Achieve GMP Compliance With Ignition

Written By Alex Marcy

Sarah rubbed her temples as she stared at the spreadsheet of vendor proposals scattered across her desk. As the newly hired Automation Manager at pharmaceutical manufacturer, she had inherited what seemed like an impossible task. She had to find a SCADA system that could meet the stringent Good Manufacturing Practice (GMP) requirements in pharmaceutical manufacturing that was within budget and timeline constraints.

The pressure was mounting. An FDA inspection was scheduled just six months out, and their current legacy system was a patchwork of outdated software and manual processes. It wouldn't pass even the most lenient regulatory review. Every day running on the current system meant potential compliance violations that could translate to millions in lost revenue or, worse, a manufacturing shutdown.

"Another one bites the dust," Sarah muttered, crossing off yet another vendor from her list. This latest system had seemed promising on paper. It had robust data integrity features, excellent reporting capabilities, and a user-friendly interface. But buried in the fine print, she discovered it lacked the 21 CFR Part 11 compliance documentation her quality assurance team demanded. No electronic signatures, no audit trail granularity, no tamper-evident data storage. In pharmaceutical manufacturing, these weren't nice-to-have features, they were regulatory lifelines.

Her phone buzzed with another urgent message from the plant manager. Production Line 3 had experienced another data logging failure, forcing operators to revert to paper-based batch records. The irony wasn't lost on her, in an industry built on precision and traceability, they were literally flying blind through their most critical manufacturing processes.

Unfortunately Sarah's challenge isn't unique in the pharmaceutical industry. Across the sector, manufacturing managers grapple with the same fundamental tension: they need modern automation systems that can optimize production efficiency while meeting the exacting standards of pharmaceutical regulations. The stakes couldn't be higher. Patient safety, regulatory compliance, and business continuity all hung in the balance.

As she prepared for another vendor demo, Sarah wondered if the perfect GMP-compliant SCADA solution even existed, or if she'd have to build it herself, piece by regulatory piece.

Ignition and 21 CFR Part 11 Compliance

The first place to start for Ignition’s 21 CFR Part 11 Compliance is the 21 CFR Part 11 and Pharmaceutical Best Practices with Ignition document from Inductive Automation. This document details each feature of Ignition that supports 21 CFR Part 11 Compliance. It also covers the technical capabilities of the Ignition platform with respect to 21 CFR Part 11. It also includes links to the Ignition Security Hardening Guide, an overview of how to use Identity Providers with Ignition for user account management, as well as guidance for setting up database access rules to prevent updates on database tables.

The Security Hardening Guide also contains a Compliance Summary Table with many of the items in Subpart B - Electronic Records and Subpart C - Electronic Signatures covered by Ignition’s built in features. One key item to note is Electronic Signatures are only available as a component when using the Perspective Module. They are possible in Vision but would require some additional development effort to implement the required functionality.

Ignition Electronic Signatures

In version 8.1.16 (released in April 2022) Ignition supports Electronic Signatures in the Perspective Module with the “Authentication Challenge” Session Event. There is a walkthrough of how this works on the Inductive Automation blog.

Basically you need to set up your workflow in your Ignition application and add in a button to require another user to log in to validate the change. If desired you can also use the Signature Component in Perspective to collect a user entered signature. Once the user clicks the button to validate the change it will trigger the additional user authentication logic requiring them to login and once completed will allow you to continue through the process.

This functionality will be tracked in the Ignition Audit log, as well as give you access to a payload from the authentication challenge you can use to store additional information in your database to track the electronic signature for that action.

For more information on how to handle this payload and use the signature component, please see our Perspective Signature Component tutorial.

Ignition Audit Trail

Ignition’s built-in Audit Log is a powerful tool. It automatically tracks a number of actions including everything on an extensive list in the Ignition User Manual. Most importantly it tracks any project changes, module changes on the gateway, identity provider changes, login requests and responses, and tag value changes from component bindings. For most Ignition installations tag value changes are critical to track as they provide records anytime process setpoints change so you can track when operators are making adjustments to the system.

From a GMP perspective tracking login requests and responses helps you monitor who is accessing the system at any given time, including electronic signature verifications. At a basic level the Audit Log will provide you with all of the information you need to track and verify changes to the system, with more capabilities related to tracking electronic signatures available with the authentication challenge integration for electronic signatures.

The audit log records are always available through the Ignition gateway webpage, and the data is stored in a database. This makes it easy to pull into an Ignition screen for viewing, searching, and monitoring directly inside of Ignition. If you don’t want to build an Audit Log monitoring screen from scratch there is an example resource we frequently use for basic functionality on the Ignition Exchange.

Ignition and Tamper-Evident Data Storage

While truly tamper-proof approaches to managing data stored in a database is outside of the scope of this post, the main place to manage your data is in the database itself using dedicated user accounts with limited access. We have a more detailed post covering database security from a cybersecurity perspective as part of our Defense in Depth series. The same concepts apply in a GMP environment. Don’t use the default sa or root user that has access to all functionality. Set up specific users who can only insert data into the database and use those for your Ignition connections preventing data from being updated from Ignition. This will help solve a majority of the common issues with data tampering by locking it down at the source.

Locking down Ignition’s database connections to users who are only be able to insert data will prevent anyone with access to the Ignition designer or clients from updating data in your database. In many cases this is a sufficient line of defense as it requires someone to access the database directly through a user account with access to update records.

Another approach you can use directly in Ignition to provide evidence of data tampering for tag history is the Tag History Splitter. A Tag History Splitter lets you configure tag history to be stored in multiple historical tag provider connections. This is commonly used to set up a long term storage option for all tag history with a smaller period of time useful for improving recent history query performance. For a GMP environment we recommend setting up a Tag History Splitter to send data to another database in addition to your main history database. This allows you to keep a copy of your data in another location you can use to correlate your main history to see if any changes have been made. If you lock down your Ignition gateway properly this functionality will essentially be hidden from view making it that much more difficult for someone to know where all the data is located. It requires much more effort to make the same updates in multiple databases, especially if the person making the changes doesn’t know there is a copy of the database being monitored.

There are similar options to using a Tag History Splitter you can do on the database directly like setting up a shadow copy table to mirror your tag history data or other auditing data, or utilize various database backup tools to manage this process automatically by capturing data snapshots on a regular basis.

Wrapping Up

Ignition is one of the best SCADA systems to use in a GMP environment. While there are specific items you will need to manage internally, especially on the process and procedures side of things Ignition has the functionality requirements to ensure your SCADA system gives you the best foundation for GMP compliance on the market.

Our Defense in Depth series will help you understand all of the cybersecurity concerns you need to manage with a SCADA solution and all of your plant floor equipment, including approaches to Version Control, Database Security, and reducing the Human Risks inherent in modern technology.

We have helped many companies implement Ignition in a GMP environment, and have found a lot of the items in 21 CFR Part 11 are applicable to any manufacturing industry.

Ignition can support your GMP compliance needs,
and Corso Systems can help make it work for you fast!

Schedule an intro call with Cody Johnson in sales ASAP

Or contact us with your project details and challenges

Alex Marcy
Previous

With Data You Can Leave Assumptions In the Past
Next

Energy Monitoring for Manufacturing