 4 - Configured Products, in GAMP 5 categorization. Thema4 It is the natural evolution of the well-established and reliable previous controller Thema3, which has been on the market since 1995. While Thema4 has inherited the process management principles of its predecessor, it is absolutely different in terms of the hardware components used, software architecture, man machine interface and general and integrations functions. By Thema4, Fedegari assures the commercial availability of standard components, the integration levels required in the modern pharmaceutical plants joined the functions and performances that meets the quality and safety standards of the production processes for which the application is intended. Since the most suitable field of application for this new controller is the pharmaceutical one, great care has been given in Thema4 Life Cycle management: from the Conception phase in the choice of components and definition of system architecture and project management, through the Project phase in the development of software parts in compliance with FDA regulation CFR21 part 11, until the current Operation phase in the definition of product management procedures (change control, configuration management, support, repair, maintenance,..) in accordance with the principles of the guide line GAMP. Now, after continuous improvements on software and hardware components, functions and processes, Thema4 is in the maturity of its Operation phase and the reference guide line for its management is the guide line GAMP 5. Moreover, thanks to the adoption of GAMP5 concepts and CFR21part11 rules, Thema4 allows customers to operate in compliance with new revision1 of the EudraLex (The Rules Governing Medicinal Products in the European Union) Volume 4 (Good Manufacturing Practice Medicinal Products for Human and Veterinary Use) Annex 11: Computerised Systems.

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 3 / 11

THEMA4 is an unique “standard” and “validated” controller for all Fedegari machines, completely configurable, to manage: - all Fedegari machine types (moist heat sterilizers, dry heat sterilizers, hydrogen peroxide decontamination pass boxes, washing sterilizers, robotized sterilization cells, etc.) with implemented different process technologies, - all control system hardware configurations, - all functional options, developed to meet several integration and operation customer requirements. The software is not changeable by the user in order to increase the system safety and to preserve the validated state. Thanks its modular software architecture, Thema4 allows a complete independence between the PROCESS implemented (software component P/G Library Kxx), the APPLICATION SOFTWARE (software component Wxx), the CONTROLLER HARDWARE (software component OS/D ) and the HMI/REPORTING LANGUAGE (software component Lxx/Jxx ). This allows an easy, modular, safety and with a low impact on validation software upgrade, in order to insert new machine functions, to change and to customize process functions (thank to the Fedegari Phases’ Groups technology) and to upgrade HW components (in a transparent way respect to the software) to face the market components obsolescence. Thema4 is an evolution of the previous generation of Fedegari sterilizer controllers (Thema3 and Super Spectra) designed to maintain continuity with their main characteristics: operator approach to machine management, process control based on a proper Phases’ Groups library, the system architecture and the validation approach. This allows Fedegari to propose “revamping plans”, preserving the customer investment, improving the machine functions and performances and at the same time maintaining the system always validated in compliance with the applicable current regulations. An extensive team of experts assures that the controller is constantly innovated and manages all new developments in accordance with the customers needs and the adopted GMP standards. By means of Thema4 Validation Package, Fedegari certifies and releases a clear evidence that: • Software of the Thema4 process controller has been developed by Fedegari and has been proper documented and tested, in accordance with the approach of the guideline GAMP 5. • Thema4 is a well-structured software program which offers an extensive set of functions and instruments, usable and configurable by the end user (according to its own SOPs), for achieving compliance to FDA regulation CFR21p11 and to the EudraLex Volume 4 - Annex 11: Computerised Systems (revision 1). • Change activities for modifying the software and hardware components of the process controller, which consist in introducing improvements and in solving problems, are conducted in accordance with a “Change control and configuration management procedure”, in compliance with the indications of GAMP. • Software versions released by Fedegari are subjected to rigorous maintenance and are identified by means of a unique code in accordance with the change control and configuration management procedure. • Thema4 source code is stored on PC servers, undergoing regular and clearly defined backup activities and access policy defined in organization procedures. • Source code and all life cycle documentation can be analyzed by customers on request, in specific audits. Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER •



Page 4 / 11

Testing on software and hardware components is carried out, during project and change activities, by means of the application of risk analysis methodology, as defined in the procedures that are integral part of Fedegari’s quality documentation. Proper training activities are regularly carried out on people involved in computerized system management.

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 5 / 11

TUTORIAL: PRESENTATION OF VP DOCUMENTS The Validation Package is composed of the documents listed in the following table :

VALIDATION PACKAGE DOCUMENTS N°

Document

Type

-

Cover

1 2 3 4 5 6 7 8 9 10 11 12

Validation Package Letter (this document) Life Cycle of Process Controller - GAMP 5 Approach 21 CFR Part 11 Compliance Assessment Critical Review and Risk Management Report Software Validation Certificate Functional Design Specification (FDS) Software Design Specification (SDS) Hardware Design Specification (HDS) Configuration Manual (CM) Change Control Manual (CC) Libraries Configuration Manual (CM_LIB) Library Change Control Manual (CC_LIB)

NF General

Wxx.y

Last change CHxxx

The field Type defines the document update, during the life cycle of the product Thema4: -

NF

-

General

-

Wxx

-

CHxxx

Fedegari Autoclavi SpA

HW-SW configuration data depending on the system configuration released for a defined machine NF (Factory Number) documents updated when there is a change in the management of the Thema4 life cycle documents depending on the version of the application software Wxx.y released to the NF documents related the last change activity CHxxx executed.

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 6 / 11

0 - Cover This document is of NF type: depending on the machine factory number. The Cover is the introduction document, that reports the: - The equipment general data :customer name, factory number NF, machine model - The code of the main components of the system configuration C# assigned to the equipment. - The list of the validation package documents with the document code and version, assigned in the Fedegari document management system The architecture of the Thema4 system configuration (SW, HW, tools and Doc elements) is showed in the following table.

THEMA4 SYSTEM CONFIGURATION ARCHITECTURE

C#xxx

SYSTEM CONFIGURATION CODE (Global) ELEMENT

1 2 3

4

5 6 7

8

9

HW OPERATOR PANEL

COMPONENT 1

OPERATOR PANEL

2

I/O BUS BOARD

Hxx Qxx

1

RTOS/DRIVER

Gxx

1

IDE

IDxx

1

APPLICATION SW

2

APP. LANGUAGE FILES

3

RECOVERY DISK

4

REMOTE GUI

5

ON-LINE MANUAL

Wxx.y Lxx RDxx Rxx OMxx

SW

1

PGL SW

Kxx

HW

1

REMOTE I/O

HW

1

CONVERTER RTD

1

PRINTER

2

HUB/SWITCH

3

UPS

4

MESSAGES DISPLAY LCD

1

USER MANUAL PACKAGE

2

INSTALL. MANUAL

3

REMOTE GUI MAN.

Oxx Txx Zxx Yxx Uxx Mxx UMxx IMxx GMxx

HW

OPERATING SYSTEM/ SW DRIVER INTEGRATED DEVELOPMENT Tool ENVIRONMENT

APPLICATION SW - NUCLEUS SW

APPLICATION SOFTWARE PHASE GROUPS LIBRARY REMOTE I/O CONVERTER RTD

HW EQUIPMENTS

DOCUMENTS

CODE

HW

Doc

The details of all configurations released are reported in the VP document 9 and 11.

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 7 / 11

1 - Validation Package Letter (this document) This document is of General type: depending on the Thema4 product life cycle. The Letter is the signed (by the Automation Manager and the Quality Manager) formal declaration of the quality approach followed in the Thema4 life cycle management , that is based on: - a quality system with procedures, - guideline (GAMP) - standard (CFR21p11) The document includes a tutorial to introduce the user in the architecture and contents of the Validation Package documents.

2- Life Cycle of Process Controller - GAMP 5 Approach This document is of General type: depending on the Thema4 product life cycle. The document describe the quality approach GAMP based, Fedegari has followed in Thema4 control system development, starting from the Conceptualization initial phase of the product life cycle up to the current Operational phase. The document describes the key operational procedure adopted: Service and performance Management, Incident Management and CAPA, Change Management Process, Repair Activity, Periodic Review (Internal Quality Audits), Continuity Management, Security and System Administration, Record Management.

3- The 21 CFR Part 11 Compliance Assessment This document is of General type: depending on the Thema4 product life cycle. The document describe the Thema4 native compliance with Food and Drug Administration 21 CFR Part 11 (Electronic records; Electronic Signatures; Final Rule). In fact Thema4 has a well-structured software architecture which offers an extensive set of “instruments” (i.e. setting variables and parameters) that end user can configure according to its own SOPs) for achieving and “easy and configurable” compliance to “part 11”. The document, referring to all sections of the 21CFR11, describe how this requirements have been interpreted and satisfied by Thema4 computerized control system, in order to provide a proper management of electronic records and electronic signatures for pharmaceutical regulated industries.

4- Critical Review and Risk Management Report This document is of Wxx.y type: depending on the application software version Wxx.y released for the NF. The validation for a complex process controller as Thema4 can not be a “pass/fail process”. The results of the tests should be analysed according to pre-defined criteria in order to estimate the grade and the quality of the occurred deviations and of the pointed out notes. Following this approach a more conscious release can be obtained, giving also a scenario for possible corrective actions to be implemented according to their criticality. This document can be considered as the conclusion of the validation activity carried out on process controller software Wxx.y, which requires the critical review of the test results performed. This activity is part of the Risk Management Process and this document is the relevant “output”. With this activity the not-passed tests and the comments collected during the validation are analysed to verify their criticality, according to the Quality System Procedure PAQ-08 “Risk

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 8 / 11

Management”. The results of this activity, reported in this document, shall be used to release the specific software version or not. Validation activity is part of the Thema4 change control procedure, as described in validation package document 2.

5- Software Validation Certificate This document is of Wxx.y type: depending on the application software version Wxx.y released for the NF. The document is the formal certificate, that is the output of the Critical Review and Risk Management Report (VP doc 4) and that enables the release in production of the application software Wxx.y assigned to the NF.

6- Functional Design Specification (FDS) This document is of Wxx.y type: depending on the application software version Wxx.y The FDS is the functional specification of THEMA4 process controller, describing the hardware configuration (Thema4 is a computerized control and automation system based on commercial hardware), the software architecture and the controller functions. The document applicable to all machine types supported by Thema4 control system:

THEMA4 MACHINE TYPES Machine type

Machine

Process managed

1

Autoclave

moist-heat or gas sterilization

2

Oven

dry-heat sterilization

3

FCDV (VHP)

Fedegari Cabinet Decontamination VHP (Vaporized Hydrogen Peroxide)

4

FCDM (DMD)

Fedegari Cabinet Decontamination Mist

The document is composed of the following sections: - PHYSICAL DESCRIPTION OF THE CONTROL SYSTEM : SYSTEM ARCHITECTURE, HARDWARE ARCHITECTURE, SOFTWARE ARCHITECTURE, DATA STORAGE DEVICES, BACKUP/RESTORE DATA, DIGITAL/ANALOG I/O FOR THE CONNECTION TO THE FIELD, COMMUNICATION PROTOCOLS FOR THE CONNECTION TO EXTERNAL SYSTEM, UNITS OF MEASURE ADOPTED, SYSTEM LIMIT OPERATING CONDITIONS -

PROCESS MANAGEMENT : THEMA4 “PROCESS TASK” ARCHITECTURE, PHASE GROUPS – CYCLES - PROGRAMS, “PHASE GROUP” LIBRARY (P/Gs), CYCLE EXECUTION GENERAL FLOWS, CYCLES AND OPERATING PROGRAMS, ALARMS GENERAL INFORMATION (NUCLEUS, CONFIGURATION AND PHASE ALARMS), ALARM LIST (TEXT, EFFECTS; DELAY), ALARMS CAUSES AND SOLUTIONS.

-

DIALOGUE LANGUAGE : STANDARD AND CUSTOM LANGUAGES (HMI AND REPORTS), CODE PAGE AND UNICODE FORMATS.

-

PASSWORDS: ACCESS CODE CONFIGURATION PARAMETERS, LOCAL AND REMOTE ACCESS, OPERATING MODES (ADMINISTRATOR, SUPERVISOR, MAINTENANCE, USER), PASSWORD MODIFICATION, CURRENT LOGIN MANIFESTATION (DISPLAY AND PRINTOUT).

-

LIST OF OPERATIONS : GUI OPERATING MENUS, RUNS & OPERATIONS (PROGRAM RUN , MONITORING, REPORTING AND CONTROL), PROGRAM MANAGEMENT (PROGRAM CREATION AND CONFIGURATION), CYCLE MANAGEMENT, SYSTEM SETUP & CONFIGURATION (PARAMETERS AND SETTING; SOFTWARE VERSION, OPTIONS ENABLED)

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER -

Page 9 / 11

DIAGNOSE & MAINTENANCE: (I/O, ALARM, SENSORS CALIBRATION, MAINTENANCE OPERATIONS, BACKGROUND OPERATIONS, BACKUP & RESTORE, HARD DISK & ARCHIVE MAINTENANCE

-

LOG-IN & PASSWORDS: LOGGED SESSIONS, LOGOUT AND SHUTDOWN, ACCESS POLICY CONFIGURATION, LOGIN PERMISSION CONFIGURATION AND MANAGEMENT.

-

ON-LINE MANUALS: GENERAL, NAVIGATOR AND MACHINE TYPE MANUALS. PROGRAM EXECUTION: TIME CALCULATION, PROCESS SUMMARY, PROCESS REPORT PRINTOUT MANAGEMENT: PRINTERS SUPPORTED, ARCHIVED AND PRINTED DATA, PROCESS REPORT STRUCTURE.

-

BLACKOUT MANAGEMENT (DETECTION, MANIFESTATION, PROCEDURE), STERILIZATION AND TREATMENT TIME ELAPSED DURING A BLACKOUT

-

DOOR MANAGEMENT: DOORS TYPE, OPENING, MOVING AND CLOSING CRITERIA, LOADING AND UNLOADING OPERATIONS.

-

EXTERNAL RECORDERS MANAGEMENT: INTEGRATION TYPES

7 - Software Design Specification (SDS) This document is of Wxx.y type: depending on the application software version Wxx.y The SDS is the software design specification of Thema4 control system. The detailed design specification is reported in other documents related to all the software baselines released and the software changes implemented. SDS document is composed of the following sections: - 1 SOFTWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM - This section describes the software architecture of the control system and provide an overview of the basic elements of the software management: programming languages, operating system, development environment tools, software components versioning, general guidelines for the software development. - 2 SOFTWARE COMPONENTS This section describes each basic software element that build up the Thema4 control system. - 3 FILE SYSTEM ORGANIZATION This section describes the file system organization of the hard drive partition used to store data and application. It describes also the data stored and the folder structure of the application. - 4 LANGUAGES This section describes the approach adopted to implement a software version independent multi-language system in the Thema4. It describes language files architecture and codepages format, describing the impact on peripherals. - 5 INTEGRATION WITH EXTERNAL SYSTEMS This section describes the software architecture for the communication with external systems, by means of standard protocol servers and software layers implemented, through Ethernet and serial connections.

8 - Hardware Design Specification (HDS) This document is of CHxxx type: depending on the last change activity CHxxx executed The HDS is the hardware design specification of Thema4 control system, where only market components are utilized. The aim of this document is to define the hardware structure of the Thema4 process controller, detailing each module and the interfaces between these modules and with external systems. HDS document is composed of the following sections:

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

-

-

Page 10 / 11

1 HARDWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM This section describes the overall hardware architecture of the control system Thema4, identifying the basic elements (standard and optional) and how they are interconnected. 2 DETAILED SPECIFICATION OF HARDWARE COMPONENTS This section describes each basic hardware element. Additionally, for each of them, it is reported the list of models supported with their technical characteristics.

9 - Configuration Manual (CM) This document is of CHxxx type: depending on the last change activity CHxxx executed This document is the final output of the Configuration Management process executed into a “Change activity” (coded by the index CHxxx) on the Thema4 control system components: - Hardware components - Software components, except the PGL software Kxx, that is manage by a proper document “Libraries Configuration Manual (CM_LIB)” - Third party software (operating systems, library files, drivers, firmware, IDE, ..) - Manuals released to the end-user Because the two processes, Configuration Management and Operational Change Control, are closely related each other, they are executed in parallel during a “Change activity” and the CM document is the reference for the document “Change Control Manual (CC)”. CM document allows : - to defines and identify (by a code and a version number) all system items - to control the modification and the release of each items - to ensure the completeness, consistency and correctness (compatibility) of the items and their baselines (system configurations) - to exactly identify, by a index C#xx, the system configurations released CM document is composed of several tables: the system configuration table and the derived components configuration tables and sub-tables .

10 - Change Control Manual (CC) This document is of CHxxx type: depending on the last change activity CHxxx executed This document is the final output of the Operational Change Control process, strictly related to the Configuration Management process, executed into a “Change activity” (CH) on the Thema4 control system components as reported in the Configuration Manual (CM). The Change activity of hardware and/or software components of Thema4 control system are required, in order: - to solve problems: faults detected coded by FAULT REGISTER (FRxxx) - to insert new functions or components: new implementations coded by CHANGE REQUEST (CRxxx). CC document is composed of several tables where, all components (new or changed) present in the CM document are linked to the requirement FRxxx or CRxxx, at the origin of the change.

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system – VALIDATION PACKAGE LETTER

Page 11 / 11

11 - Libraries Configuration Manual (CM_LIB) This document is of CHxxx type: depending on the last change activity CHxxx executed This document is the final output of the Configuration Management process executed into a “Change activity” (coded by the index CHxxx) on the Thema4 control system component Kxx. The Kxx component is includes of the sub-components:

THEMA4 SYSTEM CONFIGURATION ARCHITECTURE APPLICATION SOFTWARE - PHASE GROUPS LIBRARY

Kxxx

ELEMENT

CODE

1

PGL SW

COMPONENT

SW

1

P/G LIBRARY SW

2

PGL LANGUAGE .FILES

3

PHASE ALARMS LIST

T4LIBxx.y Jxx Px

T4LIBxx.y is a collection of independent software components: the Phase Groups (P/G). Each P/G implement a process function, composed of several phases (maximum 16), that are inserted in a process task of one of these types: - Cycle task (a sequence of more P/G) - Background task (only 1 P/G) - Stand-by task (only 1 P/G) Jxx is the library language files, with string of the Phase parameters, and Phase name, in the language released (standard and optional) Pxx is the configuration file to load in Thema4 system, to identify in the machine the Phase alarms applicable to a defined library. For each PGL Kxxx, in the CM_LIB there are: the list of P/Gs released in the library T4LIBxxy, the language file Jxx associated and the phase alarm list file Pxx.

12 - Libraries Change Control Manual (CC_LIB) This document is of CHxxx type: depending on the last change activity CHxxx executed This document is the final output of the Operational Change Control process, strictly related to the Configuration Management process, executed into a “Change activity” (CH) on the Thema4 control system component Kxx, as reported in the Libraries Configuration Manual (CM_LIB). The Change activity of hardware and/or software components of Thema4 control system are required, in order: - to solve problems: faults detected coded by FAULT REGISTER (FRxxx) - to insert new functions or components: new implementations coded by CHANGE REQUEST (CRxxx). CC_LIB document is composed of several tables where, all components (new or changed) present in the CM_LIB document are linked to the requirement FRxxx or CRxxx, at the origin of the change.

Fedegari Autoclavi SpA

D/O#223213.3 - March 2014

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 3 / 34

INTRODUCTION Thema4 is the high performance, standard and validated control systems of Fedegari, dedicated to control different types of pharmaceutical machines and characterized from an high capacity, flexibility and configurability in order to fit all customer needs in a standard way and at the same time providing user an high level of security and reliability. From its conception, the Thema4 system has been designed, developed and validated following a defined product life cycle according to GAMP approach, in order to meet the regulatory requirements of the current GMP. Now in its operational life, Thema4 has passes from GAMP 4 guide line approach (adopted since its “foundation”) to the new concepts of GAMP 5, that are been progressively introduced in the life cycle of the system.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 4 / 34

DOCUMENT SECTIONS This document is composed of the following sections

1 GxP REGULATED COMPUTERIZED SYSTEM 2 THEMA4 LIFE CYCLE 3 APPENDIX

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 5 / 34

INDEX

1 GXP REGULATED COMPUTERIZED SYSTEM ...................... 7 1.2

THE PRODUCTION OF PHARMACEUTICAL AND MEDICAL DEVICES ................. 8

1.3 THE GUIDE LINE GAMP®.......................................................................................... 8 1.3.1 GAMP® 4 ............................................................................................................. 8 1.3.2 GAMP® 5 ............................................................................................................. 9

2 THEMA4 LIFE CYCLE ............................................................................... 11 2.1 COMPUTERIZED SYSTEM PRODUCT LIFE CYCLE.............................................. 12 2.1.1 GAMP 5 - Product Life Cycle phases ................................................................. 12 2.1.2 GAMP 5 – General approach with Project Stages and Supporting Procedures . 13 2.2 THEMA4 PRODUCT LIFE CYCLE ........................................................................... 14 2.2.1 Thema4: current Life Cycle phase...................................................................... 14 2.2.2 Thema4 Life Cycle defined following GAMP 4 model......................................... 15 2.2.3 Thema4 Life Cycle in GAMP 5 approach ........................................................... 16 2.2.4 Thema4: software and hardware GAMP 5 category........................................... 16 2.2.5 Thema4 CONCEPTION phase........................................................................... 17 2.2.6 Thema4 PROJECT phase.................................................................................. 18 2.2.7 Thema4 OPERATION phase ............................................................................. 21 2.3 Thema4 key operation procedures ........................................................................ 22 2.3.1 Handover............................................................................................................ 23 2.3.2 Service Management and Performance Management ....................................... 23 2.3.3 Incident Management and CAPA ....................................................................... 23 2.3.4 Change Management Process ........................................................................... 24 2.3.5 Repair Activity..................................................................................................... 29 2.3.6 Periodic Review (Internal Quality Audits) ........................................................... 29 2.3.7 Continuity Management...................................................................................... 29 2.3.8 Security and System Administration ................................................................... 30 2.3.9 Record Management .......................................................................................... 31

3 APPENDIX........................................................................................................... 32 3.1

REFERENCES .......................................................................................................... 33

3.2

THEMA4 PROCEDURES.......................................................................................... 33

3.3

ACRONYMS.............................................................................................................. 34

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 6 / 34

TABLES Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 -

Fedegari department involved in Thema4 management Thema4 life cycle vs. GAMP 5 life cycle Thema4 GAMP 5 categorization Documents released in the Conception phase of Thema4 life cycle Documents released in the Project phase of Thema4 life cycle Thema4 main operational procedures vs. GAMP 5 key supporting procedures CR/FR PROCESS stages Thema4 Change Activities Plan phases vs. GAMP 5 Project stages

FIGURES Figure 1: GAMP 5 Key Concepts Figure 2: GAMP 5 Product life cycle Figure 3: GAMP 5 Project Stages Figure 4: GAMP 5 Project Stages and Supporting Processes during the Life Cycle Figure 5: Scheme of general Product Life Cycle Figure 6: Thema4 Life Cycle diagram in GAMP 4 approach Figure 7: Thema4 application of GAMP 4 V-shaped diagram Figure 8: GAMP 5 Project stages approach for Custom Application (Category 5) Figure 9: Thema4 CR/FR PROCESS - Workflow Figure 10: Thema4 CH PROCESS - Workflow Figure 11: Thema4 Change Control procedure - Workflow

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 7 / 34

Section 1

THEMA4 CONTROL SYSTEM

1 GXP REGULATED COMPUTERIZED SYSTEM 1.2 - THE PRODUCTION OF PHARMACEUTICAL AND MEDICAL DEVICES 1.3 - THE GUIDE LINE GAMP® 1.3.1 - GAMP® 4 1.3.2 - GAMP® 5

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 8 / 34

1.2 THE PRODUCTION OF PHARMACEUTICAL AND MEDICAL DEVICES The production of pharmaceuticals or medical devices is governed by specific manufacturing standards [1-5], which tend to establish tests meant to ensure a certain qualitative level of the product and define a working method known as Good Manufacturing Practice (GMP). These rules and standards form a consistent system, meant to keep under control the entire production and distribution process so as to trace any anomalies, their causes and, in the worst cases, recall the product from the market. Among the requirements expressed by GMP, validation of the production process (achieved through validation of its individual steps) allows to achieve, with a certain margin of safety, reproducibility of the process and of the qualitative parameters that characterize the product. In the traditional approach, this cannot be done without validating the machines and the systems used in the various steps of production. GMP and other reference standards, however, give generic recommendations, since their validity is independent of the type of production to which they apply.

1.3 THE GUIDE LINE GAMP® Since the 1980s, various regulatory bodies and technical organizations have issued guidelines regarding automatic systems used in the production and control of pharmaceuticals and medical devices. However, in those years the attention of control bodies was focused on different problems, and the interpretation of the guidelines revealed less awareness than in other aspects of pharmaceutical production. The need for a shared approach regarding the methods for developing and managing an automatic system in the pharmaceutical field and medical devices (of which the automatic system can be an integral part or be a device in itself) led to the establishment of a study group known as GAMP (Good Automated Manufacturing Practice) Forum, which by transferring the principles of GMP focused its attention on the automatic systems used in these two particular fields.

1.3.1 GAMP® 4 In December 2001, the GAMP Forum, by then evolved into a committee within the ISPE (International Society of Pharmaceutical Engineering), issued the fourth edition of the guideline for validation of automatic systems , GAMP® 4 [6]. The GAMP 4 approach identifies not only a way of understanding the validation of an automatic system but also a way of developing and controlling the entire life cycle of the system. In other words, one might say that validation is an activity that begins with the planning phase and accompanies the system development phases up to release, including any changes and finally decommissioning. This type of approach allows to keep the project and the product under control during the various phases that characterize its life cycle, helping to ensure ever better performance and reliability and therefore higher margins of assurance for the end user. Validation activity, understood as the documented verification that the requirements of the system have been achieved according to a stated method, if performed judiciously, is extremely helpful not only for the customer but also for the developer of the system.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 9 / 34

1.3.2 GAMP® 5 In this last years, pharmaceutical and biopharmaceutical industry is facing the challenge of a significantly improving in the way the drugs are developed and manufactured. New concepts and ways of working, based on “science based risk management”, “product and process understanding” and “Quality by Design” are being defined in several documents (FDA 21st Century Initiative; ISPES’s PQLI; CH Q8, Q9, Q10; ASTM E2500 [7]) and the industry is in a transition period in which this new ideas are being established. To meet the needs and the initiatives of this changing environment, in February 2008, ISPE has released the GAMP® 5 - A Risk-Based Approach to Compliant GxP Computerized Systems [8], to provides a pragmatic and practical guidance to achieve compliant GxP regulated computerized systems, fit for intended use in a more efficient and effective manner. The purpose of GAMP 5 is to provide a cost effective framework of good practice that aims to ensure that computerized systems are fit for intended use and compliant with applicable regulations. The guide aims to address the need of safeguard patient safety, product quality and data integrity while at the same time enabling innovation and technological advance, to deliver business benefit. This new approach points to the future of computer systems compliance, centered on a flexible risk-based approach, based on scalable specification and verification and focused on 5 key concepts: 1. Product and Process understanding 2. Life cycle Approach within a QMS 3. Scalable Life Cycle activities 4. Science Based Quality Risk Management 5. Leveraging supplier involvement That concern both user (pharmaceutical company) and supplier of computerized systems and services, in the way showed in the following GAMP 5 scheme:

Figure 1: GAMP 5 Key Concepts

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page 10 / 34

1.3.2.1

Some clarifications about GAMP® 5 adoption

1.3.2.1.1 The adoption of new and innovative approaches GAMP 5 As stated in the guide, GAMP is not a standard or a rule but it is a guide line and so it is inappropriate to speak of “GAMP 5 certification or compliance”. It is more proper to speak of “adoption of GAMP 5 approach” in the computerized system life cycle. “GAMP documents are guide and not standards. It is the responsibility of regulated companies to establish policies and procedure to meet applicable regulatory requirements. Consequently, it is inappropriate for suppliers or products to claim that are GAMP certified, approved or compliant.“ (GAMP 5 - 1.3 Purpose)

1.3.2.1.2 .. to do the job today, while building a bridge to new approaches For that systems arrived in their “operational life”, GAMP 5 approach can implemented gradually and by means a sequence of partial changes, where the new approach coexists with the previous good practices. “These innovative approach are available and useable now if the appropriate pre-requisites are met. While acknowledging that not all regulated companies will be in a position to, or will choose to, fully embrace the new approaches immediately, this Guide is intended to encourage the adoption of such approaches and in no way to be a barrier. Improving Quality Practice During the period of transition, the industry continues to need practical guidance based on current good practice giving practitioners the tools to do the job today, while building a bridge to new approaches. This Guide aims to describe current good practice in order to satisfy the needs of the majority of practitioners involved with computerized systems, while also enabling new and innovative approaches, e.g. for process systems in a Quality by Design environment.” (GAMP 5 Foreword)

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page11 / 34

Section 2

THEMA4 CONTROL SYSTEM

2 THEMA4 LIFE CYCLE 2.1 - COMPUTERIZED SYSTEM PRODUCT LIFE CYCLE 2.1.1 - GAMP 5 - Product Life Cycle phases 2.1.2 - GAMP 5 – General approach with Project Stages and Supporting Procedures

2.2 - THEMA4 PRODUCT LIFE CYCLE 2.2.1 - Thema4: current Life Cycle phase 2.2.2 - Thema4 Life Cycle defined following GAMP 4 model 2.2.3 - Thema4 Life Cycle in GAMP 5 approach 2.2.4 - Thema4: software and hardware GAMP 5 category 2.2.5 - Thema4 CONCEPTION phase 2.2.6 - Thema4 PROJECT phase 2.2.6.1 - Testing & Validation 2.2.6.2 - Risk analysis conducted in Project phase

2.2.7 - Thema4 OPERATION phase

2.3- THEMA4 KEY OPERATION PROCEDURES 2.3.1 - Handover 2.3.2- Service Management and Performance Management 2.3.3- Thema4 Life Cycle in GAMP 5 approach 2.3.4- Change Management Process 2.3.4.1 - Thema4 – Change Activities Plan: workflow 2.3.4.2 - Relation between Thema4 Change Activity Plan and the Project approach of GAMP 5 2.3.4.3 - Delivery procedure of a Thema4 “Configuration” on NF 2.3.4.4 - Thema4 software licensing

2.3.5- Repair Activity 2.3.6- Periodic Review (Internal Quality Audits) 2.3.7- Continuity Management 2.3.8 - Security and System Administration 2.3.9 - Record Management

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page12 / 34

2.1 COMPUTERIZED SYSTEM PRODUCT LIFE CYCLE 2.1.1 GAMP 5 - Product Life Cycle phases In order to achieved computerized systems compliance with regulatory requirements and fitness for intended use, the guideline GAMP 5 (keeping on the GAMP 4 concepts) promotes the adoption of a life cycle approach, where all activities, from initial conception to system retirement, are defined and performed in a systematic way, following good practices. As showed in this GAMP 5 scheme, Product Life Cycle of a computerized system consists in four main phases: from Concept phase (to understand and define requirements), through Project phase (with system specification, development, testing and release of the system for production) and the next longest phase of Operation (with the safeguard of the validate state of the system, while it is subject to continuous changes and upgrades), to the final Retirement.

Figure 2: GAMP 5 Product life cycle

GAMP 5 encourages the involvement of the supplier in many activities of the computerized system life cycle, to avoid waste of efforts and duplication of tasks. This approach requires a periodical satisfactory supplier assessments but allows end user to use knowledge, experience, documentation and services of the supplier and to benefit from innovation, technological advance and periodical system upgrades.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page13 / 34

2.1.2 GAMP 5 – General approach with Project Stages and Supporting Procedures As already introduced by means of the GAMP 4 V-model, to achieve compliance and fitness for intended use, GAMP 5 proposes a general approach to Project phase, based on a sequence of project stages, that entail multiple activities: •

Planning of activities, responsibilities, procedures and timelines.



Specification & Verification, where specification activities are addressed by appropriate verification and review steps, to determine whether the specification has been met. The hierarchy of specification and testing, is depending on the system complexity, risk level and novelty.



Configuration and Coding, by configuration activities on market components and Figure 3: GAMP 5 Project Stages coding of software components, supported by a configuration and change control management.



Reporting and release, where controlled and documented processes assure the acceptance and release of the system, for the use in GxP regulated activity. These project stages are integrated with key supporting processes of Risk management, Change and Configuration Management, Design Review, Traceability and Document management,.. Project stages and supporting processes are part of the computerized system Life Cycle and equally applicable to the Project phase and to change activities of Operation Phase.

Figure 4: GAMP 5 Project Stages and Supporting Processes during the Life Cycle Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page14 / 34

2.2 THEMA4 PRODUCT LIFE CYCLE 2.2.1 Thema4: current Life Cycle phase Thema4 has been developed following the guideline GAMP 4, from the initial Conception and Project phases up to the current Operational phase. Now Thema4 is in the “maturity” of its Operational phase and it has adopted the reference guideline GAMP 5. This adoption has not meant a “complete change” of the quality approach of Thema4, for three reasons:

Product/System Life Cycle

1. GAMP 5 is not a complete “twisting” of GAMP 4 philosophy, but rather its “completion”, by the acquisition of new needs and concepts (“science based risk management”, “product and process understanding” and “Quality by Design”) of pharmaceutical industry (see note above). 2. Thema4 life cycle already implements a robust approach (by defined procedures and documentation) based on the main concepts, present in guidelines GAMP 4, and fully valid in GAMP 5.

Figure 5: Scheme of a general Product Life Cycle

3. Thanks to Thema4 continue improvements, suggested from the frequent customers audits and the constant attention to new GMP regulations, several new aspects pointed out in GAMP5 can be considered already present (at least at an initial stage) in Thema4 Life Cycle and they will be enforced in the next developments. Moreover, for several aspects, it is possible to state that GAMP 5 life cycle framework is more fitted to describe and to manage the system architecture of Thema4 and the full implementation of GAMP 5 concepts (as Life Cycle scalability, Risk Management approach, integrated QbD), will allow big improvements and advantages for both Supplier and User of Thema4. “Computerized System Validation Framework Traditionally GAMP has advocated a computerized system validation framework to achieve and maintain GxP compliance throughout the computerized system life cycle. This framework is based on system specific validation plans and reports and the application of appropriate operational controls. Validation plans and reports provide a disciplined and consistent approach to meeting regulatory requirements, leading to appropriate documentation at the right level. Such documents are valuableboth in preparing for, and during, regulatory inspections. This framework is still applicable for the majority of the computerized systems. This Guide has built on these principles by clarifying the scalability of the approach, and the central role of Quality Risk Management, to effectively and efficiently cover the very wide range of system in scope. (GAMP 5 – 3Life Cycle Approach))

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page15 / 34

2.2.2 Thema4 Life Cycle defined following GAMP 4 model Thema4 project development and management methodology, has been described in the document “Thema4 - Quality and Project Plan” [9], which defines the main phases of the project, giving them the characteristic features of the approach GAMP 4 –Life Cycle Model According to the diagram shown in figure below, five different phases can be identified during the development project of Thema4,

Figure 6: Thema4 Life Cycle diagram in GAMP 4 approach

The documentation of each phase is tightly linked to the preceding phase and the following phase and also to the corresponding transverse phase of the V-shaped diagram.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page16 / 34

The phases, that constitute the main milestones of the product life cycle, are traced back to the organization department, to which they are entrusted, in accordance with the acronyms defined in the table below: Department

Function

DIG QUA SSE RES

General Management Quality Assurance Electronic Systems Development Research and Development Table 1 - Fedegari department involved in Thema4 management

2.2.3 Thema4 Life Cycle in GAMP 5 approach The phases of Thema4 Life Cycle, have encompassed the first 3 stages, Concept, Project and Operation, of the corresponding GAMP 5 Product Life Cycle: GAMP 5 – PRODUCT LIFE CYCLE Thema4 Life Cycle CONCEPTION

PROJECT

X

X

1 Planning and specification 2 Design and construction

X

3 Installation and testing

X

4 Acceptance final testing

X

5

OPERATION

Release & ongoing maintenance operations

RETIREMEN T

X

Table 2 - Thema4 life cycle vs. GAMP 5 life cycle

The management of these three phases during Thema4 Life Cycle has been summarized in the following paragraphs.

2.2.4 Thema4: software and hardware GAMP 5 category Supplier and user approach to the system management, depends on the GAMP categorization of the computerized system. Based on the system categorization defined in GAMP 5 – Appendix M4 Categories of Software and Hardware (that is similar to the previous one of guide GAMP 4), Thema4 is classified as: GAMP 5 CATEGORY

Thema4 control system Supplier

1 Thema4 Software

2 Thema4 Hardware

Category 5 Custom (bespoke)system

End User

Category 4 Configurable system

(because it requires software development and HW configuration to meet defined requirements)

(because it require only system configuration by user interface)

Hardware Category 1

Hardware Category 1

Standard Hardware components

Standard Hardware components

Table 3 - Thema4 GAMP 5 categorization

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page17 / 34

2.2.5 Thema4 CONCEPTION phase The life cycle of the Thema4 controller began formally in November 2001, when Fedegari management defined the need to develop for its own dry and moist heat sterilizers a new control system more aligned with new market requirements and the established and acknowledged technological level, taking however into account that despite the obsolescence that is typical of information technology products, the previous Thema3 controller has been able to ensure for a decade a reliability and management of the sterilization processes, contributing (together with the autoclave section) to the consolidation of the Fedegari brand worldwide. The initial base requirements of this new control system, after the understanding of business needs and benefits and the evaluation of scope, cost and potential solutions, were: - a PC-based system including all the functionalities (previously distributed in several systems); - new HW/SW architecture with use of commercial hardware of the main brands; - use a Real Time Operative System leader of the market; - modern, graphical, multi-language and touch screen interface, portable on different platforms; - adoption of GAMP 4 approach in the product Life Cycle; - native compliance with pharmaceutical standard 21 CFR Part 11; - preserve the standard, flexible and configurable approach of the previous system in the management of processes, I/Os configuration, functions enablement and alarms; - use the same computerized system (with same software), to equip all types of pharmaceutical machines; - system completely open to all requests of integration of pharmaceutical plants: - complete control of the source code in house, not accessible to users, in order to preserve company know how and system integrity for users; - control system development and released fully integrated in the company production system; These requirements has been stated in a document of Fedegari Management “Order of Service”, that assigned the responsibility of Thema4 project to the manager of SSE department. In this Conception phase, composed of planning and specification stages, with definition of life cycle approach and activities, responsibilities, procedures and timelines, the following basic documents has been released:

Thema4 – Documents released in the Conception phase Code

Document

OdS

ORDER OF SERVICE FROM DIG FOR THE DEVELOPMENT OF A NEW GENERATION OF PROCESS CONTROLLER, FOR MACHINES AND PLANTS THEMA4 - GENERAL VALIDATION PLAN THEMA4 - QUALITY PROJECT PLAN THEMA4 - USERS’ REQUIREMENTS SPECIFICATIONS SYSTEM (PROPOSAL) SPECIFICATION QUALITY ASSESSMENT Table 4 - Documents released in the Conception phase of Thema4 life cycle

VP QPP URS SS QA

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page18 / 34

2.2.6 Thema4 PROJECT phase After the quality assessment and the definition of the preliminary requirements, Thema4 Life Cycle passed from the Conception phase to the Project phase, consisting of the sequence of stages of the GAMP 4 V-Model (for Custom system – Category 5). This phase has lasted a couple of years, with the final acceptance and release of the system on the market for the Operational phase, in 2004. Each of these stages has associated support documents: starting from the Functional Specification document (based on the User Requirements), it is possible to trace the path that led to the definition of the functional characteristics of the controller, to their implementation and to subsequent verification, following what is known as the characteristic V-shaped diagram of GAMP.

User Requirement Specifications

DIG

RES SSE

Functional Specification

SSE

System Acceptance Test.

Hardware Design Specif.

SSE

Hardware Acceptance Test.

Software Design Specification

SSE

Specification

Software Integration Test.

Software Module Specification

Software Module Testing

SSE

SSE

SSE

Testing

SSE Code modules

Figure 7: Thema4 application of GAMP 4 V-shaped diagram

The indication of management regarding the technical and performance characteristics of the new controller are described in Thema4 Functional Specification [10] derived from detailed specification documents. From the point of view of the sterilization process management, the new controller has acquired the entire know-how developed by Fedegari in the systems of the previous generations. Development of the requirements is followed by means of the documents described in Figure of V-diagram, reaching the highest level of detail for writing the code, in the first branch of the “V”, which corresponds to the design and construction phase.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page19 / 34

During Project phase, the following basic documents have been released:

Thema4 – Documents released in the Project phase Code

Document

SP SDTM HWDS SWDS SWMDS SWMTS/R HAT CM CC

FUNCTIONAL SPECIFICATION SOFTWARE DESIGN TRACEABILITY MATRIX HARDWARE DESIGN SPECIFICATION SOFTWARE DESIGN SPECIFICATION SOFTWARE MODULE DESIGN SPECIFICATION SOFTWARE MODULE TEST SPECIFICATIONAND RESULTS HARTDWARE ACCEPTANCE TEST CONFIGURATION MANUAL CHANGE CONTROL MANUAL Table 5 - Documents released in the Project phase of Thema4 life cycle

From the point of view of GAMP 5, the steps of V-Model can be grouped in stages of the general approach: Planning (with suppliers assessment and selection), Specification (Functional design, HW and SW design, Detailed software design), Coding & Configuration (for SW and HW components), Verification (SW module testing, Integration testing, HW acceptance test, System acceptance testing). As is possible to see from figure below, the V-diagram application on Thema4 project phase is very similar to GAMP 5 - Project stages approach for Custom Application.

Figure 8: GAMP 5 Project stages approach for Custom Application (Category 5)

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page20 / 34

2.2.6.1 Testing & Validation The Testing stage covers the entire Specification, providing tests on the individual software modules, tests on the mutual integration of these modules and, rising along the branch of the “V” of the GAMP life cycle, the final acceptance tests (Validation tests). The final acceptance tests have been devised by personnel not involved in development activity, in order to check independently that the original requirements have been implemented. During the Coding, review of the source code of the individual modules was performed by individuals not involved in the creation of the module, so as to separate the writing and control procedures. As defined by GAMP guide (and shown in V-shaped diagram), the specification documents, that correspond to each testing level have been used to define the tests plans and protocols, so as to outline the methods of execution and define the acceptance criteria for verifying that the requirements are met. It is therefore possible to have a complete traceability in detail: given a requirement, its embodiment in the functions and software modules that compose it, and the associated verification tests. A critical approach, based on risk analysis of the functions of the process controller, has been used for the final validation that corresponds to the System acceptance tests: risk management is applied to identify risk and to remove or reduce them to an acceptable level. 2.2.6.2 Risk analysis conducted in Project phase GAMP 4 suggests performing an assessment of the risks linked to the development and release of an automatic system in view of the fact that no matter how extensive and complex the testing phase of a system, it is highly unlikely that it is possible to reproduce all possible operating conditions. It is far more convenient, both for assurance in use and for efforts related to validation, to focus verification activities on the functions that are most critical due to their field of application and to the problems associated with the field. It is evident that this approach (like the falsely exhaustive one) includes a residual risk margin at the end of the testing process. However, differently from the approach that does not include assessment of the risks linked to the use of the system, in this case the residual risk is highly correlated to the less critical functions of the system. Moreover, this risk is managed by the activities that take place after release of the system, i.e., anomaly management and change control. As regards, in the Functional Testing (System Acceptance Testing) stage of Project phase, Thema4 risk analysis was conducted on the functions of the controller, evaluating their impact on the following risk criteria: a) Operator safety b) Sterilization process c) GMP d) Electronic data management e) Legal and business-related aspects As a result of this assessment, validation activity has been organized according to the criticality connected to each function; the functions of the controller related to the same risk category have been verified together. Because of the differences between the moist and dry heat sterilizers, from the process and functionalities points of view, the content of the risk analysis was referred to the two different kind of sterilizers by means of two document of “Risk analysis – Methodology” [11] [12].

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page21 / 34

2.2.7 Thema4 OPERATION phase In January 2004, with the final acceptance and formal release for use at the Project phase end, Thema4 started its Operation phase with the first installation on users machines, for the FAT activities and the following SAT (IQ, OQ and PQ). This phase of operational life is the longest in Thema4 Life Cycle (with a duration foreseen of 8-10 years) and it is still in progress. The main aim of this phase is to maintain compliance and fitness for intended use throughout the computerized system operational life, facing all necessary changes of: - system functions (to meet market requirements and expectations) - business process (to improve their efficiency and effectiveness) - software and hardware components (due to components obsolescence) - regulatory requirements - personnel involved in maintenance and development team This has been possible, thanks to the adoption of fitness and documented procedures, training activities and periodical reviews, covering use, management and maintenance. This procedures have allowed the implementation of a continuous repetition of product changes and release activities, by means of “Project stages” integrated with “key supporting processes” (as defined in GAMP 5 Life cycle), and then to maintain the control system updated with technological advance, fitness for intended use and compliance with GxP regulations.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page22 / 34

2.3 Thema4 key operation procedures The main procedures adopted and periodically updated, for the implementation of the key supporting operational processes, as defined in GAMP 5 approach of Grouping Operational Processes, are listed in the table below:

ENTRANCE, CIRCULATION AND EXIT OF PERSONNEL INSIDE FEDEGARI PREMISES

HOLD IN CHECK OF THE QUALITY RECORS PSQ 02

SAVING, CONTROL, ARCHIVING AND RECOVERY OF ELECTRONIC DATA

THEMA4 SOFTWARE PROGRAMS ARCHIVING PROCEDURE PR 115239

X

-

-

-

X

X

-

-

X

X

X

Reviewed in GAMP 5

X

PSQ 09

• Periodic Review (Internal Quality Audits) • Backup and Restore • Business Continuity Planning • Disaster Recovery Planning

ACCESS ASSIGNEMENT IN SSE DEPARTEMENT

• Change Management • Configuration Management

-

PR 109804

X

-

GENERATION OF “THEMA4 SW BACKUP” FOR NF

• Incident Management • CAPA

METHODS OF MANAGEMENT AND CONTROL OF CORRECTIVE ACTION AND PREVENTIVE ACTION

SCHEDULING, EXECUTION AND MANAGEMENT OF INTERNAL AUDIT

X

PAQ 05

POLICIES AND PROCEDURES THEMA4 SW LICENSES PP 109735

X

• Support Services • Performance Monitoring

PSQ 03

PROCEDURE FOR CHOICE, ISSUE INSTALLATION OF APPLICATION SOFTWARE FOR STERILIZER SETUP PAQ 113262

X

CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE

-

PR 113317

Security and System Administration Record Management

-

PAQ 0503

Continuity Management

-

• Handover Process

• Repair Activity Audits and Review

CHANGE CONTROL PROCEDURE FOR PROCESS CONTROLLERS

Change Management

PAQ 27961

Service Management and Performance Monitoring Incident Management and CAPA

Reviewed in GAMP 5

Handover

Process

PAQ 160175

Group of processes

Thema4 Main operational procedure

Reviewed in GAMP 5

GAMP 5 Key Supporting Processes

X

X

• Security Management • System Administration • Retention • Archive and Retrieval

X

Table 6 - Thema4 main operational procedures vs. GAMP 5 key supporting procedures

Fedegari Autoclavi SpA.

-

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page23 / 34

2.3.1 Handover No formal handover process for transfer responsibility has been implemented, because operation and maintenance activities on the Thema4 system has been taken in charge directly by the project team.

2.3.2 Service Management and Performance Management GAMP 5 Service and Performance Management covers the processes: - Support Service: process assuring the establishing and correct management of the Support Service, provided by internal or external resources, by means of agreements, contracts and maintenance plans. - Performance monitoring: scheduling and document activities of performance monitoring (tools and techniques), to capture timely problems and possible anticipate failures. Support Service processes, relative only the control system Thema4, has been implemented by means of the procedure PAQ-160175 – CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE. This procedure defines activities, resources and responsibility necessary to manage the customer support for all problems detected on Thema4 control system (software and hardware components, documentation and processes) in its operational life: - to capture, categorize, prioritize, review, progress and close all problems, - to manage formally each problem as a CASE ID and to direct it to the most appropriate and timely solution, - to record the CASE-ID management in a problems log, - to monitor the progress and provide feedback to users, - to execute CAPA process on critical problems detected, by means of identified corrective and preventive actions reported in a formal PROBLEM REMEDY document, by means of a root-causes analysis and the definition of actions preventing the problem recurrence, and so reducing the process/system failures, - to analyze performance monitoring and failure data, detected and stored inside the system. - to monitor operational, performance and failure data and to provide information for the periodical system evaluation and review, managed by the change control procedure, - to provide to the management, periodical trends of incidents and users problems/requests. Thema4 support service is provided, free of charge, to all machines released and equipped with this control system and it is integrated with all service activities provided, by post-sale department and agents/distributors and based on service agreements, contracts and maintenance plans. Performance Monitoring for Thema4 control system, has been implemented in Project phase of product development and continuously improved in Change Control activity, by means of monitoring internal functions. This data are collected and analyzed in the support activities, defined by PAQ-160175 – CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE.

2.3.3 Incident Management and CAPA Incident Management and CAPA are managed inside the process of Support Service and so has been defined by means of the same procedure: PAQ-160175 – CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE. Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page24 / 34

2.3.4 Change Management Process At the first release to the market of Thema4 control system in its Operation phase, the procedure PAQ-27961 – CHANGE CONTROL PROCEDURE FOR PROCESS CONTROLLERS has been released, in order to manage properly the two key processes: -

Configuration Management : all activities and reports necessary to maintain, at any point of its life cycle, the detailed definition of the control system in all its constituent components or “configuration item” (hardware, software, firmware, middleware and documents) and their baseline or “configurations”, released.

-

Change Management : all activities and reports necessary for maintaining the compliant status of the system, after a changes of one or more of its controlled “configuration item”.

This procedure, by means of the documents Configuration Manuals (for Thema4 HW/SW system and P/G Library) enclosed in the Validation Package, allows to precisely define all “items” (with their versions) and “ system configuration”, released in the subsequent change activities, from the initial step of development up to now. By means of the documents Change Control Manuals (for Thema4 HW/SW system and P/G Library), enclosed in the Validation Package, the procedure allows to maintain the traceability between the requirements implemented in a defined change activity and the “items” modified. 2.3.4.1 Thema4 – Change Activities Plan: workflow Thema4 change control process assures that : •

Thema4 changes requests collected are coded as new requirements (Change Report) or fault detected (Fault Report) and recorded in a Requirements log. • Change control provides a fault management, in order to cover the residual risk that is present in any product, after its validation and release. • Requirements CR/FR are collected by means of: - Internal orders for machines equipped with Thema4 control system, managed by procedure of CHOICE, ISSUE INSTALLATION, - Operational and performance data, gathered during the system operational life, by the procedure SOFTWARE SUPPORT – CASE ID, - Periodic reviews of Thema4 system. • A Change Activity is identified by a unique code CHxxx. • All proposed CR/FR changes of a Change Activity are formally proposed and authorized, specified in details and reviewed, to assess impact and risk of this implementation. • Each Change Activity is completely managed and documented by the internal document Change Activities Plan, where all activities are suitably evaluated, authorized, documented and approved, before and during the implementation and closed and released after the completion. Process is rigorous in the approach (sequence of activities, verifications, authorizations and extent of documentation) and it is scaled based on the nature, complexity, risk of the change effected and items affected, with verification activities that allow to release to the market only validated “configurations”. Workflow of Thema4 Change Control process is reported in the following schemes (derived from Change Control Procedure) where the two main process “CH (CHANGE) PROCESS” and “CR/FR (REQUIREMENTS) PROCESS” and their integration is showed.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page25 / 34

2.3.4.1.1 Requirements management (CR/FR PROCESS) The first step of Change Management is the CR/FR PROCESS, that collects all requirements to implement by the change activities. These requirements are of two categories: • FR - Fault Records: based on fault signalling and detection) •

CR - Change Request: requests of new implementations.

To allow an organized and complete management of these requirements, CR/FR PROCESS has been divided in a sequence of activities, fully recorded.

1

Phase

C R

FLS FauLt Signalling and collection

Fault Signal.

CHR

FLS

Change Verification Approval

CVA

F R

Change Req.Details

X

CHD

CHR CHange Request and collection

X

2

CVA Change Verification & Approval

X

X

3

CHD CHange Requirement Details (analysis)

X

X

4

CCA Change Completion & Approval

X

X

Table 7 - CR/FR PROCESS stages

Change Request

Ready for work in CH

CR/FR PROCESS Nr Code . phase

CR/FR PROCESS

CR/FR closed

Change Completion Approval

CCA

CR/FR archiving

Figure 9: Thema4 CR/FR PROCESS - Workflow

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page26 / 34

2.3.4.1.2 Change management (CH PROCESS) The requirements collected by CR/FR PROCESS are implemented in Thema4 control system by CH (CHANGE) PROCESS, that is described in the following workflow.

Process CH MANAGEMENT

CH Manag. Document

CH MANAGEMENT Change Proposal

FS

CHP

CR/FR MANAGEMENT

SDS HDS OSDS LENS

Change Approval

Change Req.Details

TM

CHA

SDSx

CRD

HATx

SMDS

Change Execution

Activity Life Cycle

SMTS

CHE

SPEC / CODING/OPERAT.

CHE/Plan

CH Spec Plan

CR-FR Analysis

CHE/Spec CHE/Activity

CH Activity Plan

SW archiving

CHE/UT-CR

CH UT-CR/ Plan

UT-CR Test case

REVIEW

TESTING

CH SIT/HAT Plan

CHE/SIT/HAT

SIT-HAT Test case

External Acceptance Change Completion New Session CHP/CHE (added new changes or acceptance failed)

External Acceptance Process

CH Cancel

CH ABORT

CHC Change Completed External acceptance to execute?

Y N

Change Issue

N

CHI

Acceptance OK?

Y

Y

N

Conditioned/parti al emission?

Issue?

CH ISSUE

Y

CH NOT ISSUE N

Figure 10: Thema4 CH PROCESS - Workflow

Thema4 change management procedure can require repetition loops for some phases and a final external acceptance, managed by Quality Manager, with the release of a “Validation certificate”. Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page27 / 34

2.3.4.1.3 Relation between the processes of Requirements management and Change management The following scheme describes the relation between CR/FR PROCESS and CH PROCESS.

THEMA4 CHANGE MANAGEMENT

PROCESS CH Change Proposal

CR/FR Selection

PROCESS CR/FR

CHP

PROCESS WORKFLOW

Change Approval

Change Request

Fault Signal.

CHR

FLS

Change Verification Approval

CHA

CVA Change Execution

CHE CHE/Plan CHE/Spec

CR/FR Spec.

Ready for work in CH

Change Req.Details

CHD

CHE/Activity CHE/UT-CR CHE/SIT-HAT

CR/FR Details

Change Completion

CHC Change Issue

CHI

Electronic data Reports (signed) Register

CR/FR implem. status

Change Completion Approval

CCA

CR/FR archive

CH archive

CHxxx Change Report Reg.

Figure 11: Thema4 Change Control procedure - Workflow

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page28 / 34

2.3.4.2 Relation between Thema4 Change Activity Plan and the Project approach of GAMP 5 Thema4 Change Control process workflow is composed of the 5 phases that correspond with the GAMP 5 Project stages: Planning (& Requirement), Specification, Coding & configuration, Verification and Reporting (and Release) . Due to their complexity, some procedure phases are divided in sub-phases, that are managed by dedicated documents. All these documents refers to the main doc. “CMD - Change Management Document / Cover”, GAMP 5 Project stages

CH ACTIVITY PROCESS Doc. (template)

Code phase

DM#238602

CMD CHange Management Document

DM#238904

CHP CHange Proposal

DM#238906

CHA CHange Approval

DM#238908

DM#238911 DM#238912

Phases and sub-phases

CHange

CHE Execution

Planning & Requirements

CHE/Plan

Planning

CHE/Spec

Specification

CHE/Act

Activity

CHE/UT-CR

Unit Test – Code Review

CHE/SIT/HAT

Software Integration Test – Hardware Acceptance Test

Specification, Coding & Configuration

CHC CHange Completion

Verification

Reporting & Release

CHI CHange Issue Table 8 - Thema4 Change Activities Plan phases vs. GAMP 5 Project stages

2.3.4.3 Delivery procedure of a Thema4 “Configuration” on NF Thema4 is a standard product released to the market in different “configurations”, depending on the model of hardware requested, the version of software components installed: - Wxx the application software that implements standard and optional general functions, - Kxx the Phases Groups Library that implements the processes executed on the machine - Lxx for languages requested. The Change control and configuration management process, with the sequence of the (standard) “configurations” released, implements a progressive and continuous improvement of Thema4 control system, for all market. The processes of choice and installation of the right HW/SW “configuration”, as requested by customer User Requirement and reported in the organization production documents (internal orders), is critical. For this reason a specific procedure, part of Configuration Management process, PAQ113262 – PROCEDURE FOR CHOICE, ISSUE INSTALLATION OF APPLICATION SOFTWARE FOR STERILIZER SETUP has been implemented, to ensure the choice and delivery of the right “configuration”, for each NF. This procedure is applicable even in case of SW/HW upgrade.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page29 / 34

2.3.4.4 Thema4 software licensing The use of the software Thema4, managing a Fedegari machines, is based on an End User License/Sublicense Agreement and the corresponding Software License Certificate released to user, for each sterilizer. Fedegari license policy related to the installation, distribution and utilization of Thema4 process controller is defined in the procedure PP-109735.2 – POLICIES AND PROCEDURES THEMA4 SW LICENSES.

2.3.5 Repair Activity Repair activity of control system components is managed by means of the procedure PAQ160175 – CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE, because is considered a particular case of Incident Management. In fact, repair and replacement typically cover defective hardware or installation of software. These activities do not have impact on system change control, because they consist only of replacement or installation of standard components (with a defined model and version), for the system “configuration” released for a defined machine. These activity are supported by means of the product documentation Configuration Manuals and Thema4 Installation Manual, released to the User. Spare parts are managed by Fedegari post sales departments, or by agents and distributors or by the user himself.

2.3.6 Periodic Review (Internal Quality Audits) GAMP 5 Periodic Review concerns the processes managing the internal quality audits, executed by Quality department, in order to verify and ensure the compliance of the system with regulatory requirements and company procedures/policy. Periodic Review processes inside the organization, relative to Thema4 development and management, has been implemented by means of the procedures: -

PSQ-03 – SCHEDULING, EXECUTION AND MANAGEMENT OF INTERNAL AUDIT for planning and management of the internal audit. A specific internal audit program is defined every year.

-

PAQ-05 – METHODS OF MANAGEMENT AND CONTROL OF CORRECTIVE ACTION AND PREVENTIVE for the management of the Corrective and Preventive Action (CAPA).

2.3.7 Continuity Management GAMP 5 Continuity Management covers the processes: - Backup and Restore: processes ensuring a proper management of backup copies of software, records and data (execution, retention time and secure area , recovery, test) - Business Continuity Planning: organization processes ensuring a proper and effective response and resumption, by a BCP, in case of events of failure and disruptions for the identified critical business processes/systems. - Disaster Recovery Planning: a subset of BCP (focused on disasters prevention and processes/systems redundancy) Continuity Management processes inside the organization, relative to Thema4 development and management, has been implemented by means of the procedures: -

PR-115239 - THEMA4 SOFTWARE PROGRAMS ARCHIVING PROCEDURE that defines the archiving criterions of the “configuration items” (as defined in Configuration Manual) of type firmware (when applicable, because managed separately from

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page30 / 34

hardware), middleware and software (for both source code and executable programs). This procedure is also applicable to FAT configuration data and backup data for all machines released to the market , equipped with Thema4 controller. PAQ-0503 – SAVING, CONTROL, ARCHIVING AND RECOVERY OF ELECTRONIC DATA that defines the organization policy regarding saving, control and archiving and recovery of electronic data for business management, stored in a defined safe area. The procedure details validated processes of global disaster recovery plan.

-

Continuity Management for Thema4 control system (Backup/Restore and Disaster Recovery) has been implemented in Project phase of product development, by means of: - functions of Backup/ Restore and Installation SW of the control system - SW/HW installation procedures, documented in Thema4 Installation Manual - Thema4 SW Backup provided to the user after every change of software version (included the first release after FAT) managed by the procedure PR-113317 – GENERATION OF “THEMA4 SW BACKUP” FOR NF.

2.3.8 Security and System Administration GAMP 5 Security and System Administration covers the processes: - Security Management : processes ensuring, by means of secure access management (password and physical security measures) and virus management, an adequate data protection, against willful or incidental loss, damage or unauthorized changes. - System Administration : processes ensuring administrative support for the system to the users Security and System Administration processes inside the organization, relative to Thema4 development and management, has been implemented by means of the procedures: -

-

PR-109804 - ACCESS ASSIGNEMENT IN SSE DEPARTEMENT that defines the access policy (for users and administrators) to Thema4 resources (software, firmware, middleware and IDE tools) by SSE personnel. PSQ-09 – ENTRANCE, CIRCULATION AND EXIT OF PERSONNEL INSIDE FEDEGARI PREMISES that defines the physical security measures adopted for the access to organization areas and resources.

Security and System Administration for Thema4 control system has been implemented in Project phase of product development, by means: -

functions of Password Management, well documented in specifications and documentation Thema4 User manual, that ensure an access management compliance with FDA regulation CFR21part11.

In order to guarantee safety, integrity and performances of Thema4 functions to the final user and to protect company know how, Thema4 is a “closed system” for the user and so no direct access to operative system, software components, source code and data is allowed. Access to software is allowed only by means of specific functions reserved to Fedegari personnel.

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page31 / 34

2.3.9 Record Management GAMP 5 Record Management covers the processes: - Retention: processes ensuring retention of regulated record, based on regulatory requirements and corporate policy. - Archive and Retrieval: processes ensuring archiving and retrieval of records based on regulatory requirements Record Management processes inside the organization has been implemented by means of the procedure, that has impact even on Thema4 development and management: -

PDQ02 – HOLD IN CHECK OF THE QUALITY RECORS that defines the organization operation in place in order to identify, collect, record, archive, preserve, retrieve and delete the quality records, in compliance with the company policies.

Record Management for Thema4 control system has been implemented in Project phase of product development, by means: -

functions of Data Management, well documented in specifications and documentation Thema4 User manual, that ensure a data management compliance with FDA regulation CFR21part11

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page32 / 34

Section 3

THEMA4 CONTROL SYSTEM

3 APPENDIX 3.1 – REFERENCES 3.2 – THEMA4 PROCEDURES 3.3 – ACRONYMS

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page33 / 34

3.1 REFERENCES 1. Good Manufacturing Practice, 1997 – Eudralex – Volume 4, Annex 13 and Annex 15 (July 2001) 2. Code of Federal Regulation, Chapter 21 Part 210 – Current Good Manufacturing Practice in Manufacturing, Processing, Packing or Holding of Drugs: General 3. Code of Federal Regulation, Chapter 21 Part 211 – Current Good Manufacturing Practice for Finished Pharmaceuticals 4. Code of Federal Regulation, Chapter 21 Parts 808, 812, 820. Medical Devices: Current Good Manufacturing Practice (cGMP) – Final Rule (1996) 5. EC Directive 93/42 – Medical Device 6. ISPE-GAMP FORUM: December 2004: GAMP 4: Guide for Validation of Automated Systems 7. ASTM E2500 Standard Guide for Specification, Design and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment 8. ISPE-GAMP FORUM: February 2008: GAMP5: A Risk-Based Approach to Compliant GxP Computerized Systems 9. QPP-89284 – Thema4 – Quality and Project Plan

10. FS-94296 – Thema4 – Functional Specification 11. DCV-101368 – Risk analysis – Methodology – Thema4 process controller for moist heat sterilizers 12. DCV-113331 – Risk analysis – Methodology – Thema4 process controller for dry heat sterilizers

3.2 THEMA4 PROCEDURES PAQ-160175

CUSTOMER SOFTWARE SUPPORT – CASE ID MANAGEMENT PROCEDURE

PAQ-27961

CHANGE CONTROL PROCEDURE FOR PROCESS CONTROLLERS

PAQ-113262

PROCEDURE FOR CHOICE, ISSUE INSTALLATION SOFTWARE FOR STERILIZER SETUP

PP-109735

POLICIES AND PROCEDURES THEMA4 SW LICENSES

PSQ-03

SCHEDULING, EXECUTION AND MANAGEMENT OF INTERNAL AUDIT

PAQ-05

METHODS OF MANAGEMENT AND CONTROL OF CORRECTIVE ACTION AND PREVENTIVE ACTION

PR-115239

THEMA4 SOFTWARE PROGRAMS ARCHIVING PROCEDURE

PAQ-0503

SAVING, CONTROL, ARCHIVING AND RECOVERY OF ELECTRONIC DATA

PR-113317

GENERATION OF “THEMA4 SW BACKUP” FOR NF

PR-109804

ACCESS ASSIGNEMENT IN SSE DEPARTEMENT

PSQ-09

ENTRANCE, CIRCULATION AND EXIT OF PERSONNEL INSIDE FEDEGARI PREMISES

PSQ-02

HOLD IN CHECK OF THE QUALITY RECORS

Fedegari Autoclavi SpA.

OF APPLICATION

DM#102179.6 - March 2012

Thema4 control system - VALIDATION PACKAGE - Life Cycle of process controller GAMP 5 Page34 / 34

3.3 ACRONYMS GAMP GMP PQLI CFR QMS QbD FS VP TH4 FDA FAT SAT CAPA BCP NF

Good Automated Manufacturing Practice Good Manufacturing Practice Product Quality Lifecycle Implementation (ISPES) Code of Federal Regulation Quality Management System Quality by Design Functional Specifications Validation Plan Thema4 Food and Drug Administration Factory Acceptance Test Site Acceptance Test Corrective And Preventive Action Business Continuity Plan Factory Number (unambiguous identification code of each machine)

Fedegari Autoclavi SpA.

DM#102179.6 - March 2012

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 1 / 21

THEMA4 CONTROL SYSTEM

21 CFR PART 11 COMPLIANCE ASSESSMENT “Electronic Records; Electronic Signatures” Document Rev.1

FEDEGARI AUTOCLAVI S.P.A. S.S. 235 km.8 - 27010 Albuzzano (PV) - ITALY +39 0382 434111  +39 0382 434150  http://www.fedegari.com

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 2 / 21

DOCUMENT REVISION LIST

Written and verified by:

Verified by:

Approved by:

1 0 Revision no.

Function

Name

Date

Valdation Engineer

D. Martigani

12-MAR-2010

Automation Mgr.

M. Ghelfi

12-MAR-2010

Quality System Mgr.

R. Boatti

12-MAR-2010

12-MAR-2010 04-OCT-2004 Date (dd/mmm/yyyy)

DAM GIR Author

Signature

D/O 110434.2 Update after critical review according to GAMP 5 D/O 110434.1 First issue Document Revision subject code

FEDEGARI has made every effort to ensure that information and data contained in this document are accurate and exhaustive. However, it assumes no responsibility in case of errors or omissions. FEDEGARI reserves itself the right to amend, at any time and without notice, the information regarding the items described in this document. FEDEGARI reserves itself the option of amending this document at any time without notice.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 3 / 21

DOCUMENT SECTIONS This document is composed of the following sections

1 FOREWORD 2 DEFINITIONS 3 COMPLIANCE ASSESSMENT

NOTATIONS In this document, these notations are used: NOTICE

for additional notices

REFERENCE

for references to other sections

IMPORTANT NOTICE

for important notices

WARNING!!

for very important notices

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 4 / 21

INDEX 1

FOREWORD 5 1.1 OVERVIEW ...................................................................................................................................................6 1.2 FDA 21 CFR PART 11 “ELECTRONIC RECORDS, ELECTRONIC SIGNATURES”..................................................6 1.2.1 Issuing 21 CFR part 11: history ..........................................................................................................6 1.3 THEMA4 CONTROL SYSTEM COMPLIANCE WITH 21CFR PART11 .....................................................................7 1.3.1 How Thema4 complies with 21 CFR Part 11?....................................................................................7 1.3.2 Scope of 21 CFR Part 11 for Fedegari systems ................................................................................7 2 DEFINITIONS 8 2.1 ELECTRONIC RECORDS (ER) ........................................................................................................................9 2.2 ELECTRONIC SIGNATURE (ES) ......................................................................................................................9 3 COMPLIANCE ASSESSMENT 10 SUBPART A--GENERAL PROVISIONS .......................................................................................................................12 §11.1 Scope ................................................................................................................................................12 §11.2 Implementation................................................................................................................................13 §11.3 Definitions...........................................................................................................................................14 SUBPART B—ELECTRONIC RECORDS ....................................................................................................................15 §11.10 Controls for closed systems. ............................................................................................................15 §11.30 Controls for open systems...................................................................................................................18 §11.50 Signature manifestations.....................................................................................................................18 §11.70 Signature/record linking.......................................................................................................................18 SUBPART C--ELECTRONIC SIGNATURES .................................................................................................................19 §11.100 General requirements........................................................................................................................19 §11.200 Electronic signature components and controls. ................................................................................20 §11.300 Controls for identification codes/passwords......................................................................................21

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Section 1

Page 5 / 21

THEMA4 CONTROL SYSTEM

1 FOREWORD 1.1 - Overview 1.2 - FDA 21 CFR Part 11 “Electronic records, Electronic Signatures” 1.3 - Thema4 control system compliance with 21CFR Part11

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 6 / 21

1.1 Overview The production of pharmaceuticals or medical devices is governed by specific manufacturing standards which tend to establish tests meant to ensure a certain qualitative level of the product and define a working method known as Good Manufacturing Practice. Any automatic system working in this environment has to comply with these rules. Since the 1980s, various control bodies and technical organizations have issued guidelines regarding automatic systems used in the production and control of pharmaceuticals and medical devices. The need for a shared approach regarding the methods for developing and managing an automatic system in the pharmaceutical field and medical devices (of which the automatic system can be an integral part or be a device in itself) led to the establishment of a study group known as GAMP (Good Automated Manufacturing Practice) Forum, which by transferring the principles of GMP focused its attention on the automatic systems used in these two particular fields.

1.2 FDA 21 CFR Part 11 “Electronic records, Electronic Signatures” In March of 1997, the Food and Drug Administration issued the final rule providing criteria for acceptance, by the agency itself, of electronic records and signatures as equivalent to paper records and handwritten signatures executed on paper. This rule was codified as 21 CFR Part 11 Electronic records; Electronic Signatures; Final Rule.

1.2.1 Issuing 21 CFR part 11: history • 1991 • July 1992 • August 1994 • March 1997 • August 2003

: Request from industry to FDA to accommodate paperless systems to GMP : FDA announces the intention to use ER/ES : Issue of the first draft of the proposed rule : Issue of the final rule : Issue of “Guidance for Industry” - Electronic Records; Electronic Signatures - Scope and Application

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 7 / 21

1.3 Thema4 control system compliance with 21CFR Part11 The Thema4 process controller used by Fedegari Autoclavi S.p.A. in its pharmaceutical machines (dry- and moist-heat sterilizers, washing machine, pass box, ..) is the natural evolution of the well-established and reliable Thema3 controller, which has been on the market since 1995. Thema4 process controller was developed following GAMP approach (GAMP 4 in the Conception and Project initial phases and the next Operation phase of its product life cycle and now, that the system is in the maturity of its Operational life, following the guide line GAMP 5).

1.3.1 How Thema4 complies with 21 CFR Part 11? Thema4 has a well-structured software program which offers an extensive set of “instruments” (i.e. variable parameters) that end user can customize (according to its own SOPs) for achieving and “easy and configurable” compliance to “part 11”. In this way we can state that Thema4 has built in a native compliance with 21 CFR part 11. The following sections describe how this requirements for a proper management of electronic records and signatures in regulated industries have been interpreted and satisfied by Thema4 computerized control system.

1.3.2 Scope of 21 CFR Part 11 for Fedegari systems

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Section 2

Page 8 / 21

THEMA4 CONTROL SYSTEM

2 DEFINITIONS 2.1 - Electronic Records (ER) 2.2 - Electronic Signature (ES)

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 9 / 21

2.1 Electronic Records (ER) ELECTRONIC RECORD - ER (as specified in the “Guidance for Industry” of August 2003) Records that are required to be maintained under predicate rule requirements and that are maintained in electronic format in place of paper format. Records that are required to be maintained under predicate rules, that are maintained in electronic format in addition to paper format, and that are relied on to perform regulated activities.

2.2 Electronic Signature (ES) ELECTRONIC SIGNATURE – ES (as defined in 21 CFR Part 11 § 11.3.(b).(7) ) Electronic signature means a computer data compilation of any symbol, or series of symbols, executed, adopted or authorised by an individual to be the legally binding equivalent of the individual’s handwritten signature.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Section 3

Page 10 / 21

THEMA4 CONTROL SYSTEM

3 COMPLIANCE ASSESSMENT

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

21 CFR PART 11 ELECTRONIC RECORDS; ELECTRONIC SIGNATURES Subpart A--General Provisions 11.1 Scope. 11.2 Implementation. 11.3 Definitions. Subpart B--Electronic Records 11.10 Controls for closed systems. 11.30 Controls for open systems. 11.50 Signature manifestations. 11.70 Signature/record linking.

Page 11 / 21

DESCRIPTIONS, COMMENTS AND NOTES ON THE COMPATIBILITY OF THE THEMA4 CONTROL SYSTEM WITH RULE 21 CFR PART 11 Hereinafter 21 CFR Part 11 is referenced as “Rule. Comments to Rule (written in italics) Notes regarding non-applicability the part of the system supplier bold). Description of the manner in system complies with the Rule normal font).

on the on (written in which the (written in

Subpart C--Electronic Signatures 11.100 General requirements. 11.200 Electronic signature components and controls. 11.300 Controls for identification codes/passwords.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 12 / 21

Subpart A--General Provisions §11.1 Scope (a) The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

(b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations. This part also applies to electronic records submitted to the agency under requirements of the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act, even if such records are not specifically identified in agency regulations. However, this part does not apply to paper records that are, or have been, transmitted by electronic means. (c) Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations, unless specifically excepted by regulation(s) effective on or after August 20, 1997.

(d) Electronic records that meet the requirements of this part may be used in lieu of paper records, in accordance with Sec. 11.2, unless paper records are specifically required.

(e)

Items (c) and (d) define the purpose of this Rule unequivocally: except for any specified exceptions, the FDA will consider “electronic signatures” and “electronic records” as fully equivalent to handwritten ones, provided that they comply with the prescriptions of this rule. As FDA specifies in the “Guidance for Industry” about the “Scope and Application” of part 11 (issued on August 2003) the rule shall apply with respect to records required to be maintained under predicate rules when persons choose to use records in electronic format in place of paper format. If the regulated organization uses paper records to demonstrate the compliance with applicable predicate rules part 11 does not apply.

Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

§11.2

Implementation.

(a) For records required to be maintained but not submitted to the agency, persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that the requirements of this part are met. (b) For records submitted to the agency, persons may use electronic records in lieu of paper records or electronic signatures in lieu of traditional signatures, in whole or in part, provided that: (1) The requirements of this part are met; and (2) The document or parts of a document to be submitted have been identified in public docket No. 92S-0251 as being the type of submission the agency accepts in electronic form. This docket will identify specifically what types of documents or parts of documents are acceptable for submission in electronic form without paper records and the agency receiving unit(s) (e.g., specific center, office, division, branch) to which such submissions may be made. Documents to agency receiving unit(s) not specified in the public docket will not be considered as official if they are submitted in electronic form; paper forms of such documents will be considered as official and must accompany any electronic records. Persons are expected to consult with the intended agency receiving unit for details on how (e.g., method of transmission, media, file formats, and technical protocols) and whether to proceed with the electronic submission.

Fedegari Autoclavi SpA

Page 13 / 21

Section 11.2 repeats and limits the preliminary information given in 11.1(d): electronic records and signatures can always be used, fully or partially, instead of paper ones, so long as they comply with the prescriptions of this Rule, in the case of documents that are required only to be maintained but not submitted to the FDA. The supplier of the system, in any case, cannot define what the user intends to manage as “electronic record” or with which “electronic records” and criteria the user intends to associate the “electronic signature”. These choices and their implementation are the exclusive responsibility of the user of the system. The Thema4 control system allows to make all the documents that it can generate compliant to this Rule.

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

§11.3

Definitions.

(a) The definitions and interpretations of terms contained in section 201 of the act apply to those terms when used in this part. (b) The following definitions of terms also apply to this part: (1) Act means the Federal Food, Drug, and Cosmetic Act (secs. 201-903 (21 U.S.C. 321-393)). (2) Agency means the Food and Drug Administration. (3) Biometrics means a method of verifying an individual’s identity based on measurement of the individual’s physical feature(s) or repeatable action(s) where those features and/or actions are both unique to that individual and measurable. (4) Closed system means an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system (5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. (6) Electronic record means any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system. (7) Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (8) Handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark. (9) Open system means an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.

Fedegari Autoclavi SpA

Page 14 / 21

“Electronic record” characteristic shall be applied not only to so-called “process reports” but also to any data item or combination of data stored in the system (system configuration, operating programs, calibration data, et cetera). Choosing what to manage as “electronic record” is not part of the duties of the system supplier and can be done only by the user (as FDA specifies in the “Guidance for Industry” about the “2.Definition of Part 11 Records”. Thema4 allows the user to treat as “electronic records” (ER) that comply with the provisions of this Rule all the data, parameters, et cetera that can be programmed by the user and contribute significantly to the management or safety of the system. For Thema4 controller ERs are: • Process data (Report) • Recipes • Configuration data • Audit trail

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 15 / 21

Subpart B—Electronic Records §11.10

Controls for closed systems.

Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

Thema4 is a closed system according to the definition of 11.3 b (4) and has access controls and procedures that are designed in compliance with the provisions of Subpart C of this Rule.

The Thema4 control system is subjected by the supplier to a full pre-validation, aimed at demonstrating and documenting its compliance with the functional specifications and its operating reliability. Validation activities follow what specified in validation plan. A Validation Package is available if required. Thema4 Life Cycle is carried out according to GAMP guideline. The pre-validation performed by the supplier cannot replace the validation that must be performed by the user and under the user’s responsibility: it can only facilitate, support and shorten user validation activities.

(b) The ability to generate accurate and complete copies of record in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records. (c) Protection of records to enable their accurate and ready retrieval throughout the records retention period.

All the ERs generated by the system are stored as “electronic documents” (files), which can be copied, printed and displayed in “human readable” form by virtue of the resources of the system. The system produces hard copies in its own format.

ERs managed by Thema4 (process data, sterilization cycles, configuration data, user accounts, ..) can not be modified, but only deleted. For each ER, Thema4 produce a back-up copy of the modified or deleted ER, allowing the retrieval of the unaltered form. Prior to every use by means of the system resources, the conformity (exactness and completeness) of the stored data is checked by means of integrity check routines (based on CRC 32 algorithm). Back-up and Restore of ERs (user selectable) can be executed by different media. These operation are password controlled. In any case, assurance of the protection of the electronic records can be given only by the user with a proper use of the system’s features.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

(d)

Limiting system individuals.

access

to

authorized

(e) Use of secure, computer-generated, timestamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.

Page 16 / 21

No one can access the functions of the system that allow to create, modify, transmit or delete ERs unless he has been authorized to do so beforehand in the manner described in the comments to Subpart C of the present Rule. In order to take into account the various requirements of users, the Thema4 offers various selectable modes for controlling access to the system. All these modes are compatible with the provisions of Subpart C of this Rule.

Thema4 generates and updates automatically an Audit Trails file. This means that every activity aimed at creating, modifying or deleting ERs by means of the resources of the system (including the back-up and restore procedures) is logged in a specifically provided electronic document that can be read independently of the system (file stored in readable form). This document is time-stamped, stored, retained and integrity checked in the same manner as the ERs. The ERs can be copied and inspected. It is the user’s responsibility to determine how to make them available to the FDA.

(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate.

Where appropriate, the Thema4 allows to perform certain operations only if other operations that are considered preliminary have been performed beforehand. For example, no document can be stored or printed unless its “conformity” has been checked by means of the CRC 32 algorithm. Moreover no change in any electronic record can be used is the file has not been saved.

(g) Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand.

The access to the system is controlled by two components code: one is “public” and assigned by the organization, the other one is secret and known only to the relevant user. The “first access” secret code shall be changed by the owner in order to “activate” the user account. Customizable password parameters are available to comply with several password policies and procedures. The management of authorizations and the checking of all the operations that might be performed manually are under the responsibility of the user of the system.

(h) Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction.

Fedegari Autoclavi SpA

The transmission of information (input) and the execution of commands (operational instruction) to the Thema4 system can occur only between the components of the system, which recognize each other on the basis of a specific communications protocol, recognizing and refusing unauthorized data sources.

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment (i) Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks.

Page 17 / 21

The personnel (of Fedegari and subcontractors) that contributed to the development of the Thema4 system has adequate experience and/or has been trained in this regard. The experience and training of the personnel that uses and maintains the system at the user’s premises is the responsibility of the user. If required Fedegari can perform training program for the use of the system.

(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.

(k) Use of appropriate controls over systems documentation including: (1) Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance. (2) Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation.

Fedegari Autoclavi SpA

Compliance with this prescription is exclusively a responsibility of the user of the system.

This requirement has a double impact: on the supplier and on the user’s organization. It is an user responsibility, to implement procedures and controls to comply with this requirements. The overall lifecycle of the Thema4 is carried out following the guide line GAMP approach. All the project documentation is controlled and issued according to a quality project plan and quality procedures. A change control and configuration management procedure is in place.

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

§11.30 Controls for open systems. Persons who use open systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls shall include those identified in Sec. 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.

§11.50 Signature manifestations. (a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following: (1) The printed name of the signer; (2) The date and time when the signature was executed; and (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature. (c) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

Page 18 / 21

This section is not applicable because the Thema4 is a closed system according to clause 11.10 of this Rule

All the ERs that can be generated with the system comprise the identification of the author, his full name, the date and time, the identification of the action performed (e.g. modification, deletion, transfer, et cetera).

All the ERs that can be generated by means of the system can be displayed and printed in humanreadable form. The printout includes all the data requited by clause 11.50(a) of the Rule; moreover, the file that stores these data for all ERs (“audit trail” file) can be displayed.

§11.70 Signature/record linking. Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

Fedegari Autoclavi SpA

The full name of the author and the date and time of the creation/modification of an electronic record are part of that record and cannot be disassociated from it, since they are among the data subjected to integrity checking.

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 19 / 21

Subpart C--Electronic Signatures §11.100 General requirements. (a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.

Electronic Signature (intended to be the legally binding equivalent in place of traditional handwritten signature) is not yet implemented on THEMA4 control system.

(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.

(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures. (1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857. (2) Persons using electronic signatures shall, upon agency request provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten signature.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 20 / 21

§11.200 Electronic signature components and controls. (a) Electronic signatures that are not based upon biometrics shall: (1) Employ at least two distinct identification components such as an identification code and password. (i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be use only by, the individual. (ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

The identification of users is carried out by means of a two component access code. These “two distinct identification components” for accessing the Thema4 system are constituted by an “identification code ID” and a “password” (up to nineteen characters, with a programmable minimum number of characters). The system does not generate documents or manage their revisions or approvals; it handles as electronic records all the changes and actions that an operator can perform on it. Only one operator at a time (with the “master access”) can generate electronic records, if authorized by a proper permissions profile. To do this, he must login in the system using sequentially both components of the access combination; the system automatically certifies the access and opens the work session: a single, continuous period of controlled system access. The system stores the operator name, associating it with the electronic records generated (see also comments to clauses 11.50 and 11.70). The system closes a work session automatically if no activity on the part of the operator is detected for a programmable time. Only the operator who is assigned an access combination that can be used to open an actual work session knows that combination in full, because the temporary password given to him initially by the administrator of the system allows only to update the password itself (password assigned only for the first access). Only after performing the first updating of the password does a combination actually allow to perform the operations on the system for which it was authorized by the supervisors, by a definition of an access profile . Subsequent signings during a work session always requires all two components of electronic signature.

(2) Be used only by their genuine owners; and

Another person might use a password only if the password was revealed by the person to whom that password is assigned.

(3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

Compliance with this prescription is a responsibility of the user of the system.

(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.

This clause is not applicable, because the Thema4 system does not use biometric instruments.

Fedegari Autoclavi SpA

D/O#110434.2 March 2010

Thema4 control system – 21 CFR Part 11 - Compliance assessment

Page 21 / 21

§11.300 Controls for identification codes/passwords. Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include: (a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

Even if electronic signature is not yet implemented in Thema4 control system, the criteria described in this section of 21 CFR part 11 are used in Thema4 to manage the access to the system and the identification of the users. Access to the system is allowed only by entering fully an “access combination” (see note to §11.200). The system does not allow to assign the same access combination to two different users or to assign the same name to two different access combinations (the names and access combinations used previously and then removed are also considered unusable). After a programmable maximum time period, the system forces the operators to renew their password (by himself or by means of a direct intervention of the system administrator). The system allows its administrators to monitor all information regarding the access combinations (except for the access passwords that are known only by the owner). Periodic revision of the identification codes (which in practice is equivalent to revision of the authorization to access the system) is solely the responsibility of the user of the system.

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromise tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls. (d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

Fedegari Autoclavi SpA

The provisions of this clause are not applicable, because no special devices are used to access the system.

After a programmable numbers of attempts to insert a password that is not related to the set access code ID, if the access code belongs to an operator the system disables that code automatically. The administrator can re-enable the disabled IDs. A programmable parameter specifies the number of times that an user has to renew his own Password code, using different codes every time, before he can reuse the initial Password code. The provisions of this clause are not applicable, because special devices are not used to access the system.

D/O#110434.2 March 2010

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 1 / 18

THEMA4 CONTROL SYSTEM

CRITICAL REVIEW AND RISK MANAGEMENT REPORT Change Activity CH231 Document Rev.1

FEDEGARI AUTOCLAVI SpA S.S. 235 km 8 - 27010 Albuzzano (PV) - ITALY +39 0382 434111  +39 0382 434150  http://www.fedegari.com

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 2 / 18

DOCUMENT REVISION LIST

WRITTEN AND VERIFIED BY:

Function

Name

Data

Validation Engineer

D. Martigani

04-MAR-2014

R. Boatti

04-MAR-2014

VERIFIED AND APPROVED Quality System Mgr. BY:

1

04-MAR-2014

DAM

D/O 339022.1

Revision No.

Date

Author name

Document code

Signature

First issue Revision subject

FEDEGARI has made every effort to ensure that information and data contained in this document are accurate and exhaustive. However, it assumes no responsibility in case of errors or omissions. FEDEGARI reserves itself the right to amend, at any time and without notice, the information regarding the items described in this document. FEDEGARI reserves itself the option of amending this document at any time without notice.

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 3 / 18

INDEX 1. 2. 3. 4. 5. 6. 7. 8. 9.

FOREWORD..................................................................................................................................................4 INTRODUCTION ...........................................................................................................................................4 NOTES ABOUT RISK MANAGEMENT........................................................................................................5 SCOPE...........................................................................................................................................................7 TERMS AND DEFINITIONS..........................................................................................................................7 Normative references ..................................................................................................................................8 References to other quality system documents.......................................................................................8 Roles and responsibilities ..........................................................................................................................8 Criteria of the analysis ................................................................................................................................9 9.1 QUALITATIVE CRITERIA .................................................................................................................................9 9.2 EVALUATION OF THE IMPACT SEVERITY ...............................................................................................................9 9.3 EVALUATION OF THE RISK LEVEL SEVERITY ........................................................................................................10 9.4 CRITICAL ANALYSIS ..........................................................................................................................................10 10. VALIDATION RESULTS ASSESSMENT ...................................................................................................11 10.1 DEFECTS CAUSING FAILURE OF VALIDATION TESTS ..........................................................................................11 10.2 DEFECTS NOT CAUSING FAILURE OF VALIDATION TESTS....................................................................................13 11. COMMENTS AND CONCLUSION..............................................................................................................15 12. APPENDIX A – THEMA4 FUNCTION W40.2 .............................................................................................16

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 4 / 18

1. FOREWORD The validation for a complex process controller as Thema4 can not be a “pass/fail process”. The results of the tests should be analysed according to pre-defined criteria in order to estimate the grade and the quality of the occurred deviations and of the pointed out notes. Following this approach a more conscious release can be obtained, giving also a scenario for possible corrective actions to be implemented according to their criticality. This document can be considered as the conclusion of the validation activity, which requires the review of the test results and can be used as the starting point for further actions which are out of the scope of the validation.

2. INTRODUCTION At the end of a specific validation exercise carried out on process controller software, a critical review of the test results is performed. This activity is part of the Risk Management Process and this document is the relevant “output”. With this activity the not-passed tests and the comments collected during the validation are analysed to verify their criticality, according to the Quality System Procedure PAQ-08 “Risk Management”. The results of this activity, reported in this document, shall be used to release the specific software version or not.

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 5 / 18

3. NOTES ABOUT RISK MANAGEMENT Analysis of the risks linked to the entire life cycle of a system or process is part of the activities known as “risk management”, which are an increasingly widely used approach to many different problems and issues. Risk management is the logic and systematic method by which, once the context has been established, the risks associated with an activity, function or process are identified, analyzed, evaluated, treated, controlled and reported. Such an approach is consistent with the awareness that regardless of the means used, there can be a residual risk, for which reduction to acceptable levels will be sought in any case. In the case of a sterilizer, there are many kinds of risk to be considered during the various phases of the life cycle (design, manufacture, qualification, use, modification, decommissioning); they involve machinery safety, the process being performed, legislative aspects and issues of conformity to the standards of reference, and the impact on financial and business-oriented considerations. Risk management is therefore a complex and multifaceted activity; because it involves various aspects of the product, addressing it properly and thoroughly requires various skills that are typically linked to the various professional roles that cooperate in producing and maintaining the product. In the context of the pharmaceutical industry, risk analysis is an activity that studies the system (whether automatic or not) and is performed in order to improve its operating characteristics and the quality of the pharmaceutical products and increase or enhance control over the entire process. In other words, risk analysis, regardless of the system being studied and therefore regardless of the methodology applied, is a tool that allows to highlight the potential causes of malfunction or fault that can have a negative impact on the quality of the pharmaceutical product and therefore on the health of the patient. Overview of the Risk Management Process is reported in scheme below::

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 6 / 18

The GAMP5 guide suggests to implement Risk Management in various phases of the life cycle of a project, in order to take into account its dynamic nature and update the results of the analysis with respect to the specific requirements and characteristics of the various phases of the life cycle of the project. In particular, the benefits of Risk Management are shown by GAMP5 as follows:

Business process, user and regulatory requirements Project approach – contracts, methods, timelines System components and architecture

!

Identify Risks

Analyze and Evaluate Risks

 Review Risk

System functions

Experience from use

 INPUT

Control Risks

Improved safety, product quality, and data integrity Informed decisions Achieving compliance and fitness for intended use Efficient validation Cost effective operation and maintenance Achieving business benefits

OUTPUT

The most important events relevant to THEMA 4 development where is necessary to implement the Risk Management are the following: •

Development of user requirements



Resources evaluation and development of functional specifications



Completion of project review before defining the validation tests

• Whenever a substantial change to the system becomes necessary For THEMA 4, the development of the “First User Requirements” coincided with the implementation of the characteristics of the THEMA 3 process controller, which has been commercially well-established for years, on the basis of the experience acquired by Fedegari Autoclavi in 50 years of activity in the field; for the functional specifications, commercially available products with known performance and reliability characteristics were taken into account as regards the hardware part of the controller.

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 7 / 18

4. SCOPE The analysis carried out in this document is referred to the validation exercise CH231 relevant to the software of the Thema4 process controller. The software applications considered in this exercise are T4PCS04n.02 for the PCS and T4GUI04n.02 for the GUI. These two software applications are part of “configuration W40.2” as described in the configuration manual for TH4.

5. TERMS AND DEFINITIONS The definitions of the concepts that could be helpful are given below. The definitions given in ISO guide 73 apply to all the other concepts. Harm – damage to health, including the damage that can occur from loss of product quality or availability Hazard - the potential source of harm (ISO/IEC Guide 51) Product Lifecycle – all phases in the life of the product from the initial development through marketing until the product’s discontinuation Quality risk management – a systematic process for the assessment, control, communication and review of risks to the quality of the product across the product lifecycle Quality system – the sum of all aspects of a system that implements quality policy and ensures that quality objectives are met Requirements – the explicit or implicit needs or expectations of the customers and statutory, legislative, or regulatory parties. Risk – the combination of the probability of occurrence of harm and the severity of that harm (ISO/IEC Guide 51) Risk acceptance – the decision to accept risk (ISO Guide 73) Risk analysis – the estimation of the risk associated with the identified hazards Risk assessment – a systematic process of organizing information to support a risk decision to be made within a risk management process. It consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. Risk communication – the sharing of information about risk and risk management between the decision maker and other stakeholders Risk control – actions implementing risk management decisions (ISO Guide 73) Risk evaluation – the comparison of the estimated risk to given risk criteria using a quantitative or qualitative scale to determine the significance of the risk Risk identification – the systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description Risk management – the systematic application of quality management policies, procedures, and practices to the tasks of assessing, controlling, communicating and reviewing risk Risk reduction – actions taken to lessen the probability of occurrence of harm and the severity of that harm Risk review – review or monitoring of output/results of the risk management process considering (if appropriate) new knowledge and experience about the risk Severity – a measure of the possible consequences of a hazard

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 8 / 18

6. NORMATIVE REFERENCES Document ID ref. FDA Guideline GAMP5 21 CFR Part 11

Title FDA – Guideline on general principles of process validation GAMP5: A Risk-Based Approach to Compliant GxP Computerized Systems Code of Federal Regulation, Chapter 21 Part 11 – Electronic record, Electronic Signature 21 CFR Part 210 Code of Federal Regulation, Chapter 21 Part 210 – Current Good Manufacturing Practice in Manufacturing, Processing, Packing or Holding of Drugs: General 21 CFR Part 211 Code of Federal Regulation, Chapter 21 Part 211 – Current Good Manufacturing Practice for Finished Pharmaceuticals 21 CFR Part 808 – 812 – Code of Federal Regulation, Chapter 21 Parts 808, 812, 820. Medical Devices: 820 Current Good Manufacturing Practice (cGMP) – Final Rule (1996) Directive 93/356/EEC Commission Directive 93/356/EEC of 13 June 1991 laying down the principles and guidelines of good manufacturing practice for medicinal products for human use. EU GMP Good Manufacturing Practice, 1997 – Eudralex – Volume 4, Annex 13 and Annex 15 (July 2001) MDD 93/42 EEC EC Directive 93/42 - Medical Device ISPE/PDA Guideline ISPE/PDA – Complying with 21 CFR Part. 11 (GAMP/SIG/21 CFR Part 11) PDA TR N° 18 Parenteral Drug Association – Technical Report 18 - “Validation of ComputerRelated Systems” ISO/IEC GUIDE 73 Risk Management – Vocabulary – Guidance for use in standards EN ISO 14971 Medical devices – Application of Risk Management to Medical Devices AS/NZS 4360 Risk Management

7. REFERENCES TO OTHER QUALITY SYSTEM DOCUMENTS In addition to documents recalled on par. 4, the other QS documentation referred to this report are listed in the following table:

1. 2. 3. 4. 5.

Document ID ref. VAP-75217 QPP-89284 D/O 86792 DCV 97242 ANL-55758

Title General validation plan for THEMA 4 process controller Thema 4 process controller – Quality and project plan Software Design Traceability Matrix Thema4 validation activities planning Risk Management File

8. ROLES AND RESPONSIBILITIES Analysis and review activities defined in the scope of this document have been performed according to the roles and the responsibilities reported below:

Name

Role

Daniela Martigani

Validation Engineer and Quality Auditor

Riccardo Boatti

Quality System Mgr. QUA

Fedegari Autoclavi SpA

Dept. RES

Responsibilties Drawing up of the validation assessment document. Defining the extension of the assessment, involving the other Fedegari’s departments interested to the analysis (if necessary) Coordinating the work of the assessment team (if necessary). Performed the internal audit ref. to software validation activity. Revision of the documentation, to assure the conformity with rules, standard, and applicable guidelines.

Acronym DAM

RIB

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 9 / 18

9. CRITERIA OF THE ANALYSIS Failure pointed out for software of the process controller are collected in two categories: ⇒ Deviations noted during the validation exercise causing a test failure ⇒ Deviations noted during the validation exercise not causing a test failure

9.1 Qualitative Criteria The qualitative criteria used for identifying the impact of the deviations recorded during the execution of the validation tests and for determining the extension of the corrective actions (if require to solve or reduce the risk associated with the problem pointed out by the failed test or annotation) are reported in the table below. A criticality is indicated for each item. Risk criterion Operator safety Sterilization process GMP Electronic record management Functional Legal and business-related aspects

Criticality High High Medium Medium Low Low

9.2 Evaluation of the impact severity The criticality is modulated according to the severity of the impact to the risk criteria: Grade High Medium Low Nil

Fedegari Autoclavi SpA

Description Direct impact Indirect impact Negligible impact No impact

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 10 / 18

9.3 Evaluation of the risk level severity The risk level relevant to each item is obtained according to the next matrix

Criticality

Severity High

Medium

Low

High

High

Medium

Medium

Medium

Medium

Medium

Low

Low

Low

Low

Low

Nil

Nil

Nil

Nil

9.4 Critical analysis The assessment team, taking into account the risk level of the considered defect or note and the experience of the members of the team, defines the most suitable action to cover or solve the item. Moreover, for each point of the SIT Review Report a synthetic information is given to underline if the item can affect negatively the product release, in order to give a clear technical indication to the Quality Assurance department for the release. Only one risk criterion can be individuated for each defect or note. If more than one risk criterion should be assigned to an item, the most critical one has to be chosen. The critical review and the risk management report refer to the last implemented changes that are documented on the followings: Doc. No. D/O 339013 D/O 100906 D/O 336933 D/O 188843 D/O 94296

Document type Internal Audit Report No. 271 Software Version issued for validation (rev.60 applicable for W40.2) SIT-HAT Plan CH 231 Configuration manual – HW and SW configuration Thema4 Functional Specification

Departement QUA SSE SSE SSE SSE

The critical review and the risk management report are based on the activities performed on the complete control system and documented on the followings: Doc. n° D/O 101368 D/O 101369

Document type Thema 4 – Risk analysis methodology Thema 4 – Risk analysis report

Departement RES RES

The functions of the THEMA 4 process controller are described in the Functional Specification, the individual functions related to SW version W40.2 are listed in Appendix A of this document.

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 11 / 18

10. VALIDATION RESULTS ASSESSMENT

M

L

CH 122

CR342 T02

G

M

M

FO FOD

CH 122

CR342 T06 T07

G F

L

L

FO

OPT. 21

CH 122

CR342 T17

F

L

L

FO

OPT. 18

The defect affects the upgrade of the SQL tables.

CH 122

CR381 T10

--

In the "Final Data" related to a Tyndallization program, it’s not printed the logical number of the probes that detected the minimum and maximum Tyndallization temperature

G

Fedegari Autoclavi SpA

L

L

FO

OPT. 19

OPT. 20 OPT. 21

Comments

The test asked to verify the activation of the alarm 195, while in the test is evident the activation of the alarm 188. The defect affects only the “Eurotherm” functionality With the "Parametric release table" option disabled it’s still printed, in the "System Parameters", the parameter "Golden Cycle acceptance", even if this parameter is not displayed The defect affects the “Parametric release” functionality for the transition “OFF” of the critical alarm

D/O#339022.1 Mar. 2014

Action

Release affected

F

FO FOD

Thema4 Option

Machine Type (4)

CR364 T03

Test

Severity (2)

CH 118

Ref.

Criterion (1)

Risk level (3)

10.1 Defects causing failure of validation tests

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities. Solve in one of the future versions, according to the development priorities. Solve in one of the future versions, according to the development priorities.

N

N

N

CH 129 (1) (2) (3) (4)

Comments

L

FO FOD FCDV FCDM

--

The defect affects the exchange of large data, in few time, between GUI and PCS

Action

Release affected

L

Thema4 Option

G, F

Machine Type (4)

FR577 T1

Page 12 / 18

Risk level (3)

CH 123

Test

Severity (2)

Ref.

Criterion (1)

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the N development priorities. S = Safety , P = Sterilization process, G = GMP, R = Electronic Record, F = Functional, O = Legal and business-related aspects H = High, M = Medium, L = Low H = High, M = Medium, L = Low FO = Autoclave, FOD = Oven, FCDV = Decontamination chamber by Hydrogen Peroxide Vaporized, FCDM = Decontamination chamber by dry mist biocide CR427 T1

F

Fedegari Autoclavi SpA

H

L

FO

--

Not all strings of the library T4LIB65a have been translated into Russian language

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 13 / 18

Comments

L

FO FOD FCDV FCDM

OPT. 2

The defect affects only on the Modbus functionality about the command “Preset single register”.

CH 123

CR339

F

H

L

FO

--

CH 141

CR417 T03

F

H

L

FCDV

--

CH 140

FR642 T01

G F

L

L

FO

--

CH 197

CR353 T02

G F

L

FO FOD FCDV FCDM

OPT. 6

Fedegari Autoclavi SpA

L

In the print-out in Chinese language, some data (Program parameters, System parameters and Calibration data) are not well aligned. Moreover some data are still written in English language. In the print-out of the “General Program Parameters”, the measurement unit of the proportional control of PID parameters is expressed in “mB - °Cx100” instead of Pascal In the Audit trail file, the operation “Login(s) property update: added PG BACKGROUND SYNOPTICS 12”, must be “Login(s) property update: added PG BACKGROUND SYNOPTICS 1-5”. The defect affects only the printout of the back-up parameter “TIME FOR AUTOM.ARCH.MANAG. (HH:MM)”

D/O#339022.1 Mar. 2014

Action

Release affected

M

Thema4 Option

F

Machine Type (4)

CR326 T01

Risk level (3)

CH 114

Test

Severity (2)

Ref.

Criterion (1)

10.2 Defects not causing failure of validation tests

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the development priorities.

N

L

L

CH 197

CR658 T3

G F

L

L

CH 231 CH 231 CH 231 CH 231 (1) (2) (3) (4)

FO FOD FCDV FCDM FO FOD FCDV FCDM

Comments

Action

Release affected

G F

Page 14 / 18

Thema4 Option

CR658 T2

Machine Type (4)

CH 197

Ref.

Severity (2)

Test

Criterion (1)

Risk level (3)

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

OPT. 25

The defect affects only the printout of the System parameter “ENABLE CUSTOMER PROCEDURES”

Solve in one of the future versions, according to the development priorities.

N

OPT. 25

The defect affects only the printout of the general program parameter “SHOW PROCEDURE”

Solve in one of the future versions, according to the development priorities.

N

Solve in one of the future versions, according to the N development priorities. Solve in one of the future G CR76 M FCDV -M versions, according to the N F T17 development priorities. Solve in one of the future FCDV The defect affects only the printout of the header G CR76 L -L versions, according to the N FCDM section, relevant to the TH4 Process Report. F T28 development priorities. Solve in one of the future The defect is relevant to an incorrect string displayed G FR743 versions, according to the L L FCDV -N in the bottom bar of the GUI. F T1 development priorities. S = Safety , P = Sterilization process, G = GMP, R = Electronic Record, F = Functional, O = Legal and business-related aspects H = High, M = Medium, L = Low H = High, M = Medium, L = Low FO = Autoclave, FOD = Oven, FCDV = Decontamination chamber by Hydrogen Peroxide Vaporized, FCDM = Decontamination chamber by dry mist biocide CR76 T6

G F

Fedegari Autoclavi SpA

L

L

FO

--

The defect affects only the printout of the program parameters, relevant to the auxiliary device “H2O Sterilizer”. The defect affects the conversion in Imperial unit (psi) of the phase parameters expressed in “Pa” without the decimal value.

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 15 / 18

11. COMMENTS AND CONCLUSION The open issues should be solved according to the analysis carried out and reported in this document, according to their criticality. No open issues affect the release of the current software version.

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 16 / 18

12. APPENDIX A – THEMA4 FUNCTION W40.2 The individual functions related to SW version W40.2 are listed below:

0. Start & Login 0.1 Welcome page 0.1.1 Login input page 1. Run & Operations 1.1 State machine 1.1.1 Run programs list 1.1.1.1 Parameters of selected program 1.1.1.2 “Input data” of selected program 1.1.1.3 “Process summary” of the loaded program 1.1.1.4 Graphic details 1.1.1.5 Process Report display 1.1.1.6 Cycle acceptance 1.1.2 Synoptic 1.1.3 Alarm details 1.1.4 Program buttons enable 2. Program Management 2.1 Program list 2.1.1 Selected program data 2.1.1.1 Parameters groups of selected program 2.1.1.2 P/G list of selected program 2.2 Golden cycle list 2.2.1 Golden cycle of selected program 2.3 Parametric release table list 2.3.1 Parametric release table of selected program 3. Cycle Management 3.1 Cycle list 3.1.1 Selected cycle data 3.1.1.1 Cycle selected P/G parameters 3.2 P/Gs Library 3.2.1 Library selected P/G parameters 4. Setup & Configuration 4.1 Setup summary 4.1.1 Factory parameters 4.1.2 Hardware physical view 4.1.2.1 Description of selected equipment 4.1.2.2 Insert a new equipment 4.1.3 Alarm configuration 4.1.3.1 Details of alarm 4.1.4 System parameters 4.1.4.1 System parameter group: “General” 4.1.4.2 System parameter group: “Door” 4.1.4.3 System parameter group: “Tank fill management” (only for FCDM) 4.1.4.4 System parameter group: “Steam Generator” (only for Autoclave) 4.1.4.5 System parameter group: “SCADA parameters” 4.1.4.6 System parameter group: “Printer configuration” 4.1.4.7 System parameter group: “Recorder parameters” 4.1.4.8 System parameter group: “WIT parameters” (only for Autoclave) 4.1.4.9 System parameter group: “Barcode parameters” 4.1.4.10 System parameter group: “SNTP parameters” 4.1.4.11 System parameter group: “Daylight saving” 4.1.4.12 System parameter group: “Units and formats” 4.1.4.13 System parameter group: “External SQL database” 4.1.4.14 System parameter group: “H2O2 Transducer” (only for FCDV and FCDM) Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 17 / 18

4.1.4.15 System parameter group: “H2O2 Generator” (only for FCDV) 4.1.4.16 System parameter group: Stand-by management 4.1.4.17 System parameter group: PG Background management 4.1.5 Date-Time setup 4.1.6 Language setup 4.1.7 Software version 4.1.8 Authorization parameters 4.1.9 GUI setup (only for Remote GUI) 5. Diagnose & Maintenance 5.1 Hardware physical view 5.1.1 Description of selected equipment 5.1.1.1 Description of selected module 5.2 I/O Logical view 5.2.1 Digital Input list 5.2.2 Digital Output list 5.2.3 Analog Input list 5.2.4 Analog Output list 5.3 Calibration of selected analog input channel 5.4 Maintenance Plan 5.4.1 Edit maintenance plan 5.5 Filter Maintenance 5.5.1 Edit maintenance plan 5.6 Steris Maintenance (only for FCDV with Steris generator) 5.7 Tank fill management (only for FCDM) 5.8 PG Background Synoptics 5.9 Backup & restore data 5.10 Hard disk status 5.10.1 HD maintenance parameters 5.10.2 Archive management 5.11 Archive conversion 5.12 Test (only for Oven) 6. Log-in & Password 6.1 List of open sessions 6.2 General login data 6.2.1 Profile management 6.3 Password configuration 6.3.1 Selected login configuration 6.3.2 New login 6.3.2.1 Change “Login parameters” 6.3.2.2 Change “Login operations list” 6.4 Change password 7. Alarm & Data logging 7.1 Logged alarm 7.2 Data logging 7.3 Historic data 7.3.1 Full list historic data 7.3.2 Alarm configuration 7.3.3 Hardware configuration 7.3.4 Maintenance archive 7.3.5 Filter maintenance archive 7.3.6 Backup config. Archive 7.3.7 Calibration archive 7.3.8 Parameters archive 7.3.9 Programs archive 7.3.10 Cycle archives 7.3.11 Golden cycle archives 7.3.12 Parametric release table archive 7.3.13 Access management Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

Thema4 control system – CRITICAL REVIEW AND RISK MANAGEMENT REPORT – CH231

Page 18 / 18

7.4 Audit report 8. On-line manuals 9. Sterilization management 10. External system 11. Doors management 12. Black-out management

Fedegari Autoclavi SpA

D/O#339022.1 Mar. 2014

04-MAR-2014

Doc.n°: #339032.1

Date :

Albuzzano, PV, Italy

¾ validation exercise has been conducted by authorised and qualified personnel in accordance with the applicable Quality System procedures; ¾ tested functionalities are reported in the appendix of the document Critical review and risk management report part of Thema4 Validation Package.

WE DECLARE THAT

W 40.2 Riccardo Boatti Quality System Manager

Corresponding to SW application program

T4PCS 04n.02.00 T4GUI 04n.02.00

Relevant to Programs

PCS GUI

The SW version reported in this certificate is validated and can be released.

Whereas the results of the Final acceptance testing activities that have been documented in the Critical review and risk management report.

Considering the results of the Software validation activities, that have been carried out as described in the Quality Assurance Procedure PAQ-117231 and are documented in the Thema4 Validation Package.

THEMA4 CONTROL SYSTEM

SOFTWARE VALIDATION CERTIFICATE

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 3 / 128

INTRODUCTION The THEMA4 process controller manufactured by Fedegari Autoclavi SpA is an electronic system, based on commercial hardware, dedicated to the control of moist-heat or gas dry-heat sterilization processes and vaporized Hidrogen Peroxide decontamination or Dry Mist decontamination processes in according to different type machines: Machine type

Machine

Processes

1

Autoclave

2

Oven

3

FCDV (VHP)

Fedegari Cabinet Decontamination VHP (Vaporized Hydrogen Peroxide)

4

FCDM (DMD)

Fedegari Cabinet Decontamination Mist

moist-heat or gas sterilization dry-heat sterilization

An ordered sequence of phases aimed at sterilizing a load, i.e., a so-called sterilization “cycle”, can be performed only if several parameters are specified, such as the physical values of pressure or temperature to be reached during the various phases or the duration of these phases. A “parameterized cycle” is normally termed “program”. Thema4, from the initial phases of Conception and Project of its Life Cycle, has been developed following the guide line GAMP 4. Now Thema4 is in the Operational phase and the reference approach of the system management is the guide line GAMP 5". Access to the Thema4 process controller and password structure and management was developed in compliance with the “CFR 21 Part 11” directive.

NOTES ON SCREEN-SHOTS The screen-shots reported in this document have to be considered as an indication and minor changes can be done without updating this document.

NOTATIONS In this manual, these notations are used: NOTICE

for additional notices

REFERENCE

for references to other sections

IMPORTANT NOTICE

for important notices

WARNING!!

for very important notices

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 4 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 5 / 128

DOCUMENT SECTIONS 1 PHYSICAL DESCRIPTION OF THE CONTROL SYSTEM 2 PROCESS MANAGEMENT 3 DIALOGUE LANGUAGE 4 PASSWORDS 5 LIST OF OPERATIONS 6 PROGRAM EXECUTION 7 PRINTOUT MANAGEMENT 8 BLACKOUT 9 DOOR MANAGEMENT 10 EXTERNAL RECORDERS MANAGEMENT 11 GLOSSARY

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 6 / 128

INDEX 1

PHYSICAL DESCRIPTION OF THE CONTROL SYSTEM............................................................................11 1.1 SYSTEM ARCHITECTURE .....................................................................................................................13 1.2 HARDWARE ARCHITECTURE ...............................................................................................................14 1.2.1 SIDE 1 (PRIMARY) OPERATOR PANEL.........................................................................................14 Minimum Requirements Of Side 1 Panel PC Of THEMA4 System .............................................................14 Minimum Requirements Of Side 1 Blind PC + monitor Of THEMA4 System ..............................................15 1.2.2 SIDE 2 (SECONDARY) / SIDE 3 (TECHNICAL AREA) OPERATOR PANELS...............................15 1.2.3 PLC REMOTE I/O MODULES ..........................................................................................................15 1.2.4 HUB FOR ETHERNET CONNECTION BETWEEN OPERATOR PANELS AND EXTERNAL CONNECTIONS. .............................................................................................................................................16 1.2.5 UPS FOR BLACKOUT MANAGEMENT...........................................................................................17 1.2.6 THERMAL PRINTER ........................................................................................................................17 1.2.7 SIDE 1/2 DOOR MANAGEMENT MODULES ..................................................................................18 1.2.8 REMOTE OPERATOR STATION.....................................................................................................20 1.3 SOFTWARE ARCHITECTURE................................................................................................................21 1.3.1 SOFTWARE COMPONENTS...........................................................................................................21 1.4 DATA STORAGE .....................................................................................................................................22 1.5 BACKUP/RESTORE DATA .....................................................................................................................22 1.6 CONNECTION TO THE FIELD................................................................................................................23 1.6.1 ANALOG INPUT ...............................................................................................................................23 Analog Input For Autoclave .........................................................................................................................23 Analog Input For Oven.................................................................................................................................24 Analog Input For VHP ..................................................................................................................................24 Analog Input For DMD .................................................................................................................................24 1.6.2 ANALOG OUTPUT ...........................................................................................................................25 1.6.3 EXTERNAL ANALOG INPUT ...........................................................................................................25 1.7 CONNECTION TO EXTERNAL SYSTEM ...............................................................................................25 1.8 UNITS OF MEASURE..............................................................................................................................25 1.8.1 UNITS OF MEASURE FOR AUTOCLAVE.......................................................................................25 1.8.2 UNITS OF MEASURE FOR OVEN...................................................................................................25 1.8.3 UNITS OF MEASURE FOR FCDV / FCDM .....................................................................................25 1.8.4 COMPLIANCE TO THE INTERNATIONAL SYSTEM ......................................................................26 Compliance To The International System for Autoclave .............................................................................26 Compliance To The International System for Oven.....................................................................................26 1.8.5 COMPLIANCE TO THE ANGLO-SAXON SYSTEM.........................................................................27 Compliance To The Anglo-Saxon System for Autoclave.............................................................................27 Compliance To The Anglo-Saxon System for Oven....................................................................................27 1.9 LIMIT OPERATING CONDITIONS ..........................................................................................................27 2 PROCESS MANAGEMENT............................................................................................................................29 2.1 THEMA4 “PROCESS TASK” ARCHITECTURE......................................................................................30 2.2 PHASE GROUPS – CYCLES - PROGRAMS..........................................................................................31 2.3 “PHASE GROUP” LIBRARY ....................................................................................................................32 2.3.1 Relation between P/GC (Cycle) and P/GS (Stand-by process)........................................................33 2.3.2 P/GS: standby P/G............................................................................................................................34 2.3.3 P/GB: background P/G .....................................................................................................................35 2.4 CYCLE EXECUTION GENERAL FLOW..................................................................................................36 2.4.1 Phases execution flow for machine Type 1 ......................................................................................36 2.4.2 Phases execution flow for machine Type 2-4 ...................................................................................36 2.5 CYCLES AND OPERATING PROGRAMS ..............................................................................................37 2.6 ALARMS – GENERAL INFORMATION ...................................................................................................38 2.6.1 "KERNEL" ALARMS .........................................................................................................................40 2.6.2 “CONFIGURATION” ALARMS..........................................................................................................40 Simple Input Alarms.....................................................................................................................................40 Activation Monitoring Alarms .......................................................................................................................40 "Complete" Alarms For Motors ....................................................................................................................40 "Complete" Alarms For Valves.....................................................................................................................40 "Partial" Alarms For Motors..........................................................................................................................41 Comparison Alarm For Analog Input ...........................................................................................................41 2.6.3 "PHASE" ALARMS............................................................................................................................41 2.6.4 “CONFIGURABLE” ALARM LIST .....................................................................................................41 2.6.5 CAUSES AND SOLUTIONS OF ALARMS.......................................................................................41

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

3 4

5

6

7

Page 7 / 128

2.6.6 ALARMS TEXTS AND DEFAULT EFFECTS – DELAY ...................................................................42 Alarms Texts And Default Effects – Delay For Autoclave ...........................................................................42 Alarms Texts And Default Effects – Delay For Oven...................................................................................48 Alarms Texts And Default Effects – Delay For VHP....................................................................................51 Alarms Texts And Default Effects – Delay For DMD ...................................................................................55 DIALOGUE LANGUAGE ................................................................................................................................59 PASSWORDS .................................................................................................................................................61 4.1 ACCESS CODE CONFIGURATION........................................................................................................62 4.2 ACCESS...................................................................................................................................................62 4.3 OPERATING MODES ..............................................................................................................................62 4.4 PASSWORD MODIFICATION .................................................................................................................62 4.5 ACTIVE CODE CONFIGURATION DISPLAY/PRINTOUT......................................................................63 LIST OF OPERATIONS ..................................................................................................................................65 5.1 OPERATING MENUS ..............................................................................................................................66 5.1.1 RUNS & OPERATIONS....................................................................................................................67 5.1.2 PROGRAM MANAGEMENT.............................................................................................................68 5.1.3 CYCLE MANAGEMENT ...................................................................................................................69 List Of Cycles...............................................................................................................................................69 Phase Groups ..............................................................................................................................................70 5.1.4 SETUP & CONFIGURATION ...........................................................................................................71 Factory Parameters .....................................................................................................................................72 Hardware Physical View ..............................................................................................................................75 Alarm Configuration .....................................................................................................................................76 System Parameters .....................................................................................................................................77 Date/Time Setting ........................................................................................................................................78 Language Setting.........................................................................................................................................78 Software Version..........................................................................................................................................78 Authorization Parameters ............................................................................................................................79 Remote GUI .................................................................................................................................................80 Figure 23 – Remote GUI..............................................................................................................................80 5.1.5 DIAGNOSE & MAINTENANCE ........................................................................................................81 Hardware Physical View ..............................................................................................................................82 Logical View.................................................................................................................................................82 Autodiagnosis Of Analog And Digital Outputs .............................................................................................83 Animated P&ID ............................................................................................................................................84 Calibration....................................................................................................................................................85 Maintenance Plan ........................................................................................................................................86 Filter Maintenance (only for autoclave)........................................................................................................87 PG Background Synoptic 1-5 ......................................................................................................................88 VHP Maintenance (only for VHP) ................................................................................................................89 Tank Filling Management Maintenance (only for DMD) ..............................................................................90 Backup & Restore ........................................................................................................................................91 Archive Conversion (Only For Remote GUI) ...............................................................................................92 Test (only for oven) ......................................................................................................................................92 Hard Disk Status ..........................................................................................................................................93 5.1.6 LOG-IN & PASSWORDS..................................................................................................................94 Log-In status ................................................................................................................................................94 Log-In data...................................................................................................................................................95 Password configuration............................................................................................................................. 100 5.1.7 ALARM & DATA LOGGING........................................................................................................... 101 Alarm History ............................................................................................................................................ 101 Process Report History ............................................................................................................................. 102 Data History .............................................................................................................................................. 103 Audit Report .............................................................................................................................................. 104 5.1.8 ON-LINE MANUALS ...................................................................................................................... 105 5.2 OPERATIONS THAT ARE DISABLED DURING A CYCLE ................................................................. 106 PROGRAM EXECUTION............................................................................................................................. 107 6.1 TIME CALCULATION............................................................................................................................ 108 6.2 PROCESS SUMMARY ......................................................................................................................... 108 6.3 PROCESS REPORT............................................................................................................................. 108 PRINTOUT MANAGEMENT ........................................................................................................................ 111 7.1 PRINTERS USED BY THEMA4............................................................................................................ 112 7.2 ARCHIVED AND PRINTED DATA........................................................................................................ 112 7.3 “PROCESS REPORT” PRINTOUT....................................................................................................... 113 7.3.1 AUTOMATIC OR MANUAL PRINTOUT ........................................................................................ 113

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 8 / 128

7.3.2 REDUCED OR NORMAL PRINTOUT FORMAT........................................................................... 113 BLACKOUT ................................................................................................................................................. 115 8.1 BLACKOUT MANAGEMENT ................................................................................................................ 116 8.1.1 BLACKOUT DETECTION.............................................................................................................. 116 8.1.2 BLACKOUT MANIFESTATION ..................................................................................................... 116 8.1.3 BLACKOUT PROCEDURE............................................................................................................ 116 Blackout management for machine type 1 and 2 ..................................................................................... 116 Blackout management for machine type 3 and 4 ..................................................................................... 116 8.2 STERILIZATION TIME ELAPSED DURING A BLACKOUT ................................................................. 117 8.3 TREATMENT TIME ELAPSED DURING A BLACKOUT...................................................................... 117 9 DOOR MANAGEMENT................................................................................................................................ 119 9.1 DOOR MANAGEMENT OF AUTOCLAVE............................................................................................ 120 9.1.1 DOOR OPENING CRITERIA......................................................................................................... 120 Process Conditions For Door Opening ..................................................................................................... 120 Safety Requirements For Door Opening .................................................................................................. 120 9.1.2 CRITERIA FOR MOVING MOTORIZED DOORS ......................................................................... 121 Door System Alarms ................................................................................................................................. 121 9.2 DOOR MANAGEMENT OF OVEN ....................................................................................................... 122 9.2.1 LOADING AND UNLOADING OPERATIONS ............................................................................... 122 Loading ..................................................................................................................................................... 122 Unloading.................................................................................................................................................. 122 10 EXTERNAL RECORDERS MANAGEMENT ........................................................................................... 123 10.1 TYPE 1 INTEGRATION ........................................................................................................................ 124 10.2 TYPE 2 INTEGRATION ........................................................................................................................ 124 10.2.1 TYPE 2A INTEGRATION............................................................................................................... 124 10.2.2 TYPE 2B INTEGRATION............................................................................................................... 124 Integration With Yokogawa Recorders, Series DX100P/DX200P / Series DX1000P/DX2000P.............. 124 10.3 TYPE 3 INTEGRATION ........................................................................................................................ 125 10.4 TYPE 4 INTEGRATION ........................................................................................................................ 125 10.4.1 TYPE “TH4 RECORDER” INTEGRATION .................................................................................... 125 11 GLOSSARY.............................................................................................................................................. 127

8

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 9 / 128

TABLES Table 1 – SW and HW components .......................................................................................................................13 Table 2 – Limit values for analog readings for autoclave .......................................................................................23 Table 3 – Limit values for analog readings for oven...............................................................................................24 Table 4 - Alarm Details ...........................................................................................................................................39 Table 5 - Alarm strings / Effects / Delay for autoclave ...........................................................................................45 Table 6 - Alarm strings / Effects / Delay for oven ...................................................................................................49 Table 7 - Alarm strings / Effects / Delay for VHP....................................................................................................53 Table 8 - Alarm strings / Effects / Delay for DMD...................................................................................................56 Table 9 – System parameters.................................................................................................................................77 Table 10 – Th4ma4 software components .............................................................................................................78 Table 11 – Authorization parameters .....................................................................................................................79 Table 12 – Diagnose & maintenance functions ......................................................................................................81 Table 13 – Diagnostic data of channels in digital modules ....................................................................................82 Table 14 – Diagnostic data of channels in analog modules ...................................................................................82 Table 15 – Diagnostic data of channels by type.....................................................................................................83

FIGURES Figure 1 - Thema4 system architecture..................................................................................................................12 Figure 2 - Thema4 HW and SW architecture .........................................................................................................13 Figure 3 – Panel PC Requirements........................................................................................................................14 Figure 4 – Blind PC + monitor Requirements.........................................................................................................15 Figure 5 – Thema4 “process tasks” architecture ....................................................................................................30 Figure 6 – Relation among PGL, Cycles and Programs ........................................................................................32 Figure 7 –P/GC - P/GS relation: state diagram ......................................................................................................33 Figure 8 – Operating Menus ...................................................................................................................................66 Figure 9 – Virtual Keyboard ....................................................................................................................................66 Figure 10 – Run & Operations ................................................................................................................................67 Figure 11 – Program Management.........................................................................................................................68 Figure 12 – Cycle Management .............................................................................................................................69 Figure 13 – Set of maximum temperature in cycle parameters summary..............................................................70 Figure 14 – Setup & Configuration .........................................................................................................................71 Figure 15 – Setup & Configuration: Factory Parameters for autoclave..................................................................72 Figure 16 – Setup & Configuration: Factory Parameters for autoclave with mixed processes ..............................72 Figure 17 – Setup & Configuration: Factory Parameters for oven .........................................................................73 Figure 18 – Setup & Configuration: Factory Parameters for VHP..........................................................................74 Figure 19 – Setup & Configuration: Factory Parameters for DMD .........................................................................74 Figure 20 – Setup & Configuration: HW physical view...........................................................................................75 Figure 21 – Setup & Configuration: Alarm Configuration .......................................................................................76 Figure 22 – Setup & Configuration: System Parameters .......................................................................................77 Figure 23 – Remote GUI.........................................................................................................................................80 Figure 24 – Diagnose & Maintenance ....................................................................................................................81 Figure 25 – Diagnose & Maintenance: IO Logical view..........................................................................................82 Figure 26 – Diagnose & Maintenance: autodiagnose of Digital output ..................................................................83 Figure 27 – Diagnose & Maintenance: autodiagnose of analog output .................................................................83 Figure 28 – Diagnose & Maintenance: Animated P&ID .........................................................................................84 Figure 29 – Diagnose & Maintenance: Calibration .................................................................................................85 Figure 30 – Diagnose & Maintenance: Details of calibration..................................................................................85 Figure 31 – Diagnose & Maintenance: Maintenance Plan .....................................................................................86 Figure 32 – Diagnose & Maintenance: Filter Maintenance ....................................................................................87 Figure 33 – Diagnose & Maintenance: P/G background ........................................................................................88 Figure 34 – Diagnose & Maintenance: VHP Maintenance .....................................................................................89 Figure 35 – Diagnose & Maintenance: VHP Maintenance .....................................................................................90 Figure 36 – Back-up page ......................................................................................................................................91 Figure 37 – Diagnose & Maintenance: Archive conversion....................................................................................92 Figure 38 – Test page.............................................................................................................................................92 Figure 39 – Diagnose & Maintenance: Hard Disk Status .......................................................................................93 Figure 40 – Log-in & Passwords: Log-in status......................................................................................................94 Figure 41 – Log-in & Passwords: Log-in data ........................................................................................................95 Figure 42 – Log-in & Passwords: General Log-in data ..........................................................................................96 Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION

Page 10 / 128

Figure 43 – Log-in & Passwords: Profile management ..........................................................................................97 Figure 44 – Log-in & Passwords: Remote authentication ......................................................................................98 Figure 45 – Log-in & Passwords: Signature configuration .....................................................................................99 Figure 46 – Log-in & Passwords: Password Configuration ................................................................................. 100 Figure 47 – Log-in & Passwords: Password Configuration \ New login .............................................................. 100 Figure 48 – Alarm & Data logging ....................................................................................................................... 101 Figure 49 – Alarm history..................................................................................................................................... 101 Figure 50 – Alarm & Data logging: Process Report ............................................................................................ 102 Figure 51 – Alarm & Data logging: Historic Data................................................................................................. 103 Figure 52 – Alarm & Data logging: Audit Report ................................................................................................. 104 Figure 53 – On-line manuals ............................................................................................................................... 105

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Section 1

Page 11 / 128

THEMA4 CONTROL SYSTEM 1 PHYSICAL DESCRIPTION OF THE CONTROL

SYSTEM 1.1 - SYSTEM ARCHITECTURE 1.2 - HARDWARE ARCHITECTURE 1.2.1 - SIDE 1 (PRIMARY) OPERATOR PANEL 1.2.2 - SIDE 2 (SECONDARY) / SIDE 3 (TECHNICAL AREA) OPERATOR PANELS 1.2.3 - PLC REMOTE I/O MODULES 1.2.4 - HUB FOR ETHERNET CONNECTION BETWEEN OPERATOR PANELS AND EXTERNAL CONNECTIONS. 1.2.5 - UPS FOR BLACKOUT MANAGEMENT 1.2.6 - THERMAL PRINTER 1.2.7 - SIDE 1/2 DOOR MANAGEMENT MODULES 1.2.8 - REMOTE OPERATOR STATION

1.3 - SOFTWARE ARCHITECTURE 1.3.1 - SOFTWARE COMPONENTS

1.4 - DATA STORAGE 1.5 - BACKUP/RESTORE DATA 1.6 - CONNECTION TO THE FIELD 1.6.1 - ANALOG INPUT 1.6.2 - ANALOG OUTPUT 1.6.3 - EXTERNAL ANALOG INPUT

1.7 - CONNECTION TO EXTERNAL SYSTEM 1.8 - UNITS OF MEASURE 1.8.1 - UNITS OF MEASURE FOR AUTOCLAVE 1.8.2 - UNITS OF MEASURE FOR OVEN 1.8.4 - COMPLIANCE TO THE INTERNATIONAL SYSTEM

1.9 - LIMIT OPERATING CONDITIONS

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 12 / 128

The THEMA4 control system, as defined in the CONFIGURATION MANUAL document, is composed of the following 8 main parts: 1 – Side 1 Operator Panel (primary /S1): Panel PC / Blind PC + monitor 2 – Operator Panels for Side 2 (secondary /S2) / Side 3 (technical area /S3) 3 – PLC remote I/O modules 4 – Hub for Ethernet connection between operator panels and external connections 5 – UPS for blackout management 6 – Thermal printer 7 – Side 1/2 door management modules 8 – Remote operator station These 8 main parts are interconnected as shown schematically here

6

STERILIZER

5

Thermal printer

Field Bus

1

2

Operator Panel Side 2

Operator Panel Side 1

card BUS

3

UPS

Operator Panel Technical Area

Operator Panel 1

PWR BUS

D D IN OUT

AN AN IN OUT

4-20mA/Pt100 Converter

Operator Panels 2/3

7

FIELD: Sterilizer devices (Sensors and Actuators)

Door module

4 Ethernet HUB

PLC remote I/O modules

8

Ethernet link (OPC) to external systems (SCADA DCS)

WINDOWS PC

Printer (WINDOWS)

Remote operator station

Serial Line Link (Modbus) to external systems (SCADA, DCS)

Figure 1 - Thema4 system architecture

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 13 / 128

1.1 SYSTEM ARCHITECTURE The system has the hardware and software architecture shown below. The diagram only shows the hardware components that have software installed:

4-20/Pt100 Converter Config. file

BUS board I/O config. file

R.T.O.S + bootrom Thermal printer

STERILIZER

2 Operator Panel

S2

1

FIELD BUS PWR BUS

D D IN OUT

AN AN BUS IN OUT board

Operator Panel

S1

Operator Panel

S3

HUB

4-20mA/Pt100 Converter Connection to external systems

8 Log Data

WINDOWS PC

PCS Kernel P/G Lib

FECP SRVR

GUI

Conf. Data

DATA AND FILE ARCHIVE Remote station Figure 2 - Thema4 HW and SW architecture

The distribution of the software components in the hardware components is detailed here: No. THEMA4 Parts

1 2 3 4 5 6 7 8

RTOS VxWorks

S1 Operator Panel S2/S3 Operator Panels PLC Remote I/O Modules Ethernet connection hub UPS for blackout management Thermal printer Side 1/2 door management modules Remote operator station

OS Windows Bootrom

X X

X X

PCS

FECP

GUI

X

X

X X

DATA Conv. & Conf. FILES FILE X X X

X

X

Table 1 – SW and HW components

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

I/O Conf. FILE X

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 14 / 128

1.2 HARDWARE ARCHITECTURE The 8 parts that constitute the system are detailed hereafter from the hardware standpoint: 1 Side 1 (primary) Operator Panel: Panel PC / Blind PC + monitor 2 Side 2 (secondary) / side 3 (technical area) Operator Panels 3 PLC Remote I/O modules 4 Hub for Ethernet connection between operator panels and external connections 5 UPS for blackout management 6 Thermal printer 7 Side 1/2 door management modules 8 Remote operator station

1.2.1 SIDE 1 (PRIMARY) OPERATOR PANEL The Side 1 Operator Panel (Panel PC / Blind PC+ monitor) is the control unit of the system and the operator interface (Digital Proface, Siemens, Allen Bradley or B&R) on side 1 of the sterilizer (always installed). This is the primary station of the sterilizer and is composed of two units: 1 Touchscreen Panel PC TH4_HW-PANEL 1 PCI Card for connection via Profibus field bus TH4_HW-I/O BOARD_P Minimum Requirements Of Side 1 Panel PC Of THEMA4 System The minimum requirements that the Panel PC must have are listed below.

Touch Driver for Vx Works

1 HD, ≥ 10GB

Pentium III 700MHz ≥256MB RAM 1 PCI slot for Profibus card

1 LPT port for Thermal Printer

1 RS232C COM for Modbus RS232 connection

1 RS232C COM for Door Board connection

1 Ethernet 10/100 MHz port 1 front-mounted Floppy Disk Drive (or side mounted) 1 PS2/Keyboard port for installation of SW and Backup/Restore operations 1 USB port for connection of backup/restore units

12.1-inch color TFT LCD SVGA 800x600 analog resistive touch-screen

Figure 3 – Panel PC Requirements

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 15 / 128

Minimum Requirements Of Side 1 Blind PC + monitor Of THEMA4 System The minimum requirements that the Blind PC + Monitor must have are listed below. 1 RS232C COM for Door Board connector 4 USB port: 1 for Thermal Printer, 3 USB port for connection of backup/restore units

1 RS232C COM for Modbus RS232 connection

1 Ethernet 10/100 MHz port 1 PCI slot for Profibus card

Intel Atom N270

1 HD, ≥ 60GB

Touch Driver for Vx Works

Touch Driver for Vx Works

SDL Cable Automation Panel AP920 display TFT 12.1'' SVGA analog resistive touch-screen

Figure 4 – Blind PC + monitor Requirements

1.2.2 SIDE 2 (SECONDARY) / SIDE 3 (TECHNICAL AREA) OPERATOR PANELS Side 2 (secondary) Operator Panels on the side of the sterilizer normally used for unloading and side 3 Operator Panel (technical area of the sterilizer) are two optional additional operator stations on board the machine. Both operator panels are composed of a single unit, which is the same one used for the Operator Panel on side 1: 1 Touchscreen Panel PC: TH4_HW-PANEL Serial, parallel and USB ports are not used for these panel PCs.

1.2.3 PLC REMOTE I/O MODULES The digital and analog signals that the control system exchanges with the devices (field) of the sterilizer (sensors and actuators) are acquired and sent by means of (Siemens, Allen Bradley or B&R) a set of Input/Output modules that are appropriately powered and communicate with side 1 Panel PC by means of a Profibus communications module. This set of modules is constituted by two units: 1 PLC Remote I/O module 1 Pt100/4-20mA converter module

Fedegari Autoclavi SpA

TH4_HW-PLC I/O TH4_HW- Pt100/4-20mA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 16 / 128

1.2.4 HUB FOR ETHERNET CONNECTION BETWEEN OPERATOR PANELS AND EXTERNAL CONNECTIONS. This component is required only if the sterilizer is configured with more than one Panel PC (in addition to the “primary” one, which is always installed). In this case the use an internal hub dedicated to the individual sterilizer is not indispensable. Provisions must be made in any case to allow to carry the Ethernet connection to the outside of the sterilizer. Except for the case described above, the various operator stations (Panel PCs and remote stations) and the external connections are connected via Ethernet (10/100/1000 MB) by means of a 5/8 port hub system. The Ethernet ports are usually used as follows: 1

2

3

4

5

MDI/MDI-X

STERILIZER 1. Panel PC, side 1 ..……………. 2. Panel PC, side 2 (OPT) .……. 3. Panel PC, technical area (OPT)

Connection to other hubs for connection to LAN (optional)

4. Remote station (OPT)……. 5. External connections (OPT)……. (SCADA, DCS, …) for sterilizer data transfer. Recorder This configuration is not obligatory; it is merely an example and depends on the options requested. Connecting multiple sterilizers in a LAN to use a single external connection (remote station or external LAN connection) By means of the MDI/MDI-X port, this hub can be connected (together with other Ethernet connections) to another central hub in order to connect the sterilizer to a LAN, which can be the LAN of the sterilizers and/or the LAN of the customer.

1

2

3

4

5

MDI/MDI-X

1

2

3

4

5

MDI/MDI-X

Sterilizers LAN hub

STERILIZER 1

1

2

3

4

5

MDI/MDI-X

STERILIZER 2

1

2

3

4

5

MDI/MDI-X

Remote station (OPT), connectable to multiple sterilizers External connections (OPT) (SCADA, DCS, …) for sterilizer data transfer.

STERILIZER 3

STERILIZER 4

Direct connection to primary Panel PC of a sterilizer, without side 2 and technical area Panels.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 17 / 128

1.2.5 UPS FOR BLACKOUT MANAGEMENT The system uses a UPS (Uninterruptible Power Supply) that allows it to be supplied continuously (at least for 15 minutes) with power in the event of a blackout for a certain time, switching instantly to the emergency backup batteries located inside the UPS. The S1 Panel PC detects the blackout condition by means of a digital input from the electrical cabinet, and reports it by means of appropriate alarm messages to all connected local and remote operator stations. The following units are powered by means of the UPS: -

n Touchscreen Panel PC(s) (a) 1 PLC Remote I/O Module (b) 1 5/8-port 10/100 MHz hub (c)

TH4_HW-PANEL TH4_HW-PLC I/O TH4_HW-HUB

(a) all Panel PCs (n is 1 to 3) installed on the machine (b) Not powered if the PanelPC Side 1 detects the blackout, by a digital input available on the PCI Card for connection via Profibus field bus, and not by one digital input of the PLC I/O modules. (c) the hub on board the machine, if provided

1.2.6 THERMAL PRINTER A thermal printer is installed on the sterilizer to record the Process Reports and to print system data and parameters. All printed data are stored electronically. Requests to print on this thermal printer can be made only from stations provided on board the machine. This system requires two components: 1 Thermal printer 1 Parallel cable for thermal printer

Fedegari Autoclavi SpA

TH4_HW-TPrinter TH4_HW-CableTPrinter

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 18 / 128

1.2.7 SIDE 1/2 DOOR MANAGEMENT MODULES For both doors (side 1 and 2) there is a door management module that comprises the following devices: 1 LCD message display, 4 lines x 20 characters (only for side 2, if the PanelPC is not present) 2 door OPEN and CLOSE buttons and 1 door BLOCK button (only for machine type 2 OVEN) which activate the digital inputs of the I/O_PLC An EMERGENCY pushbutton A key-operated selector for switching on the control system (only for Side 1 door)

TYPE 1 (Autoclaves) / 3 (VHP) / 4 (DMD) RS232 port Side 1

LCD display 4 lines by 20

TYPE 2 (Ovens) RS232 port Side 1 Panel PC

LCD display 4 lines by 20

REMOTE

DIGITAL INPUT I/O PLC

DIGITAL INPUT I/O PLC

Door OPEN

Power-on key (Side 1)

Door CLOSE

EMERGENC Y pushbutton

2° Door CLOSE remote for TYPE1 (with automatic sliding doors)

Door CLOSE

Door OPEN

Power-on key (Side 1)

Door BLOCK

EMERGENCY pushbutton

The 4-line display is used to display the following 20-characters messages, which are grouped into four types. Messages of the same type are mutually exclusive (except for Alarm messages) and are displayed on the same line. For messages that are not mutually exclusive, the most important message is always displayed. IMPORTANT NOTE For machines with automatic sliding doors, in according with the EN ISO 13849-1, the door management module includes 2 CLOSE buttons (local and remote) instead only one button.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 19 / 128

The following table lists the messages, differently applicable to each machine type x (where x: 1=autoclave, 2=oven, 3=FCDV (VHP) and 4=FCDM (DMD), in order of increasing importance. LINE No. 1

MESSAGE TYPE

1

MACH.TYPE 2 3 4

x

x

x

x

1

COMPUTER ON

Computer is activated

AND CYCLE

x

x

x

x

2

READY TO START

Ready to start

STATUS

x

x

x

x

3

CYCLE IN PROGRESS

Cycle is being run

4

STERILIZING

Sterilization in progress

x

5

TREAT. IN PROGRESS

Treatment in progress

x

x

6

H2O2 OP. IN PROGRESS

VHP treatment in progress

x

x

x

x

7

EMERGENCY

Emergency

x

x

x

x

8

NON RECOVERABLE EMER

Irreversible emergency

x

x

x

x

9

CYCLE COMPLETE

Cycle has been completed

TREATMENT

x

10 STERILIZ.TEMPER.HIGH

Sterilization temperature is high

MSG

x

11 STERILIZ.TEMPER.LOW

Sterilization temperature is low

x

12 STERILIZED

Sterilization has ended

x

13 H.PATHOG.STERILIZED

High pathogen sterilization has ended

x

14 TREAT.TEMP.HIGH

Treatment temperature is high

x

15 TREAT.TEMP.LOW

Treatment temperature is low

16 TREATMENT OK

Treatment has ended

17 H2O2 OP. COMPLETED

H2O2 treatment completed

x

18 DECO TOO SHORT

Decontamination VHP to short

x

19 DECO TOO LONG

Decontamination VHP to long

x

20 ALARM ON

Alarm is active

x

x

21 AUXILIARY ALARM 1 / 2

Auxiliary alarm 1 / 2

x

x

22 DOOR SYSTEM ALARM

Door system alarm

x

23 H2O2 RELEASED IN ENV.

H2O2 released in external environment

24 H2O2 RELEASED IN T.A.

H2O2 released in technical area

x x

3

ALARM MSG (a)

x

x

x

x

x

x

x

x 4

MEANING

CONTROLLER

x

2

MESSAGE TEST

DOOR MSG

.

x

x

X

25 OK OPEN DOOR SIDE 1

Side 1 door can be opened

x

x

X

26 OK OPEN DOOR SIDE 2

Side 2 door can be opened

x

x

X

27 OK OPEN DOOR SIDE 1 AND 2

Side 1 and Side 2 doors can be opened

x

x

X

28 DOOR SIDE 1 / 2 OPEN

Door 1 or 2 is open

x

x

X

29 DOOR SIDE 1 / 2 MOVING

Door 1 or 2 is moving

x

30 OK OPEN NONSTER.DOOR

Non sterile side door can be opened

x

31 OK OPEN STERILE DOOR

Sterile side door can be opened

x

32 NONSTER.DOOR OPEN

Non sterile side door is open

x

33 STERILE DOOR OPEN

Sterile side door is open

x

34 OK OPEN ALL DOORS

All door can be opened (*1)

x

35 OK OPEN ISOLAT.DOOR

Only isolator door can be opened (*1)

x

36 OK OPEN SLIDIN.DOOR

Only sliding door can be opened (*1)

x

37 WAITING ISOLAT.DOOR

Isolator door is opening/closing (*1)

x

38 WAITING SLIDIN.DOO

Sliding door is opening/closing (*1)

x

39 OK OPEN DOOR 1/ISOL

Passbox and isolator door can open (*1)

x

40 OK OPEN DOOR 1/SLID

Passbox and sliding door can open (*1)

x

41 OK OPEN DOOR ISO/SLI

Isolator and sliding door can open (*1)

NOTICE In both cases, the alarm messages are not mutually exclusive and are listed in order of increasing importance

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 20 / 128

The display is provided only on side 2 of the sterilizer in order to allow to view door status messages, which are needed in order to operate the buttons, if there is not the Panel PC side 2. The same messages are displayed in the status bar, present at the bottom of the Panel PC GUI. Otherwise, one would have to manage the buttons within the Panel PC, losing the possibility to manage the doors independently of the activity in progress on the Panel PC, or one would have to carry digital signals on the door buttons in order to display the door management status by means of indications on these buttons. The display is controlled by means of a serial line by the Panel PC for side 1, which sends it the messages in the language chosen on that Panel PC according to the logic criteria described earlier. The system is capable of driving more than one display (at least two) by using a single serial line (At the moment, this option is not used)

1.2.8 REMOTE OPERATOR STATION The remote operator station is constituted by an operator interface installed on a Personal Computer (desktop or notebook) with certain minimum specifications: Processor power Hard disk RAM Floppy disk / CD ROM Ethernet port Operating system JAVA Virtual Machine (SUN Microsystem)

Pentium III 10 GB 256 MB Required YES Windows ® 2000 / XP / Windows 7 32bit JRE 1.6.0.6

The PC can print process reports and selected log files or parameters on an A4 printer connected to the PC.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 21 / 128

1.3 SOFTWARE ARCHITECTURE 1.3.1 SOFTWARE COMPONENTS Seven software components must be installed in the operator panels, as reported in the table below. Each software component may be constituted by elements such as drivers, software modules, and applications. The diagram below shows the software components and their composition N° 1.3

Type OPERATING SYSTEM (OS/DRIVER)

Description 1.3.1 – Image VxWorks Operator panel 1.3.1.1 – OS Operator panel 1.3.1.1.1 – OS VxWorks 1.3.1.1.2 – Graphic library WINDML 1.3.1.1.3 – Java virtual machine JWORKS

1.3.1.2 – BSP-OS Operator panel

Code VxWorks image OS PANEL

OS-BSP PANEL

1.3.1.2.1 – BSP Pentium Pro 1.3.1.2.2 – DOS file system 1.3.1.2.3 – Driver Ethernet board 1.3.1.2.4 – Driver Profibus board 1.3.1.2.5 – Driver realtime clock 1.3.1.2.6 – Driver touch screen 1.3.1.2.7 – Driver video 1.3.1.2.8 – FTP Server

1.3.1.3 – SW application programs setup 1.3.1.3.1 – Boot Procedure 1.3.1.3.2 – Panel setup procedure

1.5

SW APPLICATION (SW)

1.6

SW LIBRARY (LIB)

Fedegari Autoclavi SpA

1.3.2 – Bootrom Operator panel 1.5.1 – SW PCS-Nucleus Operator panel 1.5.2 – SW GUI Operator panel 1.5.3 – SW FECP-Server Operator panel 1.5.4 – SW library JWORKS 1.6.1 – SW PCS-PG Operator panel

SW Setup Boot PANEL SW PCS-N SW GUI SW FECP-SRVR SW JWORKS SW PCS-PG

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 22 / 128

1.4 DATA STORAGE All the data are archived according to 21 CFR Part 11. These data are stored in two directories of the hard disk installed on the Panel PC side 1. One directory contains the previous version of the modified data, the other one contains the current data. The PCS software stores all the data that need to be archived in files that have a fixed and preset format. These files are archived in the memories of the primary Panel PC in the following specific directories: - thema4/arch/ Archived data of previous versions - thema4/user/config/ Archived data of current version - thema4/audit/ Audit trail records - thema4/log/ Process Report To ensure compliance with CFR21p11, the archive files cannot be modified and any tampering with them is detected. Moreover, if they are modified, the previous values of the data are always retained. All changes are tracked (date and author) and safe data backup/restore procedures for the user are available. The integrity of these data is ensured by an integrity check based on a CRC32 algorithm. When a file is created, and every time it is modified, the PCS applies the CRC32 algorithm to the contents of the file, obtaining a number that is inserted in the file (this number is not included in the calculation). Every time the file needs to be opened to display, change and print its data, the CRC32 algorithm is recalculated and the result is compared with the number stored previously in the file during the last creation/edit operation, in order to check that the contents have not been altered. If the system detects that the contents have been altered, a message is issued on the GUI and the event is logged in the audit trail file. In this case, the system reinitializes the file, generating an “empty” file. There are two kinds of archived file: “Process reports” and “Sterilizer data”. The latter are divided into “Parameter” files and “Records” files. The records are always collected in a single file that is updated continuously. The “Process report” files are in UNICODE format. The “Sterilizer data” are all in binary format, except for the audit trail file, which is in UNICODE format. These files are not encrypted. All the files except for the “Process reports” are archived independently of the language of use, since the text strings are not stored in the files: they are indexed by means of specific “pointers”. For this reason, every GUI displays and prints these parameters in its own language. Programs and data are archived in a 2 GB (2048 MB) memory area. This amount of memory is actually configured independently of the capacity of the hard disk of the Panel PC. 2000 MB are used for data storage, including process data, system data and parameters. If the average size of a configuration and process data file is 50 kB, 40000 files can be stored and kept available online in the Panel PC.

1.5 BACKUP/RESTORE DATA The Backup/Restore procedures for the data stored in the main Panel PC can be run by means of the GUI of the Panel PCs provided on the sterilizer. Data to be backed up/restored can be selected from the archived data categories. Data of the same categories will be saved. Data can be archived and restored in three ways: 1. Floppy Disk (by means of the floppy drive mounted on the main Panel PC) 2. Ethernet LAN (FTP protocol) using the hard disk of the connected PC. 3. CDRW or Floppy Disk or Disk on Key or Hard Disk connected to the USB port of the main Panel PC The archiving directories have to be present on the hard disk of the main Panel PC even after Backup/Restore procedures have been performed.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 23 / 128

1.6 CONNECTION TO THE FIELD The “NL” symbol (“logic number”) identifies, for Thema4 controllers, a function to be performed or a situation to be detected in the field (i.e., in the sterilizer connected to the controller) by means of the available devices or instruments. The “Configuration” of a Thema4 controller consists of the assignment of NLs to the channels that interface the controller with the field, and the definition of the alarms generated by the comparison between the state of an input channel and a normal state or the state of an output channel (“Configuration alarms”). In other words, the Configuration of a Thema4 assigns NLs to the channels for interfacing with the field. This assignment is different for the individual sterilizers. Each NL can be: • a digital input (“NLID”), for detecting an on-off situation in the field; • a digital output (“NLOD”), for performing an on-off action in the field; • an analog input (“NLIA”), for measuring a physical variable in the field; • an analog output (“NLOA”), for performing a modulated function in the field.

1.6.1 ANALOG INPUT An analog input to the Thema4 controller can be of 4 types for autoclave and of 3 types for oven. Analog Input For Autoclave TYPE 1: this type has no predefined characteristics and therefore the coefficients required to convert the physical signal into numeric values must be programmable; TYPE 2: a linear absolute pressure transducer for the 0.000-5.000 bar range, with 4-20 mA signal; TYPE 3: a linear absolute pressure transducer for the 0.000-4.000 bar range, with 4-20 mA signal; TYPE 4: a 4-wire Pt100 RTD probe; TYPE 5: a relative pressure transducer for the 1.000-7.000 bar range, with 4-20 mA signal; The analog input signals are converted into physical values by means of a formula that uses two different parameters for each type of sensor: - Gain (GAIN) - Offset ("zero point", OFS) The values of these two parameters for sensor types 1, 2, 3 and 5 are fixed; various sensors interfaced with appropriate input modules can correspond to type 5. The physical values are read by the analog modules in “counts” and the general formula for converting counts (CNT) into physical values (VAL, expressed in hundredths of °C or in mbar) is: VAL = CNT*GAIN + OFS Where GAIN and OFS depend on the type of analog module used The reading of an analog input is considered significant by the controller only if the received value is within a variability range that depends on the “type” of the sensor, as displayed in the following table: Type

Sensor

Min.Value

Max.Value

2

PressureTransducer 0-5 bar

0,000 bar abs

5,000 bar abs

3

PressureTrasducer 0-4 bar

0,000 bar abs

4,000 bar abs

4

RTD Pt 100 a 4 fili

-20°C

+160°C

5

PressureTrasducer 1-7 bar

1,000 bar rel

7,000 bar rel

Table 2 – Limit values for analog readings for autoclave If the signal that arrives from an analog sensor is considered meaningless, that sensor is no longer used for process control until the program in progress ends.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 24 / 128

Analog Input For Oven TYPE 1: this type has no predefined characteristics and therefore the coefficients required to convert the physical signal into numeric values must be programmable; TYPE 2: a linear differential pressure transducer for the 0-100 Pascal range, with 4-20 mA signal; TYPE 3: a 4-wire Pt100 RTD probe; The analog input signals are converted into physical values by means of a formula that uses two different parameters for each type of sensor: - Gain (GAIN) - Offset ("zero point", OFS) The values of these two parameters for sensor types 1 and 2 are fixed; various sensors interfaced with appropriate input modules can correspond to type 3. The physical values are read by the analog modules in “counts” and the general formula for converting counts (CNT) into physical values (VAL, expressed in hundredths of °C or in tenths of Pa) is: VAL = CNT*GAIN + OFS Where GAIN and OFS depend on the type of analog module used The reading of an analog input is considered significant by the controller only if the received value is within a variability range that depends on the “type” of the sensor, as displayed in the following table: Type

Sensor

Min.Value

Max.Value

2

PressureTrasducer 0-100 Pa

-14,4 Pa rel

100,0 Pa rel

3

RTD Pt 100 a 4 fili

-20°C

+300°C

Table 3 – Limit values for analog readings for oven If the signal that arrives from an analog sensor is considered meaningless, that sensor is no longer used for process control until the program in progress ends. Analog Input For VHP TYPE 1: this type has no predefined characteristics and therefore the coefficients required to convert the physical signal into numeric values must be programmable. Analog Input For DMD TYPE 1: this type has no predefined characteristics and therefore the coefficients required to convert the physical signal into numeric values must be programmable.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 25 / 128

1.6.2 ANALOG OUTPUT An analog output is a DC signal that can vary between 4 and 20 mA; an analog output channel of Thema4 is generally connected to an electropneumatic converted with an impedance of 200 ohm and output signals from 3 to 15 psi (pounds per square inch), which correspond to the DC signal from 4 to 20 mA. Each analog channel uses an interface module as required by the configuration of the channel.

1.6.3 EXTERNAL ANALOG INPUT The process controller is able to manage “external” analog input. Such inputs have logical numbers from 80 to 99 and can not inserted in the configuration hardware, that contains the only "internal" analog inputs with logical numbers from 1 to 79 but, if configured on external systems (to ex: TH4 Recorder), these values are acquired automatically (previous qualification in the parameters of system). Such inputs, acquired once, are assimilable to the "internal" input and can be used in transparent way in the TE list, in the TP list, in the trend, in the Process run report and for the configuration alarms.

1.7 CONNECTION TO EXTERNAL SYSTEM All the data stored in the memories of the Thema4 process controller and the process data gradually acquired during the execution of programs can be transmitted to external supervision and control systems by means of the provided communications ports.

1.8 UNITS OF MEASURE The most important parameters used for sterilizer management are temperature (T), pressure (P) and time (t) or equivalent time (F); in most cases, the following units of measure are used:

1.8.1 UNITS OF MEASURE FOR AUTOCLAVE • • • •

degrees Celsius (°C) or Fahrenheit (°C), for temperature (T); bar abs = 105 Pa or psi, for pressure (P) acquired by means of “0-5 bar” absolute pressure linear transducers, 4-20 mA signal; minutes, for time (t); minutes, for equivalent sterilization time (F)

1.8.2 UNITS OF MEASURE FOR OVEN • • • •

degrees Celsius (°C) or Fahrenheit (°C), for temperature (T); Pascals rel. or mpsi, for pressure (P) acquired by means of “0-100 Pa” differential pressure linear transducers, 4-20 mA signal; minutes, for time (t); minutes, for equivalent treatment time (F)

1.8.3 UNITS OF MEASURE FOR FCDV / FCDM • • • • •

degrees Celsius (°C) or Fahrenheit (°C), for temperature (T); bar abs = 105 Pa or psi, for pressure (P); minutes, for time (t); absolute humidity (%) for humidity (U); concentration of H2O2 (ppm) for H2O2 concentration (H2O2)

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 26 / 128

1.8.4 COMPLIANCE TO THE INTERNATIONAL SYSTEM The International Measuring Unit System (Système International d'Unités shorted as SI), is the most widely used measuring unit system ad is usually indicated as “metric system” Compliance To The International System for Autoclave TEMPERATURE For what concerns the temperature, the fundamental SI’s units of measure is the “Thermodynamic Temperature” in degrees Kelvin (K) but is accepted as derived measuring unit the “Temperature” in degrees Celsius (°C). K =°C + 273,15.

PRESSURE The measuring unit of the pressure, used by the International Measuring Unit System is the pascal, labeled as Pa. The pressure measuring unit bar is not adopted by the International Measuring Unit System; however it is tolerated if the equivalence with SI units of measure is reported within documents where it is used. 1 bar = 105 Pa = 0,1 MPa = 100 kPa (1 mbar = 1 hPa).

TIME The fundamental SI measuring unit of time is the second (s). Larger measuring units are defined upon it such as: minute, hour, day, month, year. These measuring units are accepted because they are widely used even outside the scientific environment. The Thema4 controller is compliant to International Measuring Unit System requirement because, as stated in paragraph 1.8, it uses: • Temperature: °C are adopted. • Pressure: internal calculation are performed in Pascal and also displayed as Pa, except for program execution and process report (Process Summary, Synoptic and Process Report) where bar is adopted, for the reason that it is more widely used by users. • Time: the second is used and the accepted derived measuring units (minute, hour, day, month, year). Compliance To The International System for Oven TEMPERATURE For what concerns the temperature, the fundamental SI’s units of measure is the “Thermodynamic Temperature” in degrees Kelvin (K) but is accepted as derived measuring unit the “Temperature” in degrees Celsius (°C). K =°C + 273,15.

PRESSURE The measuring unit of the pressure, used by the International Measuring Unit System is the pascal, labeled as Pa.

TIME The fundamental SI measuring unit of time is the second (s). Larger measuring units are defined upon it such as: minute, hour, day, month, year. These measuring units are accepted because they are widely used even outside the scientific environment. The Thema4 controller is compliant to International Measuring Unit System requirement because, as stated in paragraph 1.8, it uses: • Temperature: °C are adopted. • Pressure: Pa is adopted. • Time: the second is used and the accepted derived measuring units (minute, hour, day, month, year).

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 27 / 128

1.8.5 COMPLIANCE TO THE ANGLO-SAXON SYSTEM The Anglo-Saxon Measuring Unit System, is the most widely used in the United States of America. Compliance To The Anglo-Saxon System for Autoclave TEMPERATURE The measuring unit of the temperature, used by the Anglo-Saxon system is in degrees Fahrenheit (°F). The value managed by THEMA4 control system is converted from degree Celsius (°C) to degree Fahrenheit (°F) by the conversion: °F = °C × 1,8 + 32.

PRESSURE The measuring unit of the pressure, used by the Anglo-Saxon system is in psi. For autoclave, the value managed by THEMA4 control system is converted from Pascal to psi (°F) by the conversion: 1 psi = 6 894,757 Pa = 0,06894757 bar Compliance To The Anglo-Saxon System for Oven TEMPERATURE The measuring unit of the temperature, used by the Anglo-Saxon system is in degrees Fahrenheit (°F). The value managed by THEMA4 control system is converted from degree Celsius (°C) to degree Fahrenheit (°F) by the conversion: °F = °C × 1,8 + 32.

PRESSURE The measuring unit of the pressure, used by the Anglo-Saxon system is in psi.. For oven, the value managed by THEMA4 control system is converted from Pascal to mpsi (°F) by the conversion: 1 mpsi = (1 psi/1000) = (6 894,757 Pa)/1000 = 0,0006894757 bar

1.9 LIMIT OPERATING CONDITIONS Range of operating conditions Electronic cards of controller: Electric power supplies: Screen: Maximum relative humidity: Maximum absolute humidity:

Fedegari Autoclavi SpA

0°C to 50°C; 0°C to 60°C; 10°C to 40°C; 85% if T < 40°C; not higher than 85% at 40°C and at normal pressure.

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 1

Page 28 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Section 2

Page 29 / 128

THEMA4 CONTROL SYSTEM

2 PROCESS MANAGEMENT 2.1 - THEMA4 “PROCESS TASK” ARCHITECTURE 2.2 - PHASE GROUPS – CYCLES - PROGRAMS 2.3 - “PHASE GROUP” LIBRARY 2.3.1 - Relation between P/GC (Cycle) and P/GS (Stand-by process) 2.3.2 - P/GS: standby P/G 2.3.3 - P/GB: background P/G

2.4 - CYCLE EXECUTION GENERAL FLOW 2.4.1 - Phases execution flow for machine Type 1 2.4.2 - Phases execution flow for machine Type 2-4

2.5 - CYCLES AND OPERATING PROGRAMS 2.6 - ALARMS – GENERAL INFORMATION 2.6.1 - "KERNEL" ALARMS 2.6.2 - “CONFIGURATION” ALARMS 2.6.3 - "PHASE" ALARMS 2.6.4 - “CONFIGURABLE” ALARM LIST 2.6.5 - CAUSES AND SOLUTIONS OF ALARMS 2.6.6 - ALARMS TEXTS AND DEFAULT EFFECTS – DELAY

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 30 / 128

2.1 THEMA4 “PROCESS TASK” ARCHITECTURE Thema4 control system can manage “process tasks” (activation of output actuators on the basis of input sensors) of three categories, depending on the their “environment of execution”. All these “process tasks” are managed by means of “Phases Groups” and they are: P/G C : P/G used (in sequence) in a “Cycle” (Normally named simply P/G) Cycle P/Gs task is use for the execution of batch Program/recipe. They are P/G B : P/G of Background process P/G B tasks (maximum 5 contemporaneous) are used for the management in background of several processes: handling systems, rotary baskets, auxiliary systems,... . In this case, if necessary it is possible to have a graphical mimic (synoptic) of the background process. P/G S : P/G of Stand-by process P/G S task (only one) is used for the management of processes to execute only when cycle is not running (before and after) The following scheme describe Thema4 “process tasks” architecture: Stand-by P/G S

Cycle P/Gs (P/GC) sequence Phase Prep.

Phase 2

Phase ………

Phase n

Stand-by P/G S Phase end

Background P/G B 1 Background P/G B 2 Background P/G B 3 Background P/G B 4 Background P/G B 5 Figure 5 – Thema4 “process tasks” architecture

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 31 / 128

2.2 PHASE GROUPS – CYCLES - PROGRAMS The control system can manage “sterilization or test processes” organized according to a clearly defined logic structure implemented at the software level and based on the following mutually correlated elements: • Phase • Phase Group (Phase/Group o P/G) • P/G library • Cycle • Program Of these elements, only Phase groups, Cycles and Programs correspond to specific “objects” (program files and data file) of the software of the control system. PHASE

The phase is the basic structure of every “process” of the sterilizer. Each phase is structured so as to perform a specific function (e.g., slowly empty the sterilizer chamber or fill the chamber with saturated steam until the target pressure is reached, manage an emergency situation, restore atmospheric pressure in the chamber in order to allow door opening, et cetera). This is done by reading the input signals that arrive from the sensors of the sterilizer and by activating the output signals that drive the actuators of the sterilizer, according to a specific control logic implemented in the phase (also according to the value assigned to the “phase parameters” and according to the actions of the operator).

PHASE GROUP The Phase group P/G (or Phase/Group P/G) is the sequence of one or more phases (up to 16). Each P/G identifies a part (sub-process) of the process performed by the sterilizer, which implies the execution of various phases in sequence (e.g., P/G 9 – VACUUM IN CHAMBER, which consists of the sequence of two phases: F1-Slow vacuum and F2-Vacuum at normal rate). Each Phase Group corresponds to a “software program” (whose various versions are managed), written in C Language: the “P/G Definition Sheet” is its “Functional specification”. P/G LIBRARY

A certain number of P/Gs, required to perform the various processes of the sterilizer, are stored in the control system. This set (up to 5,000 P/G) is termed P/G Library ("PGL").

CYCLE

Every process of the sterilizer is performed by means of a clearly defined sequence of P/G termed “Cycle”. Accordingly, in the control system of a sterilizer there must be an installed Library that contains all the P/Gs required to configure the cycles needed by the user. Different cycles can use the same P/Gs or different P/Gs in a different sequence. Cycles can be configured freely by the user.

PROGRAM

The system is structured so as to provide the user, for each cycle, with different Programs. These programs provide the cycle from which they are derived, but they can be differentiated by means of the different values assigned by the user to the Program Parameters. Furthermore, since every Program consists of the sequence of P/Gs of the Cycle from which it is derived, the operator can decide how certain Phases will proceed by appropriately assigning values to the P/G Parameters. Therefore, by means of an appropriate “parameterization”, the user can specialize, for example, a generic “solids sterilization cycle” in order to obtain a specific program for sterilizing a particular type of solid product and store it in the memories of the system. Up to 9,999 programs can be archived in the memories of the system. Each program is identified by a Number and a Description. The Cycle from which the program is derived is always displayed for each individual program.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 32 / 128

PROGRAM N

CYCLE A

PHASE GROUP P/G n

PROGRAM 2(CYCLE A) (CYCLE A) PROGRAM 1 P/G 1 (CYCLE A)

P/G 1

P/G 1

P/G 1

PG 2

PG 2

PG 2

PG …

PG …

PG …

PG n

PG n

PG n

PG …

PG …

PG …

PG k

PG k

PG k

PG 2 PG … PG n PG … PG k

Phase 1 Phase 2 ..... Phase i

Figure 6 – Relation among PGL, Cycles and Programs

2.3 “PHASE GROUP” LIBRARY Sterilization “cycles”, i.e., the ordered sequences of phases of the operating programs of the Thema4 controller, are composed starting from small units termed “phase groups”. At least two hundred phase groups (P/Gs) are stored in so-called “libraries” that are easy to access and use (“PGL”). Different versions of PGL can include the same P/Gs or different ones in the same version or in a different version: this depends on the structure of the sterilizer and on the requirements expressed by the user during specification of the sterilizer. Each phase group is identified by a five-character alphanumeric code. The Data Sheet of each Phase Group constitutes its specification (pseudo-code). From W30 version it’s possible to enable different P/G with the same number.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 33 / 128

2.3.1 Relation between P/GC (Cycle) and P/GS (Stand-by process) The following state diagram shows the relation between P/GC (Cycle) and P/GS (Stand-by process). End cycle with cycle report release and return to idle status

End phase

Manual return to phase (allowed if emergency alarm condition is cleared)

Phases sequence

Emergency Phase (Fault)

Manual stop cycle

Go to last phase

Emergency alarm or manual emergency

Cycle running

Manual/automatic START cycle (2)

Prep.Ph.

Cycle manual stop

Blackout detected during cycle End blackout return to phase

Configurable/selectable background processes (predefined or based on Stand-by P/G)

Blackout Power off when UPS charge is exhausted

End blackout return to idle

Blackout detected

Selection and run cycle (1)

P/G S Stand-by process

IDLE (2) Safety or not-safety shoutdown

Power on

E-Stop Switch Off

Figure 7 –P/GC - P/GS relation: state diagram (1) Start cycle is allowed only if some conditions are true (doors closed, … ) (2) In IDLE state the system can execute configurable stand-by processes, predefined and enabled by System Param. or configurable and implemented by means of a user-selected Stand-by P/G.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 34 / 128

The following table provides more details about Thema4 main status. THEMA4 MAIN STATUS State

Description

2

E-Stop – Switch off IDLE

3

Cycle running

Control power is removed from all components and the system is stopped and waiting from an operator action to clear E-Stop condition and switch on the machine All components have been powered and the system is waiting for an operator action (run cycle, I/O autodiagnose, change parameters, configuration,,..) or manual/automatic start of Stand-by phase. Autodiagnose (manual diagnose of outputs) or manual operations are possible. In this status some configured standby processes can be activated, implemented by internal tasks or by a user configurable Stand-by P/GS, All components have powered and system is running a cycle In this status, there are several sub-status:

1

Preparation phase Phases sequence End Phase Emergency Phase (Fault) From Emergency Phase and End Phase is possible to exit from the RUN status

4

Blackout

Control power is removed from all components but not from Thema4 tha is power by UPS and suspends all operations, maintaining the system in BLACKOUT status.

2.3.2 P/GS: standby P/G When no cycle is running, the I/O management is limited to the activities performed by nucleus routines such as doors management, steam generator, and so on. This phase is named “standby” and for machine types 1 and 2 does not generally require much process control. For machine type 3 and 4 this is a really “active state”, that requires process control capabilities in order to keep the chamber in a specific condition. To allow to implement process control during the standby phase in a flexible manner there is a special kind of P/G that can be used, the Standby P/G. Standby P/Gs are identified by using the S letter for the functional series. The Standby P/G has following specific features: it is composed of only one phase; it can have a maximum of 32 parameters, configurable within system parameters independently by any program; it can use up to 5 PID controls, configurable within system parameters independently by any program.

Standby P/G application table 1 Mandatory Optional

X

Machine type 2 3 X X

4 X

The Standby P/G is enabled by Authorization file. When a Standby P/G is selected the configuration alarms are managed also during the standby phase, so it is possible that configuration alarms are activated when no program is running. If autodiagnose of output is activated when a Standby P/G is enabled, the status of outputs is freezed to the last activation. The status of outputs can then be altered freely until the function is disabled; when this happens the normal processing is restored, with outputs activated depending on the elaboration of the P/G. IMPORTANT NOTE It is possible to alter a Standby P/G parameter or a PID parameter at any time (if system parameters are editable), but the new settings won’t be applied until the Standby P/G is deselected and selected again. Similarly it is possible to alter alarm definition or parameters at any time, but the new settings won’t be applied until the Standby P/G is deselected and selected again.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 35 / 128

2.3.3 P/GB: background P/G Activations that must be done independently from the main cycle or the standby phase, such as for example the handling of a machine loading and unloading system, can be implemented by means of Background P/Gs. This kind of P/Gs is running in the background from system startup until system shudown. Background P/Gs are identified by using the K letter for the functional series. The Background P/G has following specific features: it is composed of only one phase; it can have a maximum of 32 parameters, configurable within system parameters independently by any program; it can use up to 5 PID controls, configurable within system parameters independently by any program; it is executed at an higher rate of main cycle P/Gs, 50 ms against 500 ms, allowing high speed I/O management.

Standby P/G application table 1 Mandatory Optional

X

Machine type 2 3 X

X

4 X

The Background P/G is enabled by Authorization file. It is possible to select up to 5 background P/Gs at the same time for a machine. To avoid conflicts, when a background P/G is selected it itakes full control of outputs managed by it, so that the same outputs can’t be activated from P/Gs in the main cycle. The possibility to perform autodiagnose of outputs depends by the specific background P/G.

IMPORTANT NOTE For safety reasons it is not possible to alter parameters of a Background P/G when it is already selected. In order to change parameters it is necessary to unselect and select again the background P/G.

IMPORTANT NOTE Moving a background P/G from one slot number to another has the same effect of disabling and enabling it.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 36 / 128

2.4 CYCLE EXECUTION GENERAL FLOW In thema4 two flows of phase execution are available. The selection depends on the machine type.:

2.4.1 Phases execution flow for machine Type 1 For machine type 1, the phases execution flow is “sequential”, with “loops” in some P/Gs and with possible step to Emergency phase and step back. EM

START

P/G 1

EM

EM

P/G ..

Ph.1

Ph.1

EM

EM

EM

EM

P/G … Ph.2

Ph.1

P/G .. Ph.2

Ph.3

Ph.1

P/G EM Ph.1

Starting W39, for machine type 1 - Autoclave who belong to mixed typologies of machines (for example FOF and FOA) that require to use different maximum temperature, it’s possible to enable in the factory parameters 2 different maximum temperature in order to allow to the system to manage different processes. The 2 different maximum temperature are set by FEDEGARI by the authorization file: in this case, in the cycle composition the system allows to set which of these to use for each specific cycle.

2.4.2 Phases execution flow for machine Type 2-4 For machine type 2-4 the phases execution flow is “sequential”, but Emergency condition causes to skip all phases and go to last P/G including the recovery phase (“Cooling” for type2, “Cleaning” for type 3, “Degassing” for type 4) and “Cycle-end” phase. EM

START

P/G 1 Ph.1

Fedegari Autoclavi SpA

EM

EM

P/G .. Ph.1

P/G EM Ph.2

Ph.1

STOP Ph.2

Ph.3

D/O#221815.21- April 2014

STOP

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 37 / 128

2.5 CYCLES AND OPERATING PROGRAMS As mentioned, a Thema4 cycle is an ordered sequence of phases, provided by means of an ordered sequence of phase groups (3 to 50) that include those phases. The cycles are stored permanently in the Thema4 controller, where they are identified by: • a progressive number; • a code; • a name; • the total number of phases included in the P/Gs of the cycle; • the total number of local parameters related to the P/Gs of the cycle. An executable program is identified by a progressive number and is a result of the combination of: • a cycle as defined above; • a name; • the actual values of the general parameters used throughout the cycle; • the actual values of the parameters related to the P/Gs of the cycle, i.e., the local or phase parameters; • the identification of the heat probes used to monitor the process, which constitutes the so-called "TE list"; • the actual values of the parameters used to manage the PID control procedures during every execution of the program, known as "PID parameters". A program can be defined either starting from a cycle ("new" program) or by copying an existing program ("copied" program). When it is necessary to run a program that is stored in the Thema4 controller, after entering the required data, the priority task of the controller is the automatic execution of the sequence of phases that compose the selected program.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 38 / 128

2.6 ALARMS – GENERAL INFORMATION There are three types of alarm: "kernel", "configuration" and "phase". These alarms are referenced with the letters "N", "C" and "P" respectively. The kernel application program has 300 different alarms, which are identified by their number. Regardless of the type as defined above, each alarm has the following characteristics: • a short descriptive text, i.e., the message that is displayed and/or printed when the alarm is active; • the delay (“DLY”), i.e., the time in seconds that elapses from when the sufficient cause of the alarm occurs to when the alarm is actually activated; • the effects ("EFF"), i.e., the effects produced by the emission of the alarm. The effects of the alarms can be configured and are as follows: A. Detecting of the transition ON; B. Detecting of the transition OFF”; C. Emergency and additional siren; D. Acoustic warning; E. Recording in “Active alarm list” F. Recording of the transition ON in “Historical alarms list”; G. Recording of the transition OFF in “Historical alarms list”; H. Interlocking of other programs (only for Autoclave); I. Auto-acknowledgment L. Alarm auto-OFF M. Loss of sterility (only for Oven); N. Recording of alarm acknowledgment in Audit trail O. Recording of alarm acknowledgment in Process report P. Critical alarm Details about effects of alarms are listed in the following table. Effect Description N. Logging and printing transition ON/OFF - Printout of alarm activation and/or 1 (A) deactivation occurs immediately, by means of the onboard printer (if installed), 2 (B) and in deferred mode by storing it. 3 (C)

Emergency - An Emergency P/G is always included in the last position of the Thema4 cycles. The natural progress of a cycle run from a phase to the next one is interrupted and the Emergency phase included in the cycle is entered, if, and only if an alarm including the Emergency effect is activated. Emergency phase can never be entered from the Cycle End phase. Alarms may be or not be reset after their causes have ceased: this choice is based on process evaluations. Depending on the resetting or the not resetting the alarm, the Emergency state, triggered by some alarms, can be recoverable or non recoverable. Program execution can be resumed from recoverable emergency once the cause of the alarm has been eliminated, since the alarm itself is reset as well; on the contrary, from non recoverable emergency program execution can only be interrupted, since the alarm is left active even if its cause is no longer detected. The alarms which are not reset are those related with failure of field sensors or with general fails of the sterilizer (Nos. 25, 31, 32, 41, 81, 85, 89, 90, 93, 95 and 99). If an alarm is intended not to be reset, only its transitionto-on is printed and stored in Alarm Summary. The alarms which cause non recoverable emergency are Nos. 81, 89, 90, 93 and the seldom used Nos. 95 and 99.

1 X

X

Emergency - The natural progress of a cycle run from a phase to the next one is interrupted and the Emergency Cooling phase included in the cycle is entered, if, and only if an alarm including the Emergency effect is activated. Emergency phase can never be entered from the Cycle End phase. Alarms may be or not be reset after their causes have ceased: this choice is based on process evaluations. The Emergency state is always non recoverable. 4 (D)

Acoustic warning - The acoustic warning, provided by means of the NLOD 379, remains active until it is muted by means of the keyboard.

Fedegari Autoclavi SpA

Machine type 2 3 4 X X X

X

X

X

X

X

X

X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 39 / 128

5 (E)

Recording in “Active alarm list” - The individual alarms are displayed in the “Alarm details” until all their causes have ceased.

X

X

X

X

6 (F) 7 (G)

Recording of the transition ON/OFF in “Historical alarms list” - Activation (and deactivation, if provided) of the alarms activated during the execution of the program can be recorded in the “Historical alarms list”.

X

X

X

X

8 (H)

Interlocking of other programs (only for Autoclave)

X

X

X

9 (I)

Auto-acknowledgment (auto-ack) - Some alarms, that point out a particular state of the process (ex. A65 - READY TO START) or that they have been "caused" from the operator through the pressure of defined keys (ex. A39PHASE STEP UTILIZED, A121-PHASE DURATION EXTENDED), they don't ask for the recognition of their activation from the same, for which they are shaped with this effect.

X

X

X

X

10 (L)

Alarm auto-OFF - The alarms (ex. ns. 23, 38 and 118), that notice events of the system, they are shaped with this effect, and therefore they are maintained active and visualized only for a brief period, after that they are automatically disarmed. Of these alarms he is memorized (and printed) only the activation.

X

X

X

X

X

X

X

11 (M) Loss of sterility (only for Oven) 12 (N)

Recording of alarm acknowledgment in Audit trail - Acknowledgment of the alarms activated during the execution of the program, is recorded in the Audit trail.

X

X

X

X

13 (O)

Recording of alarm acknowledgment in Process report - Acknowledgment of the alarms activated during the execution of the program, is recorded (and printed) in the “Process report”.

X

X

X

X

14 (P)

Critical Alarm – “With Critical alarm” string is printed in the “Process Run Report” (below “Final Data” and above “Alarm summary”) if one (or more) alarms, with this effect selected, have been activated during cycle run. Also the alarms description are printed if “Alarms” printer option is not selected. Moreover the digital output NL 399 is activated when the alarm appears and it’s deactivated when a new cycle is selected or when the process controller is switched off.

X

X

X

X

15(Q) Managed during running cycle : only for configuration alarms, allows to enable or

X

X

X

X

X

X

X

X

disabile the management of an alarm when a cycle is in progress. For all machine types 1-2-3-4, this effect is default enabled.

16(R)

Managed during standby phase : only for configuration alarms, allows to enable or disabile the management of an alarm during the standby phase (P/GB or P/Gs enabled). For machine types 3-4, this effect is default enabled.

Table 4 - Alarm Details When a new cycle is started, all alarms are deactivated. The alarms can be managed with two different formalities: not held and held. Such formulation influences the management of the “List of the Active Alarms”. • Not held Alarms: in the list the alarms are displayed in the states ON/NACK, ON/ACK and OFF/NACK. When a recognized alarm passes in the state OFF it is automatically removed from the list. • Held ·Alarms: in the list the alarms are displayed in the states ON/NACK, ON/ACK, OFF/NACK and OFF/ACK (only if previously ON). When a recognized alarm passes in the state OFF it is not automatically removed by the list but it stays displayed up to the pressure of the "reset" key. The operation of "reset" removes from the list all the alarms in the state OFF/ACK.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 40 / 128

2.6.1 "KERNEL" ALARMS Kernel alarms are activated by the Thema4 controller • independently of the programming of the “Alarm configuration”. To avoid conflicts in operation, kernel alarms must not be configured; • independently of the phase group library.

2.6.2 “CONFIGURATION” ALARMS It is possible to program up to 60 configuration alarms. Configuration alarms can be caused simply by the status of a digital input or by the comparison between the status of an input and the status of an output when both are digital. These alarms are: • Simple input alarms • Alarms with actuation control • Full alarms for motors • Full alarms for valves • Partial alarms for motors • Linked input alarms • Modulating valve alarms • Partial alarms for valves • Type 1 auxiliary configuration alarms • Type 2 auxiliary configuration alarms • Comparison alarm for analog input. Simple Input Alarms An alarm is configured as a simple input if the value of the NLO is left at zero. In this case, LOG must be left at zero as well. This means that the alarm will be activated whenever the digital input signal related to the alarm has the logic value true during program execution, i.e., whenever its condition is the opposite of the one defined as its "normal" condition in the NC column of "Digital Input Configuration" (see above, paragraph 1.3.2). Activation Monitoring Alarms An alarm that compares the state of an input with the state of an output (currently termed "activation monitoring alarm") requires that both NLI and NLO be different from zero and can be configured with logic modes 0, 1, 2 or 3. "Complete" Alarms For Motors Activation monitoring alarms with LOG = 0 are activated: both when the related NLID is true and the related NLOD is also true; and when the NLID is false and the NLOD is also false. Since the NLIDs related to the motors in the field are configured with NC = 1 and their channels are electrically energized when the motors are actually running, these alarms are meant to monitor the state of the motors: the alarm is activated both if a motor fails to run when it should and if it runs when it should not. "Complete" Alarms For Valves Activation monitoring alarms with LOG = 1 are activated: both when the related NLID is true but the related NLOD is false; and when the NLID is false but the NLOD is true. The NLIDs related to the valves in the field are usually related to their "POs", i.e., to microswitches detecting Position Open. These NLIDs are configured with NC = 0 and their channels are electrically energized when the valves are actually open: thus the alarm is activated both if a valve is not open (NLID false) when it should be (NLOD true) and if a valve is open (NLID true) when it should not be (NLOD false). If microswitches detecting Position Closed of the valves are installed, the related NLIDs are configured with NC = 1 and their channels are electrically energized when the valves are actually closed, so the inputs are logically false when the valves are open: thus, the alarm is activated both if a valve is not closed (NLID true) when it should be (NLOD false) and if a valve is closed (NLID false) when it should not be (NLOD true).

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 41 / 128

"Partial" Alarms For Motors Activation monitoring alarms with LOG = 2 are activated: only when the related NLID is true and the related NLOD is also true; Since the NLIDs related to the motors in the field are configured with NC = 1 and their channels are electrically energized when the motors are actually running, these alarms are meant for "partial" monitoring of the state of the motors: the alarm is activated if a motor fails to run when it should, but it is not activated if the motor runs when it is not activated by the Phase Group being executed. Comparison Alarm For Analog Input Comparison alarm for analog input with LOG = 4 are activated: if the absolute value of the difference among two analog inputs, defined through the logical numbers NL1 and NL2, is greater of the threshold THRES. Vice versa, the alarm is disarmed when the absolute value of the difference among the two inputs is inferior to the threshold. If the specified analog inputs are related to probes of temperature the threshold of alarm THRES it represents a value in tenth of degree Celsius. If the specified analog inputs are related to two probes of pressure the threshold of alarm THRES it represents a value in millibar for autoclave and in Pa for oven. If the analog inputs are type different among them or they are not to probes of temperature relative of it of it probes of pressure the result it is indefinite. It is possible to specify in NL1 and NL2 both logical numbers of analogical entries “inside” that logical numbers of analogical entries “external.”

2.6.3 "PHASE" ALARMS Alarms programmed in the Phase/Group code are termed phase alarms. These alarms are generally provided in order to indicate abnormal process conditions with respect to the phase in execution.

2.6.4 “CONFIGURABLE” ALARM LIST The alarms list consist of all the alarms expected for the controller. To the practical action, only a portion of these is applicable to a specific system, because different alarms are applicable only if are present particular options hardware (devices) or software (optional functionality). To facilitate the individualization of the applicable alarms to a datum system, a functionality of automatic filtration of the list is able to propose to video and to only stamp the alarms indeed in use in the system. On the interface it is possible to activate or to disarm the filtered visualization. The filtration of the alarms happens in base to: - options defined in authorization file; - current system parameters; - configuration alarms programmed; - installed phase groups. Since the list of the alarms indeed in use, depends from system parameters and from the modifiable configuration alarms, its content can change in operation of the values assumed by such parameters.

2.6.5 CAUSES AND SOLUTIONS OF ALARMS The controller provides, for each alarm, a description of its probable causes and a suggestion for its possible solutions.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 42 / 128

2.6.6 ALARMS TEXTS AND DEFAULT EFFECTS – DELAY Alarms Texts And Default Effects – Delay For Autoclave No.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

Description

EXTERNAL STEAM LACK COMPRESSED AIR LACK TAP WATER LACK D.I. WATER LACK STEAM GENERATOR WATER LACK COOLING WATER LACK CIRCULATION WATER LACK DEPRESSURIZING RATE EXCESS INTERNAL STEAM LACK WATER FILL VP ALARM DYE SOLUTION LACK DETERGENT LACK SILICONE LACK WATER SUPPLY VP ALARM SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN STERILIZATION TEMPERATURE EXCESS STERILIZATION TEMPERATURE LACK CHAMBER PRESSURE EXCESS CHAMBER PRESSURE LACK PHASE TIME EXCESS OPERATING PRESSURE EXCESS SAFETY TE EXPOSED CHILLED WATER LACK FILTER PRESSURE EXCESS HEATING TEMPERATURE EXCESS WARM WATER LACK OPERATING TEMPERATURE EXCESS LEAK TEST ALARM AIR DETECTOR ALARM GENERATOR HEATER ALARM WATER LEVEL LACK WATER LEVEL EXCESS SODA SOLUTION LACK STERILIZATION TIME SUSPENDED STERILIZATION TIME RESET PHASE STEP UTILIZED MANUAL EMERGENCY PLANT TE UNSERVICEABLE EMERGENCY COOLING TOO MUCH CONDENSE F(T,z) INTERPOLATED F(T,z) CALCULATION SUSPENDED BRIGHTENER LACK VACUUM PUMP ALARM WATER PUMP ALARM CIRCULATION WATER PUMP ALARM GENERATOR PUMP ALARM STERILE WATER PUMP ALARM DYE SOLUTION PUMP ALARM VENTILATOR ALARM ROTARY BASKET ALARM VP9 ALARM FILTER STERILIZATION VP ALARM VPZ ALARM SIDE 2 DOOR SYSTEM ALARM SIDE 1 DOOR SYSTEM ALARM AUXILIARY SERVICE ALARM JACKET TEMPERATURE EXCESS

Fedegari Autoclavi SpA

Type

C C C C N C P P C C CP P P C N N N N P P P P NP N N C P P C N P N C P P P NP NP N N N P P NP NP P C C C NC C C C CP C C C N N CP P

Opt. Q

P O N M L

16

15

14 13 12 11 10

r r r r

r r r r r r r r r r r r r r

gen r PG PG r r r PG PG r 2p x 2p x x x x x x x saf r PG x r x PG aird gen PG PG PG x x x x x PG x x x PG

gen sh2o

cr

r

r r r r r r r r r r r

2p x r j

Effects Delay I H G F E D C B A

R

r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r

9

8

r r

5

4

r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r

r

r

6

r r r r r r

r

r r r r r r

7

r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r

3

2

1

0 0 0 0 0 0 0 0 0 20 0 0 0 20 1 1 4 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10 10 10 10 10 10 10 10 20 20 20 2 2 0 0

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

Description

JACKET TEMPERATURE LACK JACKET HEATING STEAM INJECTION POOR READY TO START WATER STERILIZATION TEMPERATURE LACK EXTERNAL STEAM VP ALARM INTERNAL STEAM VP ALARM EXTERNAL COOLING VP ALARM INTERNAL COOLING VP ALARM CHAMBER AIR VP ALARM COMPRESSED AIR VP ALARM MAIN DRAIN VP ALARM WATER DRAIN VP ALARM CONDENSE DRAIN VP ALARM AUXILIARY STEAM VP ALARM UPPER VACUUM VP ALARM SPRAY WATER VP ALARM VP6 ALARM AUXILIARY VP ALARM PE UNSERVICEABLE SOLUTION LACK OK OPEN DOOR SIDE 2 OK OPEN DOOR SIDE 1 TE UNSERVICEABLE VP11 ALARM VP14 ALARM STEAM LACK ALL PLANT TE UNSERVICEABLE ALL PRODUCT TE UNSERVICEABLE REFERENCE RTD ERROR ALARM SILENCED CYCLE NOT EXECUTABLE CONDENSE IN CHAMBER FILTER TE UNSERVICEABLE WFI LACK SWITCH ON FILTER TEST COOLING RATE EXCESS FILTER PE UNSERVICEABLE PRINTER ERROR FILTER TEST PASSED FILTER TEST FAILED MAIN RELIEF VP ALARM VP15 ALARM VP17 ALARM VP18 ALARM VP19 ALARM VP20 ALARM VP38 ALARM VP61 ALARM VP69 ALARM VP86 ALARM VP333 ALARM VP334 ALARM STERILE WATER LOOP VP ALARM STAND-BY PE IN USE TYNDALLIZATION TIME SUSPENDED TYNDALLIZATION TIME RESET TYNDALLIZATION TEMPERATURE EXCESS TYNDALLIZATION TEMPERATURE LACK PHASE DURATION EXTENDED DETERGENT DOSE PUMP ALARM SILICONE DOSE PUMP ALARM SPECIAL ALARM No.124

Fedegari Autoclavi SpA

Type

P P P P N CP CP C C CP C CP C C CP C C CP CP N P N N N C C C N N N N CP P P CP P P P N P P CP C C C C C C C C C C C C N NP NP P P N C C CP

Page 43 / 128

Opt. Q

P O N M L

16

15

14 13 12 11 10

r

j j PG x sh2o

hp

Effects Delay I H G F E D C B A

R

r r r r r r r r r r r r r r r r

x PG 2p x x r r r x x rtd x r hp PG r filt PG PG prn filt filt r r r r r r r r r r r r r ridTP tyn tyn tyn

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

tyn x r r r

r r r

9

r r

r r

8

7

4

r r r r r r r r

r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r

r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r

r r r r r

r r r r r

r

r r

r r r r r r r r r r r r r r r r r

r

5

r r r r r r r r

r r r

r r

6

r

3

2

1

r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

0 0 0 0 0

r r r r r

r r r r r

20 20 20 20 20 20 30 20 20 20 20 20 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 30 20 20 20 20 20 20 20 20 20 20 20 20 0 0 0 0 0 0 10 10 0

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189

Description

SPECIAL ALARM No.125 SPECIAL ALARM No.126 SPECIAL ALARM No.127 SPECIAL ALARM No.128 CHAMBER TP UNSERVICEABLE UNLOAD DOOR INVERTED AUXILIARY VACUUM PUMP ALARM COOLING FLUID FEED VP ALARM COOLING FLUID RETURN VP ALARM HEATING TEMPERATURE LACK FLUID TANK LACK DEGASSER HEATER ALARM DEGASSER WATER LACK STEAM GENERATOR TE UNSERV. DEGASSER TE UNSERV. PV WATER LACK SCADA DISCONNECTED DATE AND TIME UPDATED BY DST DATE AND TIME UPDATED BY SNTP SNTP SERVER NOT AVAILABLE AUTOMATIC BACKUP FAILED FILTER MAINTENANCE EXPIRED SOFTWARE LICENCE NOT REGISTERED CONNECTION PROFIBUS ALARM SYSTEM WATCHDOG ALARM BLACK-OUT SILICONE RECIRCULATION PUMP AL VP87 ALARM INTERNAL SPRAY BAR VP ALARM INT.SPRAY BAR WFI FEEDING VP AL. HIGH CONDUCTIVITY ALARM TANK WFI FEEDING VP ALARM JACKET WATER LACK PLATES WATER LACK EXCHANGER WATER LACK PURE WATER LACK ADDITIVE LACK VENTILATOR ROTATION ALARM AIR FILTER INTERCEPTOR VP AL. MANUAL VALVE OPEN SPLIT VALVE POSITION ALARM UNLOADING CONNECTION ALARM BASKET MOTOR ALARM COMPRESSED AIR PS FAILURE STEAM PS FAILURE TAP WATER PS FAILURE COOLING WATER PS FAILURE WARM WATER PS FAILURE WFI WATER PS FAILURE JACKET COOLING PS FAILURE DOOR CLOSED SIDE 1 PS FAILURE DOOR CLOSED SIDE 2 PS FAILURE DOOR OPEN SIDE 1 PS FAILURE DOOR OPEN SIDE 2 PS FAILURE CLEAN STEAM LACK PLANT STEAM LACK PROCESS AIR LACK WFI LACK PURIFIED WATER LACK TAP WATER LACK CHILLED WATER LACK NITROGEN LACK UCS UTILITY RELEASE NOT AVAILABLE EXTERNAL RECORDER DISCONNECTED EXTERNAL PROBE UNSERVICEABLE

Fedegari Autoclavi SpA

Type

CP CP CP CP N N C C C P C C N N N C N N N N N NP N N N N C C C C CP C C C C C C C C C C C NC C C C C C C C C C C C N N N N N N N N N N N

Page 44 / 128

Opt. Q

P O N M L

16

15

14 13 12 11 10

r r r r

r r r r r

r r r

r r r r r r r

x 2p

PG deg deg gen deg

r r

r scada dst sntp sntp bak filtm x x x x

cr ridPS ridPS ridPS ridPS ridPS ridPS ridPS ridD ridD ridD ridD uty uty uty uty uty uty uty uty uty th4r th4r

Effects Delay I H G F E D C B A

R

r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

9

r

r r r

8

7

6

5

4

r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r

3

2

1

r r r r

r r r r r r r r r r r r r

r r r r r r r r

r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

0 0 0 0 0 0 10 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10 20 20 20 0 20 0 0 0 0 0 10 0 0 0 0 0 5 5 5 5 5 5 5 5 5 5 5 0 0 0 0 0 0 0 0 0 4 0

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 246 247 248 249 256 258 259 260 261 262 263 264

Description

Type

ANALOG COMPARISON ALARM 1 ANALOG COMPARISON ALARM 2 ANALOG COMPARISON ALARM 3 ANALOG COMPARISON ALARM 4 ANALOG COMPARISON ALARM 5 EXTERNAL RECORDER ALARM GENERIC ALARM 01 GENERIC ALARM 02 GENERIC ALARM 03 GENERIC ALARM 04 GENERIC ALARM 05 GENERIC ALARM 06 GENERIC ALARM 07 GENERIC ALARM 08 GENERIC ALARM 09 GENERIC ALARM 10 GENERIC ALARM 11 GENERIC ALARM 12 GENERIC ALARM 13 GENERIC ALARM 14 GENERIC ALARM 15 GENERIC ALARM 16 GENERIC ALARM 17 GENERIC ALARM 18 GENERIC ALARM 19 GENERIC ALARM 20 BASKET BRAKE ALARM FREE DISK SPACE ALERT TOO MANY LOG FILES AUDIT TRAIL TOO BIG SQL CONNECTION ALARM ADDITIVE 1 LACK ADDITIVE 2 LACK ADDITIVE 3 LACK BALANCE 1 UNSERVICEABLE BALANCE 2 UNSERVICEABLE BALANCE 3 UNSERVICEABLE REMOVE OLD HISTORIC DATA UNIFORMITY IN SPACE EXCEEDED UNIFORMITY IN TIME EXCEEDED STERILIZ. PRES.EXCESS STERILIZ. PRES. LACK EQUILIB.TIME CALCULATION START EQUILIB.TIME CALCULATION END EQUILIB.TIME EXCEEDED EQUILIB.TIME ALARM PRESSURE DIFFERENCE LOW LOADING HANDLING ALARM UNLOADING HANDLING ALARM CYLINDER ALARM PROFIBUS DISCONNECTED DOOR ALARM BY SAFETY PROXIMITY SPRAY NOZZLES FLOW ALARM F(T,z) MONIT. INTERPOLATED F(T,z) MONIT. CALC. SUSPEND. AUTOMATIC BACKUP DELAYED AUTOMATIC ARCH.MAINT. DELAYED AUTOMATIC ARCH.MAINT. FAILED

C C C C C N C C C C C C C C C C C C C C C C C C C C N N N N N P P P P P P N N N N N N N N N CP CP CP CP P N P NP NP N N N

Page 45 / 128

Opt.

comp comp comp comp comp th4r ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga cr hd hd hd sql PG PG PG PG PG PG hd TU TU PvSat PvSat ET ET ET ET mov mov mov prfb fs fows PG PG bak hdm hdm

Effects Delay I H G F E D C B A

R

Q

P O N M L

16

15

14 13 12 11 10

r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r

r r r r r r r r r r r r r r

9

r r r r

r

8

7

6

5

4

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r

3

2

1

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r

r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 10 0 0 0 0 5 0 5 5 0 0 0

Table 5 - Alarm strings / Effects / Delay for autoclave

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 46 / 128

The following legend explains the meaning of symbols used in the column Opt. of the table above: General function code option description Thema4 onfiguration applicable to all machine types x analog comparison alarm comp generic configuration alarm with ga customizable text thermal printer prn daylight saving time management dst hard disk status hd phase group enabled PG hard disk maintenance hdm Hardware options (functions that need additional hardware and TH4 configuration code option description Thema4 onfiguration HW1 two doors system parameter S11 == 2 2p HW2 jacket program parameter P13 == 1 j HW3 safety TEs safety TE are configured in TE list saf HW4 air detector program parameter P14 == 1 aird HW5 degasser system parameter S12.5 == 1 deg HW6 steam generator system parameter S12 == 1 gen HW7 filter test/WIT filter test or WIT P/Gs enabled filt HW8 rotating basket rotating basket P/Gs enabled cr HW9 TP for pressure redundancy TP2 (NLAI 26) is configured ridTP HW10 PS for utilities redundancy additional pressure switches for utilities ridPS are configured HW11 PS for doors redundancy additional pressure switches for doors are ridD configured HW12 h2o sterilizer system parameter S15 == 1 sh2o automatic loading/unloading system specific background P/G must be selected mov functional safety doors safety proximity must be installed fs reference RTDs rtd Factory options (functions that need to be enabled in the authorization file) code option description Thema4 onfiguration OPT.5 filter maintenance authorization parameters: filter filtm maintenance OPT.6 automatic backup authorization parameters: automatic bak backup OPT.10 utilities management authorization parameters: utilities uty management OPT.11 time synch.by SNTP authorization parameters: SNTP sntp management OPT.14 integration with TH4Recorder authorization parameters: TH4Recorder th4r OPT.2

SCADA integration through MODBUS serial protocol

authorization parameters: MODBUS serial

OPT.3

SCADA integration through OPC protocol

authorization parameters: OPC

OPT.15

SCADA integration through MODBUS ethernet

authorization parameters: MODBUS TCP/IP

sql

OPT.18

authorization parameters: SQL integration

TU

OPT.20

archives manag. by SQL access to an external database. Temperature Uniformity

PvSat

OPT.20

PV Control

ET

OPT.20

Equilibration time

scada

Fedegari Autoclavi SpA

Authorization parameter Golden Cycle package, program parameter G20 and G20.1 or G20.2 Authorization parameter Golden Cycle package and program parameter G21 Authorization parameter Golden Cycle package, program parameter G22 and G22.2 D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 prfb

OPT.23

profibus communication

Process options (functions that need specific P/G) code option description tyndallization tyn high pathogen hp

Page 47 / 128

Authorization parameter Profibus comunication Thema4 onfiguration tyndallization P/G is configured high pathogen P/Gs are configured

IMPORTANT NOTE If “Opt.” is empty, the alarm takes the applicability from “type”.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 48 / 128

Alarms Texts And Default Effects – Delay For Oven No.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 44 45 46 47 48 65 79 80 81 83 84 85 90 92 93 100 121 130 141 142 143

Description

OVERTEMPERATURE COMPRESSED AIR LACK TAP H2O LACK FAN 1 UNSERVICEABLE FAN 2 UNSERVICEABLE FAN 3 UNSERVICEABLE FAN 4 UNSERVICEABLE FAN 5 UNSERVICEABLE PRESSURIZATION FAN UNSERVICEABLE VENTILATION FAN UNSERVICEABLE PRODUCT TEMPERATURE EXCESS PRODUCT TEMPERATURE LACK ALL CONTROL TE UNSERVICEABLE OPERATING TEMPERATURE EXCESS STERILE DOOR OPEN NON STER. DOOR OPEN STERILE DOOR OPEN NON STER. DOOR OPEN STERILIZ. TEMP. EXCESS STERILIZ. TEMP. LACK CHAMBER PRESS. EXCESS CHAMBER PRESS. LACK PHASE TIME EXCESS PRODUCT TE1 UNSERVICEABLE PRODUCT TE2 UNSERVICEABLE PRODUCT TE3 UNSERVICEABLE PRODUCT TE4 UNSERVICEABLE PRODUCT TE UNSERVIC. PRECOOLING WATER LACK COOLING WATER LACK STERIL SIDE PRESSURE ANOMALOUS MOTOR ALARM INTAKE FILTER ALARM INTERNAL FILTER ALARM EXHAUST FILTER ALARM HEATER ALARM PHASE TIME SUSPENDED PHASE TIME RESET PHASE STEP UTILIZED EMERG. COOLING FORCED EMERGENCY COOLING STERIL SIDE TP UNSERVICEABLE FH RESET FAN SPEED ALARM SCR ALARM FT RESET STERILITY LOST READY TO START HIGH TEMPERATURE FOR TEST LEAK TEST ALARM CHAMBER TP UNSERV. OK OPEN STERILE DOOR OK OPEN NONSTER. DOOR CONTROL TE UNSERVICEABLE ALL PRODUCT TE UNSERV. ALARM SILENCED CYCLE IMPOSSIBLE PRINTER ERROR PHASE DURATION EXTENDED UNLOAD DOOR INVERTED SCADA DISCONNECTED DATE AND TIME UPDATED BY DST DATE AND TIME UPDATED BY SNTP

Fedegari Autoclavi SpA

Type

N C C C C C C C C C P P N C N N N N P P N N NP N N N N N C C N C C C C C N N N N N N N C C N N P P P N N N N N N CP N N N N N N

Opt. Q

P O N M L

16

15

14 13 12 11 10

x r r r r r r r r r PG PG x r 2p x 2p x PG PG

x t1 t2 t3 t4 t r r r r r r r x x x x x tp x r r x x PG PG x 2p x x x x x prn x 2p scada dst sntp

Effects Delay I H G F E D C B A

R

r

r r r r r r r r r r r r r r r r

9

r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

8

7

6

5

4

3

2

1

r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r

r r r r r r r r r

r r

r

r r r r

r r r r r r r r r r

r r r r r r r r r r r

r r r r r r r r r r r

r r r r r r r r r r r r r r r r

r r r r r r r r r r

0 10 10 2 2 2 2 2 2 2 0 0 0 2 1 1 1 1 0 0 30 30 0 0 0 0 0 0 10 10 10 0 0 0 0 2 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5 0 0

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

144 145 147 148 149 150 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 217 218 219 220 227 228 229 247 248 249 256 262 263 264

Description

Type

SNTP SERVER NOT AVAILABLE AUTOMATIC BACKUP FAILED SOFTWARE LICENCE NOT REGISTERED CONNECTION PROFIBUS ALARM SYSTEM WATCHDOG ALARM BLACKOUT EXTERNAL RECORDER DISCONNECTED EXTERNAL PROBE UNSERVICEABLE ANALOG COMPARISON ALARM 1 ANALOG COMPARISON ALARM 2 ANALOG COMPARISON ALARM 3 ANALOG COMPARISON ALARM 4 ANALOG COMPARISON ALARM 5 EXTERNAL RECORDER ALARM GENERIC ALARM 01 GENERIC ALARM 02 GENERIC ALARM 03 GENERIC ALARM 04 GENERIC ALARM 05 GENERIC ALARM 06 GENERIC ALARM 07 GENERIC ALARM 08 GENERIC ALARM 09 GENERIC ALARM 10 GENERIC ALARM 11 GENERIC ALARM 12 GENERIC ALARM 13 GENERIC ALARM 14 GENERIC ALARM 15 GENERIC ALARM 16 GENERIC ALARM 17 GENERIC ALARM 18 GENERIC ALARM 19 GENERIC ALARM 20 FREE DISK SPACE ALERT TOO MANY LOG FILES AUDIT TRAIL TOO BIG SQL CONNECTION ALARM REMOVE OLD HISTORIC DATA UNIFORMITY IN SPACE EXCEEDED UNIFORMITY IN TIME EXCEEDED LOADING HANDLING ALARM UNLOADING HANDLING ALARM CYLINDER ALARM PROFIBUS DISCONNECTED AUTOMATIC BACKUP DELAYED AUTOMATIC ARCH.MAINT. DELAYED AUTOMATIC ARCH.MAINT. FAILED

N N N N N N N N C C C C C N C C C C C C C C C C C C C C C C C C C C N N N N N N N CP CP CP P N N N

Page 49 / 128

Opt.

sntp bak x x x x th4r th4r comp comp comp comp comp th4r ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga hd hd hd sql hd TU TU mov mov mov prfb bak hdm hdm

Effects Delay I H G F E D C B A

R

Q

P O N M L

16

15

14 13 12 11 10

r r

r r r r r r r r r r r r r r r r r r r r r r r r r

r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r

r

9

8

7

6

5

4

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r

3

2

1

r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Table 6 - Alarm strings / Effects / Delay for oven

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 50 / 128

The following legend explains the meaning of symbols used in the column Opt. of the table above: General function code option description Thema4 onfiguration applicable to all machine types x analog comparison alarm comp generic configuration alarm with ga customizable text thermal printer prn daylight saving time management dst hard disk status hd all the product probe t product probe TE1 t1 product probe TE2 t2 product probe TE3 t3 product probe TE4 t4 internal transducer TP2 tp Phase group enabled PG Hard disk maintenance hdm Hardware options (functions that need additional hardware and TH4 configuration code option description Thema4 onfiguration HW1 two doors system parameter S11 == 2 2p automatic loading/unloading specific background P/G must be selected mov system Factory options (functions that need to be enabled in the authorization file) code option description Thema4 onfiguration OPT.6 automatic backup authorization parameters: automatic backup bak OPT.11 time synch.by SNTP authorization parameters: SNTP management sntp OPT.14 integration with TH4Recorder authorization parameters: TH4Recorder th4r

sql

OPT.18

TU

OPT.20

SCADA integration through MODBUS serial protocol SCADA integration through OPC protocol SCADA integration through MODBUS ethernet archives manag. by SQL access to an external database Temperature Uniformity

prfb

OPT.23

profibus communication

scada

OPT.2 OPT.3 OPT.15

authorization parameters: MODBUS serial authorization parameters: OPC authorization parameters: MODBUS TCP/IP authorization parameters: SQL integration Authorization parameter Golden Cycle package, program parameter G20 and G20.1 or G20.2 Authorization parameter Profibus comunication

IMPORTANT NOTE If “Opt.” is empty, the alarm takes the applicability from “type”.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 51 / 128

Alarms Texts And Default Effects – Delay For VHP No.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 64 65 66

Description

VEX ALARM VEA ALARM VEA1 ALARM ELECTRICAL HEAT EXCHANGER VHP PHASE TIME TOO FAST LOW FLOW EXPULSION LINE PASSBOX LOW PRESSURE PASSBOX HIGH PRESSURE TECH. AREA HIGH PRESSURE PASSBOX LOW HUMIDITY PASSBOX HIGH HUMIDITY TEC LOW TEMPERATURE TEC HIGH TEMPERATURE LOW PRES. COMPR. AIR LINE SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN VPD1 NOT OPEN VPD1 NOT CLOSED HEATERS LOW TEMPERATURE HEATERS HIGH TEMPERATURE PHASE TIME EXCESS TEE LOW TEMPERATURE TEE HIGH TEMPERATURE LOW PRESS.HEPA FILTER IN HIGH PRESS.HEPA FILTER IN LOW PRESS.HEPA FILTER OUT HIGH PRESS.HEPA FILTER OUT VPH1 NOT OPEN VPH1 NOT CLOSED VPHP NOT OPEN VPHP NOT CLOSED VPHP1 NOT OPEN VPHP1 NOT CLOSED VPVH NOT OPEN PHASE STEP UTILIZED MANUAL EMERGENCY SAX7 NOT OPEN SAX7 NOT CLOSED SAX9 NOT OPEN SAX9 NOT CLOSED SAX4 NOT OPEN SAX4 NOT CLOSED SAX1 NOT OPEN SAX1 NOT CLOSED SAX8 NOT OPEN SAX8 NOT CLOSED TEC UNSERCIVEABLE URC UNSERVICEABLE TEX UNSERVICEABLE TEE UNSERVICEABLE TPC UNSERVICEABLE TPF UNSERVICEABLE TPF1 UNSERVICEABLE SIDE 2 DOOR SYST. AL. SIDE 1 DOOR SYST. AL. TPT UNSERVICEABLE TPVEA UNSERVICEABLE TPD UNSERVICEABLE TECTA UNSERVICEABLE READY TO START TPFS UNSERVICEABLE

Fedegari Autoclavi SpA

Type

C C C C P N P P N P P P P NC N N N N C C N N NP P P P P P P C C C C C C C N N C C C C C C C C C C N N N N N N N N N N N N N P N

Opt. Q

P O N M L

16

15

14 13 12 11 10

r r r r

r r r r

r r r r r r r r r r r r r r

PG PG PG PG PG PG PG 2p x 2p x r r r r

r r r r

r r r r r r r

r r r r r r r

r r r r r r r r r r r r r r r

r r r r r r r r r r

r r r r r r r r r r

PG PG PG PG PG PG

x x

2p x

Effects Delay I H G F E D C B A

R

r r r r r r r r r r r r r r r r r r r r r r r

PG r

9

r

r r

r r

r r r r

8

7

6

5

4

3

2

1

r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r

r r r r

r r r r

r r r r r r r r r

r r r r r r r r r

r r r r

r r r r

r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r

r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r

r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r

r

r

D/O#221815.21- April 2014

10 10 10 10 0 60 60 30 30 0 0 0 0 20 1 1 4 4 20 20 0 0 0 0 0 60 30 60 30 20 20 20 20 20 20 20 0 0 20 20 20 20 20 20 20 20 20 20 10 10 10 10 10 10 10 2 2 10 10 10 10 0 10

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

67 68 69 70 71 72 73 74 75 76 77 78 79 80 83 84 86 87 92 93 100 104 105 106 107 108 109 110 111 112 113 121 130 141 142 143 144 145 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173

Description

TPC2 UNSERVICEABLE AIR FLOW RATE ALARM TEV UNSERVICEABLE TPFA UNSERVICEABLE TPFA1 UNSERVICEABLE TPFC1 UNSERVICEABLE CATALYST HEATING SYSTEM FAILURE VEC ALARM VPXA NOT CLOSED CONCENTRATION LOW DECONTAINATION FAILED LOW PRESS. FAS FILTER HIGH PRESS. FAS FILTER LEAK TEST ALARM OK OPEN DOR SIDE 2 OK OPEN DOOR SIDE 1 HPT1 UNSERVICEABLE HPT1 HEATING ALARM SILENCED CYCLE NOT EXECUTABLE PRINTER ERROR TPCI UNSERVICEABLE TPAX1 UNSERVIEABLE TEC1 UNSERVICEABLE URC1 UNSERVICEABLE TE020 UNSERVIEABLE TE022 UNSEVICEABLE PR020 UNSERVICEABLE FL UNSERVICEABLE TPVEC UNSERVICEABLE TPG UNSERVICEABLE PHASE DURATION EXTENDED UNLOAD DOOR INVERTED SCADA DISCONNECTED DATE AND TIME UPDATED BY DST DATE AND TIME UPDATED BY SNTP SNTP SERVER NOT AVAILABLE AUTOMATIC BACKUP FAILED SOFTWARE LICENCE NOT REGISTERED CONNECTION PROFIBUS ALARM SYSTEM WATCHDOG ALARM BLACK-OUT VEC2 ALARM SAX11 NOT OPEN SAX11 NOT CLOSED VPVH1 NOT OPEN VPHPI NOT OPEN SAX14 NOT OPEN SAX14 NOT CLOSED SAX18 NOT OPEN VPVCP1 NOT OPEN VPVR NOT OPEN VPCP NOT OPEN VPVMB NOT OPEN ISOLATOR LOW PRESSURE ISOLATOR HIGH PRESSURE TEC1 HIGH TEMPERATURE LOW PRESS. INT. FILT. ISOL. HIGH PRESS. INT. FILT. ISOL. LOW PRESS. INL. FILT. ISOL. HIGH PRESS. INL. FILT. ISOL. LOW PRESS. OUT. FILT. ISOL. HIGH PRESS. OUT. FILT. ISOL. H2O2 LACK HIGH CONC.H2O2 IN ISOLATOR

Fedegari Autoclavi SpA

Type

N P N N N N C C C P P P P P N N N N N CP N N N N N N N N N N N N N N N N N N N N N N C C C C C C C C C C C C P P P P P P P P P P P

Page 52 / 128

Opt. Q

P O N M L

16

15

14 13 12 11 10

r r r r r r PG PG PG PG PG 2p x STC STC x x prn STC STC STC STC FHP FHP FHP FHP FHP

r r

r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r

STC

r r r r r r r r r r r r r r r r

x 2p scada dst sntp sntp bak x x x x

STC STC STC STC STC STC STC STC STC

Effects Delay I H G F E D C B A

R

r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r

9

8

r r r

r r r r

r r r r r

r

7

6

5

4

3

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r

r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r

2

1

r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

D/O#221815.21- April 2014

10 10 10 10 10 10 10 10 5 0 0 10 10 0 0 0 10 10 0 0 0 10 10 10 10 10 10 10 10 10 10 0 0 5 0 0 0 0 0 0 0 0 10 10 10 10 10 10 10 10 10 10 10 10 60 30 0 10 10 10 10 10 10 0 0

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

174 175 176 177 178 179 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 217 218 219 220 227 236 237 238 239 240 241 242 243 244 245 247 248 249 250 251 252 253 254 255 256 257 262 263 264

Description

Type

ISOLATOR LOW HUMIDITY ISOLATOR HIGH HUMIDITY ISOLATOR DOOR SYST.AL. SLIDING DOOR SYST.AL. STERILITY TEST FAILED CIRCULATION WATER PUMP ALARM EXTERNAL RECORDER DISCONNECTED EXTERNAL PROBE UNSERVICEABLE ANALOG COMPARISON ALARM 1 ANALOG COMPARISON ALARM 2 ANALOG COMPARISON ALARM 3 ANALOG COMPARISON ALARM 4 ANALOG COMPARISON ALARM 5 EXTERNAL RECORDER ALARM GENERIC ALARM 01 GENERIC ALARM 02 GENERIC ALARM 03 GENERIC ALARM 04 GENERIC ALARM 05 GENERIC ALARM 06 GENERIC ALARM 07 GENERIC ALARM 08 GENERIC ALARM 09 GENERIC ALARM 10 GENERIC ALARM 11 GENERIC ALARM 12 GENERIC ALARM 13 GENERIC ALARM 14 GENERIC ALARM 15 GENERIC ALARM 16 GENERIC ALARM 17 GENERIC ALARM 18 GENERIC ALARM 19 GENERIC ALARM 20 FREE DISK SPACE ALERT TOO MANY LOG FILES AUDIT TRAIL TOO BIG SQL CONNECTION ALARM REMOVE OLD HISTORIC DATA HIGH CONCENTRATION H2O2 H2O2 RELEASED IN TECHNICAL AREA H2O2 GENERATOR ALARM VHP GENER.COMUNICATION AL. DESSICCANT CARTRIDGE LOW H2O2 CARTIDGE LOW HPT UNSERVICEABLE HPT HEATING HPTC UNSERVICEABLE HPTC HEATING LOADING HANDLING ALARM UNLOADING HANDLING ALARM CYLINDER ALARM HPTS1 UNSERVICEABLE HPTS1 HEATING HPTS2 UNSERVICEABLE HPTS2 HEATING H2O2 RELEASED ON SIDE 1 H2O2 RELEASED ON SIDE 2 PROFIBUS DISCONNECTED STERILITY LOST AUTOMATIC BACKUP DELAYED AUTOMATIC ARCH.MAINT. DELAYED AUTOMATIC ARCH.MAINT. FAILED

P P P P P C N N C C C C C N C C C C C C C C C C C C C C C C C C C C N N N N N P P N N N N N N N N CP CP CP N N N N N N P N N N N

Page 53 / 128

Opt. Q

P O N M L

16

15

14 13 12 11 10

STC STC STC STC STC r r th4r th4r comp comp comp comp comp th4r ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga hd hd hd sql hd PG PG

mov mov mov

prfb bak hdm hdm

Effects Delay I H G F E D C B A

R

r r r r r

r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r

9

8

7

6

5

4

r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r

3

r r r r r r

r r r r

2

1

r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

Table 7 - Alarm strings / Effects / Delay for VHP

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

0 0 2 2 0 10 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5 60 0 30 0 0 10 10 10 10 0 0 0 10 10 10 10 60 60 0 0 0 0 0

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 54 / 128

IMPORTANT NOTE To differentiate between HEATING and UNSERVICEABLE alarms related to Drager sensors (243, 244, 244, 245, 250, 251, 252 and 253) a configurable timeout is managed at startup and eventually after a blackout. Before this timeout expires the HEATING alarm is shown instead of the UNSERVICEABLE alarm, to account of the time needed for Drager sensors to warm-up after power-up. After the timeout expires, or if the alarm goes off before the timeout expires, then any other acitvation of the UNSERVICEABLE alarm won’t be replaced by the HEATING alarm. The timeout can be configured by means of a Special Parameter in the Configuration Menu.

The following legend explains the meaning of symbols used in the column Opt. of the table above: General function code option description Thema4 onfiguration applicable to all machine types x analog comparison alarm comp generic configuration alarm with ga customizable text thermal printer prn daylight saving time dst management hard disk status hd Phase group enabled PG Hard disk maintenance hdm Hardware options (functions that need additional hardware and TH4 configuration code option description Thema4 onfiguration HW1 two doors system parameter S26 == 2 2p automatic loading/unloading specific background P/G must be selected mov system Factory options (functions that need to be enabled in the authorization file) code option description Thema4 onfiguration OPT.6 automatic backup authorization parameters: automatic backup bak OPT.11 time synch.by SNTP authorization parameters: SNTP management sntp OPT.14 integration with TH4Recorder authorization parameters: TH4Recorder th4r scada

OPT.2 OPT.3 OPT.15

sql

OPT.18

prfb

OPT.23

SCADA integration through MODBUS serial protocol SCADA integration through OPC protocol SCADA integration through MODBUS ethernet archives manag. by SQL access to an external database profibus communication

authorization parameters: MODBUS serial authorization parameters: OPC authorization parameters: MODBUS TCP/IP authorization parameters: SQL integration Authorization parameter Profibus comunication

IMPORTANT NOTE If “Opt.” is empty, the alarm takes the applicability from “type”.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 55 / 128

Alarms Texts And Default Effects – Delay For DMD No.

1 2 4 5 7 8 9 10 11 12 13 15 16 17 18 19 20 21 22 23 26 27 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 58 59 61 62 63 65 80 83 84 92 93 100 121

Description

VEX6 ALARM VEA ALARM ELECTRICAL HEAT EXCHANGER NOFROST ELECTRICAL HEAT EXCHANGER PASSBOX LOW PRESSURE PASSBOX HIGH PRESSURE LOW CONCENTRATION PASSBOX LOW HUMIDITY PASSBOX HIGH HUMIDITY TEC LOW TEMPERATURE TEC HIGH TEMPERATURE SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN SIDE 2 DOOR OPEN SIDE 1 DOOR OPEN VPD1 NOT OPEN VPD1 NOT CLOSED VPD NOT OPEN VPD NOT CLOSED PHASE TIME EXCESS LOW PRESS.HEPA FILTER IN HIGH PRESS.HEPA FILTER IN VPD2 NOT OPEN VPD2 NOT CLOSED LOW PRESS. COMP. AIR FOR BIOCIDE HIGH PRESS. COMP. AIR FOR BIOCIDE LOW PRESS. COMP. AIR FOR NOZZLE HIGH PRESS. COMP. AIR FOR NOZZLE VPVH NOT OPEN QUANTITY IN TANK TOO LOW TANK IS NOT FILLING PHASE STEP UTILIZED MANUAL EMERGENCY SAX7 NOT OPEN SAX7 NOT CLOSED SAX9 NOT OPEN SAX9 NOT CLOSED SAX4 NOT OPEN SAX4 NOT CLOSED SAX NOT OPEN SAX NOT CLOSED SAX8 NOT OPEN SAX8 NOT CLOSED TEC UNSERCIVEABLE URC UNSERVICEABLE TEX1 UNSERVICEABLE URX1 UNSERVICEABLE TPC UNSERVICEABLE TPF UNSERVICEABLE SIDE 2 DOOR SYST. AL. SIDE 1 DOOR SYST. AL. TPD1 UNSERVICEABLE TPD UNSERVICEABLE WD1 UNSERVICEABLE READY TO START LEAK TEST ALARM OK OPEN DOR SIDE 2 OK OPEN DOOR SIDE 1 ALARM SILENCED CYCLE NOT EXECUTABLE PRINTER ERROR PHASE DURATION EXTENDED

Fedegari Autoclavi SpA

Type

Opt.

C C C C P P P P P P P N N N N C C C C NP P P C C P P P P C N P N N C C C C C C C C C C N N N N N N N N N N N P P N N N CP N N

Q

P O N M L

16

15

14 13 12 11 10

r r r r

r r r r

PG PG PG PG PG PG PG 2p x 2p x r r r r

r r r r

PG PG r r r r PG PG PG PG r r PG x x r r r r r r r r r r

r r r r r r r r r r

7

6

5

4

3

2

1

r r r r

r r r r

r r r r

r r r r

r r r r

r r r r

r r r r

r r r r

10 10 10 10

r r r r r r r

r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r

r r r r r r r

r r r r r r r

r r r r r r r r r r r r r r r r r r

r r r r r r

r r r r r r

r r r r r r r r r r r r r

r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

r r r r r r r

r r r r r r r r r r r r r r

30 30 10 10 10 10 10 1 1 4 4 5 5 5 5 0 10 10 5 5 5 5 5 5 5 0 20 0 0 30 30 30 30 30 30 30 30 30 30 10 10 10 10 10 10 2 2 10 10 10 0 0 0 0 0 0 0 0

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

2p x

x PG 2p X X x prn x

Effects Delay I H G F E D C B A

R

r

r r

r r

9

8

r r

r r r r r r

r

r r r r r r r r r r r

r r r r

r r r r r r r r r r r r r r

r r r r r r

r

r r

r r r r r r r r r r r r r r r r r r

r r

r r r r r r r r r r

r

r r r r r r r r r r r r

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2 No.

130 141 142 143 144 145 147 148 149 150 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 217 218 219 220 227 236 237 242 243 247 248 249 250 251 252 253 254 255 256 257 262 263 264

Description

Type

UNLOAD DOOR INVERTED SCADA DISCONNECTED DATE AND TIME UPDATED BY DST DATE AND TIME UPDATED BY SNTP SNTP SERVER NOT AVAILABLE AUTOMATIC BACKUP FAILED SOFTWARE LICENCE NOT REGISTERED CONNECTION PROFIBUS ALARM SYSTEM WATCHDOG ALARM BLACK-OUT EXTERNAL RECORDER DISCONNECTED EXTERNAL PROBE UNSERVICEABLE ANALOG COMPARISON ALARM 1 ANALOG COMPARISON ALARM 2 ANALOG COMPARISON ALARM 3 ANALOG COMPARISON ALARM 4 ANALOG COMPARISON ALARM 5 EXTERNAL RECORDER ALARM GENERIC ALARM 01 GENERIC ALARM 02 GENERIC ALARM 03 GENERIC ALARM 04 GENERIC ALARM 05 GENERIC ALARM 06 GENERIC ALARM 07 GENERIC ALARM 08 GENERIC ALARM 09 GENERIC ALARM 10 GENERIC ALARM 11 GENERIC ALARM 12 GENERIC ALARM 13 GENERIC ALARM 14 GENERIC ALARM 15 GENERIC ALARM 16 GENERIC ALARM 17 GENERIC ALARM 18 GENERIC ALARM 19 GENERIC ALARM 20 FREE DISK SPACE ALERT TOO MANY LOG FILES AUDIT TRAIL TOO BIG SQL CONNECTION ALARM REMOVE OLD HISTORIC DATA HIGH CONCENTRATION H2O2 H2O2 RELEASED IN AMBIENT HPT UNSERVICEABLE HPT HEATING LOADING HANDLING ALARM UNLOADING HANDLING ALARM CYLINDER ALARM HPTS1 UNSERVICEABLE HPTS1 HEATING HPTS2 UNSERVICEABLE HPTS2 HEATING H2O2 RELEASED ON SIDE 1 H2O2 RELEASED ON SIDE 2 PROFIBUS DISCONNECTED STERILITY LOST AUTOMATIC BACKUP DELAYED AUTOMATIC ARCH.MAINT. DELAYED AUTOMATIC ARCH.MAINT. FAILED

N N N N N N N N N N N N C C C C C N C C C C C C C C C C C C C C C C C C C C N N N N N P P N N CP CP CP N N N N N N P N N N N

Page 56 / 128

Opt.

2p scada dst sntp sntp bak x x x x th4r th4r comp comp comp comp comp th4r ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga ga hd hd hd sql hd PG PG

mov mov mov

prfb bak hdm hdm

Effects Delay I H G F E D C B A

R

Q

P O N M L

16

15

14 13 12 11 10

r r r r r

r r r r r

r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r r r r r r r r r r r r r r r

r r r r r r

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

9

r r r r

r r

8

7

6

5

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

4

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

3

2

1

r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r

0 5 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20 20 5 5 0 0 0 10 10 10 10 60 60 0 0 0 0 0

Table 8 - Alarm strings / Effects / Delay for DMD

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 57 / 128

IMPORTANT NOTE To differentiate between HEATING and UNSERVICEABLE alarms related to Drager sensors (243, 244, 244, 245, 250, 251, 252 and 253) a configurable timeout is managed at startup and eventually after a blackout. Before this timeout expires the HEATING alarm is shown instead of the UNSERVICEABLE alarm, to account of the time needed for Drager sensors to warm-up after power-up. After the timeout expires, or if the alarm goes off before the timeout expires, then any other acitvation of the UNSERVICEABLE alarm won’t be replaced by the HEATING alarm. The timeout can be configured by means of a Special Parameter in the Configuration Menu. The following legend explains the meaning of symbols used in the column Opt. of the table above: General function code option description Thema4 onfiguration applicable to all machine type x analog comparison alarm comp generic configuration alarm with ga customizable text thermal printer prn daylight saving time management dst hard disk status hd Phase group enabled PG Hard disk maintenance hdm Hardware options (functions that need additional hardware and TH4 configuration code option description Thema4 onfiguration HW1 two doors system parameter S26 == 2 2p automatic loading/unloading specific background P/G must be selected mov system Factory options (functions that need to be enabled in the authorization file) code option description Thema4 onfiguration OPT.6 automatic backup authorization parameters: automatic backup bak OPT.11 time synch.by SNTP authorization parameters: SNTP management sntp OPT.14 integration with TH4Recorder authorization parameters: TH4Recorder th4r scada

OPT.2 OPT.3 OPT.15

sql prfb

OPT.18 OPT.23

SCADA integration through MODBUS serial protocol SCADA integration through OPC protocol SCADA integration through MODBUS ethernet archives manag. by SQL access to an external database profibus communication

authorization parameters: MODBUS serial authorization parameters: OPC authorization parameters: MODBUS TCP/IP authorization parameters: SQL integration Authorization parameter Profibus comunication

IMPORTANT NOTE If “Opt.” is empty, the alarm takes the applicability from “type”.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 2

Page 58 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 3

Section 3

Page 59 / 128

THEMA4 CONTROL SYSTEM

3 DIALOGUE LANGUAGE

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 3

Page 60 / 128

The Thema4 controller contains all dialogue strings, stored in Italian and English, and also has memory space available for storing all dialogue strings in other languages. The customer can input a file in a language of his choice (or request it from Fedegari), which he can then use. A different language can be selected on every GUI. The Process Report is printed in the language used on the primary GUI (side 1 of sterilizer). The strings related to Causes and Solutions are managed only in three languages: English, Italian, and French. For other languages, English is always loaded. The “Change language” operation can be performed on every GUI at any time, except on the GUI of the primary Panel PC (Side 1), where it is disallowed during the execution of a cycle and during the printing of a Process Run Report. The process report is always generated and archived in the current language of the primary Panel PC at cycle start. All other archived data are displayed and printed by any connected GUI in the language used by the L1 Panel PC when these data are requested. Language change is an operation that can be enabled or not on each access code. Thema4 also supports non Latin languages through a mechanism that founds him on the codepage but able to produce Process Run Report and print screen in UNICODE format. At the start of the system, in base to the present languages, the codepage is determined. In the case is present only languages with Latin characters the codepage will be CP1252, in contrary case it will be the codepage of the only non Latin language (es: CP1251). The five standard languages are also supported when the codepage of the system is not Latin, in such case the following limitation is applied: only ASCII and CP152 characters that are present in the codepage of system can be printed; the non representable characters are replaced in press with question marks (?).

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 4

Section 4

Page 61 / 128

THEMA4 CONTROL SYSTEM

4 PASSWORDS 4.1 - ACCESS CODE CONFIGURATION 4.2 - ACCESS 4.3 - OPERATING MODES 4.4 - PASSWORD MODIFICATION 4.5 - ACTIVE CODE CONFIGURATION DISPLAY/PRINTOUT

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 4

Page 62 / 128

Virtually all operations allowed by means of the keyboard of the Thema4 controller require the input of an access code that consists of two parts: the ID Code, which is public, and the Password, which is secret. Operations allowed on the controller are not characterized by a hierarchical structure of access levels; rather, access to the various operations is associated with the individual codes when they are configured by the system administrator. The minimum number of characters for the Password is configurable from 2 to 19. In the case is enabled the remote authentication, such access codes are managed in an external system instead of Thema4.

4.1 ACCESS CODE CONFIGURATION This operation is possible only by using Administrator access codes. With this operation, an administrator can: • Display and print general information related to any Access code (even if that Access code is no longer enabled). • Enter a new Access code and associate a name with it; define its type; define the operations to which a specific User is enabled; and finally assign a temporary password to a user. • Remove any other Access code, or permanently disable access to the system for any code except for the code in use. • Re-enable any Access code expired or suspended. • Change some options of any enabled code, except for the code in use (i.e. the type of the code and the operations to which a specific User is enabled). • Set certain parameters related to passwords. • Define certain restrictions to which password setup must be subject. • Define whether a password must be reentered during a confirmation to save a modified file.

4.2 ACCESS At startup, the Thema4 application program does not allow access to operations except for operations for displaying the installed software and for entering access codes. Once enabled, an operator must open a “work session” in order to be able to access the operations for which he is authorized. If the option of remote authentication is enabled it is possible to select if the operation of login that he intends to effect is local (the operator is recorded in the database of Thema4) or remote (the operator is recorded on an external database what Microsoft Active Directory). During a work session, a specific operator can access the operations for which he has been enabled, and his name, residual period of validity and expiry date of his password are displayed in the heading of the displayed page. During the first startup, the Thema4 application program has a default access password.

4.3 OPERATING MODES By means of the initial default assignment (which can always be modified by the Administrator) of the functions enabled for the various professional roles, Thema4 has 4 different operating modes: - ADMINISTRATOR (A): allows assignment and management of accesses to the various users of the system; - SUPERVISOR (S): allows to define the operating parameters of the sterilizer and to compose and parameterize operating cycles and programs and to use the sterilizer; - MAINTAINER (M): includes all the operating modes that allow to perform maintenance and/or control, even of the “ON LINE” type, of various software functions and therefore of the operating and functional logic systems; - USER (U): allows to work with the machine, controlling it in safety, therefore from startup to cycle end, and to obtain from the machine the reports and/or messages confirming the successful outcome of activity. In the access configuration procedure, system administrator can configure these professional roles according to the needs of the organization.

4.4 PASSWORD MODIFICATION In “Change password”, any Thema4 operator is always able to modify and then update his password, which together with his ID code constitutes the personal access code, which as a whole is unique and secret.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 4

Page 63 / 128

4.5 ACTIVE CODE CONFIGURATION DISPLAY/PRINTOUT This operation allows an Administrator to generate documents that contain information related to the access codes at the time of a printout request. The resulting printout does not include information related to access codes that have been removed or otherwise disabled. Passwords are also not included because they are strictly personal and secret. The following information is provided: - Number of repeats (reuses) of one’s own previous password (1 to 99) - Number of password entry attempts accepted before the password is suspended (3 to 10) - Minimum number of password characters (2 to 19) - Maximum number of password characters (2 to 19) - Maximum accumulated time of actual use (in hours, 0 to 4000) - Expiry date of the code, if the password is not changed first (in days, 0 to 9999) Enabling of absolute password uniqueness: passwords must be different from all passwords in use and from removed passwords.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 4

Page 64 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Section 5

Page 65 / 128

THEMA4 CONTROL SYSTEM

5 LIST OF OPERATIONS 5.1 - OPERATING MENUS 5.1.1 - RUNS & OPERATIONS 5.1.2 - PROGRAM MANAGEMENT 5.1.3 - CYCLE MANAGEMENT 5.1.4 - SETUP & CONFIGURATION 5.1.5 - DIAGNOSE & MAINTENANCE 5.1.6 - LOG-IN & PASSWORDS 5.1.7 - ALARM & DATA LOGGING 5.1.8 - ON-LINE MANUALS

5.2 - OPERATIONS THAT ARE DISABLED DURING A CYCLE

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 66 / 128

The user communicates with the Thema4 controller by means of a touch-screen. To allow any operation on the field or any change to the stored data, the controller always requests a properly access operation (LOG-IN).

5.1 OPERATING MENUS

Figure 8 – Operating Menus After access (LOG-IN), the system displays all the functions of the GUI, divided into 8 main work areas, which correspond to the selectable functions of a main menu. 1. Runs & Operations 2. Program Management 3. Cycle Management 4. Setup & Configuration 5. Diagnose & Maintenance 6. Log-in & Passwords 7. Alarm & data logging 8. On-line manuals (only if enabled by Authorization file) By accessing each one of these areas, by means of suitable label buttons, it is possible to access the subfunctions of each area. The status bar, located in the upper part of the screen, always displays the following information: - The icons of all the GUIs connected to the system (i.e., with a work session open): the Primary client on Side 1 Panel PC (always present) and, if present, the “Secondary” and/or “Technical area” clients and the clients of the remote connected GUIs (one icon for each of these GUIs) - The data related to the user who opened the work session: “User name”, “Validity time” and “Expiration date” of his password. - The current date and time of the system - The Fedegari logo: if the logo is drawn raised as in the figure below then it is possible to activate\deactivate the Full Screen mode by touching it - The serial number of the sterilizer (if multiple GUIs are displayed on a PC for monitoring multiple sterilizers) The exact layout of the virtual keyboard depends from the codepage of system and from the selected language (“English (US)” keyboard is always present, see below).

Figure 9 – Virtual Keyboard

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 67 / 128

5.1.1 RUNS & OPERATIONS

Figure 10 – Run & Operations The “Runs & Operations” area gives access to the operations that allow to: 1. Monitor the status of the sterilizer. 2. Select and run programs that are present in the memory of Thema4. This operation is denied if a program is already running. In the program list, each line displays the following data for each program: number, name and description. If the barcode management is enabled there is also the list of 12 barcode that can be associated to the program. As in all the lists, the program can be selected by touching the corresponding line of the list or of the function tree, this only if the option “use only barcode reader to select a program” is not enabled. If it is enabled it is possible to select with the touch screen only programs that have no associated barcode. The list is not available if the session is not master. 3. Display the parameters of the program in progress. 4. Display the data of the process in progress (Process Summary). Through “Log-out Process Summary” push-button the User can close its work session. The “Process Summary” page remains displayed on Thema4 monitor but is not active (i.e. START, STOP and “Special buttons” are disabled) instead of “Fedegari Welcome” page. 5. Display the overview of the sterilizer analog I/O. 6. Display the alarms that have occurred during cycle execution. 7. Display the online Process Report of the cycle in progress. 8. Enabled/disable the “Special buttons” (i.e. “Phase Step”, “Phase Extension”, “Emergency” and “Unloading door” functions).

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 68 / 128

5.1.2 PROGRAM MANAGEMENT

Figure 11 – Program Management The “Program Management” area allows to access the operations that allow to: 1. Create new programs or derive them from other existing ones. 2. Delete programs. 3. Change the parameters of a program, i.e.: - The ID, name and description - The “General parameters”. These parameters are termed “general” because they are not linked to a single Phase Group (in this case they are termed “local” or “phase” parameters), but are used generally within the entire program. - The “Phase parameters”, i.e., parameters that are not used generally throughout the program but refer only to one or more of its phases that constitute a phase group. - The list of temperature probes used (for monitoring and product Pt100 probes). - The list of pressure transducer used (for display); for autoclave and oven only. - The list of probes used for programmable sensors - The PID parameters for process regulation. 4. Print program parameters. 5. Display program parameters 6. Display and modify Golden Cycle (only if OPT.20 is enabled in authorization file) 7. Display and modify Parametric release table (only if OPT.21 is enabled in authorization file)

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 69 / 128

5.1.3 CYCLE MANAGEMENT

Figure 12 – Cycle Management The “Cycle Management” area gives access to the operations that allow to: 1. Create new cycles from the library installed in the process controller. 2. Delete and edit cycles. 3. Display cycle data (list of phases and list of phase parameters). These functions are performed by means of the following menu items: 1. Cycle list 2. Phase groups List Of Cycles This function lists the configured cycles, from which the work programs can be derived. The following information is listed for each cycle: - ID : identification code, corresponding to the Fedegari cycle code - Name : name of the process performed by the cycle This list can be sorted by ID code or by Name by means of an appropriately provided button. Another button allows to access the new cycle creation function. From this page one can also access the new cycle creation function. The user needs to enter the “ID” and “Name” fields and to configure the cycle, loading, by means of a button, the P/Gs listed in the list of the installed library, in the order in which they must occur in the cycle. Another button allows to remove a selected P/G from the cycle being created. Confirmation to create is required at the end. If a generic existing Cycle “x” is selected, its data are displayed: the “ID“ and “Name” fields and the phase groups that constitute it. In this page, specific buttons allow to: - Modify certain data of the cycle: the “ID“ and “Name” fields - Delete the selected cycle - Copy the selected cycle to a new cycle

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 70 / 128

If a phase group “x” is selected from the displayed P/G (or the sub-functions are used), one gains access to the page that lists (in addition to its phase list) the parameter of the phase group (parameters V) with their values preset by Fedegari: - ID : number of the parameter - Description : name of the parameter - Min , Max : minimum and maximum values of the parameter - Default : preset value of the parameter. If the cycle copy button is selected, a new cycle is created which has the same P/Gs as the original cycle but has a different “ID“ and “Name” for cycle identification, which must be entered by the operator. If enabled, for machine type 1-autoclave that manages mixed processes at different maximum temperature (for example FOF and FOA), is possible to set in the cycle parameters summary the maximum temperature to use for the cycle execution.

Figure 13 – Set of maximum temperature in cycle parameters summary IMPORTANT NOTE The 2 different maximum temperature are set in the authorization file.

Phase Groups This function lists the Phase Groups available for cycle composition. The following are listed for each P/G: - ID : Fedegari identification number of the P/G - P/G Code : Fedegari identification code of the P/G - Phase list : list of phases that constitute the cycle Selecting a generic P/G “x” from the list (or using the sub-functions) gives access to the page that lists the phases that constitute the phase group and its parameters (parameters V) and their values preset by Fedegari.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 71 / 128

5.1.4 SETUP & CONFIGURATION

Figure 14 – Setup & Configuration The “Setup & Configuration” area gives access to the operations that allow to: 1. Factory parameters: Display the Factory Parameters of the sterilizer. 2. HW physical view: Change the Hardware physical configuration of the sterilizer. 3. Alarm configuration: Change the alarm configuration of the sterilizer. 4. System parameters: Modify the System Parameters of the sterilizer. These parameters belong neither to a single phase group nor to a program as a whole, but are used by the entire system constituted by the sterilization apparatus and the Thema4 controller. 5. Date/time setup: Set the date-time on the Process Controller. 6. Language setup: Change the language used on the GUI. 7. Software versions: Display the installed version of software. 8. Authorization parameters: Display the “Authorization parameters” (i.e. the station configuration, the option and the P/G list) 9. Remote GUI: configure the network settings and the printout manual or automatic at the end of cycle of the remote GUI in different format: A4, PDF or XML

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 72 / 128

Factory Parameters Factory parameters contain the factory settings of the sterilizer and they cannot be modifiable by the user. Factory parameter for autoclave

Figure 15 – Setup & Configuration: Factory Parameters for autoclave The Factory parameters for the autoclave are: 1. identification code (Serial Number); 2. Model; 3. Maximum Temperature of Sterilizer (which depend on the construction characteristics of the machine); 4. Maximum Pressure of Sterilizer (which depend on the construction characteristics of the machine).

Starting W39, for machine type 1 - Autoclave who belong to mixed typologies of machines that require to use different maximum temperature, the factory parameter 3 are replaced with parameters 3.1 – 3.4 tin order to define 2 different maximum temperatures and models to allow to the system to use these data to manage different processes.

Figure 16 – Setup & Configuration: Factory Parameters for autoclave with mixed processes

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 73 / 128

The Factory parameters for the autoclave are: 1. identification code (Serial Number); 2. Model; 3.1 Model 1 (referred to a specific typology, i.e. FOF); 3.2 Maximum Temperature of Sterilizer 1 (referred to a specific typology, i.e. FOF); 3.3 Model 2 (referred to a specific typology, i.e. FOA); 3.4 Maximum Temperature of Sterilizer 2 (referred to a specific typology, i.e. FOA); 4. Maximum Pressure of Sterilizer (which depend on the construction characteristics of the machine).

Factory parameter for oven

Figure 17 – Setup & Configuration: Factory Parameters for oven The Factory parameters for the oven are: identification code (Serial Number); Model; Maximum Temperature of Sterilizer (which depend on the construction characteristics of the machine); “Proportional Control” selected/deselected (which depend on the construction characteristics of the machine).

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 74 / 128

Factory parameter for VHP

Figure 18 – Setup & Configuration: Factory Parameters for VHP The Factory parameters for the VHP are: identification code (Serial Number). Model.

Factory parameter for DMD

Figure 19 – Setup & Configuration: Factory Parameters for DMD The Factory parameters for the DMD are: identification code (Serial Number). Model.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 75 / 128

Hardware Physical View

Figure 20 – Setup & Configuration: HW physical view The “HW physical view” allows to configure the “Equipment”, i.e., the series of modules of analog and digital Inputs/Outputs that are used by the control system to interface with the field. One or more items of equipment can be configured on a system and are connected to each other and to the primary Panel PC (Side 1) by means of a connection that uses a field bus. Each item of Equipment, chosen among the ones available in a library (different models of different manufacturers), is composed of a series of Input and Output “Modules”, chosen from a library of modules that belong to the chosen item of equipment.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 76 / 128

Alarm Configuration

Figure 21 – Setup & Configuration: Alarm Configuration This function allows to configure the alarms of the system. As described in 2.6.4 it is possible to activate two formalities of visualization: - filtered (as default), correspondent to the key "Hide Unused" pressed; - not filtered, correspondent to the key "Hide Unused" released. In the filtered formality only the alarms indeed in use in the system are proposed: - the alarms of nucleus filtered in base to the parameters of the system; - the alarms of phase filtered in base to the available P/Gs; - the configuration alarms indeed programmed. It is necessary to notice that in the filtered formality it is not possible to insert new configuration alarms, and that the proposed list can vary if the parameters of the machine are changed (for instance if the parameters of system are modified). In the formality not filtered all the alarms of the process controller are proposed. The following data are managed for each alarm. The modifiable data are in bold. AN : Alarm number Type : alarm type (C, N, P or mixed) Dett : icon displaying whether a type alarm has been configured. Description : Alarm name Delay : delay at activation: 0.0-999.0 Effect : decimal coding of alarm effects

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 77 / 128

System Parameters

Figure 22 – Setup & Configuration: System Parameters System parameters allow to define settings required for the operation of the machine which are independent of the type of program to be run. These parameters have been divided into groups according to the following structure that can be navigated: Details about system parameters are listed in the following table. System Parameters 1 X X X

General Parameters Door configuration Steam generator (with Degasser if installed) Tank Fill management SCADA parameters X Printer configuration X Recorder parameters X WIT parameters X Barcode parameters X SNTP parameters X Daylight Saving X Localization X External SQL database X H2O2 Transducer H2O2 Generator Standby Management Background management X Program Status management X Table 9 – System parameters

Fedegari Autoclavi SpA

Machine type 2 3 X X X X

X X X

X X X

X X X X X

X X X X X X X X X X

X X

4 X X X X X X X X X X X X X X X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 78 / 128

Date/Time Setting This function allows to set the Date and Time of the control system in the following format (as configured in the operation “System Parameters / Units and formats”): - DATE. :DD/MM/YY - TIME :hh:mm:ss or - DATE. :MM/DD/YY - TIME :hh:mm:ss or - DATE. :YYYY/MM/DD - TIME :hh:mm:ss Where: DD = number of day, MM = number of month, YY = number of year, hh = number of hour, mm = number of minutes, ss = number of seconds. If the SNTP management is enabled it is not possible to set manually Date and Time. Language Setting This function allows to set the language of the operator interface on which one is working, by selecting one of the languages available in the list. Language change is instantaneous. The user can customize and install another language, the “CUSTOM” language, only if the optional function “Custom language” is enabled at factory level. Customized language files, which hold Thema4 System text, must be prepared by the user in a specific manner, by respecting the structure, following a specific procedure. The language of the archived process report is always the same selected on the “primary” interface, moreover in the process report is identified the language and language files that generated it. Software Version This function allows to display the software versions installed in the control system. The software of the control system is composed of Fedegari application programs, some of which include commercial programs (operating systems). No.

Code

Name

Description

1

PCS

Kernel of the control SW

2

LIB

3

GUI

4

FECP

5

OS

Process Control System Phase Groups Library Graphic User Interface Fedegari External Communication Protocol Operating System

6

BROM

7

Jworks

where xx y z kk

Fedegari Bootrom Procedure Java Works

Application provider Fedegari

Library of the P/Gs of the Fedegari control SW Operator graphical interface Fedegari

Version code T4PCS

xx.y.kk

T4LIB

xx.y.kk

T4GUI

xx.y.kk

Fedegari communication protocol

Fedegari

T4FECP xx.y.kk

Real Time operating system, including VxWorks (Wind River) Fedegari boot application

Fedegari (Wind River)

T4OS

xx.z.kk

Fedegari

T4ROM

xx.z.kk

JAVA libraries for VxWorks Wind River Table 10 – Th4ma4 software components

x.x.kk (*)

: two-digit number which identifies the version : letter which identifies the update : letter which identifies the model of Panel PC for which it has been generated : two-digit number that identify the subversion, if not present it is implicitly 00 (patch)

(*) x.x uses two numbers, one for the version and one for the update.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 79 / 128

Authorization Parameters This function allows to display the authorization parameters that are active in the control system, in other words the optional functions enabled in the system. These parameters relate to configurable options, such as: Station configuration: options related to stations enabled Options: general options P/G List: options related to P/G enabled Details about authorization parameters are listed in the following table Authorization Parameters Station configuration

Primary station (IP address) Secondary station (IP address) Maintenance station (IP address) Subnet mask Remote GUI enabling (IP address) General options SCADA communication options enabling OPT.2- Modbus enabling OPT.3- OPC enabling OPT.15- Modbus TCP/IP enabling External devices/recorders integration enabling OPT.1- Recorder Yokogawa enabling OPT.14- TH4Recorder enabling OPT.19- Recorder Eurotherm Chessel enabling Network services integration options OPT.10- Utilities management enabling OPT.11- SNTP enabling OPT.16- Remote authentication enabling OPT.18- External SQL database enabling Additional functions options OPT.4- Retained Alarms enabling OPT.6- Automatic Backup enabling OPT.7- Online manuals enabling OPT.8- Custom language enabling OPT.9- Advanced air detector enabling OPT.12- Barcode Reader enabling OPT.13- Custom Temperature Limit enabling Lower limit for “Minimum Sterilization temperature Lower limit for “Reference T for F(T,z) calculation Lower limit for “F(T,z) calculation lower temperature OPT.17- Thema4 EL enabling OPT.20- Golden Cycle Package enabling OPT.21- Parametric Release table enabling OPT.22- Electronic signature enabling OPT.23- Profibus connection enabling OPT.24- Program Status Management enabling OPT.25- Customer Documentation enabling OPT.26- Animated P&ID Other functions TH4Log enabling Steam generator enabling WIT enabling Software license status Options related to List of enabled P/Gs P/G enabled List of disabled P/Gs List of P/G enabled but not in library Table 11 – Authorization parameters

Fedegari Autoclavi SpA

1 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X

Machine type 2 3 X X X X X X X X X X X X X X X X X X X X X X X X X X

4 X X X X X X X X X X X X X

X X

X X

X X

X X X X

X X X X

X X X X

X

X

X

X X X X X X X X

X X X X X X X X

X X X X X X X X

X

X

X

X X X X

X X X X

X X X X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 80 / 128

These options can’t be modified by the graphical user interface. Only for station IP addresses it is possible to alter them by using the “Configuration Menu”, with the operation “Station Configuration”. For every other parameter the value is imposed at factory and can be applied to the system by using the “Configuration Menu”, with the operation “Authorization Management”. Through the authorization file it's possible to define what languages to configure: only the configured and installed languages will be displayed and can be selectable from the costumer. Remote GUI This function allows to print automatically from the remote GUI at the end of the cycle, if the remote GUI is available for the that particular system configuration. It’s also possible to export the “Process Report” in “pdf” or in “xml” fomat.

Figure 23 – Remote GUI

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 81 / 128

5.1.5 DIAGNOSE & MAINTENANCE

Figure 24 – Diagnose & Maintenance The “diagnose & maintenance” area gives access to the operations that allow to perform the main maintenance activities of the machine. The details about “Diagnose & Maintenance” functions are listed in the following table. Diagnose & Maintenance Function Description Hardware physical view Force the status of digital output channels Logical view Display the status of the digital input/output channels (“ON” or “OFF” status) and analog channels Calibration Calibrate the analog input channels Maintenance Plan Program the maintenance schedule planned for the sterilizer Filter Maintenance Program the maintenance schedule planned for the air filter (only for autoclave) VHP Maintenance Provide the visualization of all STERIS generator status parameters PG Background Provide the visualization of the states of the background synoptic P/G Back-up & Restore Execute the Backup (manual or automatic)/Restore data. Archive conversion Export the Thema4 data, current or archived, in “PDF” format (only for Remote GUI application) Test Execute the filter Test (only for oven) Hard disk status Copy the historic data from the “archives” area to the “hidden” area and vice versa Table 12 – Diagnose & maintenance functions

Fedegari Autoclavi SpA

1 X X X X

Machine type 2 3 X X X X X X

4 X X

X X

X X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X X

X

X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 82 / 128

Hardware Physical View This function allows to diagnose the configured input/output channels by accessing their physical visualization. By selecting the individual available items of Equipment, it is in fact possible to view the status of the channels on the digital modules and the sent and acquired values of the channels on the analog modules. Selecting an individual module allows to view its configuration in addition to the status of the individual channels. The displayed data depend on the type of module and are listed in the following tables: Module type Digital inputs Digital outputs

Data Ch Name Value NL1 NL2 NL3 Ch Name Value NL1 NL2 NL3 NLA NLB Table 13 – Diagnostic data of channels in digital modules

Module type Analog inputs Analog outputs

Data Ch Name Type Value Ch Name Type Value Table 14 – Diagnostic data of channels in analog modules

NC NC

NL NL

where the meaning of the fields is the same one given in the configuration function and the Value fields depends on the type of channel, as follows: digital channels : an icon that displays the state of the physical channel (OFF if it not energized, ON if it is energized) analog input channels : the value of the pressure (Pascal) or temperature (°Cx100) analog output channels : the value of the current (mA x100) Logical View

Figure 25 – Diagnose & Maintenance: IO Logical view This function allows to diagnose the configured input/output channels, sorted by Logic Number and grouped by channel type: - digital inputs - digital outputs - analog inputs - analog outputs - Animated P&ID

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 83 / 128

By selecting each one of these groups it is possible to view not only the state of the individual channels but also their configuration. The displayed data depend on the type that is selected. Among the analog inputs, are present also the analog inputs of the external probes, configured in the TH4Recorder. It’s possible to easily distinguish them from the logical number in blue color. Module type Digital inputs Digital outputs Analog inputs Analog outputs

Data Type NL1 Name Value Type NL1 Name NLA NLB Value Type NL Name Value Type NL Name Value Table 15 – Diagnostic data of channels by type

NC NC

Autodiagnosis Of Analog And Digital Outputs This function allows to enable, disable and force the analog and digital output channels, both in the physical view function and in the logical view function. When forcing is enabled, the forcing button is displayed for each digital output channel. This button is initially deactivated (OFF state). If it is activated (ON state), it energizes the channel.

Figure 26 – Diagnose & Maintenance: autodiagnose of Digital output For analog output channels, a field for entering a forcing value from 400 to 2000 (mAx100) is displayed.

Figure 27 – Diagnose & Maintenance: autodiagnose of analog output

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 84 / 128

Animated P&ID This function allows to see the logical view and the IO directly on P&ID scheme in real time.

Figure 28 – Diagnose & Maintenance: Animated P&ID Out of cycle, by the “Enable force” button it’s possible to perform the autodiagnose of the outputs. This button is initially deactivated (OFF state). If it is activated (ON state), it energizes the channel.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 85 / 128

Calibration

Figure 29 – Diagnose & Maintenance: Calibration This function allows to perform calibration operations on the analog input channels of the system: Pt100 temperature probes and pressure transducers. When selected, the list of the channels of the analog inputs configured in the system Equipment is displayed, listing the following data for each channel: - Type : Type of analog channel - NL : Logic number associated with the channel - Name : Name of NL - Direct : analog value read on the channel before applying calibration - Calibrated : analog value read on the channel after applying calibration - Points : number of points on which calibration is performed (2-3) Access to these data is in display-only mode; by selecting each channel is possible to edit the Reference values in order to perform the calibration.

Figure 30 – Diagnose & Maintenance: Details of calibration

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 86 / 128

Maintenance Plan

Figure 31 – Diagnose & Maintenance: Maintenance Plan This function reports on maintenance scheduling, which is divided into a maximum of 10 classes. When the “Maintenance Schedule” function is selected, the list of configured maintenance classes is displayed. The following information is reported for each class: - Class : Progressive number of configured class (0 to 9) - Last : Date of last maintenance performed on that class or of the programming of that class - Next : Date of next maintenance performed on that class. - Executed : Number of cycles run from the date of the last maintenance - Remaining : Number of cycles remaining before the class expires - Execute : Button for performing a maintenance class, which displays the status of the class: expired or awaiting expiry. When selected, it displays temporarily the OK maintenance status and resumes waiting for the expiry of the next maintenance.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 87 / 128

Filter Maintenance (only for autoclave)

Figure 32 – Diagnose & Maintenance: Filter Maintenance This functionality is enabled only if explicitly enabled by authorization parameters. In this function the planning of the maintenance is divided in two classes: - sterilization filter started; - sterilization filter with sterilization ok. Selecting the function "Plain of Maintenance filter", the data are displayed related to the number of sterilizations filter started and to the number of sterilizations filter finished with success. For both following information are brought: - Class : sterilizations filter started and sterilization filter with sterilization ok; - Executed : Number of the cycles performed from the date of last maintenance; - Remaining : Number of the remaining cycles before the expiration of the class; - Status : It display the state of the class, expired or waiting for expiration. The button “reset” allows to reset to zero the “Class” values.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 88 / 128

PG Background Synoptic 1-5

Figure 33 – Diagnose & Maintenance: P/G background This function, if enabled, allows to enable the management of background P/Gs and select up to 5 background P/Gs which will be executing continuously independently from the main cycle. This parameter can be set only if this option is enabled within authorization parameters and if supported by the P/G library installed. In according to the machine type (autoclave, oven , FCDV or FCDM) the Graphical User Interface displayed different synoptic that depend to the phase group enabled and selected in the system parameters.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 89 / 128

VHP Maintenance (only for VHP) This functionality is visible only if machine is type 3.

Figure 34 – Diagnose & Maintenance: VHP Maintenance This function provide the visualization of all Steris generator status parameter: VHP Current Cycle information: VHP ready to start Cycle activated Cycle aborted Cycle completed VHP phase number Current phase time Phase target time

: if ON, indicates that the VHP is ready to start a cycle : if ON, indicates that there is a cycle in progress : if ON, indicates that the current cycle has been aborted : if ON, indicates that the cycle has been completed : indicates the number of the phase in progress on VHP : indicates the current phase time on VHP in format 00:00 min. : indicates the target of current phase time on VHP in format 00:00 min.

VHP Status: VHP cycle counter H2O2 cartridge level Dryer cartridge level

: indicates the progressive number of the cycles VHP : indicates the level of H2O2 cartridge : indicates the level of Dryer cartridge

VHP Internal Diagnostic: Return air temperature Return air %RH Return air absolute humidity -

Generator airflow Vaporizer temperature Preheater temperature

Fedegari Autoclavi SpA

: indicates the temperature for the return on air of VHP : indicates the % of humidity for the return on air of VHP : indicates the absolute humidity in mg/l for the return on air of VHP : indicates the amount of airflow in cmh for the generator of VHP : indicates the temperature of Vaporizer of VHP : Indicates the temperature of the Preheater of VHP

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 90 / 128

Tank Filling Management Maintenance (only for DMD) This functionality is visible only if machine is type 4.

Figure 35 – Diagnose & Maintenance: VHP Maintenance This function provide the visualization of the tank filling management: VHP Current Cycle information: Min : indicates the minimum level of the tank Max : indicates the maximum level of the tank WD1 : indicates the current level of the tank With the buttons START/STOP is possible to start/stop the filling of the tank.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 91 / 128

Backup & Restore With this function the user with the proper privileges can manage the backup and restore of the electronic records managed by the system. The back up and the restore function can be performed on floppy disks or on a remote PC by FTP protocol or on USB disk-on-keys or USB hard disks connected to the USB port of the Side 1 Panel PC. The data classes that can be selected are: Configuration: configuration of the process controller, with the assignment of digital and analog I/O and with the data specified in “setup & configuration” Cycles Programmes Maintenance Access management Audit trail Process reports State machine Alarms System diagnose Backup Jobs The backup procedure requires to define some preconfigured backup data (named job) to be recalled when needed (if “manual”) or to run periodically when time expires (if “automatic”). It is possible to program until to 10 job that can be “manual” or “automatic”. The “automatic” backup is enabled only if explicitly enabled by authorization parameters. The backup can be performed for the current data or for the archived ones (if applicable). In the case of the backup or restore carried out on a remote PC the user has to specify the IP address of the remote PC, the initial directory where he or she intends to perform the back up or the restore, and the USER ID and Password to access to the FTP server tool installed in the remote PC. The operator can choose to backup the data using the “file format” or the “ZIP format” (much better). An example of the backup page is reported below.

Figure 36 – Back-up page

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 92 / 128

Archive Conversion (Only For Remote GUI)

Figure 37 – Diagnose & Maintenance: Archive conversion With this function the user with the proper privileges can export the electronic records managed by the system. The “Archive conversion” can be performed for the current data or for the archived ones (if applicable). The operator can choose to export the data in “PDF” or in “CSV” or in “TXT” or in “XML” format. At the moment only “PDF” format is implemented. The selected data are stored in the “\export” directory, where is the path where is installed the “Remote GUI” program. WARNING!! the conversion of the files doesn't have the purpose to furnish GMP documentation.

WARNING!! in the case of the Process Run Report the PDF file produced is the copy of the recorded raw data during the cycle, they come to miss, therefore: heading and numeration pages, graphs and summary of alarms. To get complete Process Run Report to use the functionality of press to end cycle or reprint selecting a printer PDF. Test (only for oven) These operations activate a series of digital outputs to allow the testing of the filters of the sterilizer.

Figure 38 – Test page

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 93 / 128

Hard Disk Status

Figure 39 – Diagnose & Maintenance: Hard Disk Status This function allows to display the state of the hard disk, which contains the archive's files and to manage the move the files archived from and for the section "hidden. Maintenance HD Parameters This function allows to plan the following parameters of HD maintenance: - threshold of alarm for number excessive of process report; - threshold of alarm dimension excessive file of audit trail; - threshold of alarm file of file too much old. - Automatic archive management - Time for automatic archive management (HH:MM) The value of the "threshold of alarm for free space on insufficient disk" it derives from the authorization and he's not included therefore in this management. The listed parameters are subject to control CFR21. If the parameter Automatic archive management is enabled, it’s possible to set the system to perform the archive maintenance procedure of the data category that exceed the threshold indicated automatically when the time set is reached. If there is a cycle in progress at time set, the operation is postponed at the end of the cycle. Management Files This function shows a chart of detail of the threads of file divided in section "operational" and section "hidden". For every category of data filed show the number of file and the space occupied by them for both the sections.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 94 / 128

5.1.6 LOG-IN & PASSWORDS The “Log-in & Passwords” area gives access to the operations that allow to: 1. Display the list of logged session 2. Display and change the General login data 3. Display the list of configured Logins, together with their characteristics. 4. Configure new Access codes. 5. Change one's own Password. 6. Release or take the MASTER control of the system. 7. Shutdown the system It includes the following sub-functions: Log-ins status Log-data Password configuration Change password Log-In status

Figure 40 – Log-in & Passwords: Log-in status The Log-In status displays the list of logged session in the system with the following informations: Type: indicates the type of unit logged in: - Primary: panel PC side 1 - Secondary: panel PC side 2 - Maintenance: Panel PC in technical area (side 3) - Remote n: remote station n Access: indicates if the session is master or not User name: User name of the logged session Log-in time: date and time of login

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 95 / 128

Log-In data

Figure 41 – Log-in & Passwords: Log-in data The Log-In data displays a summary of login parameters grouped in the following sub-functions: General Log-in data Profile management Remote authentication Segnature configuration IMPORTANT NOTE Only an Administrator can change these parameters.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 96 / 128

General Log-In data

Figure 42 – Log-in & Passwords: General Log-in data This function allows all users to view/print the parameters that define the operating conditions of the access codes: Number of repeats (reuses) of one’s own previous password (1 to 99) Number of password input attempts accepted before password is suspended (3 to 10) Minimum number of password characters (2 to 19) Maximum number of password characters (2 to 19) Time limit for accumulated actual use (0 to 4000 hours) Expiry date of code if the password is not modified (0 to 9999 days) Inactivity time before to perform an automatic logout Enabling of absolute password uniqueness: passwords must be different from all passwords in use and from removed passwords. Values of “Validity time”, below this limit generate a warning to the user. Values of “Expiration date”, below this limit generate a warning to the user. Enabling the automatic change of the password’s code when the password is expired.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 97 / 128

Profile management

Figure 43 – Log-in & Passwords: Profile management The Profile management displays a summary of login profiles grouped in the following sub-functions: Default profile (see 4.3): ADMINISTRATOR SUPERVISOR USER MAINTENANCE Custom profile

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 98 / 128

Remote authentication

Figure 44 – Log-in & Passwords: Remote authentication This function allows to enable and set/view/ print the parameters referred to OPT.16 Remote authentication: Key distribution center: the DNS name of the Windows computer that hold the Microsoft Active Directory Server Domain: the domain name of the network where is the DSN DNS IP Address: IP address of DNS computer User: SID number of default “USER” group defined in the Active Directory Supervisor: SID number of default “SUPERVISOR” group defined in the Active Directory Maintenance: SID number of default “MAINTENANCE” group defined in the Active Directory Administrator: SID number of default “ADMINISTRATOR” group defined in the Active Directory Custom group n: SID number of custom group defined in the Active Directory

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 99 / 128

Signature configuration

Figure 45 – Log-in & Passwords: Signature configuration This function allows to set/view and print the signature configuration used by the system: Enable Author signature: insert the “OPERATOR’S SIGNATURE” string in the process report Enable Reviewer signature: insert the “SUPERVISOR’S SIGNATURE” string in the process report Enable Approver signature: insert the “Q.A. SIGNATURE” string in the process report Process Report Signature: enables the management of electronic signature in the process reports Parametric Signature: enables the management of electronic signature in the parameters management Cycle Button Signature: enables the management of electronic signature in the Cycle Button management

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 100 / 128

Password configuration

Figure 46 – Log-in & Passwords: Password Configuration This function can be accessed only by Administrators and allows to create, delete, suspend and re-enable an access code. Allows to change some password options (i.e. the password type and the operations enabled for the selected code) but only for the enabled code, except the administrator code in use.

Figure 47 – Log-in & Passwords: Password Configuration \ New login Also, this function allows also to view/print all the configured enabled and disabled (user) access codes and their data.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 101 / 128

5.1.7 ALARM & DATA LOGGING

Figure 48 – Alarm & Data logging “Alarm & Data Logging” gives access to the operations that allow to: 1. Display and print the history list of alarms that have occurred. 2. Display and print the executed Process Reports 3. Display and print the Historic data 4. Display and print the ”Audit trail” file. Alarm History This function allows display/printout of all the alarms issued by the system, in their various states: activation, deactivation and acknowledgment.

Figure 49 – Alarm history

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 102 / 128

Process Report History

Figure 50 – Alarm & Data logging: Process Report This function allows display/printout of all executed process reports grouped in 2 different class: Current report: includes the process report waiting for signature or that have not yet been completely signed Archived Report: the process reports that have been signed When all signatures have been done, the process reports in moved from the “Current” to “Archived” report automatically.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 103 / 128

Data History

Figure 51 – Alarm & Data logging: Historic Data This function allows display/printout of the archived configuration data of the machine, grouped as follows: - Alarm Configuration - Configuration alarm - Alarm Definition - HW I/Of Configuration - Full I/O Config. - D/IN Config. - D/OUT Config. - A/IN Config. - A/OUT Config. - Scale factor config. (analog channels) - Maintenance - Filter Maintenance - HD maintenance - Backup Jobs - Calibration - Parameters - Factory parameters - System Parameters - Programs - Cycles - Golden cycle - Parametric Release archive - Access configuration (only for Administrator password) - User global archive - Access management The “Complete archive list” function displays all the archived files by archiving date and time and allows to select them directly. Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 104 / 128

Audit Report

Figure 52 – Alarm & Data logging: Audit Report This function allows display/printout of the “Audit Trail” report generated automatically by the system, in order to track all changes made to electronically archived system data (including process reports generated by the execution of a program on the sterilizer), in compliance with the requirements of the CFR21p11 rule, clearly indicating the author of the change and the time when it was performed. The information in the Audit Trail pages are grouped by the date of the registration (year and month). Moreover the user can create a personal view of the Audit trail data.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 105 / 128

5.1.8 ON-LINE MANUALS The eighth work area, “On-line manuals”, allows to access the system operations manual, which is divided into chapters and is written in the HTML electronic format. The “On line Manual” is the an optional function and can be enabled by the authorization file. If the option is not present the work area can’t be accessed. If the option is present but the manual is not installed the area can be accessed and shows a message to tell the user that manuals are not present. If the manual is installed it is possible to browse it.

Figure 53 – On-line manuals If On line Manuals are enabled the work area can be accessed by every login registered in the system. The Summary of the Chapters lists chapters present in the manual up to the third level. The same chapters are also reported in the navigation tree on the left as labels. Pages look up is simplified by some context buttons that allows to: -



-



-



Home: step back to Summary of Chapter Previous page: step to the previous page, if it belongs to another chapter it refresh the selected chapter in the navigation tree on the left. Next page: step to the next page, if it belongs to another chapter it refresh the selected chapter in the navigation tree on the left. Previous chapter: step to the previous level 1 chapter. Next chapter: step to the next level 1 chapter.

When a page is selected it is possible to display its content reduced in size in the work area: because dimensions are small this is just a preview. By activating the full-screen function the page is displayed in the work area enlarged: this is the visualization option advised to read the manual. From W34, the Thema4 User Manual is is composed of three documents, with different contents: - User Manual 1/General : common to all machine types - User Manual 2/Navigator : common to all machine types - User Manual 3/Machine type X : specific for each machine type where X : 1 = Autoclave, 2 = Oven, 3 = VHP, 4 = DMD While the documents UM 1 and UM 2 are shared from all machine types, the UM 3 is specific for each type machine.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 5

Page 106 / 128

5.2 OPERATIONS THAT ARE DISABLED DURING A CYCLE Some operations are considered to be incompatible with the control of the sterilizer that is required during a cycle: therefore, depending on the situation, access to these operations is prevented, or these operations remain accessible only for browsing and any attempt to modify the stored data is prevented. These operations are: Program execution. Reprint data of executed cycles. Modify configuration data. Modify system parameters Change date-time of process controller. Change language of the GUI. Digital/Analog output diagnosis. Analog input channel calibration. Backup/Restore data. Archive conversion (only for Remote GUI application) Copy files from or to “hidden” area

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 6

Section 6

Page 107 / 128

THEMA4 CONTROL SYSTEM

6 PROGRAM EXECUTION 6.1 - TIME CALCULATION 6.2 - PROCESS SUMMARY 6.3 - PROCESS REPORT

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 6

Page 108 / 128

6.1 TIME CALCULATION “Progressive program time” or “progressive cycle time” is calculated from the moment when the START button has been effective or the cycle has automatically started the phase that follows the preparation phase. This time is updated continuously during a cycle until the cycle end phase begins and freezes the time count. The value of this time is reset when a new cycle is started. “Progressive phase time” is the time "tp" recalculated from zero every time a phase begins or restarts after it has been interrupted, up to the moment when the phase ends either because the end phase conditions indicated in the Phase Group data sheet have been met or forced advancement has been executed, if possible, by means of the Phase Step button. The “total phase time” is the time "ttp" accumulated from the first start of a phase or the programmed repetition of a phase, without taking into account any interruptions. “Actual sterilization time” is the lowest of the values calculated separately for each product probe starting from the beginning of the sterilization phase of a program, adding the time intervals during which each individual probe detects a temperature that is not lower than the minimum sterilization temperature. This time is applied only in the two cases of time-controlled sterilization.

6.2 PROCESS SUMMARY During program execution, the screen displays the following: 1. “Program data”, i.e., the number and the name of the program in progress and the progressive number of the phase in progress together with its name. Moreover, if a sterilization program is in progress, the programmed value of the minimum sterilization temperature is displayed. 2. “Phase data”, i.e., the “targets” of the main process variables (temperature / pressure / time), which in most cases correspond to the parameters that control the phase end conditions. The actual values of the main process variables are displayed below these parameters. The progressive phase time and the actual “equivalent time” (only in case of F0 and Fh sterilization) are also displayed. 3. “Progressive program time”. 4. The Alarms occurred during the execution of the program. 5. The diagram of the Pressure and the Temperatures measured by the probes selected as “monitored” probes. The values of these probes are listed next to the diagram and are associated with their various plot lines, in different colors.

6.3 PROCESS REPORT The Process Report of Thema4 consists of a set of data required to document the executed program. All Process Reports are stored in files that cannot be modified (the system checks their integrity), and can be displayed and reprinted. Process Reports can also be printed during the execution of the program, but only on the onboard thermal printer (online printout). In this case it is possible to select, by means of certain system parameters, whether to print or not, or print fully or in digest form, parts of the Report. The parts into which one can consider the Process Report to be divided are listed hereafter and are sorted into three groups: Cycle identification data, which contain the basic information regarding the program to be run; Program run data, which document the behavior of the process by recording its significant variables (time, TE, F(T,z), phases in progress); Final cycle data, which contain the essential information that documents the run that has just ended.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 6

Page 109 / 128

Identification data of cycle in execution 1 2 2.1 2.2 2.3 2.4 2.5 2.6 2.7

Program identification data Cycle parameters General parameters Phase list Phase/Groups (local) parameters TP table TE table Probe table PID parameters

1 X X X X X X X X X

Machine type 2 3 X X X X X X X X X X X X X X X X

1 X X X

Machine type 2 3 X X X X X X

Program run data 3 3.1

Process data Phase data • • • • • •

Phase Heading Process data: “initial” (recorded exactly when the phase begins) and “subsequent” (recorded for all phase duration with a defined “sampling time”) Alarms messages (if present, for alarms with effect of ”logging in report”) Blackout messages (if present) P/Gs extra data strings Phase final data

Final data Program final data • • • • • • •

4.2 4.3

Alarm summary Parametric release final data (optional – OPT.20/21) • • • • • • •

4.4

General final data Process final data (depending on the process executed: machine type and program) Door opening permission final data Critical alarms final data (if any) Golden Cycle result (optional – OPT.20) Parametric Release result (optional – OPT.21) Acceptance Request (optional – OPT.20/21)

Golden Cycle data (OPT.20) Golden Cycle definition Golden Cycle Analitical report Parametric Release data (OPT.21) Parametric Release table Parametric Release report Cycle Acceptance (OPT.20/21)

Graphic charts • • • •

Temperature/Time chart Pressure/Time chart Humidity/Time chart Other graphic

Fedegari Autoclavi SpA

X X

4 X X X

X

X

X

X

X X X X

X X X X

X X X X

X X X X

Final data of run cycle 4 4.1

4 X X X X X

1 X X X

Machine type 2 3 X X X X X X

4 X X X

X

X

X

X

X X X X X X X X X X X X X X X X X

X X X X X X X X X X X X X X X X X

X X

X X

X X X X

X X X X

X X X X X X

X X X X X X

X

X

X X

X X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 6

4.5

Pressure exchanger Leak Test (for type 2 only) • • • •

4.6

X X X X X

Leak Test result Test duration Negative pressure variation Positive pressure variation

Chamber leak test program (for type 3/4 only) • • • •

4.7

Page 110 / 128

Leak Test result Test duration Negative pressure variation Positive pressure variation

Signature headings • • •

Operator’s signature Supervisor’s signature QA Signature

Fedegari Autoclavi SpA

X X X X

X X X X

X X X

X X X

X X X X

X X X X

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 7

Section 7

Page 111 / 128

THEMA4 CONTROL SYSTEM

7 PRINTOUT MANAGEMENT 7.1 - PRINTERS USED BY THEMA4 7.2 - ARCHIVED AND PRINTED DATA 7.3 - “PROCESS REPORT” PRINTOUT 7.3.1 - AUTOMATIC OR MANUAL PRINTOUT 7.3.2 - REDUCED OR NORMAL PRINTOUT FORMAT

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 7

Page 112 / 128

7.1 PRINTERS USED BY THEMA4 Before presenting the details of printout management, it is necessary to make a distinction between the two different printers that can be used on Thema4: the onboard printer and the remote printer. •

Onboard printer: this is a 112mm thermal printer installed on the sterilizer. Printouts on the onboard printer are managed directly by the PCS software of the Server Panel PC (which runs with the VxWorks operating system) and can be activated only from the Panel PCs on the sterilizer. THEMA4 can have a single onboard printer, which is the one shown in the hardware configuration of Thema4. This printer operates with the “Seiko” protocol (the same protocol used by the Seiko LPT 5442 printer).



Remote printer: this printer can be managed only by means of a remote GUI of Thema4, which runs on the Windows operating system. The printer can be connected directly to the LPT port of the PC on which the remote GUI is installed or can be networked by means of an Ethernet link. In any case, every remote GUI can send data for printout on any printer that is connected and configured in the Windows operating system (by means of the appropriate driver).

Both printers are optional and their use must be configured. This is done in the System parameters for the onboard printer and in the printer management section of Windows for the remote printer.

7.2 ARCHIVED AND PRINTED DATA It is necessary to make a distinction between the two families of data that are archived in the memories of Thema4 by the PCS and can be displayed and printed: “process reports” and “sterilizer data”. • Process reports Process reports are the recordings, produced automatically by the PCS, in the memories of the Server Panel PC, of the data produced by the execution of a program (for testing or sterilization) of the machine. These data, at the end of the execution of the program, are archived in a non-modifiable file and can be displayed on any connected GUI and sent for printout on request. The PCS software stores these files in a fixed format (please refer to the “Program Execution” chapter) and in the language selected on the GUI interface installed on the primary Panel PC, checking their integrity. The rate at which the process data of the phases of the executed program are archived is fixed at 10 sec. However, during recording, “marking” is performed on the data selected according to the printout rates derived from the Phase Groups, by means of a multiplier (provided in some P/Gs) of the fixed archiving time. This allows to print the archived process reports in various formats. • Sterilizer data There are two types of sterilizer data: parameters and records: Parameters Parameters are groups of data that can be set and grouped by type (parameters of the machine, of the accesses, of the cycles, of the stored programs, of the P/Gs, et cetera..) and stored in files, required for the operation of the sterilizer. Every time changes are made to parameters, the new values are archived in a file with a new version. The PCS software PCS stores these files in a fixed format that is independent of the language selected in the GUI. This is why each GUI displays and prints these parameters in its own language. Moreover, as occurs for process reports, the PCS checks the integrity of these files every time it accesses them. The GUI displays in the various “work areas” the current version of these data. The archive with all the previous versions, listed by date and time, is in the “ALARM & DATA LOGGING” area, where it is possible to select a file for display and printout. Records The records collect all the significant events (“alarms” and “audit trails”) that must be acquired and stored for correct system management.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 7

Page 113 / 128

Some of these records (e.g. the “audit trail”) are archived continuously and permanently in a single file whose integrity is constantly checked by the PCS. Others (such as the “active alarm” list) are stored only temporarily in the RAM memory of the primary Panel PC and are therefore lost at system shutdown (in this case one does not speak of electronically archived data). The printouts of all these data are of the “manual” type, since they always require an operator selection.

7.3 “PROCESS REPORT” PRINTOUT 7.3.1 AUTOMATIC OR MANUAL PRINTOUT “Process reports” can be printed in two ways: automatically, during or at the end of the cycle (automatic printing), or at the operator’s request (“manual” printing). • Automatic printing Automatic printing of process reports is of two types: on-line or end-of-cycle. Automatic printing is termed “on-line” if it is performed gradually during the cycle. This type of printing is possible only on the onboard printer and is not derived from a previously archived electronic record but from the data received during execution, which are stored but not yet archived (archiving occurs at the end of the cycle). In this case, the printout is identified by the wording “automatic printing” (AUT) and the heading of the report only provides the identification of the user who launched the cycle. Automatic printing is instead termed “end-of-cycle” only if it is performed automatically at the end of the cycle after archiving the process data. This printout is possible only on the remote printer. In this case, the “automatic printing” request must be configured in the “print preferences” of the GUI. In this case, the printout is identified by the wording “automatic printout” (AUT) and the heading of the report includes, in addition to the identification of the user who launched the cycle, the identification of the user who has a work session in progress (if a work session is open). • Manual printing Manual printing is a printout of process reports generated at the operator’s request. This printout is possible both on the onboard printer and on the remote printer by manually selecting the process report to be printed (Alarms & Data Logging function) and is derived from a previously archived electronic record (log file). In this case, the printout is identified by the wording “manual printout” MAN, and the heading of the report includes, in addition to the identification of the user who launched the cycle, the identification of the user who requested the printout (date and Public Name).

7.3.2 REDUCED OR NORMAL PRINTOUT FORMAT “Process reports” can be printed in two different formats: • Reduced: using the process data printing rate derived from the Phase Groups. • Extended: using the process data printing rate equal to the archiving time (10 sec). The format of the printout is identified by the wording Reduced (RED) /Extended (EXT) in the heading of the printout report. On-line automatic printing is always a terse printout. Printouts generated from an archived file, automatic printouts at end of cycle and manual printouts can be in terse or verbose format depending on specific parameters. These parameters also allow to enable or disable the printing of parts of the process report: initial data, final data, T and P charts, sterilization charts and alarm summary.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 7

Page 114 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 8

Section 8

Page 115 / 128

THEMA4 CONTROL SYSTEM

8 BLACKOUT 8.1 - BLACKOUT MANAGEMENT 8.1.1 - BLACKOUT DETECTION 8.1.2 - BLACKOUT MANIFESTATION 8.1.3 - BLACKOUT PROCEDURE

8.2 - STERILIZATION TIME ELAPSED DURING A BLACKOUT 8.3 - TREATMENT TIME ELAPSED DURING A BLACKOUT

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 8

Page 116 / 128

8.1 BLACKOUT MANAGEMENT If electric power fails while the THEMA4 process controller is switched on, the Side 1 Panel PC remains active in this condition, since it is powered by the UPS system. When the main power supply returns after the blackout, the screen always shows the last page displayed before the interruption.

8.1.1 BLACKOUT DETECTION The blackout condition is detected by the Side 1 Panel PC by means of a digital signal which comes from the electrical system of the machine. This digital signal can be acquired in two ways by means of a digital input, configured appropriately among the ones available in the PLC I/Os (TH4_HW-PLC I/O), or by means of the digital input that is present on the bus connection PCI card by means of a Field bus (TH4_HW-I/O BOARD_P). Use of the digital input available on the bus card is the standard solution.

8.1.2 BLACKOUT MANIFESTATION At a blackout detection, the control software displays the Blackout page where it is not possible any operator activity. To report this event, at the end of the blackout the control software release the alarm messages Al150BLACK-OUT to all connected operator stations (local and remote), and activates the blackout management procedure. IMPORTANT NOTE In order to allow stabilization of the reading of the analog channels, the end of a blackout for the controller is postponed by 15 seconds with respect to the physical end of the blackout. In case, due to hardware tolerances, this delay is not enough for stabilization of analog inputs, it can be increased using “Configuration Menu” by setting the special parameter “Blackout recovery time” in “Special operations”.

8.1.3 BLACKOUT PROCEDURE The Side 1 Panel PC remains active (thanks to the UPS) even if the electric power supply fails during a cycle, but the cycle in practice is interrupted, since the connected machine would no longer be able to perform the instructions that arrive from the controller and would not be able to supply information regarding its own status. If a blackout happens during the execution of a cycle, when the main power supply returns, the cycle resumes with last phase displayed before the interruption or with the Emergency phase (only if the alarm A150-BLACK-OUT is configured with effect Eff.3I- Alarm that causes emergency. IMPORTANT NOTE If the blackout duration is over the “power time” consented by UPS, Thema4 control system switches off and reset all its activites. The effects of the blackout on the execution mode of a program depends on the Machine Type. Blackout management for machine type 1 and 2 The blackout management during a cycle depends on the blackout duration and on the program General parameter MAX BLACKOUT TIME (see UM/3 – Ch.1): Program parameter G7 (for machine Type 1 Program parameter G10 (for machine Type 2). Blackout management for machine type 3 and 4 In this case the alarm A150-BLACK-OUT is configured with effect Eff.3I- Alarm that causes emergency (see UM/1 – Ch.5) and after a blackout the the cycle always steps to the Emergency phase, that is a final recovery phase before the End cycle. (See Cycle execution general flow for machine Type 2-4 in subsection 2.4.2). IMPORTANT NOTE For a machine types 3 and 4, the effect of a blackout on a cycle is always the cycle stop, that steps to emergency recovery phase and next to the End cycle phase.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 8

Page 117 / 128

8.2 STERILIZATION TIME ELAPSED DURING A BLACKOUT If a blackout has occurred during the time-controlled sterilization phase, the controller performs a linear interpolation between the last temperature value read before power failed and the first value read after power is restored, in order to quantify the time elapsed at values over and under the minimum sterilization temperature.

8.3 TREATMENT TIME ELAPSED DURING A BLACKOUT If a blackout has occurred during the time-controlled treatment phase, the “treatment time” calculation is resumed, starting from the last stored value, provided that it has not be reset to 0. This happens if the power failure duration has exceeded the value of program parameters “Max. off time: t, FH” and/or “Max. off time: FT”.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 8

Page 118 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 9

Section 9

Page 119 / 128

THEMA4 CONTROL SYSTEM

9 DOOR MANAGEMENT 9.1 - DOOR MANAGEMENT OF AUTOCLAVE 9.1.1 - DOOR OPENING CRITERIA 9.1.2 - CRITERIA FOR MOVING MOTORIZED DOORS

9.2 - DOOR MANAGEMENT OF OVEN 9.2.1 - LOADING AND UNLOADING OPERATIONS

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 9

Page 120 / 128

9.1 DOOR MANAGEMENT OF AUTOCLAVE The doors (one or two) of an autoclave are almost always of the motorized type, either sliding (fully automatic) or hinged (semiautomatic), although the hinged type can also be actuated entirely manually. A localized panel for each door of the sterilizer allows to operate the door and to display the fundamental information regarding the status of the sterilizer.

9.1.1 DOOR OPENING CRITERIA From the software standpoint, the possibility to open a door is regulated by the presence of a clearance that depends both on process conditions and on safety requirements. Safety requirements are generally duplicated also by purely electrical means (hard-wired safeties). The presence of the clearance to open is indicated to the operator by a message displayed on the screen (OK OPEN DOOR SIDE 1, OK OPEN DOOR SIDE 2), and by the condition of the corresponding LEDs on the quick display panel. If process conditions or safety requirements are not met temporarily, a door that one attempts to open remains closed and locked regardless of any attempt to open it. The Thema4 process controller identifies the status of the doors by means of digital input logic numbers. The doors are termed by convention "Side 1 door", which is often directed toward the non-sterile area and is used as loading door, and "Side 2 door", which is often directed toward the sterile area and is used as unloading door. When a cycle is not in progress, if a door is open a message is displayed (SIDE 1 DOOR OPEN or SIDE 2 DOOR OPEN). If instead a door is open after the cycle has actually begun, the “door open” messages indicate a severe anomaly and the system automatically enters an emergency phase. Process Conditions For Door Opening To be able to open a door, two general process conditions must be met: • no cycle must be in progress; • the absolute pressure of the chamber must be close to the atmospheric pressure. For autoclaves having a single door, the above conditions are the only process conditions. if the autoclave has two doors, these conditions are required in order to be able to open a door, but clearance and choice of the door depend also on the values of the auxiliary system parameters "Initial door", "Protection level door 1" and "Protection level door 2” and on the value that the general parameter "Doors opening sequence" has in the program that has been run or is about to be run. Safety Requirements For Door Opening Even when clearance to open a door is compatible with the process conditions, it is temporarily denied if even just one of the following safety requirements is not met. • The relative pressure in the autoclave chamber measured by safety differential pressure gauge PRS must be lower than 50 mbar. • The gas detector NOGAS must not detect any residual presence of sterilizing gases (for example ethylene oxide, formalin) inside the chamber (if configured). • The liquid sensor HLS, installed in some model FOF autoclaves, must not detect the presence of liquid inside the chamber. • The liquid sensor SELA, installed in model FOF and FOA autoclaves, must not detect the presence of liquid inside the chamber. • The liquid sensor RL3W, installed in model FOW autoclaves, must not detect the presence of enough liquid to cause overflow at the door if the door is opened. • The temperature measured by the thermostat TESIC must be lower than the safety value for the product about to be unloaded (if required). All the requirements described above are of the “inherently safe” type, in that an operating fault of the field sensor or of its electrical connection to Thema4 would simulate a risk situation and would prevent door opening.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 9

Page 121 / 128

9.1.2 CRITERIA FOR MOVING MOTORIZED DOORS The movements for closing-locking and for releasing-opening all the motorized doors comply with the following basic criteria •

• • • • • • •

No closure movement can be performed if the digital channel for the safety signal is not excited. These NLIDs are connected either to a photocell, in order to detect the presence of any obstacles along the path of a sliding door, or to a proximity switch, in order to check that a semiautomatic hinged door has been rotated into the closed position and that its control bar has been made to advance toward the switch. The door closure button must be kept pressed throughout the closure movement. If the closure button is released during the closure movement or if the safety clearance is no longer given, the direction of motion of the door is reversed automatically. The opening button must be pressed in order to start release and opening, but it can then be released. From the point of view of process conditions for authorizing the opening of a door, the opposite door must to be closed. A door is considered to be open as soon as it has been unlocked (“open” push button pushed), even if it is still in the closed position. At the end of a program, the unloading door is considered to have been opened only if it has reached the fully open position, i.e., if the input channel connected to the opening stroke limit proximity switch has been energized. The digital output that controls the door motors (in both directions of motion) is deactivated immediately if the corresponding digital input is configured but not excited while the digital output is active. The return of the input channel to the excited state does not automatically reactivate the output. In the case of a black-out occurs during the moving of a door, this stays frozen up to the return of the feeding. In such case the movement takes back to the pressure of the button of opening or closing door. If the black-out happens when the door is closing it's necessary to release the button and push it a second time for the command to be accepted.

Door System Alarms The following six abnormal conditions cause activation of alarms no. 58 or 59. • The upper limit pressure gauge signal is present and the closure limit switch signal is not present: this means that the seat of the locking gasket of a door is pressurized, although the door is not in a fully closed position. • The upper limit pressure gauge signal is present and the opening limit switch signal is also present: this means that the seat of the locking gasket of a door is still pressurized, although the door is in a fully open position. • The lower limit pressure gauge signal is not present and the closure limit switch signal is not present: this means that the seat of the locking gasket of a door has not yet depressurized, although the door is not in a fully closed position. • The lower limit pressure gauge signal is not present and the signal of the opening limit switch is present: this means that the seat of the locking gasket of a door has not yet depressurized, although the door is in a fully open position. • The lower limit pressure gauge signal is present and the upper limit pressure gauge signal is present: this would mean that the seat of the locking gasket of a door is simultaneously depressurized and pressurized. • The opening limit switch signal is present and the closing limit switch signal is present: this would mean that a door is simultaneously in a fully open position and a fully closed position. If one of these abnormal conditions occurs while a door motor is in operation, the motor is stopped immediately and does not restart automatically after restoring normal conditions: a new command is required to restart it.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 9

Page 122 / 128

9.2 DOOR MANAGEMENT OF OVEN Logical permission to open the doors of the sterilizer is given according to the operating status of the system according to the following rules: • no door is unlocked at power-on • when a program starts the status of the digital inputs of the doors is checked. The following cases may occur: 1. if no door is open, the non sterile door is unlocked 2. if the non sterile door is open, the signal "NON STER.DOOR OPEN" is issued 3. if the sterile door is open, the signal "STERILE DOOR OPEN" is issued • the program can start only if the unlocked door is closed and locked • one of the doors is unlocked at the end of the program, with the following logic criteria: 1. if the treatment has been unsuccessful, the non sterile door is unlocked 2. if the treatment has been successful and the parameter "Unload from non sterile side" is set to 0, the sterile door is unlocked 3. if the treatment has been successful and the parameter "Unload from non sterile side" is set to 1, the non sterile door is unlocked 4. if the treatment has been successful and the "Unloading Door Inversion" routine has been applied, the non sterile door is unlocked • the program ends when the unlocked door is opened. • during the operations of the sterilizer, the interlock devices are automatically deactivated and it is therefore impossible to open the doors until the end of the cycle. It is in any case impossible to open the doors if the temperature inside the sterilizer exceeds the value set on the digital thermometer located on the front panel of the non sterile side. This temperature can be set by pressing the "SET" button and then pressing the "UP" or "DOWN" buttons as required

9.2.1 LOADING AND UNLOADING OPERATIONS Loading • If the sterilizer has been switched off with the sterile door open, close this door and press the locking button located on the front panel to allow to unlock the non sterile door. (This operation is reccomended in any case before switching off the sterilizer after a work cycle). • In the non sterile area press the door green button to open the door. • Load the sterilizer. • Close the door and keep the door red button pressed to allow door locking. • Press the button to allow the locking of the door. (The preparation phase begins) • The "READY TO START" message is displayed. Unloading Depending on the setting of the parameters and on the result of the treatment: In the sterile area: • Press the green button to open the door. • As soon as the door is opened the cycle end phase ends and the pressurization fan switches off. • Unload the sterilizer. • Close the door and keep the green button pressed to allow door closure. • Press the locking button to allow the locking of the door and the opening of the non sterile door. In the non sterile area: • The cycle end phase automatically ends. • Press the green button to open the door. • Unload the sterilizer.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 10

Section 10

Page 123 / 128

THEMA4 CONTROL SYSTEM

10 EXTERNAL RECORDERS MANAGEMENT 10.1 - TYPE 1 INTEGRATION 10.2 - TYPE 2 INTEGRATION 10.2.1 - TYPE 2A INTEGRATION 10.2.2 - TYPE 2B INTEGRATION

10.3 - TYPE 3 INTEGRATION 10.4 - TYPE 4 INTEGRATION 10.4.1 - TYPE “TH4 RECORDER” INTEGRATION

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 10

Page 124 / 128

Thema 4 controller can be connected with external recorders with different integration levels depending on the possibilities of the recorder itself. Three levels are indicated: 1. Recorder Start/Stop synchronized with the start and the stop of the sterilization program, managed by the sterilizer controller This functionality is carried out using for the external recorder the digital outpur “CYCLE RUNNING” of the Thema 4 controller 2. Recorder Start/Stop and messages sending to the recorder to be printed in the recorder’s report. These messages contain information about the sterilizer and the sterilization program to which the reports is referred. This feature can be carried out transmitting data from Thema 4 to the recorder as follow: a. Serial communication and MODBUS Protocol b. Ethernet/serial communication with a proper driver for the specific recorder 3. Recorder Start/Stop and messages sending to the recorder. Bi-directional communication to compare data acquired by the two systems. 4. External recorder always active, that doesn't produce papery or electronics recordings, and that it allows the acquisition of the data of the external probes, with the purpose to allow on the Thema4, a comparison among these data, with the possibility to send a specific alarms or to insert the data acquired in the Process run report.

10.1 TYPE 1 INTEGRATION This functionality is always possible and it’s simply realized using, on the recorder, the digital signal “Cycle In Progress” managed by Thema4.

10.2 TYPE 2 INTEGRATION 10.2.1 TYPE 2A INTEGRATION Not yet allowable.

10.2.2 TYPE 2B INTEGRATION Integration With Yokogawa Recorders, Series DX100P/DX200P / Series DX1000P/DX2000P This feature consist of the management of the following events by means of an Ethernet communication: 1. START/STOP of the recorder with a synchronization with the start and the stop of the cycle 2. Transfer to the recorder of the following data; • Sterilizer serial number • Sterilizer identification code • User name of the person run the cycle • Product code • Batch number • Starting date and time • Progressive cycle nu,ber • Sterilization OK – NO OK at the end of the cycle 3. For the configuration of the Thema 4 (Set-up&Configuration area, system parameters) the following parameters have to be defined: • User name (*) • User ID (*) • Password (*) • Recorder IP address • GATEWAY address (if required) (*) These data are required because of the DX100/DX200P and DX1000/DX2000P are compliant with 21 CFR part 11 requirements.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 10

Page 125 / 128

10.3 TYPE 3 INTEGRATION Integration with EUROTHERM CHESSEL recorder, family 5000/6000 (OPT.19)

10.4 TYPE 4 INTEGRATION 10.4.1 TYPE “TH4 RECORDER” INTEGRATION This integration is the optional functionality OPT.14 and it allows, through communication Ethernet among the Panel PC L1 and the recorder, the management of these events: 1 - visualization of the values of the external probes acquired by the TH4Recorder on the process controller Thema4; 2 - insertion in the Program Run Report of the values acquired by the external probes during the execution of a cycle. In the configuration of the recorder on Thema4 (Setup & Configuration/System parameters) the followings data must be inserted: - ADDRESS IP - ADDRESS MODBUS - CONFIGURATION OF THE EXTERNAL PROBES USED The recorder TH4Recorder must opportunely be configured, through remote GUI, inserting: - the external probe used in the configuration hardware; - enabling the integration with SCADA systems through protocol Modbus TCP and defining the address Modbus; - defining the address IP of the panel through the Configuration Menu. The Address must properly be configured, in base to as the net LAN Ethernet is installed.

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 10

Page 126 / 128

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 11

Section 11

Page 127 / 128

THEMA4 CONTROL SYSTEM

11 GLOSSARY

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 Control System – FUNCTIONAL SPECIFICATION - Section 11

Page 128 / 128

a FECP SRVR

Fedegari External Communication Protocol SERVER

a GUI

Graphical User Interface

a NL

Logic Number

a NLIA

Analog Input Logic Number

a NLID

Digital Input Logic Number

a NLOA

Analog Output Logic Number

a NLOD

Digital Output Logic Number

a P/G

Phase Group

a PCS

Process Control System

a PGL

Phase Group Library

a PLC

Programmable Logic Controller

a R.T.O.S.

Real Time Operating System

a USB

Universal Serial Bus

a UPS

Uninterruptible Power Supply

Fedegari Autoclavi SpA

D/O#221815.21- April 2014

Thema4 control system - SDS

Page 3 / 50

Document modifications history Revision 1

Revision 2 Revision 3 Revision 4 Revision 5

Revision 6

Revision 7

Derived from Rev.0 with following changes: Paragraph 1.1 Added Fx to OS/D table Paragraph 2.6 Added drivers for Panel PC Siemens IPC577C to table 2-2 Paragraph 4.2 Added notes related to unicode-based languages, extended table 4-2 with Chinese language Paragraph 4.2.1 Added important note for unicode-based languages, and extended description of LCD display Paragraph 4.4 Added paragraph 4.4.4 Paragraph 4.4.1 Added file format 2.1 Paragraph 4.4.3 Added file format 2.1 Paragraph 1.6 Changed “products” and “programs” versioning Paragraph 3.3.1 Updated content of java/data/NLshortNAMES folder Paragraph 3.3.1 Updated paths in Tables 3-5 and 3-8 Paragraph 3.3.1 Updated paths in Tables 3-5 Paragraph 1.1 Added diagram for MACHINE TYPE 5 sterilizers and TILCON GUI component for Wx Paragraph 1.1.1 Extended GUI concept from Java to Tilcon GUI Paragraph 1.2 Updated section about pogramming languages Paragraph 1.3 Added VxWorks 6.8 Paragraph 1.4 Updated list of development environments Paragraph 1.6.1 Added T4TIL component Chapter 2 Added paragraph 2.5 about Tilcon GUI Paragraph 2.1 Added TILCON GUI project Paragraph 2.3 Updated figure 2-2 Paragraph 2.6 Added B&R PP500 Panel PC Model Paragraph 3.1 Added notes about file system size for PP500 Paragraph 3.3.1 Added directory structure of Tilcon GUI Paragraph 2.4.4 Changed last icon for General buttons Paragraph 3.2 Alarm history is now saved on a file and is no longer lost at shutdown Paragraph 3.3.1 Changed path structure of PCS in Table 3-5 Paragraph 3.3.1 Changed path structure of PCS in Table 3-5, GUI in Table 3-4 and Remote GUI in Table 3-9

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 4 / 50

INTRODUCTION The aim of this document is to define the software architecture of the Thema4 process controller, detailing the software modules which is composed of and the interfaces between them.

REFERENCES This document revision is based on software changes detailed by following change activities: CH 224 CR710 Animated P&ID

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 5 / 50

NOTATIONS In this user manual, these notations are used: NOTE

for additional note

REFERENCE

for references to other sections

IMPORTANT NOTE

for important note

WARNING!!

for very important note

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 6 / 50

DOCUMENT SECTIONS This user manual is composed of the following sections

1 SOFTWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM

This section describes the software architecture of the control system Thema4, giving an overview of the basic elements and general guidelines for software development.

2 SOFTWARE COMPONENTS

This section describes requirements for each basic hardware element that build up the Thema4 control system. Additionally, for each of them, it is reported the list of models supported with their technical characteristics.

3 FILE SYSTEM ORGANIZATION

This section describes the file system organization of the hard drive partition used to store data and application. It describes also the data stored and the folder structure of the application.

4 LANGUAGES

This section describes the approach adopted to implement multilanguage support in the Thema4 control system. It describes langueg files and codepages, with the impact on peripherals.

5 INTEGRATION WITH EXTERNAL SYSTEMS

This section describes the software architecture for the communication with external systems, by means of the exchange of electrical signals or data exchange to SCADA systems and external databases through Ethernet or Serial connections.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 7 / 50

INDEX 1

SOFTWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM ............................................................11

1.1 SOFTWARE ARCHITECTURE ......................................................................................................12 1.1.1 Application Software .....................................................................................................................16 1.1.2 Thema4 software management, that allows independence among SW, HW and process .........16 1.1.3 Software installation......................................................................................................................16 1.2 PROGRAMING LANGUAGES .......................................................................................................17 1.3 OPERATING SYSTEM ADOPTED ................................................................................................17 1.4 DEVELOPMENT ENVIRONMENTS...............................................................................................17 1.5 SOFTWARE PROGRAMMING PRINCIPLE ..................................................................................18 1.6 SOFTWARE VERSIONING ............................................................................................................18 1.6.1 Software “products” and “programs” versioning ...........................................................................18 1.6.2 Thema4 software “patch” versioning ............................................................................................18 1.6.3 Patch index visualization ..............................................................................................................19 1.7 DOCUMENT STRUCTURE ............................................................................................................19 2 SOFTWARE COMPONENTS........................................................................................................................21 2.1 SOFTWARE PROJECTS ...............................................................................................................22 2.2 PCS ARCHITECTURE....................................................................................................................22 2.2.1 Overview of Modules and Tasks structure ...................................................................................22 2.3 FECP ARCHITECTURE .................................................................................................................25 2.4 GUI ARCHITECTURE.....................................................................................................................26 2.4.1 Normal screen layout....................................................................................................................26 2.4.2 Full Screen Layout........................................................................................................................26 2.4.3 Objects for data input....................................................................................................................27 2.4.4 Buttons..........................................................................................................................................27 2.4.5 Operator messages and alarms ...................................................................................................27 2.4.6 Soft keyboard................................................................................................................................28 2.4.7 LCD “Module door management” message status bar ................................................................28 2.4.8 Top status bar...............................................................................................................................28 2.5 TILCON GUI ARCHITECTURE ......................................................................................................29 2.5.1 Graphical layout............................................................................................................................29 2.5.1.1 L1 – Welcome page .................................................................................................................29 2.5.1.2 L2 – Main page.........................................................................................................................30 2.5.1.3 L3 – Function page...................................................................................................................30 2.5.1.4 L4 – List page...........................................................................................................................31 2.5.1.5 L5 – Popup windows page .......................................................................................................32 2.5.2 Soft keyboard................................................................................................................................32 2.6 OS/D CONFIGURATION ................................................................................................................33 3 FILE SYSTEM ORGANIZATION...................................................................................................................35 3.1 FILE SYSTEM .................................................................................................................................36 3.2 ARCHIVE STRUCTURE .................................................................................................................36 3.3 SOFTWARE DIRECTORIES STRUCTURE...................................................................................37 3.3.1 Directories structure for Thema4 main programs.........................................................................38 4 LANGUAGES ................................................................................................................................................43 4.1 LANGUAGE FILES.........................................................................................................................44 4.2 LANGUAGES AND CODEPAGES ................................................................................................44 4.2.1 Peripherals configuration for the current codepage .....................................................................46 4.3 CUSTOM LANGUAGE ...................................................................................................................46 4.4 LANGUAGE FILES VERSIONING .................................................................................................46 4.4.1 File structure index .......................................................................................................................46 4.4.2 String version index ......................................................................................................................46 4.4.3 Codepage identifier.......................................................................................................................47 4.4.4 Windows font required ..................................................................................................................47 5 INTEGRATION WITH EXTERNAL SYSTEMS .............................................................................................49 5.1

SOFTWARE ARCHITECTURE OF EXTERNAL COMMUNICATIONS.........................................50

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 8 / 50

TABLES Table 1-1– Association of hardware elements and software components.............................................................12 Table 2-1 – Types of pop-up bars for messages and alarms.................................................................................27 Table 2-2 – Driver/BSP for different types of Panel PC .........................................................................................34 Table 3-1– Table of files archived in THEMA4 .......................................................................................................37 Table 3-2 – Directories structure for Panel PC side 1 ............................................................................................37 Table 3-3 – Directories structure for Panel PC side 2 / 3 .......................................................................................38 Table 3-4 – Directories structure for program GUI .................................................................................................38 Table 3-5 – Directories structure for program PCS ................................................................................................39 Table 3-6 – Directories structure for library JWORKS............................................................................................40 Table 3-7 – Directories structure for program FECP..............................................................................................40 Table 3-8 – Directories structure for program GUI Tilcon ......................................................................................40 Table 3-8 - Directories structure for program Remote GUI ....................................................................................41 Table 4-1 – Thema4 standard and extra languages ..............................................................................................44 Table 4-2 – Code Pages and languages supported in Thema4.............................................................................45

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 9 / 50

FIGURES Fig. 1-1 – Thema4: HW and SW architecture.........................................................................................................12 Fig. 1-2 – Main software components ....................................................................................................................14 Fig. 1-3 – Thema4 application software layout.......................................................................................................16 Fig. 1-4 – Document structure ................................................................................................................................19 Fig. 1-5 – Overall document structure ....................................................................................................................20 Fig. 2-1 – PCS components....................................................................................................................................22 Fig. 2-2 – FECP client/server structure ..................................................................................................................25 Fig. 2-3 – GUI structure in normal screen layout....................................................................................................26 Fig. 2-4 – GUI structure in full screen layout ..........................................................................................................27 Fig. 2-5 – Button and message area (6/7 buttons) .................................................................................................27 Fig. 2-6 – Pop-up keyboard (English US)...............................................................................................................28 Fig. 2-7 – LCD “Module door management” message status bar ..........................................................................28 Fig. 2-8 – Status bar ...............................................................................................................................................28 Fig. 2-9 – Operating System components layout ...................................................................................................33 Fig. 5-1 – Communication with external systems ..................................................................................................50

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS

Page 10 / 50

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 1

Section 1

Page 11 / 50

THEMA4 CONTROL SYSTEM

1 SOFTWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM 1.1 - SOFTWARE ARCHITECTURE 1.1.1 - Application Software 1.1.2 - Thema4 software management, that allows independence among SW, HW and process 1.1.3 - Software installation

1.2 - PROGRAMING LANGUAGES 1.3 - OPERATING SYSTEM ADOPTED 1.4 - DEVELOPMENT ENVIRONMENTS 1.5 - SOFTWARE PROGRAMMING PRINCIPLE 1.6 - SOFTWARE VERSIONING 1.6.1 - Software “products” and “programs” versioning 1.6.2 - Thema4 software “patch” versioning 1.6.3 - Patch index visualization

1.7 - DOCUMENT STRUCTURE

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 1

Page 12 / 50

1.1 SOFTWARE ARCHITECTURE The diagram below shows hardware components and software installed for MACHINE TYPES from 1 to 4: 4-20/Pt100 Converter config. file

BUS board I/O config

R.T.O.S + bootrom Thermal printer

STERILIZER

2 Panel PC L2

1

Field bus

3

P BUS D D AN AN W IN OUT IN OUT R

BUS board

Panel PC L1

Panel PC L3

HUB

4-20mA/Pt100 converter

Connection to external systems

8 Log data

WINDOWS PC

PCS

FECP

GUI

Kernel P/G Lib

SRVR

+ JWORKS

Conf. data

DATA AND FILE ARCHIVE

Remote station Fig. 1-1 – Thema4: HW and SW architecture The distribution of the software components in the hardware components is detailed below: No Thema4 parts

1 2 3 4 5 6 7 8

VxWorks RTOS

Windows OS

Boot ROM

PCS

FECP

GUI + JWORKS X X

DATA & FILES X

Operator panel L1 X X X X Operator panels L2/L3 X X PLC Remote I/O modules Ethernet connection hub UPS for blackout management Thermal printer Side 1/ 2 doors management modules Remote operator station X X Table 1-1– Association of hardware elements and software components

Fedegari Autoclavi SpA

Conv. Conf. FILES

I/O Conf. FILES X

X

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 13 / 50

The diagram below shows the architecture fot MACHINE TYPE 5:

MACHINE

thermal Printer recorder

Remote Station Panel PC

BUS Board

Panel PC

PC WINDOWS

Field I/O

5,7”.7”

OS Windows

Printer

RTOS + Driver Parameters

VxWorks

PCS Nucleus PGL

FECP

GUI TILCON

GUI Java

V6.8 PCS PGL Process Data

TILCON

JRE

Framework

Windows

5.8

BSP Bootrom

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

PDF Data

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 14 / 50

As defined in the document “Configuration Manual”, Thema4 software components are managed, grouped in three main parts:

PCS

PCS

KERNEL

KERNEL

FECP

FECP

GUI TILCON

GUI JAVA

TILCON

JWORKS

(1)

Wx

(2)

PCS PGL

RTOS + bootrom

Kx

OS/D

(1) (2)

For MACHINE TYPE 5 only For MACHINE TYPE 1..4

Fig. 1-2 – Main software components Where in details:

Wx - Application Software for the machine (devices, sensors, MMI and data) management, with the components: PCS-Kernel

GUI Java

FECP

JWorks

GUI Tilcon

Tilcon

Process Control System – Kernel, developed in C language, with the PCS-PGL part. It manages the sterilizer’s process and its devices, and implements the Server process for the Client/Server architecture needed to serve many GUIs. Graphic User Interface, developed in Java language, which implements the man/machine Interface. It sits on top of JWorks libraries. This component is not present on the primary panel of MACHINE TYPE 5 sterilizers. Fedegari External Communication Protocol, developed in C language, which implements the protocol for the Client/Server comunication between a PCS and many GUIs. It is interfaced to the PCS on server side by means of APIs (application programming interfaces) made available by PCS, and it is integrated directly in the GUI for the client side of the comunication. The data exchange takes place through TCP/IPsockets. Java library for VxWorks operating system This component is not present on the primary panel of MACHINE TYPE 5 sterilizers. Tilcon Graphical User Interface, developed in C language, which implements the man/machine Interface using the Tilcon© framework. This component is present only on the primary panel of MACHINE TYPE 5 sterilizers and replaces components GUI and JWorks. Tilcon framework, a set of graphic libraries for C language, supporting different operating systems including VxWorks. Currently version 5.8 is used because suitable for VxWorks 6.8. This component is present only on the primary panel of MACHINE TYPE 5 compiled and distributed together with the Tilcon GUI.

Kx - Phases Groups Library (PGL) for the process (phases and cycles) management, with the component: PCS-PGL

Process Control System – Phase Groups Library. This is a software component concerning the sterilizer process: the phases architecture. In details: phase (local) parameters, user commands enablement during a phase, fixed and conditioned activations of analog/digital outputs, PIDs control, phase alarms management, phase targets.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 15 / 50

3 - OS/D - Operating System and Drivers for the hardware management. This component depends on the HW of the Panel PC, as follows: for Proface Px/Dx for Siemens Sx/Zx/Fx for Allen Bradley Ax/Ex for Proface blind PC Bx for B&R PP500 Gx IMPORTANT NOTE The compatibility among these components is defined in the document “CONFIGURATION MANUAL (D/O#86727)” as a “configuration” Cx.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 16 / 50

1.1.1 Application Software Each software component is constituted by elements such as drivers, software modules and applications. The following diagram illustrates the composition of Application software and their interaction.

PCS

Kernel P/G library

API

FECP

FECP Server Finder

TCP/IP Socket

GUI

GUI Application (+FECP client, Java or C) JWORKS Libraries or Tilcon Framework

Fig. 1-3 – Thema4 application software layout FECP Server and PCS-Kernel are both installed on the Primary Panel PC and are connected together through API (application programming interface) calls. FECP Server and GUI applications (local or remote) are connected through TCP/IP sockets, by means either of a Java FECP client or a C FECP client embedded within the GUI.

1.1.2 Thema4 software management, that allows independence among SW, HW and process The software architecture adopted, allows to Thema4 system the independence among the software components: MACHINE–PROCESS INDEPENDENCE: The P/G Library Kx (and therefore the phases execution) is independent from the Thema4 application software Wx (and from the operating system and driver software OS/D). HW-SW INDEPENDENCE: based on separation between OS/D and application sw Wx + Kx.

1.1.3 Software installation The software components are installed using the functions available in the Configuration menu or the Recovery Disk tool. The software is provided, for each machine, on a CD, in the Thema4 software kit TH4-SW KIT, which allows to generate the installation disks (if one wishes to proceed with installation via floppies) or can be used directly for installation over the network (if one wishes to proceed with installation via FTP) or can be copied on a USB key (if one whishes to proceed with disk-on-key installation).

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 17 / 50

1.2 PROGRAMING LANGUAGES For the development of Thema4 following programming languages have been choosen: ANSI C and Java. The ANSI C language has been choosen for PCS (Kernel and P/G library) and FECP server components for following reasons: - C is a standard language today; - this choice allows reuse of existing software from the previous control system (Thema3), especially for what concerns P/G library, which have been defined, developed and validated over past years, for the management of different sterilization processes. The software architecture has been defined in such a way that it is possible to reuse libraries of Phase Groups developed for Thema3 with very few changes, in order to adapt to the new system or to implemnt new features. For machine type 5 also the TILCON GUI and the FECP client are developed in C language, due to the usage of Tilcon framework. The Java language has been choosen for the GUI and FECP client for following reasons: - Java is a new emerging standard today for graphical interfaces; - it is portable on different hardware architecture with different operating systems. An exception to this is the GUI on the primary station of machine type 5 sterilizers, which are implemented in C language due to the usage of Tilcon framework.

1.3 OPERATING SYSTEM ADOPTED The Operating System adopted are VxWorks 5.5.1 and VxWorks 6.8 OEM from WindRiver, which are Real Time Operating Systems (RTOS) leader of the market. It is installed on board of the sterilizer, in order to guarantee real time performance of scheduled software activities (tasks). VxWorks can run on very different kind of hardware architectures, from Arm to PowerPC: we will use it for X86 development, based on PENTIUM and ATOM architectures. The operating system allows to execute machine compiled code coming from C sources as well as Java binaries, by means of JWorks libraries from WindRiver, built on top of graphic libraries WindML. VxWorks 6.8 supports Tilcon framework 5.8 which is used to implement the gaphical user interface of machine type 5 sterilizers.

1.4 DEVELOPMENT ENVIRONMENTS The development of C applications (PCS, FECP, OS, bootrom) is done with the integrated development environment Tornado 2.2.1 (for VxWorks 5.5.1) or Workbench 3.2 (for xWorks 6.8), which packages a powerful compiler and a remote debugger, suitable for cross-development. The development of Java applications is done with the Eclipse editor, but compilation is done externally with the Java compiler of the SDK 1.3, which is compatible with the JWorks library. The development of some parts of the Tilcon GUI is done with Interface Development Builder 5.8, which is a visual graphical development environment for drawing graphical interfaces and generate executable code and TWD definition files.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 18 / 50

1.5 SOFTWARE PROGRAMMING PRINCIPLE The coding activity is subject to specific rules, as defined in the SPGG (Software Programming General Guideline) document.

1.6 SOFTWARE VERSIONING A version is a state of an object or concept that varies from its previous state or condition. The term "version" is usually used in the context of computer software, in which the version of the software product changes with each modification in the software. “Version control“ is very useful for keeping track of different versions of information. In software systems, a variety of version numbering schemes have been created to keep track of different versions of a piece of software. Computer software distinguishes between software programs versioning and software products versioning.

1.6.1 Software “products” and “programs” versioning The quality document of Thema4 life cycle “TNA0005 - Thema4 Software versioning DM# 146857” defines the versioning policy of Thema4 software for the software objects of the system: -

“Thema4 software programs”: the base software programs, modified during a change activity and listed on Thema4 user interface. “Thema4 software products”: collection of software programs, released to end user as result of a change activity.

This table display this versioning scheme for both Thema4 “programs” and “products”:

Thema4 Software Programs

xx xx xx xx xx xx xx xx

Process Control System (PCS) Graphical User Interface (GUI) Fedegari External Comm.Protocol (FECP) Jworks Java library

Description

Revision

xx xx xx xx xx xx xx xx

Version

Revision

xx.y xx.y xx.y xx.y xx.y xx.y xx.y xx.y

Versioning scheme Product name

Version major.minor

T4PCS T4GUI T4FECP Jworks T4TIL T4LIB T4OS T4ROM

Description

Patch

Program name

Versioning scheme

Thema4 Software Products

W

xx

y

Application software

K Z

xx xx

y y

PGL sw

Tilcon Graphical User Interface (TGUI) Process Phases Library Operating System & Drivers

OS/D sw

Bootrom program

Where: - Program Revision index is present only for a software product with a Product Revision index - Program Patch index is different from 00, only after patch installation - OS/D product name Z depends on the Panel PC model: Pxx, Dxx for Proface panel PCs, Sxx, Zxx, Fxx for Siemens panel PCs, …….. Language files products, Lxx (for Wxx programs) and Jxx (for T4LIB programs), are composed of several language files (depending on the languages released), as detailed in Thema4 Configuration Manuals. These language files are not listed on GUI.

1.6.2 Thema4 software “patch” versioning With the introduction of the patch management, another versioning scheme has been introduced for: - “Thema4 software patch”: collection of changed software programs, of a defined software product. Patch versioning scheme is based on a progressive numbering referred to a defined version/revision of a software product, as displayed in the following table, that lists the patches released for a defined product version Wxxy, referred to FRs fixed and with the list of the software program changed.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 19 / 50

Thema4 Software Patches n°

Patch released

1 2

Wxxy/P01 Wxxy/P02

3

Wxxy/P03

4 5

Wxxy/P04 Wxxy/P05

FR fixed FRxxx FRxxx FRxxx FRxxx FRxxx FRxxx FRxxx FRxxx

Programs released T4FECP

T4PCS 03a 00 01 03a 00 01

T4GUI 05f

00

01

03a 00

02

05f

00

02

03a 00 03a 00

02 03

05f 05f

00 00

02 03

04a 00 04a 00

01 01

Jworks

04a 00 04a 00

T4TIL

01 01

01a 00

00

In this scheme, patch versioning is based on: “Product version/revision” / “Patch progressive number”

1.6.3 Patch index visualization Patch index is displayed on Thema4 graphical interface only for Wxxy released after August 2010 (date of patch management starting for Thema4 control system) or after the installation of at least a patch.

1.7 DOCUMENT STRUCTURE This SDS (Software Design Specification) document, as stated in the procedure PAQ D/O#117231 , follows the SP (Functional Specification), which details the functions of the control system and of the single modules it is composed of. This document originates an SDS for each component (PCS, GUI, FECP) which might be, where applicable, divided into one or more SDS children by means of a Functional Analysis. By means of a Detailed Analysis each SDS generates one or more SMDS (Software Module Design Specification) document, which describe the structure of each module with a level of detail that allows a medium level programmer to write the code (software sources). Starting from this document, the tests to be executed on the software modules are defined in the SMTS (Software Module Test Specification), and its results are collected in the SMTR (Software Module Test Results), which documents tests executed directly on the code. The follwing figure depicts the most complete document structure.

SDS

SMDS

SDS 1.1

SMDS

.

.

SMTS/R 1.1.1

Sw routine yyyyy.C

SMDS SDS 1.2

SMTS/R

Sw routine xxxxx.C

SMTS/R 1.1.2

SMDS

.

SDS N.1

.

.

. SMDS

SMTS/R 1.2.1

.

.

.

.

Sw routine nnnnn.C

.

.

.

.

SMTS/R

Fig. 1-4 – Document structure

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - User’s Manual 1/General - W38 - Section 1

Page 20 / 50

The following schematic represents the overall documental structure, clarifying the role of SDS, SMDS and SMTS/R and their relation with other quality documents: SP Functional Specification

HWDS Hardware Design Specification

HATS

SPGG

Hardware Acceptance Test Specification

Software Programming General Guideline

CM Configuration Manual

SDTM Software Design Traceability Matrix

SW Code

SDS Software Design Specification

DD

SMDS Software Module Design Specification

SMTS/R Software Module Test Specification

SMDS Version Table List

SMTS/R Version Table List

SMDS x.x SMDS x.x Software SMDS x.x Software

SMTS/R x.x SMTS/R Softwarex.x SMTS/R Softwarex.x

Data Dictionary SDS Version Table List

SDS x.x SDS x.x Software SDS x.x Software

Design Software Design Specification Design Specification Specification

Module Software Module Design Module Design Specification Design Specification Specification

Module Software Module Test Module Test Spec/Result Test Spec/Result Spec/Result

Fig. 1-5 – Overall document structure

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Section 2

Page 21 / 50

THEMA4 CONTROL SYSTEM

2 SOFTWARE COMPONENTS 2.1 - SOFTWARE PROJECTS 2.2 - PCS ARCHITECTURE 2.2.1 - Overview of Modules and Tasks structure

2.3 - FECP ARCHITECTURE 2.4 - GUI ARCHITECTURE 2.4.1 - Normal screen layout 2.4.2 - Full Screen Layout 2.4.3 - Objects for data input 2.4.4 - Buttons 2.4.5 - Operator messages and alarms 2.4.6 - Soft keyboard 2.4.7 - LCD “Module door management” message status bar 2.4.8 - Top status bar

2.6 - OS/D CONFIGURATION

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 22 / 50

2.1 SOFTWARE PROJECTS The software components are implemented by different projects, which generate different software objects: - the Process Control system is implemented in the PCS project; - the man/machine interface is implemented in the GUI project (Java language) or in the TILCON GUI project (C language); - the part which takes care of comunication between PCS and GUI is implemented in the FECP project; - the VxWorks image and bootrom components are implemented in the OS/D project.

2.2 PCS ARCHITECTURE The PCS software component, similarly to the Thema3 approach, is composed of two separated programs, identified separately: - the Kernel which manages following functions: Connection to the field and data acquisition Compliance to CFR21part11 (Access, Electronical archiviation, Audit Trail) Management of printouts Integration with external supervision and archiviation systems General procedures for the management of the process and of the devices Manaement of the File System Interfacing with the P/G library Interfacing to the the Client/Server FECP comunication module -the Phase/Group library (P/G) which implements following functions: The phases of a sterilization process (activation of devices, management of the target for phases and alarms, …) Interfacing with the Kernel This part is separated from the Kernel because it implements the variable element which differentiates a sterilizer from another, which is the sequence of Phase Groups of a process, known as the “cycle”. The cycles are highly dependant from the sterilizer’s application (the kind of product to sterilize). The interface between the Kernel and the P/G Library is shown in the picture below:

PCS – Integration between Kernel and PGL PCS-Kernel FUNCTIONS AND GENERAL DATA AREA OF THE KERNEL

PCS-P/G Library

FUNCTION FOR INTERFACING WITH P/G LIBRARY DATA AREA FOR INTERFACING WITH P/G LIBRARY

P/G P/G

UTILITY FUNCTIONS FOR THE P/G LIBRARY

P/G P/G P/G

Fig. 2-1 – PCS components The PCS software is installed only on the Panel PC side 1, which acts as a server for the whole system and which controls the machine. On the other Panel PCs installed on the sterilizer (side 2 and technical area) there will be only the OS/D and GUI components, while on the Window remote station there will be only the GUI.

2.2.1 Overview of Modules and Tasks structure The following figure depicts the interaction between modules of the PCS, highlighting tasks involved. Following conventions are used: - software external to PCS is drawn into dotted boxes; - PCS modules are represented as numbered and labeled boxes, which contain also the source code name; - tasks are represented with the symbol along with the name; the grey ones are main tasks.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 23 / 50

FECPsrvr

PCS-LIBRARY

PCS-KERNEL 4.4 - CRC32 FILE VALID. filecrc.c

4.3 - AUDIT TRAIL audit.c

4.2 - ELECTR.STORAGE filecfr.c

tAudit

tDiskSpace

2.2 – PHASE GROUPS LIBRARY STRUCTURE libxxy.c - util.c

7.7 BLACKOUT MANAG. blackout.c

7.6 – PID MANAGEMENT pid.c

7.10 - AIR DET.MANAG. airdetec.c

tDST

7.3 - PROGRAM EXECUTION esec_ini.c - esecProgramma.c alarmcfg.c - esecutil.c tSTAT

tExec

1.1 – API SERVER pcsapi.c 1.4 - MMI SUPPORT PROCEDURES mmiSupport.c

tKRBCln

1.2 - DATA MANAGEMENT mmiGestData.c

tArchMan

2.1 - PCS-PG INTERF. pglib.c

tKDC

4.1 - ACCESS KEYS MANAGEM. key.c tKRBSrv

7.12 – STERIL.AND TE TAB. 7.11 - COOLING WATER STERIL.MANAG. steril.c tabte.c sterh2o.c 7.1 - PROGRAM START 7.4 - ALARM MANAG. startProgramma.c alarm.c

tBckgrnd

1.3 – LANG. MANAGEM. lingue.c globLingue.c

7.13 - REPORT EAND CHARTS grafic.c - rapproc.c 7.5 - TIME MANAG. tempi.c tSntp

tAlive

tSinfo

tIdle

7.9 - STEAM GEN. MANAG. genvap.c tGenvap

tRapp

7.14 - PR.REPORT ANALYSIS rpn.c

5.3 - PR.REP.PRINT prreport.c

5.1 – PRINTSCREEN PRINT prscreen.c 5.2 – PRINTOUT SYNCHRONIZATION tPrint prsync.c tArch 5.4 – PRINTER DRIVER ges printer.c 7.2 . HSL MANAGEMENT hsl.c tHSL

8.1 – PCS CREATION insproc.c menu_full.c tPly

tBackup

tCal

tRestor

RD

6.1 - MODBUS modbus.c

3.1 – FIELD MANAGEMENT (I/O) campo.c tIO

PROFIBUS, POWERLINK

tMdbCln%d

OS

8.2 - BOOT PROCEDURES main.c – menu_light.c tHWGet boot.c tAlSql

tMenuF

D/O#222852.8 – December 2013

LCD

RECORDER

7.8 - DOORS MANAG. porte.c tDoor

tMdbSrv%d

tFilter

Fedegari Autoclavi SpA

tGUIC%d

OPC MODBUS

Thema4 control system - SDS - Section 2

Page 24 / 50

The picture above breaks down in following blocks: FUNCTION N. Function 1 MMI

2

P/G

3 4

I/O 21cfr part.11

5

PRINT

6 7

NETWORK GENERAL PROCEDURES

8

SETUP

SDS Coding SDS 1.1 SDS 1.2 SDS 1.3 SDS 1.4 SDS 2.1 SDS 2.2 SDS 3.1 SDS 4.1 SDS 4.2 SDS 4.3 SDS 4.4 SDS 5.1 SDS 5.2 SDS 5.3 SDS 5.4 SDS 6.1 SDS 7.1 SDS 7.2 SDS 7.3 SDS 7.4 SDS 7.5 SDS 7.6 SDS 7.7 SDS 7.8 SDS 7.9 SDS 7.10 SDS 7.11 SDS 7.12 SDS 7.13 SDS 7.14 SDS 8.1 SDS 8.2

Name API SERVER DATA MANAGEMENT LANGUAGE MANAGEMENT MMI SUPPORT PROCEDURES PCS – P/G INTERFACE PHASE GROUPS LIBRARY STRUCTURE (P/G) FIELD MANAGEMENT (I/O) ACCESS KEYS MANAGEMENT ELECTRONICAL STORAGE AUDIT TRAIL CRC32 FILE VALIDATION PRINT SCREEN PRINTOUT SYNCHRONIZATION PROCESS REPORT PRINTING THERMAL PRINTER DRIVER MODBUS PROGRAMS START MANAGEMENT OF HSL MODULE PROGRAMS EXECUTION ALARMS MANAGEMENT TIME MANAGEMENT P.I.D. MANAGEMENT BLACKOUT MANAGEMENT DOORS MANAGEMENT STEAM GENERATOR MANAGEMENT AIR DETECTOR MANAGEMENT COOLING WATER STERILIZER MANAGEMENT STERILIZATION AND MANAGEMENT OF TE TABLES RECORDING OF PROCESS REPORT DATA AND CHARTS PROCESS REPORTS ANALYSYS PCS SYSTEM CREATION BOOT PROCEDURES

REFERENCE The software structure of the PCS component is detailed in the SDS-PCS document D/O 86612, which details above modules.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 25 / 50

2.3 FECP ARCHITECTURE The FECP software component implements the Client/Server structure of the system, and allows the comunication between PCS and GUI. It is divided in two parts: - the Server, which integrates with PCS - the Client, which integrates with GUI or with TILCON GUI The comunication between the two parts is made with a proprietary protocol based on TCP/IP sockets. The following figure details the FECP and the interaction with PCS and GUI.

FECP- Client/Server architecture FECP

SERVER FECP SRVR

PCS Kernel SAPI (Server API)

P/G Library C Language

API

GUIP (GUI Parent)

GUIC (GUI Child) GUIC (GUI Child)

(Fedegari External Communication Protocol) Protocol Client-server TCP/IP

CLIENT GUI CAPI (Graphical (Client User API) Interface) JAVA language or

C language

…… GUIC (GUI Child)

CLIENT

C Language

Panel PC Side 1

External clients

GUI CAPI (Graphical (Client User CLIENT API) Interface) GUI CLIENT CAPI (Graphical JAVA language (ClientGUI User CAPI API) (Graphical Interface) (Client User API) Interface) JAVA language JAVA language

Fig. 2-2 – FECP client/server structure

REFERENCE The software structure of the FECP component is detailed in the SDS-FECP document D/O 201865

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 26 / 50

2.4 GUI ARCHITECTURE The GUI application implements the man/machine interface of the Thema4 control system. It s written in Java language so it does not depend by the Operating System it is running on, this allows to run the same Java executable on the Panel PC and on the Remote Windows station (Remote GUI). The GUI is a collection of Java classes that can be separated in: - graphical objects (customized AWT Panels); - data handling; - FECP client. The graphical structure of the GUI implements the TPCC paradigm. This paradigm has two graphical layouts, depending if the Data Management Area area is in normal size or enlarged to full screen. REFERENCE The software structure of the GUI component is detailed in the SDS-GUI document D/O 213376

2.4.1 Normal screen layout All the pages of the operator graphical interface (GUI) have the same structure, which is shown schematically below:

A

C

LEGEND

I B

G

A - Work area B - Work area selection labels (area labels) C - Function tree of the selected work area (panel tree) D - Function/sub-function selection label (panel tab) E - Function tree scroll area (tree scroll-bar) F - Data management area (property panel)

G - Data management area scroll area (panel scroll-bar)

F H J E

D

H2

H - Buttons and messages area (soft-keys area) H1 - General button area (global soft-keys) H2 - Area for active functionrelated buttons (context soft-keys) I - Status bar J - Status bar for “Door panel” messages

H1

Fig. 2-3 – GUI structure in normal screen layout

2.4.2 Full Screen Layout The Full Screen visualization can be activated by touching (or clicking) the Fedegari logo (drawn raised as a button). When the Full Screen visualization is activated the panel which represents the Data Mangement Area is enlarged to overlap the Work Area Selection Labels and the Function Tree of the Selected Work Area. When this visualization mode is active it is only possible to navigate “forward” by means of links internal to the Data Management Area (pushbuttons in summary pages and lists). To navigate “backwards” towards outer tree positions it is necessary to switch back to the normal visualization and use the Function Tree and Work Area Labels. Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 27 / 50

When the Full Screen mode is active the layout changes as follows (the work area equals the Data management area):

A

I

G F H J H2

H1

Fig. 2-4 – GUI structure in full screen layout

2.4.3 Objects for data input The user gives instructions to the process controller by means of specific buttons and input fields provided in the GUI interface. These buttons (touch-sensitive areas) are of the following types: - buttons for selecting the work areas, functions and sub-functions and for "scrolling" them - fields for entering data in the "Data management areas” - buttons provided at the bottom of each menu in the “Button and message area" - buttons present in the "pop-up bars for reporting messages and alarms" - the keys of the soft input keyboard.

2.4.4 Buttons The buttons used to manage operations on the sterilizer are displayed (with few exceptions) in the ”Buttons and messages area”, in two separate sub-areas, depending on the buttons type: Area for general-use buttons: that can contain up to 4 buttons, which are common to various functions. Area for context-dependent buttons: that can contain up to 6 buttons (7 in the Process Summary Page) related to the function selected in the function tree of the selected work area.

Fig. 2-5 – Button and message area (6/7 buttons)

2.4.5 Operator messages and alarms The ”Button and message area” located at the bottom of the screen, also displays the messages for the operator or the activated alarms by means of a pop-up notification bar, which is superimposed on this button area, thus preventing its use until the message or alarm is acknowledged by the operator. The bar color and the icon displayed (at left corner) differentiate the type of message, as shown in the table: COLOR

ICON

MESSAGE

MESSAGE TYPE

Red

Alarm

Process and system alarms, recorded in the alarm history

Green

Dialog message

Messages requesting confirmation for executed operations

Blue

Warning

Warning messages which report important events

Table 2-1 – Types of pop-up bars for messages and alarms Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 28 / 50

2.4.6 Soft keyboard A pop-up virtual alphanumeric keyboard is used to enter the text strings in the data input fields. This keyboard is displayed simply by touching one of the fields enabled for input, thus placing the "cursor" within that field. The system displays the keyboard model associated to the current language

Fig. 2-6 – Pop-up keyboard (English US)

2.4.7 LCD “Module door management” message status bar The status bar, which is always present at the bottom of the screen and is divided into four identical parts, displays the same messages displayed on the LCD display of the "Door management module".

Fig. 2-7 – LCD “Module door management” message status bar

2.4.8 Top status bar On the the upper part of the screen there is always a status bar. Fig. 2-8 – Status bar It displays information about: - the number of stations connected with identification of the specific station and the master station; - the Factory Number of the sterilizer; - the user who opened the work session; - date-time information; - the Fedegari logo, for switching between normal mode and full screen.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 29 / 50

2.5 TILCON GUI ARCHITECTURE The TILCON GUI application implements the man/machine interface for machine type 5 sterilizers. It is written in C language on top of the Tilcon framework. It is structured into: - graphical objects (generated from XML definition files and Tilcon TWD files); - business logic (data handling); - FECP client.

2.5.1 Graphical layout The graphical structure of the GUI is based on 5 page layouts used consistently within the GUI: L1 - Welcome page : page layout displayed before to enter inside the system. L2 - Main page: page layout used for the “main menus” that access to the system functions L3 - Function page: page layout used to manage the system functions and sub-functions L4 - List page: page layout used to manage data lists (alarms, ..) L5 - Pop-up windows page: windows page to display sub-functions as: message and dialog box and login box.

2.5.1.1 L1 – Welcome page The layout “Welcome page” is displayed when there is no user logged in the system. This is a “protection”page that allows only the login operation. The architecture of this page type is :

A B

L1 - Welcome page sections n A

Section ALARM BAR

Function Alarm list (maximum =1)

B

WORK AREA

Work area with company logo, machine factory number and e acces key button

Fedegari Autoclavi SpA

Note Displaye only if at least an alarm is active Standard

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 30 / 50

2.5.1.2 L2 – Main page The layout “Main page” is used for the main menus tha access to the system “work areas. The architecture of this page type is :

A B C

E D

L2 - Main page sections n A

Section GENERAL STATUS BAR

Function Top area with general info: Company logo, NF, User logged, system date-time and format. Area with diagnostic info: machine diagnostic messages (3 categories) alarm status: lost active alarm (if any) and key button to silente alarm horn and jump to page “Active alarm list”. Area con info (icon and description) on the current main displayed.

B

DIAGNOSTIC BAR

C

FUNCTION BAR

D

WORK AREA

Work area of the current main menu with the icons of the function selectable, grouped in categories.

E

NAVIGATOR BAR: MAIN BAR

Navigator bar with “MAIN BAR”

Note Standard Standard

Depending on the function displayed Depending on the main menu displayed standard

2.5.1.3 L3 – Function page The layout “Function page” is used to manage the system functions and sub-functions. The architecture of this page type is :

A B C

E D

Fedegari Autoclavi SpA

F

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 31 / 50

L3 - Function page sections n A

Section GENERAL STATUS BAR

B

DIAGNOSTIC BAR

C

FUNCTION BAR

D

WORK AREA

E

NAVIGATOR BAR: FUNCTION BAR

F

SCROLL BAR

Function Top area with general info: Company logo, NF, User logged, system date-time and format. Area with diagnostic info: machine diagnostic messages (3 categories) alarm status: lost active alarm (if any) and key button to silente alarm horn and jump to page “Active alarm list”. Area con info (icon and description) on the current function /subfunction displayed. Work area of the current function: data displayed and/or to input, function key buttons command key buttons…… Navigator bar with “FUNCTION BAR”

Vertical scroll-bar to display the work area data and command (D) if necessary.

Note Standard Standard

Depending on the function displayed Depending on the function displayed Depending on the function displayed Depending on the function displayed

2.5.1.4 L4 – List page The layout “List page” is used to manage list of data that can be selected (mainly alarms lists) to activate sub functions or commands. The architecture of this page type is :

A B C

E D

F

L4 - Function page sections n A

Section GENERAL STATUS BAR

B

DIAGNOSTIC BAR

C

FUNCTION BAR

D

WORK AREA

E

NAVIGATOR BAR: FUNCTION BAR

F

SCROLL BAR

Fedegari Autoclavi SpA

Function Top area with general info: Company logo, NF, User logged, system date-time and format. Area with diagnostic info: machine diagnostic messages (3 categories) alarm status: lost active alarm (if any) and key button to silente alarm horn and jump to page “Active alarm list”. Area con info (icon and description) on the current function /subfunction displayed. Work area of the current function: data displayed and/or to input, function key buttons command key buttons…… Navigator bar with “FUNCTION BAR”

Vertical scroll-bar is always present in order to scroll the work area data list and relative commands (D)

Note Standard Standard

Depending on the function displayed Depending on the function displayed Depending on the function displayed Depending on the function displayed

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 32 / 50

2.5.1.5 L5 – Popup windows page The layout “Popup windows page” is displayed when it is necessary to pop-up message box, dialog box and login box, which are all modal windows. The architecture of this page type is :

A

B

C

L1 - Welcome page sections n A

Section WINDOWS BAR

B

WINDODS WORK AREA

C

WINDOWS FUNCTION BAR

Function Area con info (icon and description) on the current windows pop-up displayed. Work area of the pop-up windows box : data displayed and/or to input, text message operation bar graph command key buttons to complete pop-up operation

Note Depending on the function displayed Depending on the function displayed

Depending on the function displayed

2.5.2 Soft keyboard To enter the text strings in the data input field, the GUI makes available two pop-up virtual keyboards: an alphanumeric keyboards for the functions where is necessary to enter alphanumeric texts (Input data, login data, program name,..) and a numeric keyboard for all other function (the majority) where it is necessary to enter only numeric field. This keyboard is displayed simply by touching one of the fields enabled for input, thus placing the "cursor" within that field.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 33 / 50

2.6 OS/D CONFIGURATION The Operating System\Driver component is composed of two objects:

-

the VxWorks image is a monolithic compilation of the VxWorks Operating system, with all O.S. components and drivers needed to support the hardware and the Thema4 application software.

VxWorks OS

WINDML Graphics libraries

BSP+Drivers

JWORKS Java Virtual machine PentiumPro BSP

Applicationns

OS Components

the bootrom (namely ROM for booting), is a small piece of software that allows the VxWorks operating system to boot ;

Image of VxWorks

-

Boot procedures

Device drivers

Panel 2/3 setup procedures

Bootrom Fig. 2-9 – Operating System components layout The VxWorks image is composed of drivers, middleware and customized software and can be grouped in three parts: 1. OS Components: core functions of VxWorks Operating System, WindML Graphic libraries, JWorks virtual machine 2. BSP+Drivers: a Pentium Board Support Package and device drivers 3. Application: a Fedegari’s custom software for system startup (boot procedures) and setup procedures for Panel PCs Side 2 and Maintenance.

The different models of panel PCs have different bootrom and VxWorks image, due to differences in the BSP+Drivers component, caused by: • different basic peripherals (serial ports, parallel ports, amount of memory, interrupt layout) which impacts on BSP (Board Support Package); •

different Ethernet board driver



different touch screen driver;



different video board driver.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 2

Page 34 / 50

The following table summarizes differences from the VxWorks point of view for Panel PCs currently supported: Panel PC Model

Pentium PRO BSP

Ethernet board driver

Touch screen driver

Video board driver

TH4_HW-PANEL_P (Proface) TH4_HW-PANEL_A (Allen Bradley) Ser.A or Ser.B-D

TH4_BSP_P TH4_BSP_A

UGL DMC FIT-10 UGL SALT 9000

Intel 81x BIOS X86

TH4_HW-PANEL_S (Siemens) TH4_HW-PANEL_Z (Siemens) TH4_HW-PANEL_D (Proface) TH4_HW-PANEL_E (Allen Bradley) Ser.E TH4_HW-PANEL_F (Siemens) TH4_HW-PANEL_G (B&R) PP500

TH4_BSP_S TH4_BSP_Z TH4_BSP_D TH4_BSP_E

Realtek RTL81x9 Realtek RTL81x9 or Intel FEI82557 Intel FEI82557 Intel GEI82543 Realtek RTL81x9 Marvell Yukon SGI

ELO Accutouch EELY USB V1 DMC TSC-10 PANJIT Viper

BIOS X86 BIOS X86 BIOS X86 BIOS X86

TH4_BSP_F TH4_BSP_G

Intel GEI82573 Intel GEI82574

ELO Smartset ELO compatible

BIOS X86 BIOS X86

Table 2-2 – Driver/BSP for different types of Panel PC

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3

Section 3

Page 35 / 50

THEMA4 CONTROL SYSTEM

3 FILE SYSTEM ORGANIZATION 3.1 - FILE SYSTEM 3.2 - ARCHIVE STRUCTURE 3.3 - SOFTWARE DIRECTORIES STRUCTURE

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3

Page 36 / 50

3.1 FILE SYSTEM All the data and programs are archived in a memory area (partition of the Hard Disk) with a size of 2 GB (512 MB for PP500). Of all the space available on the hard disks of the various models of Panel PC (which is generally 10 GB or more), this is the partition that is currently configured and used by the VxWorks operating system. Of these 2 GB (2048 MB), at the most 48 MB are used for programs, and therefore 2000 MB are available for electronic data archiving: log files of the cycles, parameter files and recording files. For PP500 the space available is proportionally less.

IMPORTANT NOTE – ARCHIVING CAPACITY Under the extremely conservative assumption of having to archive data files with an average size of 50 kB, it is possible to archive approximately 40,000 files. Assuming 10 cycles per day and approximately 3000 cycles per year are run, well over 10 years of archiving are available, with a normal use of the sterilizer. This estimation is not valid for PP500 Panel PCs.

3.2 ARCHIVE STRUCTURE The PCS software stores all the data that need to be archived in files having a fixed and preset format. These files are archived in the memories of the primary Panel PC in specific directories of PCS program and specifically in the following directories: - thema4/arch/ archived data of previous versions - thema4/user/config/ archived data of current version - thema4/audit/ “audit trail” recording - thema4/log/ process reports IMPORTANT NOTE The management of these files, as they are “electronic records”, is compliant with 21 CFR Part 11. These archived files, therefore, cannot be modified and any tampering with them is detected and recorded; furthermore, after each change, the previous values of the data are stored in another memory location. All changes made are traced (date and author), and safe data backup/restore procedures are available to the user. The inalterability of these data is ensured by an integrity check based on a CRC32 algorithm. When the file is created, and every time it is changed, the PCS applies the CRC32 algorithm to the contents of the file, obtaining a number, which is placed in the file itself (and is not included in the calculation). Every time the file needs to be opened to display, edit and print its data, the CRC32 algorithm is recalculated and the result is compared with the number previously stored in the file at the end of its creation or last change. If the system detects that the new CRC32 algorithm is different from the old one, i.e., that the contents of the file have been altered, a message is issued on the GUI and a trace of this file is left in the “audit trail” file. In this case, the system reinitializes the file, generating an “empty” file. No.

File name

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Alarm history list Process reports Equipment configuration D/IN configuration for NL D/OUT configuration for NL A/IN configuration for NL A/OUT configuration for NL AN channel conversion data Factory parameters System parameters Program parameters and data Cycle data Calibration parameters Configuration alarm list Alarm list (effects and delays) Maintenance plan Filter maintenance plan Hard Disk maintenance param. List and data of configured users User Access General Data

Fedegari Autoclavi SpA

Process reports

Sterilizer data Parameters Recordings X

X

X

Format Binary ASCII

No. of files 1 N

binary

N+1

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3 21 22 23 24

Page 37 / 50

List and data of selected user Backup configurations (job) List of Audit Trail recordings Internal diagnostic reports

X X

ASCII ASCII

1 N

Table 3-1– Table of files archived in THEMA4 Archived files can be of two types: “Process reports” (in ASCII text format) and “Sterilizer data” (in binary format except for the “audit trail” file, which is in ASCII format), which are divided into “Parameter” files and “Recording” files Recordings are always collected within a single file, which is updated continuously. All the archived files are listed in the table below, which also lists the number of files used: “N + 1” indicates N “historical” versions of the file plus the “current” version. IMPORTANT NOTE These files are not encrypted. All the files, except for the “Process reports”, are archived independently of the language being used, since the text strings are not stored in the files but are indexed by means of specific “pointers”. For this reason, each GUI can display and print these parameters in a different language from the one selected when the file was created.

3.3 SOFTWARE DIRECTORIES STRUCTURE The directories structure of the Thema4 software depends on the station (panel PC on side 1 or on side 2/3 or Remote GUI station). The program files are grouped into five subdirectories, corresponding to the Thema4 main programs: - /thema4/ (PCS) - /Jworks/ (JWORKS library) - /Java / (GUI Java) - /Fecp/ (FECP) - /Gui/ (GUI Tilcon) Note that “GUI Java” and “JWORKS library” are alternative to “GUI Tilcon”. The files needed for the startup of the system are in the root directory. Other directories are used for special drivers (touch screen drivers, remote authentication (KERBEROS),.. The following tables illustrate the structure and contents of the various directories and subdirectories, for the panel PC stations.

Directories structure for Side 1 Panel PC Directories /ata0a

/thema4/ /Jworks/ /java/ /fecp/ /gui/ /tbupddvx/ /tmp/ /kerberos/

Files ……….. ……….. ……….. ……….. ……….. tbupdd.reg ……….. krb5.conf krb5.keytab bootline.txt bootrom.sys config.ply th4.aut vxWorks.st

Notes see detail in Directories structure for Thema4 main programs see detail in Directories structure for Thema4 main programs see detail in Directories structure for Thema4 main programs see detail in Directories structure for Thema4 main programs see detail in Directories structure for Thema4 main programs touch screen driver settings (only for Siemens PC577) temporary folder for touch screen driver (only for Siemens PC577) KERBEROS protocol configuration file keytab file for KERBEROS connection bootline readable by bootrom.sys bootrom applicom card configuration file authorization file VxWorks image

Table 3-2 – Directories structure for Panel PC side 1

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3

Page 38 / 50

Directories structure for Side 2/3 Panel PC Path /ata0a

Description

thema4/ jworks/ java/ fecp/ tbupddvx/ tmp/ bootline.txt bootrom.sys vxWorks.st

empty see detail see detail empty tbupdd.reg – only for Siemens PC577, touch screen driver settings only for Siemens PC577, temporary folder for touch scree driver bootline readable by bootrom.sys bootrom VxWorks image

Table 3-3 – Directories structure for Panel PC side 2 / 3

3.3.1 Directories structure for Thema4 main programs Java/

directory structure (for GUI java program) Path

java/

data/

Description

NLshortNAMES/

nl_autoclave.txt nl_oven.txt nl_vhp.txt nl_dmd.txt

Text files (TXT/HTML), images (JPG/GIF) and programs (JAR) of the GUI application

*.txt helponline/

List of short descriptions for Logic Numbers of autoclave, oven, VHP and DMD.

HelpOnLineIndex.txt (NOTE: one subdirectory for each supported language, each containing files of the following types: .html,.txt,.bmp,.gif,.jpg) keyboards.jar (NOTE: one subdirectory for each supported language, each containing files of the following types: .html,.txt,.bmp,.gif,.jpg) repository/ Files t o exchange of data with PCS

keyboards/ manuals/

private/ GUI..jar GUI.ver TH4Maintenance.jar TH4Remote.bat TH4RemoteJavaVer.txt

Table 3-4 – Directories structure for program GUI

thema4/

directory structure (for PCS program) Path

thema4/

app/

Description codepages/ db/ doc/ keyboards/ opc/ pcs/ peid/ pdf/ pglib/ string/

arch/

aldef/ alidef/ alodef/

Fedegari Autoclavi SpA

codepage definition files CP*.txt codepages correspondencedefinition files CP*.map equipment database card database customer documents physical keyboard definition files OPC database FECP search module PCS pid.fdi thema4.ks P/G library alarm strings cause-remedy strings generic strings GUI question strings client message strings GUI strings PCS message strings FECP message strings P/G phase and parameters strings alarm configuration ALI configuration ALO configuration

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3 calib/ cfall/ cfrlog/ cic/ dlidef/ dlodef/ iodef/ job/ key/ manut/ pgen/ prog/

scal/ sys/ audit/ error/ log/ repository/ restore/

stato/ tmp/ user/

arch/ audit/ error/ log/ stato/ user/

cicli/ config/

key/ manut/ prog/

thema4/

shadow/

job/ log/ arch/ aldef/ alidef/ alodef/ calib/ cfall/ cfrlog/ cic/ dlidef/ dlodef/ iodef/ job/ key/ manut/ pgen/ prog/

scal/ sys/ log/

Page 39 / 50

calibration data configuration alarms cfrlog configuration cycles DLI configuration DLO configuration I/O definition backup configurations (job) access codes maintenance factory data programs golden cycle parametric release tables scaling data system parameters audit trail diagnostic files log files data exchange with GUI (restore) archives (restore) audit (restore) diagnostic files restore) log files (restore) system state retention (restore) restore user files system state retention temporary files cycles alarm configuration ALI configuration ALO configuration calibration data configuration alarms cfrlog configuration DLI configuration DLO configuration I/O definition factory data scaling data system parameters access code access code counts Maintenance Maintenance counts Programs Golden Cycle Parametric Release Tables Backup configurations (job) process reports waiting to be signed (hidden) archive files (hidden) alarm configuration (hidden) ALI configuration (hidden) ALO configuration (hidden) calibration data (hidden) configuration alarms (hidden) cfrlog configuration (hidden) cycles (hidden) DLI configuration (hidden) DLO configuration (hidden) I/O definition (hidden) backup configurations (job) (hidden) access codes (hidden) maintenance (hidden) factory data (hidden) programs (hidden) golden cycle (hidden) parametric release tables (hidden) scaling data (hidden) system parameters (hidden) log files

Table 3-5 – Directories structure for program PCS

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3

Jworks/

Page 40 / 50

directory structure (for JWORKS library) Path

jworks/

lib/

Description

security/ *.*

*.*

Installed files of WindRiver Jworks software Jworks version

Jworks.ver

Table 3-6 – Directories structure for library JWORKS

fecp/

directory structure (for FECP) Path

fecp/

Description FECP executable

fecpsrvr.o

Table 3-7 – Directories structure for program FECP

gui/

directory structure (for Tilcon GUI program) Path

gui/

codepages/ Images/

private/ string/

twd/ tilcongui.out

Description

CPxxx.map CPxxx.txt Alarm ButtonEnable Diagnose General Historic Home IconsTabTitle ModalWindows PasswordManag ProgramManagement Programs ProgramSummary Report RunInput RunList Setup Start repository/ alarm strings cause-remedy strings generic strings GUI question strings client message strings GUI strings PCS message strings FECP message strings P/G phase and parameters strings Tilcon window definition files Application executable

Codepages definition files Images used by the application as .png files

Files to exchange data with PCS

Table 3-8 – Directories structure for program GUI Tilcon

Directories structure for Remote GUI The files and data of the Remote GUI software program have this directory structure: Path Description NFxxy/

data/

NLshortNAMES/

nl_autoclave.txt nl_oven.txt nl_vhp.txt nl_dmd.txt

Text files (TXT/HTML), images (JPG/GIF) and programs (JAR) of the GUI application

*.txt export/

Fedegari Autoclavi SpA

arch/

List of short descriptions for Logic Numbers of autoclave, oven, VHP and DMD.

aldef/ alidef/ alodef/ calib/ cfall/ cfrlog/ cic/ dlidef/ dlodef/ iodef/

alarm configuration ALI configuration ALO configuration calibration data configuration alarms cfrlog configuration cycles DLI configuration DLO configuration I/O definition

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3 job/ key/ manut/ pgen/ prog/

scal/ sys/

Page 41 / 50 backup jobs passwords maintenance factory data programs golden cycle param. release t. scaling data system parameters

audit/ log/ user/

helponline/

keyboards/ manuals/

private/

th4_temp/ GUI..jar GUI.ver TH4Maintenance.jar TH4Remote.bat TH4RemoteJavaVer.txt

PDF, XML conversion cicli/ cycles config/ alarm configuration ALI configuration ALO configuration calibration data configuration alarms cfrlog configuration DLI configuration DLO configuration I/O definition factory data scaling data system parameters job/ backup jobs key/ passwords password counts manut/ Maintenance Maintenance counts prog/ Programs Golden Cycle Param. Release t. HelpOnLineIndex.txt (NOTE: one subdirectory for each supported language, each containing files of the following types: .html,.txt,.bmp,.gif,.jpg) keyboards.jar (NOTE: one subdirectory for each supported language, each containing files of the following types: .html,.txt,.bmp,.gif,.jpg) repository/ Files t o exchange of data with PCS th4_prc_report/ PDF/ Process reports at end-of-cycle in PDF format XML/ Process reports at end-of-cycle in XML format Default path for one-shot conversions

Table 3-9 - Directories structure for program Remote GUI The structure is identical to the one of the local GUI except for the export folder, and is obtained downloading files directly from the controller through TH4RStart. The files in the export directory have the same name as the corresponding file archived in the process controller, except for the extension, which can be *.pdf, *.txt or *.csv for converted files.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 3

Page 42 / 50

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Section 4

Page 43 / 50

THEMA4 CONTROL SYSTEM

4 LANGUAGES 4.1 - LANGUAGE FILES 4.2 - LANGUAGES AND CODEPAGES 4.2.1 - Peripherals configuration for the current codepage

4.3 - CUSTOM LANGUAGE 4.4 - LANGUAGE FILES VERSIONING 4.4.1 - File structure index 4.4.2 - String version index 4.4.3 - Codepage identifier 4.4.4 - Windows font required

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Page 44 / 50

4.1 LANGUAGE FILES The THEMA4 controller contains all the text strings needed by the operator interface for displaying, recording and printing in several languages. The strings, for each language, are contained in nine files, which are stored in the archives of the PCS, in the directory thema4/app/String, on the Side 1 Panel PC and in the directory /ata0a/java/data of each GUI. The language files are the following, divided into two groups: Application string files - xxx_ALL alarm strings - xxx_CR strings of alarm causes-remedies - xxx_GEN generic display and printing strings - xxx_MSGASK strings of GUI messages with questions to the operator - xxx_MSGCLT strings of GUI messages managed by FECP in case of client communication error - xxx_MSGGUI strings of GUI messages with warning messages for the operator - xxx_MSGPCS strings of GUI messages managed by PCS in case of error - xxx_MSGSVR strings of GUI messages managed by FECP in case of server communication error Library string file - xxx_PG strings of names of the parameters and phases of the P/Gs where “xxx” is the “language identifier”, a specific code of three characters, which identifies the language to which these string files refer (this identifier is contained in the second line within each language file). IMPORTANT NOTE The strings related to Causes and Remedies of the alarms, contained in the file “xxx_CR”, are managed only in Italian and English (for languages different from Italian).

Thema4 is always released with five standard language files. Optionally it can be delivered with a sixth language (extra language delivered by Fedegari) or a custom language (customized by the customer), as shown in the table below

Identifier ENG ITA FRA GER SPA xxx CUS

THEMA4 STANDARD LANGUAGES Language Note English standard languages – always present Italian standard languages – always present French standard languages – always present German standard languages – always present Spanish standard languages – always present Optional language one optional language (if required) Custom language language customizable by the customer (only if OPT.8 is enabled Table 4-1 – Thema4 standard and extra languages REFERENCE About the available extra languages, supported from the different software versions, refer to document: “CONFIGURATION MANUAL - HW AND SW CONFIGURATION (D/O#86727)”

4.2 LANGUAGES AND CODEPAGES Thema4 can manage languages with different set of characters, provided that these can be represented using a “single-byte codepage”, and is able to generate process reports and printscreens in “UNICODE” format. Starting from W33 Thema4 is able to handle also the set ot characters of the Basic Multilingual Plane of UNICODE, which are used to implement langauges that do not fit in a “single-byte codepage” such as Chinese. In this case the system still use a codepage for some data which are not language dependant (name of logic numbers, ip addresses…), for this reason this working mode is identified by a codepage followed by an asterisk. On a Thema4 system can be present a single “codepage” (CP), choosen between the ones available when released, which allows to manage a certain number of languages. During the startup, depending on language installed and enabled, the system automatically determines the “current codepage”.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Page 45 / 50

IMPORTANT NOTE For a correct operation of the on-board printer it is necessary that the firmware loaded in the thermal printer contains the set of characters corresponding to the “current codepage”. Note that this is not necessary for systems working in Unicode mode (codepages followed by an asterisk, such as Chinese language), because characters printed are not generated by the printer itself but received as bitmaps from Thema4. The set of characters normally installed (standard) is the one used by “western” languages, which is the CP1252. Currently can be installed upon request, as an alternative, the CP1251 which supports other languages such as “cyrillic”, CP1250 which support est european languages or CP1252* for Chinese language. Languages and keyboards (soft and external) supported by codepages available, are listed in the table below: CODE PAGE AND LANGUAGES SUPPORTED Code page CP1252 (Latin)

CP1251 (Cyrillic)

CP1250 (Est European)

CP1252* (Unicode)

Identifier ENG

Language English

Local keyboard supported Language type English US EN Standard English UK EN FRA French French FR GER German German DE ITA Italian Italian IT SPA Spanish Spanish ES POR Portuguese Portuguese PT Special (only one) Portuguese (Brazilian) PT UNG Hungarian BOS Bosniac POL Polish NED Dutch Dutch NL RUM Romanian SWE Swedish Swedish SV ENG English Standard FRA French GER German ITA Italian SPA Spanish RUS Russian Russian RU Special ENG English Standard FRA French GER German ITA Italian SPA Spanish CRO Croatian Croatian HR Special ENG English Standard FRA French GER German ITA Italian SPA Spanish CHI Chinese Pinyin ZH Special Table 4-2 – Code Pages and languages supported in Thema4

IMPORTANT NOTE For all the languages, English US keyboard is always supported The five standard languages are supported also by non Latin (CP1252) codepages with a limitation in print operations: can be printed only ASCII characters and characters belonging to CP1252 which can be found in the codepage used; characters that can’t be found will be replaced in printouts with a question mark (?). The limitation does not apply to unicode-based coepages (codepages followed by an asterisk, such as Chinese language).

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Page 46 / 50

4.2.1 Peripherals configuration for the current codepage Language management with different codepages requires a correct configuration/management of peripherals used: thermal printer, LCD display and external physical keyboard. Thermal printer: to get correct printouts, it is required to load on the thermal printer the firmware version that supports the codepage used in Thema4. This operation can be done only off-line with a dedicated software operating in Windows operating system. IMPORTANT NOTE This is not necessary for systems working in Unicode mode (codepages followed by an asterisk, such as Chinese language), because characters printed are not generated by the printer itself but received as bitmaps from Thema4. LCD Display: The display TH4_HW- LCD_1 can be used only for systems configured with CP1252 (standard configuration), while the display TH4_HW- LCD_2 can be used for systems configured with all codepages, because it is loaded with all available codepages and Thema4 selectes the correct one automatically during the startup. Finally TH4_HW- LCD_3 can be used for systems configured for Unicodebased languages such as Chinese. External physical keyboard (connected to work with the Configuration Menu): similarly to the soft keyboard, for the external physical keyboard different key-maps are supported, as reported in the table in paragraph 4.1. It is possible to select a different key-map by pressing together keys Alt+Tab: when Tab is released the next available key-map is applied. Differently from soft keyboards, available key-maps are determined by the current codepage, independently by the current language. This solution allows for an easier match of the physical keyboard really available.

4.3 CUSTOM LANGUAGE The user can’t modify language files supplied by Fedegari except for the CUSTOM language. This set of language files is managed only if the “custom language” option is enabled in the authorization. The user can modify its text and install it with a specific procedure available in the “Configuration Menu”. The installation on the Remote GUI can be made by means of a specific operation. IMPORTANT NOTE Responsibility for the changes, eliminations and additions of texts, lies with the user who has access to the CUSTOM language management.

4.4 LANGUAGE FILES VERSIONING Language files are text files composed by an header and a table of texts written in the specific language. The header always contains a “file structure index”, a “string version index” and in some cases a “codepage identifier”.

4.4.1 File structure index The first line of the string file contains an index of the “file structure version”, composed of two numerals “x.x”, which is used by the program to manage properly the file. This value can be modified only following redesign of the software. It does not depend on the strings contained in the file but on its structure. Curently two “file structure version” are available: 1.0 (8-bit format) and 2.0 (16-bit UNICODE format) and 2.1 (16-bit UNICODE format with Windows font required for correct rendering).

4.4.2 String version index All the languages installed on a GUI have a version index, which can be different from one language to the other and is used to identify the changes made to the string files of that language. This index is composed of two numerals “x.x” (the first one is the version index and the second one is the update index) and is stored in the second line of each string file. This version index is the same for all “Application string files” of the same language, and therefore changing one of these string files and consequently changing the version index imply changing the version index of all the other files. The Library string file has an independent version index. There are compatibility constraints between the version of the “Application string files” and the version of the “application software” that is installed and between the version of the “library string file” and the version of the “library software” that is installed. These compatibilities are given in the Configuration Manual of THEMA4.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Page 47 / 50

4.4.3 Codepage identifier For files with “file structure index” 2.0 or 2.1 there is also the “codepage identifier” field, which identifies the codepage to use to encode to 8-bit the text messages in the file itself. Altough the file is encoded as 16-bit UNICODE it can contain only characters that can be represented in the specified codepage.

4.4.4 Windows font required For files with “file structure index” 2.1 there is also the “Windows font” required for correct visualization of Process Reports and printouts on the Remote GUI. If this font is not installed on the Windows system that is running the Remote GUI a warning is generated when the Remote GUI starts. The proportional font used by the Remote GUI for labels and other text is always “Arial Unicode” and is not indicated in the file.

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 4

Page 48 / 50

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 5

Section 5

Page 49 / 50

THEMA4 CONTROL SYSTEM

5 INTEGRATION WITH EXTERNAL SYSTEMS 5.1 - SOFTWARE ARCHITECTURE OF EXTERNAL COMMUNICATIONS

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - SDS - Section 5

Page 50 / 50

5.1 SOFTWARE ARCHITECTURE OF EXTERNAL COMMUNICATIONS The THEMA4 controller can interact with external systems (electrical devices, SCADA, central database) in different ways: 1. Exchange of physical I/O signals through electrical connections; 2. Exchange data (read and write) with SCADA systems by means of different protocols (Modbus ASCII, Modbus RTU, OPC) on different media (serial cable, Ethernet cable); 3. Archive data in an SQL database by means of SOAP transactions over a Web Server. The following figure clarifies the software architecture behind external communications

REAL TIME OPERATING SYSTEM (RTOS) FECP SERVER

PCS P/G Library SOAP (C)

Kernel

Modbus OPC server server

Ethernet

I/O

GUI Primary CLIENT

Ethernet

GUI

GUI GUI GUI

Remote (OPT.) CLIENT

CLIENT MS Windows O.S.

Profibus or Powerlink

Web Server Electrical I/O signals

.exe CGI

OLE DB

MS Windows O.S. MS SQL ORACLE MySQL … Supported DBMS

Ethernet Serial

Ethernet

OPC client

SCADA Modbus RTU/ASCII client Modbus TCP/IP client

(Hystorian)

Fig. 5-1 – Communication with external systems

Fedegari Autoclavi SpA

D/O#222852.8 – December 2013

Thema4 control system - HDS

Page 3 / 42

Document modifications history Revision 20

Revision 21 Revision 22 Revision 23

Revision 24 Revision 25 Revision 26 Revision 27 Revision 28

Revision 29 Revision 30

Revision 31

Derived from Rev.19 with following changes: Paragraph 2.1.3 Added Siemens IPC577C to table 2-1 Paragraph 2.1.3 Added paragraph 2.1.3.8 Paragraph 2.1.4 Added Siemens IPC577C to table 2-9 Paragraph 2.6.2 Added GLK24064-25GW to table 2-22 Paragraph 2.6 Added types 3 and 4 to door management module Paragraph 2.8.2 Added Remote GUI O.S. compatibility to Windows 7 Paragraph 2.1.3 Added Digital Proface APL-3000 to Table 2-1 Paragraph 2.1.3 Added paragraph 2.1.3.9 Paragraph 2.1.4 Added Digital Proface APL-3000 to Table 2-11 Paragraph 2.2.2 Added profibus board PCU-DPIO ver.F to Table 2-12 Paragraph 2.4.2 Added switch PHOENIX FL SFNB 5TX to Table 2-19 Paragraph 2.3.2 Added paragraph 2.3.2.7 for Siemens DP/DP Coupler, inserting a new Table 2-19 Paragraph 2.6.2 Added GLK24064-25FGW to table 2-25 Paragraph 1.1 Modified hardware layout for type 5 sterilizers Paragraph 2.1.3 Added B&R PP500 Panel PC, exteneded note about RAM usage Paragraph 2.1.4 Added B&R PP500 to Table 2-12 Paragraph 2.2 Added Powerlink bus, many changes Paragraph 2.3.2 Added B&R X67 and X20 configuration Paragraph 2.7 Added Printer/DataLogger CUSTOM FT190DL and serial cable Paragraph 2.3.2 Added B&R modules Paragraph 2.1.2 Added Box PC + monitor configuration Paragraph 2.1.3 Added paragraph 2.1.3.11 for Box PC + monitor configuration Paragraph 2.1.4 Added Box PC + monitor configuration Paragraph 2.3.2.8 Added B&R modules X20 and X67 Paragraph 2.3.2 Added paragraph 2.3.2.9 for Box PC + monitor configuration

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Page 4 / 42

Thema4 control system - HDS

INTRODUCTION The aim of this document is to define the hardware structure of the Thema4 process controller, detailing the modules which is composed of and the interfaces between these modules and external systems. This HDS (Hardware Design Specification) document, as stated in the procedure PAQ D/O#117231.3, follows the SP (Functional Specification), which details the functions of the control system and of the single modules it is composed of. Starting from this document the specification of hardware module tests HATS (Hardware Acceptance Test Specification) will be defined, which result are collected by HATR (Hardware Acceptance Test Results) that define tests to be executed on the hardware components of the system. The following schematic represents the documental structure outlined above, clarifying the approach adopted for configuration and testing of hardware components:

HDS

HATS/R configuration

HW comp. 1 configurat.

test

HW comp. 2 configurat. HW comp. N configurat.

For more clarity this specification adopts schematics and tables.

REFERENCES This document revision is based on hardware changes detailed by following change activities: CH 152 Hardware configuration for TH4-FELD CR 535 Management of Printer/data logger CUSTOM FT190DL for TH4-FELD CR547

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Page 5 / 42

Thema4 control system - HDS

NOTATIONS In this user manual, these notations are used: NOTE

for additional note

REFERENCE

for references to other sections

IMPORTANT NOTE

for important note

WARNING!!

For very important note

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Page 6 / 42

Thema4 control system - HDS

DOCUMENT SECTIONS This user manual is composed of the following sections

1 HARDWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM

This section describes the hardware architecture of the control system Thema4, identifying basic elements and how they are interconnected.

2 DETAILED SPECIFICATION OF HARDWARE COMPONENTS

This section describes requirements for each basic hardware element that build up the Thema4 control system. Additionally, for each of them, it is reported the list of models supported with their technical characteristics.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS

Page 7 / 42

INDEX 1

HARDWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM ...........................................................11

1.1 THEMA4 HARDWARE LAYOUT ...................................................................................................12 1.1.1 SPECIAL ARCHITECTURES WINDOWS BASED ......................................................................13 1.1.1.1 Windows GUI on Side 1 ...........................................................................................................13 1.1.1.2 Windows GUI on Side 2 ...........................................................................................................13 1.2 THEMA4 HW COMPONENTS LIST ...............................................................................................14 1.3 INTEGRATION TABLE OF THEMA4 HARDWARE COMPONENTS ...........................................15 2 DETAILED SPECIFICATION OF HARDWARE COMPONENTS.................................................................17 2.1 PANEL PC S1/S2/S3 ......................................................................................................................18 2.1.1 Generalities...................................................................................................................................18 2.1.2 Minimum requirements of Operator Panel....................................................................................18 2.1.3 Supported Panel PCs ...................................................................................................................20 2.1.3.1 P- Digital Proface PL692x-T4y.................................................................................................21 2.1.3.2 A – Allen Bradley VERSA VIEW 1500P (Ser.A-Ser.D)............................................................21 2.1.3.3 S – Siemens IL 70 ....................................................................................................................22 2.1.3.4 B – Digital Proface PS-2000B ..................................................................................................22 2.1.3.5 Z – Siemens PC577 .................................................................................................................23 2.1.3.6 D – Digital Proface PS3650A – T41.........................................................................................23 2.1.3.7 E – Allen Bradley VERSA VIEW 1500P (Ser.E) ......................................................................24 2.1.3.8 F – Siemens IPC577C..............................................................................................................24 2.1.3.9 C – Digital Proface APL-3000 ..................................................................................................25 2.1.3.10 G – B&R PP500 ...................................................................................................................25 2.1.3.11 H – B&R APC 810 ATOM 5P81:404390.002-01 .................................................................26 2.1.4 Devices enabled to load application and to backup/restore data.................................................27 2.1.4.1 USB peripherals supported ......................................................................................................27 2.2 I/O BUS BOARD.............................................................................................................................28 2.2.1 Fieldbus supported .......................................................................................................................28 2.2.1.1 Generalities on Profibus fieldbus .............................................................................................28 2.2.1.2 Generalities on Powerlink fieldbus ...........................................................................................28 2.2.2 Supported I/O BUS BOARD for the Panel PC .............................................................................29 2.3 REMOTE I/O MODULES ................................................................................................................30 2.3.1 Generalities...................................................................................................................................30 2.3.2 Configurations...............................................................................................................................30 2.3.2.1 Configuration SIEMENS ET200S.............................................................................................30 2.3.2.2 Configuration SIEMENS ET200M (non standard) ...................................................................31 2.3.2.3 Configuration ALLEN BRADLEY FLEX I/O..............................................................................31 2.3.2.4 Configuration SMC EX250 .......................................................................................................32 2.3.2.5 Configuration SMC EX500 .......................................................................................................32 2.3.2.6 Configuration ALLEN BRADLEY POINT I/O............................................................................32 2.3.2.7 Configuration SIEMENS S7 300 ..............................................................................................32 2.3.2.8 Configuration B&R X67 and X20..............................................................................................33 2.3.2.9 Configuration SMC EX260 .......................................................................................................33 2.4 HUB/SWITCH ....................................................................................................................................34 2.4.1 Generalities...................................................................................................................................34 2.4.1.1 Connecting a sterilizer in a LAN network .................................................................................34 2.4.1.2 Connecting together more sterilizers in a LAN network...........................................................35 2.4.2 Supported Hub/Switch ..................................................................................................................35 2.4.3 Ethernet cables.............................................................................................................................35 2.5 UPS .................................................................................................................................................36 2.5.1 Generalities...................................................................................................................................36 2.5.1.1 Thema4 components powered by UPS ...................................................................................36 2.5.2 Supported UPS.............................................................................................................................36 2.6 DOOR MANAGEMENT MODULE LCD ....................................................................................................38 2.6.1 Generalities...................................................................................................................................38 2.6.2 Supported LCD display.................................................................................................................39 2.7 THERMAL PRINTER ......................................................................................................................40 2.7.1 Generalities...................................................................................................................................40 2.7.2 Supported thermal printers ...........................................................................................................40 2.7.3 Cables for thermal printers ...........................................................................................................40 2.8 REMOTE OPERATOR STATION...................................................................................................41 2.8.1 Generalities...................................................................................................................................41 Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS

Page 8 / 42

2.8.2 Minimum requirements .................................................................................................................41 2.9 4-20MA/PT100 CONVERTER MODULES ...............................................................................................42 2.9.1 Generalities...................................................................................................................................42 2.9.2 Supported 4-20mA/Pt100 converter modules ..............................................................................42

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS

Page 9 / 42

TABLES Table 1-1– Thema4 HW components list ...............................................................................................................14 Table 1-2– Integration table of Thema4 hardware components.............................................................................15 Table 2-1 – Panel PC table.....................................................................................................................................20 Table 2-2 – Digital Proface PL692x-T4y.................................................................................................................21 Table 2-3 – Allen Bradley VERSA VIEW 1500 P (Ser.A-D) ...................................................................................21 Table 2-4 – Siemens IL70.......................................................................................................................................22 Table 2-5 – Digital Proface PS-2000B....................................................................................................................22 Table 2-6 – Siemens PC577...................................................................................................................................23 Table 2-7 – Digital Proface PS3650A-T41 .............................................................................................................23 Table 2-8 – Allen Bradley VERSA VIEW 1500 P (Ser.E).......................................................................................24 Table 2-9 – Siemens IPC577C ...............................................................................................................................24 Table 2-10 – Digital Proface APL-3000 ..................................................................................................................25 Table 2-11 – B&R PP500 .......................................................................................................................................25 Table 2-12 – B&R APC 810 ATOM 5P81:404390.002-01 .....................................................................................26 Table 2-13 – Media devices present in the panel PC.............................................................................................27 Table 2-14 – Field bus card table ...........................................................................................................................29 Table 2-15 – Boards/Panel PC compatibility ..........................................................................................................29 Table 2-16 – Siemens ET200S I/O.........................................................................................................................31 Table 2-17 – Siemens ET200M I/O ........................................................................................................................31 Table 2-18 – Allen Bradley FLEX I/O .....................................................................................................................31 Table 2-19 – SMC EX250.......................................................................................................................................32 Table 2-20 – SCM EX500.......................................................................................................................................32 Table 2-21 – Allen Bradley POINT I/O ...................................................................................................................32 Table 2-22 – Siemens S7 300 ................................................................................................................................32 Table 2-23 – B&R X20............................................................................................................................................33 Table 2-24 – B&R X67............................................................................................................................................33 Table 2-25 – SMC EX260.......................................................................................................................................33 Table 2-26 – Hub/Switch table................................................................................................................................35 Table 2-27 – Ethernet cable table ..........................................................................................................................35 Table 2-28 – Thema4 hardware consumptions table .............................................................................................36 Table 2-29 – UPS table ..........................................................................................................................................37 Table 2-30 – Backup time for UPS BK650MI .........................................................................................................37 Table 2-31 – LCD display table ..............................................................................................................................39 Table 2-32 – Thermal printer table .........................................................................................................................40 Table 2-33 – Printer cables table............................................................................................................................40 Table 2-34 – Remote GUI minimum requirements.................................................................................................41 Table 2-35 – Pt100 converter table ........................................................................................................................42

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS

Page 10 / 42

FIGURES Fig. 1-1 – Thema4 hardware layout........................................................................................................................12 Fig. 2-1 – Panel PC minimum requirements...........................................................................................................18 Fig. 2-2 – Blind PC + monitor minimum requirements............................................................................................19 Fig. 2-3 – On board blackout connector .................................................................................................................28 Fig. 2-4 – Remote I/O connection...........................................................................................................................30 Fig. 2-5 – Example of connection of a single sterilizer ...........................................................................................34 Fig. 2-6 – Multi sterilizers connection by hub/switch ..............................................................................................35 Fig. 2-7 – Type1/3-4 and 2 door management module ..........................................................................................38

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Section 1

Page 11 / 42

THEMA4 CONTROL SYSTEM

1 HARDWARE ARCHITECTURE OF THEMA4 CONTROL SYSTEM 1.1 – THEMA4 HARDWARE LAYOUT 1.1.1 – SPECIAL ARCHITECTURES WINDOWS BASED

1.2- THEMA4 HW COMPONENTS LIST 1.3 – INTEGRATION TABLE OF THEMA4 HARDWARE COMPONENTS

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Page 12 / 42

1.1 THEMA4 HARDWARE LAYOUT The hardware architecture of the Thema4 control system is shown in the figure below, where the components are highlighted and numbered.

STERILIZER

LPT, USB, RS232

7

5 1b

Thermal printer

Operator panels S2/S3

UPS

PROFIBUS, POWERLINK

1 2

Operator Panel S1

FIELDBUS card

3

Remote I/O PLC modules

PWR BUS

D D IN OUT

AN AN IN OUT

Operator panel Side1 Eth.

Operator Panel Technical area

RS232

6

Safety TE

4

LCD

9

Eth.

Eth. RS232

4-20mA

4-20mA/Pt100 converter

Operator Panel S2

D/IN

LCD door module

HUB/Switch

Field devices of the sterilizer: sensors and actuators Eth.

8

Remote operator station Eth. Integration with external

systems (Ethernet /

RS232 RS232).

WINDOWS PC

A4 Printer (WINDOWS)

Fig. 1-1 – Thema4 hardware layout REFERENCE Thema4 control system components are defined in the document “CONFIGURATION MANUAL – HW AND SW CONFIGURATION (D/O#86727)”

NOTE Some configurations such as type 5 sterilizers use a subset of the hardware layout above

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Page 13 / 42

1.1.1 SPECIAL ARCHITECTURES WINDOWS BASED In this special configuration there is a Operator Panel on the sterilizer, with a MS Windows Operating System with installed a standard Remote GUI. This requires two PCs (one for Thema4, of type “blind” or “panel”) This operator panel Windows (Option ST.4 – WIN GUI) can be on the side 1 or side 2 (or technical area) of the sterilizer and it allows the installation and management of an A4 printer directly on the machine.

1.1.1.1 Windows GUI on Side 1 STERILIZER

UPS BUS board

AL.

BUS

D D AN AN IN OUT IN OUT

Operator Panel S1 Windows REMOTE GUI

Blind PC THEMA4

Converter 4-20mA/Pt100

1.1.1.2 Windows GUI on Side 2 STERILIZER

UPS

BUS board

AL.

BUS

D D AN AN IN OUT IN OUT

Operator Panel S1 THEMA4

Operator Panel S2 Windows REMOTE GUI

Converter 4-20mA/Pt100

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Page 14 / 42

1.2 THEMA4 HW COMPONENTS LIST As shown in the layout, Thema4 is composed of the hardware components listed in the following table, that can be either standard or optional components. Each component is detailed in a paragraph of the section 2 of this specification. No Component description 1 2 3 4 5 6 7 8 9

Operator panel Side 1/2/3 Profibus card Remote I/O PLC modules HUB/Switch UPS (for blackout management) LCD doors management module (Side 2) Thermal printer Remote operator station 4-20mA/Pt100 converter Table 1-1– Thema4 HW components list

Selectable by the Customer X X

NOTE Component numbers reported in the table are the same reported in Figure 1-1 of the Thema4 Hardware layout

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Page 15 / 42

1.3 INTEGRATION TABLE OF THEMA4 HARDWARE COMPONENTS The following table lists the HW interfaces for the integration of the system components HUB/Switch

LCD doors management module (Sid 2) (Sid 2)) UPS (for blackout management)

Thermal printer

Remote operator station

4-20mA/Pt100 converter

Operator panel S2/S3

Remote station

External systems

4

5

6

7

8

9

10

11

12

A B C D E P L M U N

3

Remote operator station 4-20mA/Pt100 converter Operator panel S2/S3 Remote station External systems

Remote I/O PLC modules

8 9 10 11 12

2

7

Profibus card Remote I/O PLC modules HUB/Switch UPS (for blackout management) LCD doors management module (Side 2) Thermal printer

Profibus card

2 3 4 5 6

1

Operator panel Side 1

Operator panel Side 1

1

P

-

A

L

B

M U -

A

-

-

A

A

P A L B M U A A A

E

-

L

-

E -

-

L -

-

-

-

-

-

-

-

C -

A A A A

L -

-

-

A -

C -

A L -

A -

A -

-

-

-

-

-

-

-

-

-

-

-

-

-

= Ethernet connection = Connessione seriale = A/IN = D/IN = Profibus connection = PCI BUS = 220V Power supply cable = LPT connection = USB connection = 4-20mA connection Table 1-2– Integration table of Thema4 hardware components

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 1

Page 16 / 42

This page is left intentionally blank

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Section 2

Page 17 / 42

THEMA4 CONTROL SYSTEM

2 DETAILED SPECIFICATION OF HARDWARE COMPONENTS 2.1 – PANEL PC S1/S2/S3 2.1.1 – Generalities 2.1.2 – Minimum requirements of Operator 2.1.3 – Supported Panel PCs 2.1.4 – Devices enabled to load application and to backup/restore data

2.2- I/O BUS BOARD 2.2.1 – Fieldbus supported 2.2.2 – Supported I/O BUS BOARD for the Panel PC

2.3 – REMOTE I/O MODULES 2.3.1 – Generalities 2.3.2 – Configurations

2.4 – HUB/Switch 2.4.1 – Generalities 2.4.2 – Supported Hub/Switch 2.4.3 – Ethernet cables

2.5 – UPS 2.5.1 – Generalities 2.5.2 – Supported UPS

2.6 – Door management module LCD 2.6.1 – Generalities 2.6.2 – Supported LCD display

2.7 – THERMAL PRINTER 2.7.1 – Generalities 2.7.2 – Supported thermal printers 2.7.3 – Cables for thermal printers

2.8 – REMOTE OPERATOR STATION 2.8.1 – Generalities 2.8.2 – Minimum requirements

2.9 – 4-20mA/Pt100 converter modules 2.9.1 – Generalities 2.9.2 – Supported 4-20mA/Pt100 converter modules

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 18 / 42

2.1 PANEL PC S1/S2/S3 2.1.1 Generalities This section details the technical specifications of the Panel PC S1/S2/S3 component. The operator panels S2 (side 2) and S3 (technical area) are optional but identical to the one used on S1 (side 1). Devices such as floppy, RS232 serial port, LPT port, USB ports and PCI card are not used in case of Panel PC S1 and S3.

2.1.2 Minimum requirements of Operator Panel The Operator Panel PC is available in 2 different configurations, Pamel PC or box PC + monitor that depend by the brand choice for the component. In order to grant desired performances of the control system, to allow to connect all peripherals to be managed and the execution of all operations foreseen for the control system, follows minimal requirements apply. Touchscreen driver for VxWorks

1 HD >= 10 GB

Pentium III, 700 MHz 256MB RAM 1 PCI slot for Profibus card

1 LPT port for thermal printer or 1 USB port

1 RS232C COM port for connection of Modbus RS232 1 RS232C COM port for LCD display connection to doors management module 1 10/100-MHz Ethernet port 1 front-mounted floppy disk drive 1 PS2/keyboard port for software installation and backup/restore operations 1 USB port for connection of backup/restore unit 12.1-inch analog resistive TFT color LCD touch screen, SVGA 800x600

Fig. 2-1 – Panel PC minimum requirements

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 19 / 42

The minimum requirements that the Blind PC + Monitor must have are listed below. 1 RS232C COM for Door Board connector 4 USB port: 1 for Thermal Printer, 3 USB port for connection of backup/restore units

1 RS232C COM for Modbus RS232 connection

1 Ethernet 10/100 MHz port 1 PCI slot for Profibus card Intel Atom N270

1 HD, ≥ 60GB

Touch Driver for Vx Works

SDL Cable

Touch Driver for Vx Works

Automation Panel AP920 display TFT 12'' SVGA analog resistive touch-screen

Fig. 2-2 – Blind PC + monitor minimum requirements IMPORTANT NOTE If the operator panel adopted does not meet the requirements indicated above, some system functionalities might not be available

IMPORTANT NOTE The PCI slot and the serial, parallel and USB ports are not used for the Operator Panels side 2/3

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 20 / 42

2.1.3 Supported Panel PCs Follows the list of panel PCs supported with main technical characteristics: Cod. Model P Digital Proface PL692x-T4y A

Allen Bradley VERSA VIEW 1500P SerA-SerD Siemens Industrial Lite 70

Type

Proc. Freq. Disp.

Panel PC

PIII

Panel PC

PIII

1G

12,1”

HD

RAM

20G 128M

0.7G

4

Eth

Floppy USB

1

4

1

X

3

2 20G 256M

1

1

3

1

X

2

Panel Celeron 1.7G 12.1” PC 2G

20G 128M

3

1

1

1

X

2

Digital Proface PS-2000B

Blind PC

PIII

20G 128M

3

-

4

1

X

4

Siemens PC577

Panel PC

PIV

2

1

1

1

-

7

D

Digital Proface PS3650A-T41

Panel Celeron 1.3G 12.1” PC

40G 256M

1

-

1

2

-

5

E

Allen Bradley VERSA VIEW 1500P SerE Siemens IPC577C

Panel PC

40G

1G

1

1

2

2

-

5

Panel Celeron 1.2G 12.1“ PC M

80G

1G

1

-

1

2

-

5

C

Digital Proface APL-3000

Blind PC

Core Duo

2.0G

-

250G

1G

2

-

4

2

-

4

G

B&R PP500

Panel

Atom 1.1G

7”

0.5G 512M

-

-

1

1

-

2

PC

Z510

H

B&R APC 810 Blind ATOM PC 5P81:404390.00201

-

60G

-

-

2

2

-

5

S

B

Z

F

1.2G

PCI LPT RS232

1G

15”

-

256M 256M

2.4G 12.1”

40G 256M 512M

Core Duo

Atom N270

1.2G

1.6G

15”

1G

Table 2-1 – Panel PC table IMPORTANT NOTE The minimum RAM required starting from software version W26 is 256MB. For Proface and Siemens IL-70 the amount of RAM installed can be 128MB, in this case two RAM expansion kit are available (RAM expansion for PC Proface PL-X920 and RAM expansion for Siemens IL-70) to increase the RAM memory. In case of Siemens IL-70 it is possible that the RAM is present but the operating system does not detect it, in this case an upgrade of the operating system is available. In case of Allen Bradley or Siemens PC577 the minimum RAM requirement is satisfied with no intervention. This limit is mainly due to the GUI java and does not apply to Tilcon GUI

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 21 / 42

2.1.3.1 P- Digital Proface PL692x-T4y This panel PC is shipped without hard disk or floppy drive and is completed by assembling the components reported in the table below. Code TH4_HWPANEL_P

Model

Technical characteristics

Digital Proface PL692x-T4y

PL-HD220

Pentium III, 700 MHz (PL692x-T41) or 1 GHz (PL692x-T42) nd 128 MB DRAM (expandable to 256 MB), Award BIOS, 256 KB 2 cache 12.1-inch analog resistive TFT color LCD touchscreen, SVGA 800x600 Replaceable CCFL backlight Ports: 4 COM, 1 parallel, 2 PS/2 keyboard, 1 PS/2 mouse, 1 analog VGA USB ports (1 at front) 10B-T/100B-TX Ethernet RAS (2 D/I, 1 D/O, 1 Alarm signal, 1 Alarm lamp) 5 ISA + 2 PCI/ISA (PL6920-T4y) or 1 ISA + 1 PCI/ISA (PL6921-T4y) No preinstalled operating system 160 VA T : 5-45°C IP65f (front surface after installation) Dimensions : 287(H), 346(W), 170(D) mm, 9.5 kg (PL6920-T4y) 287(H), 346(W), 123(D) mm, 8.5 kg (PL6921-T4y) HD 20GB

PL-FD210 PL-FD200

Frontal floppy disk drive (for PL6920 only) Side mounted flopp disk drive (for PL6921)

x = 0 (4 slot) 1 (2 slot) y = 1 (700Mhz) 2 (1GHz)

Table 2-2 – Digital Proface PL692x-T4y

2.1.3.2 A – Allen Bradley VERSA VIEW 1500P (Ser.A-Ser.D) Code TH4_HWPANEL_A

Model

Technical characteristics

Allen Bradley VERSA VIEW 1500P Ser.A-D (Performance 6181P-15TP2KH)

Pentium III, 1.2 GHz |Pentium 4, 2GHz 20 GB HD, 256 MB RAM | 40GBHD, 1GB RAM 15-inch analog resistive TFT color LCD touchscreen, SVGA 1024x768 30,000-hour backlight Ports: COM, 2 parallel, 1 PS/2, 1 analog VGA | 2 PS/2 , 1 parallel USB ports, 1 VGA port 10/100M Ethernet Slots: 1 half-length PCI slot 3.5” Floppy Disk Drive (installed laterally) Compact Flash (CF type 1) DVD/CD-ROM Drive (installed laterally) Preinstalled operating system removed during configuration 80VA power consumption T : 0-50°C IP65 (front surface after installation) Dimensions : 309(H), 410(W), 109(D) mm, 8 kg

Table 2-3 – Allen Bradley VERSA VIEW 1500 P (Ser.A-D)

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 22 / 42

2.1.3.3 S – Siemens IL 70 Code TH4_HWPANEL_S

Model

Technical characteristics

Siemens Panel PC Industrial Lite 70 (6AG7 0100AA00-0AA0)

Celeron, 1.7/2 GHz HD: >=20 GB, RAM: 128/256 MB (expandable to 2 GB), 12.1-inch analog resistive TFT color LCD touchscreen, SVGA 800x600 50,000-hour backlight 1 COM port, 1 parallel port, 1 PS/2 keyboard port, 1 PS/2 mouse port Audio In/Out, Microphone In, Joystick port 6 USB ports (on rear) 10/100M, RJ45 Ethernet Slots: 3 PCI + 1 AGP 3.5” Floppy Disk Drive (installed laterally) CD-ROM Drive (installed laterally) No preinstalled operating system Temperature control and Watchdog 110/230 V AC, 50/60 Hz 200 W power consumption T : 5-45°C IP65 (front surface after installation) Dimensions : 330(H), 391(W), 213(D) mm, 13 kg

RAM expansion kit

Kingston TECHNOLOGY KVR333X64C25/256

Table 2-4 – Siemens IL70 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is only one serial port so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol

2.1.3.4 B – Digital Proface PS-2000B Code TH4_HWPANEL_B

Model

Technical characteristics

Digital Proface PS-2000B (with PSB-CD/FD01)

PentiumIII 1 Ghz HD >=20GB, RAM 128/256MB N°4 COM, N°1 PS/2 Keyb., N°1 PS/2 mouse Audio In/Out, Microphone In, Joystic port N°4 USB N°2 Ethernet 10/100M, RJ45 Slot: 3 PCI Floppy Disk Drive 3.5 (installed in the expansion PSB-CD/F01) CD-ROM Drive (installed in the expansion PSB-CD/F01) No preinstalled operating system Temperature control and Watchdog AC110/230V 50/60Hz 110VA power consumption 118(A), 265(L), 299(P) mm, 4.5kg 159(A), 265(L), 299(P) mm (with the expansion PSB-CD/F01)

Table 2-5 – Digital Proface PS-2000B IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is no LCD display (blind), so to configure the system it is necessary to connect a remote GUI, and to use the Configuration Menu an external monitor connected on VGA port and a PS2 mouse are needed; - there is no LPT port, so it is not possible to connect a parallel thermal printer.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 23 / 42

2.1.3.5 Z – Siemens PC577 Code TH4_HWPANEL_Z

Model

Technical characteristics

Siemens Panel PC PC577 (12’’ Touch 6AV7820 0AB001AA0)

Pentium 4 2,4Ghz HD >=40GB, RAM 256/256MB (expandable to 4 GB) 12.1-inch analog resistive TFT color LCD touchscreen SVGA 800x600 50,000-hour backlight 1 COM port, 1 parallel port, 1 PS/2 keyboad port, 1 PS/2 mouse port Audio In/Out, Microphone In, Joystic port 7 USB ports (1 at front) 10/100/1000M, RJ45 Ethernet Slot: 2 PCI CD-ROM Drive (installed laterally) No preinstalled operating system AC110/230V 50/60Hz 190W power consumption IP65 (front surface after installation) +5°C..+45°C Dimensions : 310(H), 483(W), 162(+28)(D) mm, 13kg

Table 2-6 – Siemens PC577 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is only one serial port so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

2.1.3.6 D – Digital Proface PS3650A – T41 Code TH4_HWPANEL_D

Model

Technical characteristics

Digital Proface PS3650A-T41

Celeron M320 1.3GHz DRAM 256MB (exp.512MB), First BIOS, 2°cache 512K 12.1inch TFT color LCD SVGA 1024x760, touch-screen resist.analog Replaceable CFL backlight N°1 COM N°5 USB (1 front) Ethernet 10B-T/ 100 B-TX RAS(2 D/I, 2D/O) Slot: 1 (PCI Rev. 2.2) No preinstalled operating system 110VA T : (5-50)°C IP65f (front surface after installation) 239(A), 301(L), 103(P) mm, 4.5kg

Table 2-7 – Digital Proface PS3650A-T41 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is only one serial port so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol; - there is no LPT port, so it is not possible to connect a parallel thermal printer; - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 24 / 42

2.1.3.7 E – Allen Bradley VERSA VIEW 1500P (Ser.E) Code TH4_HWPANEL_E

Model

Technical characteristics

Allen Bradley VERSA VIEW 1500P Ser.E (6181P-15TPXP)

Core Duo, 1.2 GHz 40 GB HD, 1 GB RAM 15-inch analog resistive TFT color LCD touchscreen, SVGA 1024x768 Ports: COM, 1 parallel, 2 PS/2, 1 DVI 5 USB ports 2 ports 10/100/1000M Ethernet RJ45 Slots: 1 PCI slot Rev 2.3 DVD Drive Preinstalled operating system removed during configuration 110VA power consumption T : 0-50°C IP66 (front surface after installation) Dimensions : 309(H), 410(W), 100(D) mm, 9 kg

Table 2-8 – Allen Bradley VERSA VIEW 1500 P (Ser.E) IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is only one serial port so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

2.1.3.8 F – Siemens IPC577C Code TH4_HWPANEL_F

Model

Technical characteristics

Siemens IPC577C (6AV7885-0AA101AA2)

Celeron M 1.2GHz, 2°cache 1M HD 80GB SATA, DRAM 1G (expandable to 4GB) 12.1inch TFT color LCD SVGA 800x600, touch-screen resist.analog N°1 COM N°5 USB (1 front) N°2 10/100/1000 Mbps, Ethernet RJ45 Slot: 1 PCI N°1 DVI-I No preinstalled operating system AC100/240V 50/60Hz, 90W T : (0-40)°C IP65 (front surface after installation) 310(A), 400(L), 105(P) mm, 8.1kg

Table 2-9 – Siemens IPC577C IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is only one serial port so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol; - there is no LPT port, so it is not possible to connect a parallel thermal printer; - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 25 / 42

2.1.3.9 C – Digital Proface APL-3000 Code TH4_HWPANEL_C

Model

Technical characteristics

Digital Proface APL-3000

Intel Core Duo 2.0GHz, 2°cache 2M HD 250GB SATA, DRAM 1G (expandable to 4GB) N°4 COM N°4 USB N°1 10/100/1000 Mbps, Ethernet RJ45 N°1 10/100 Mbps, Ethernet RJ45 Slot: 2 PCI N°1 DVI-I No preinstalled operating system AC100/240V 50/60Hz, 120VA T : (0-50)°C 125(A), 2890(L), 270(P) mm, 6.0kg

Table 2-10 – Digital Proface APL-3000 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is no LPT port, so it is not possible to connect a parallel thermal printer; - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

2.1.3.10 Code TH4_HWPANEL_G

G – B&R PP500 Model

Technical characteristics

B&R PP500

Intel Atom Z510,1.1GHz, 2°cache 512kB CF CARD 512MB, DDR2 RAM 512M N°1 COM N°2 USB N°1 10/100/1000 Mbps, Ethernet RJ45 N°1 PP500 Interface Board; connection for 2x POWERLINK No preinstalled operating system DC24V, 23W T : (0-55)°C 156(A), 212(L), 55(P) mm, 1.287kg

Table 2-11 – B&R PP500 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is no LPT port, so it is not possible to connect a parallel thermal printer, it supports a serial thermal printer; - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key; - there is only one serial port reserved to the printer, so it is not possible to connect a SCADA system through the serial port by means of Modbus serial protocol.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

2.1.3.11 Code TH4_HWPANEL_H

Page 26 / 42

H – B&R APC 810 ATOM 5P81:404390.002-01 Model Technical characteristics B&R APC 810 ATOM - Core Duo, Core 2 Duo, Celeron M and Atom N270 - Up to 3 GB main memory (dual-channel memory support) 5P81:404390.002-01 -

Automatic Panel 12" 5AP920.1214-01

2 CompactFlash slots (type I) 1 card slot for PCI / PCI Express (PCIe) cards SATA drives (slide-in and slide-in compact slots) N.5 USB 2.0 N.2 Ethernet 10/100/1000 Mbit interfaces N.2 RS232 interface, modem-compatible 24 VDC supply voltage Fan-free operation1) BIOS (AMI) Real-time clock (RTC, battery-backed) 512 kB SRAM (battery-backed) Connection of various display devices to the "Monitor/Panel" video output (supports RGB, DVI, and SDL

- Automatic Panel AP920 display TFT 12” color LCD SVGA 800x600, touch screen resist.analog

Table 2-12 – B&R APC 810 ATOM 5P81:404390.002-01 IMPORTANT NOTE The panel PC does not meet all minimum requirements and has following limitations: - there is no LPT port, so it is not possible to connect a parallel thermal printer; - there is no floppy drive so an external USB floppy drive is needed to use the Recovery Disk tool, or use the Recovery Disk on USB key.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 27 / 42

2.1.4 Devices enabled to load application and to backup/restore data Devices, present and supported, that can be used to install application and to backup/restore data are different depending by the model of the Panel PC. Panel PC model

TH4_HWPANEL_P TH4_HWPANEL_A TH4_HWPANEL_S TH4_HWPANEL_Z TH4_HWPANEL_B TH4_HWPANEL_D TH4_HWPANEL_E TH4_HWPANEL_F TH4_HWPANEL_C TH4_HWPANEL_G TH4_HWPANEL_H

Floppy

Digital Proface PL6920-T4y Digital Proface PL6921-T4y Allen Bradley VERSA VIEW 1500P Ser.A-D (6181P-15TP2KH) Siemens Panel PC IL 70 (6AG7 010-0AA00-0AA0) Siemens Panel PC 577-12’’ Touch (6AV7820 0AB00-1AC0) Digital Proface PS-2000B (with PSB-CD/FD01) Digital Proface PS3650A-T41 Allen Bradley VERSA VIEW 1500P Ser.E (6181P-15TPXP) Siemens Panel IPC577C-12” Touch (6AV7885-0AA10-1AA2) Digital Proface APL-3000 B&R PP500 B&R APC 810 ATOM 5P81:404390.002-01

CD/DVD internal sw instal. & data b/r

Ethernet network sw instal. & data b/r

USB boot dev. (**)

sw instal. & data b/r

-

X

-

X

-

X

-

X

Boot dev. (**) X (Front) X (Side)

sw instal. & data b/r X (Front) X (Side)

X (Side)

X (Side)

-

X

-

X

X (Side)

X (Side)

-

X

-

X

- (*)

- (*)

-

X

X

X

X

X

-

X

-

- (*)

- (*)

-

X

X

X

- (*)

- (*)

-

X

X

X

- (*)

- (*)

-

X

X

X

- (*)

- (*)

-

X

X

X

- (*)

- (*)

-

X

X

X

- (*)

- (*)

-

X

X

X

X

Table 2-13 – Media devices present in the panel PC (*) Only using an external USB floppy drive (not supplied by Fedegari) (**) Boot device: mass storage device (called tool Recovery Disk), enabled to boot, used to perform operations on the system in specific cases: first installation of the software, gain access to the system for particular maintenance or when the system does not boot normally. This functionality depends by Panel PC BIOS.

2.1.4.1 USB peripherals supported USB peripheral supported are: 1. USB keys (disk-on-key) or hard disks 2. floppy drive 3. CD readers Peripherals type 1 and 2 can be used both for software installation and update than for backup operations, because it is possible both to read than to write on them. Peripherals type 3 can be used only for software installation and update because it is only possible to read them. IMPORTANT NOTE USB verified with THEMA4: - USB1.0 - USB2.0 less than 1GB (read 6MBps, write 3MBps) - USB2.0 1GB (read 10~12MBps, write 8MBps) - USB2.0 2GB (read 16MBps, write 12MBps) The panel PC Allen-Bradley VersaView 1500P ser.A, rev. A/B supports only pen drive which have USB 1.0 legacy.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 28 / 42

2.2 I/O BUS BOARD 2.2.1 Fieldbus supported The Thema4 system supports two different type of field bus: - Profibus - Powerlink The comunication is obtained by means of specific boards that can be inserted in the PCI slot of the Panel PC or integrated within the Panel PC itself. See the following paragraphs for details.

2.2.1.1 Generalities on Profibus fieldbus Applicom boards have been chosen within commercial boards available on the market, and particularly the PCIDPIO board is its B revision for PROFIBUS field bus, later replaced by PCU-DPIO model. These boards allow to communicate with remote I/O, by means of the female Profibus connector D-SUB 9-pin, and detection of the blackout condition by means of the circular subminiature 4-pin connector. By means of a specific software working in Windows environment, it is possible to configure several types of Applicom board, generating a configuration file in Windows environment specific for the I/O configuration of the specific sterilizer. This configuration file is then loaded into flash memory of the board, configuring it permanently. The detection of the blackout condition is done by means of a specific connector on the board which allows to manage an input and an output free of potential. The 24V d.c. power supply is wired on the input of this connector so that it is possible to detect the presence or the absence of power supply. From data received by the manufacturer the power supply is detected as certainly present for voltages ≥ 10V, and as certainly absent for voltages ≤ 6V.

0V

+24V

Fig. 2-3 – On board blackout connector

2.2.1.2 Generalities on Powerlink fieldbus Powerlink is a “Real-time Industrial Ethernet” technology, able to deal both with real-time data exchange and with not time-critical data, characteristic that makes it suitable for comunications at all levels witin a plant. The bus has been choosen as a replacement of Profibus board for handling sterilizer’s I/Os. The board choosen is 5PP5IF FPLM-00, integrated in the Panel PC PP500 from B&R. This board has two RJ45 powerlink connections to the same node, to allow daisy-chain cabling. This board supports additionally 512kB of SRAM that can be used by the application for any purpose. By means of a specific software working in Windows environment, it is possible to generate different configurations for specific sterilizers. The configuration is generated as a set of files that include also firmware for B&R modules, so this guarantees that all modules in the Powerlink network are up to date and synchronized with the configuration generated. To change the configration at a later tiem is as easy as replacing files. The board does not support any additional connection for blackout management, so this condition is detected by means of a specific logic number.

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 29 / 42

2.2.2 Supported I/O BUS BOARD for the Panel PC Num 1

Supplier

Model

2

Woodhead

PCI-DPIO B

3

Woodhead

PCU-DPIO

4

Woodhead

PCU-DPIO ver.F

5

B&R

5PP5IF FPLM-00

Woodhead

Technical characteristics

PCI-DPIO

Fieldbus

- Communication PC card for Profibus DP - BUS: PCI - OS: VxWorks - Windows software for I/O configuration - Communication PC card for Profibus DP - BUS: PCI - OS: VxWorks - Windows software for I/O configuration - Communication PC card for Profibus DP - BUS: PCI - OS: VxWorks - Windows software for I/O configuration - Communication PC card for Profibus DP - BUS: PCI - OS: VxWorks - Windows software for I/O configuration - Communication PC card for Powerlink - Mounting compatible with Panel PC PP500 - OS: VxWorks - Windows software for I/O configuration

Profibus

Profibus

Profibus

Profibus

Powerlink

Table 2-14 – Field bus card table

TH4_HW-PANEL_F

TH4_HW-PANEL_C

X X X X

X X X X

X X X X

X X X X

X X X X

X X X X

X X X X

X X X X

X X X X X

Table 2-15 – Boards/Panel PC compatibility

Fedegari Autoclavi SpA

TH4_HW-PANEL_G

TH4_HW-PANEL_E

PCI-DPIO PCI-DPIO B PCU-DPIO PCU-DPIO ver.F 5PP5IF FPLM-00

TH4_HW-PANEL_D

Woodhead Woodhead Woodhead Woodhead B&R

TH4_HW-PANEL_Z

1 2 3 4 5

TH4_HW-PANEL_B

Panel PC TH4_HW-PANEL_S

Model TH4_HW-PANEL_A

Supplier

TH4_HW-PANEL_P

Num

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 30 / 42

2.3 REMOTE I/O MODULES 2.3.1 Generalities Field (input/output signals) will be managed by means of digital and analog I/O modules of PLC systems of important manufacturers, connected remotely by means of network modules, as shown in figure. COM

BUS

DI

DO

AI

AO

BUS

Board

Fig. 2-4 – Remote I/O connection Manufacturer choosen are: • SIEMENS • ALLEN BRADLEY • SMC The units needed to connect I/O remotely are available with different configurations depending by the manufacturer and the model chosen, each one composed of well defined modules. For each sterilizer, the amount of digital and analog input/output modules used can be different based on the number of I/O needed for its configuration (number of sensors and actuators used), considering also “spare” part requested.

2.3.2 Configurations This paragraph details Remote I/O configurations supported by Thema4 control system, giving a table of supported modules for each one. IMPORTANT NOTE The “module model” listed in the table refer to modules available at the moment they have been configured in Thema4 control system. As time goes by those models can have “minor” changes that do not alter the way they interact with the controller, but can be identified by a change in the code of the module (for example: for SIEMENS ET200S the last 4 ciphers identify changes to the firmware or internal components). Modules with such differences in the code are compatible and can be applied to the Thema4 control system, which will always report, in the hardware configuration, the code of the first version of the module.

2.3.2.1 Configuration SIEMENS ET200S TH4_HW-PLC I/O_S200S N

Module model

Num.

Characteristics

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

6ES7-138-4CA00-0AA0 6ES7-193-4CC20-0AA0 6ES7-151-1AA02-0AB0 6ES7-972-0BA41-0XA0 6XV1830-0EH10 6ES7-131-4BD00-0AA0 6ES7-193-4CA20-0AA0 6ES7-132-4BD00-0AA0 6ES7-193-4CA20-0AA0 6ES7-134-4MB00-0AB0 6ES7-193-4CA20-0AA0 6ES7-193-4CB20-0AA0 6ES7-135-4GB00-0AB0 6ES7-193-4CA20-0AA0 6ES7-193-4CB20-0AA0

N (a)

Diagnostic ET200S power supply ET200S terminal module with AUX1 for PWR IM151 Profibus DP interface module for ET200S Socketless connection plug PG 12MB Profibus cable, in meters (5-pack) ET200S 4 D/IN STD24VCC module (5-pack) TM-E15S24-A1 terminal block (5-pack) ET200S 4D/OUT STD24VCC module (5-pack) TM-E15S24-A1 terminal block ET200S 2A/IN HighPerf. Module (5-pack) TM-E15S24-A1 terminal block (CF 5pz) Bloc.Termin.TM-E15S24-01 ET200S module 1AOUT +/-20mA 13bit+S (5-pack) TM-E15S24-A1 terminal block (CF 5pz) Bloc.Termin.TM-E15S24-01

16

6ES7-134-4NB50-0AB0

N I

ET200S module 2AI/RTD HI FE (Pt100-4 wire)

17 18

6ES7-193-4CA20-0AA0 6ES7-390-1AE80-0AA0

480mm

(5-pack) TM-E15S24-A1 terminal block Profiled guide for S7300-480mm

Fedegari Autoclavi SpA

N (b) Nm N N N

N

Power supply distrib. Terminal Mod. Profibus DP Profibus plug Profibus cable Mod. With 4 D/I Terminal Mod. With 4 D/O Terminal Mod. With 2 A/I Terminal Terminale Mod. With 2 A/O Terminal Terminale Mod. With 2 A/I 4-wire RTD Terminal Guide

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 31 / 42

(a) The number of power supply modules depends on the I/O modules used. This module distributes 24 VDC power to the modules of the guide (max 10A) with diagnostics. It requires a 24 VDC power supply. (b) The number of Profibus interface modules depends on the power supply modules and I/O modules. (c) To be used only if the Pt100/4-20mA converter modules (standard solution) are not used, this solution has never been adopted.

Table 2-16 – Siemens ET200S I/O IMPORTANT NOTE Modules with different firmware version (cipher in italic) can be considered compatible. Each module is listed in its initial firmware version.

2.3.2.2 Configuration SIEMENS ET200M (non standard) TH4_HW-PLC I/O_S200M N

Module model

No.

Characteristics

1 2 3 4 5 6 7 8 9 10 11 12

S7 PS307 5A 6ES7-153-1AA03-0XB0 6ES7-972-0BA41-0XA0 6XV1830-0EH10 6ES7-321-1BL00-0AA0 6ES7-392-1AM00-0AA0 6ES7-322 1BL00-0AA0 6ES7-392-1AM00-0AA0 6ES7-331-7NF00-0AB0 6ES7-392-1AJ00-0AA0 6ES7-332-7ND00-0AB0 6ES7-392-1AJ00-0AA0

1 1

ET200M 5A Power supply Profibus DP ET200M module for S7300 Socketless connection plug PG 12MB Profibus cable, in meters 32 DIN DC 24V SM321 module 40-pole connector 32 DO DC 24V, 0.5A, SM322 module 40-pole connector 8 AI 4-20mA SM331-7NF module 20-pole screw-down connector 4 AO 4-20mA SM332 module 20-pole screw-down connector

13

6ES7-331-7PF00-0AB0

N (a)

8 AI RTD (8 Pt100-4-wire) SM331-7PF module

14 15

6ES7-392-1AM00-0AA0 6ES7-390-1AE80-0AA0

480mm

40-pole connector Profiled guide for S7300-480mm

Nm N N N N

Power supply Mod. Profibus DP Plug Cable Mod. With 32 D/I Connector Mod. With 32 D/O Connector Mod. With 8 A/I Connector Mod. With 4 A/O Connector Mod. With 8 A/I 4-wire RTD Terminal Guide

(b) To be used only if the Pt100/4-20mA converter modules are not used Table 2-17 – Siemens ET200M I/O

2.3.2.3 Configuration ALLEN BRADLEY FLEX I/O TH4_HW-PLC I/O_A N

Module model

No.

Characteristics

1 2

1 (a) 1 I

POWER SUPPLY, 24V, 120/230VAC, 1.3A Profibus-DP 12Mbit/s ADAPTER

120/230VAC power supply Profibus adapter mod.

Socketless connection plug PG 12MB

Profibus plug

5 4 5 6 7 8 9 10 11 12 13

1794-PS13 1794-APB (b) 6ES7-972-0BA41-0XA0 Siemens 6XV1830-0EH10 Siemens 1794-IB16 1794-TB3 1794-IB32 1794-TB32 1794-OB16P 1794-TB3 1794-OB32P 1794-TB32 1794-IF4I 1794-TB3

Nm N

Profibus cable Mod. With 16 D/I Terminal strip Mod. With 32 D/I Terminal strip Mod. With 16 D/O Terminal strip Mod. With 32 D/O Terminal strip Mod. With 4 A/IN insul. Terminal strip

14

1794-IF2XOF2I

15 16 17 18

1794-TB3 1794-IRT8 1794-TB3G -

Profibus cable, in meters 16 D/INPUT 24VDC Screw-down terminal strip for standard modules 32 D/INPUT 24VDC Screw-down terminal strip, 3 rows, for 32-point I/O 16 D/OUTPUT 24VDC SELF-PROTECTED Screw-down terminal strip for standard modules 32 D/OUTPUT 24VDC SELF-PROTECTED Screw-down terminal strip, 3 rows, for 32-point I/O 4 INSULATED ANALOG INPUTS Screw-down terminal strip for standard modules 2 INSULATED ANALOG INPUTS + 2 INSULATED ANALOG OUTPUTS Screw-down terminal strip for standard modules 8 ANALOG INPUTS FROM 4-wire RTD / THERMOCOUPLE Screw-down terminal strip, 3 rows, for 1794-IJ2 and IRT8 Profiled guide (35X7.5mm)

4

N N N N 1 N (d) -

Mod. With 2A/I+2A/O insul. Terminal strip Mod. With 8A/I Pt100 4-wire Terminal strip Guide

(a) One POWER SUPPLY can supply sufficient power to operate up to 4 ADAPTERS (b) As an alternative, the PROSOFT FLEX-IO 3170-PDP model can be used (c) A Profibus ADAPTER can be interfaced with (i.e., supply and transfer data to) up to 8 1794 I/O modules. For more than 8 I/O modules it is necessary to user other ADAPTERS connected in a cascade configuration. 5 To be used only if the Pt100/4-20mA converter modules (standard solution) are not used.

Table 2-18 – Allen Bradley FLEX I/O

Fedegari Autoclavi SpA

D/O#86791.32 – February 2014

Thema4 control system - HDS - Section 2

Page 32 / 42

2.3.2.4 Configuration SMC EX250 TH4_HW-PLC I/O_EX250 N

Module model

No.

Characteristics

1 2 3 4 5

EX250-SPR1 SV1A00-5FU EX500-AP0*0-* TURK *** …..

1 N 1 1 ….

Profibus module DP 12Mbit/s Solenoids Power supply cable Socketless connection plug PG 12MB Profiled guide (35X7.5mm)

Mod.Profibus DP Solenoid valve Cable Plug Guide

Table 2-19 – SMC EX250

2.3.2.5 Configuration SMC EX500 TH4_HW-PLC I/O_EX500 N

Module model

No.

Characteristics

1 2 3 4 5 6 7 8 9

EX500-GPR1 EX500-S001 SV1A00-5FU EX500-IB1 EX500-IE1 EX500-AP0*0-* EX500-AC*-* TURK *** …..

1 1
View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF