Q: I am seeking a standard to monitor, control and communicate existing Programmable Logic Controller (PLC) program changes.
We have a team of 15 electricians. They have access to various machinery and their PLCs. They can make modifications to majority of PLC programs.
The changes are under communicated and the current process in not monitored. We do capture log in/log out and some changes, but this is not sufficient.
Bud Salsbury’s take:
A: If these are Ethernet IP equipped PLCs that support remote login and can be network attached at all times, it isn’t an issue. It becomes an IT admin thing. For example, Allen Bradley’s PLCs can have their programs placed out on the network and treated like an FTP site. The PLCs can pull their programs at each start up from their predefined folders.
If we are talking about standalone PLCs, with no network, it becomes a whole different animal. It is then more of a procedural thing. You must again place the master copy of the program on a network location, but it is up to each programmer to follow a routine, pull the program from the network, update, upload to the PLC, test/verify, and if good–replace the master copy. Now, if any step is missed, you’re up that well known waterway without any visible means of locomotion.
Ethernet IP is your friend. Note: they have to be newer/smarter PLCs to play nice.
Now if you are making changes to the program (whether it is a robot, or an NC machine, or a molding press), then these changes would probably affect the overall production process. Also, if the changes could affect the quality of the product in any way (either good or bad), then, at the very least, there should be a type of “deviation” procedure where the quality level of the product is verified after the process deviation has been implemented and prior to releasing any new parts produced off of this deviated process. Also, there should be record of the before and after settings.
Bud Salsbury
ASQ Senior Member, CQT, CQI
Thea Dunmire’s take:
A: There are a number of significant risks associated with making modifications to PLCs used to control industrial equipment. When you are modifying PLCs, you are making changes to “the brains” of your operations. These changes can result in equipment that does not function properly, production lines that completely shut down or critical infrastructure that stops operating (e.g. water pumping stations that stop working). Thousands, or even millions, of dollars can be lost because of the modification or malfunction of a single PLC. These malfunctions can be caused by lack of ongoing maintenance, ill-conceived “trial-and-error” modifications, or even the insertion of malicious code by external hackers or disgruntled employees.
Organizations should have control processes in place that address all PLC modifications. Control processes are clearly required for PLCs that are used for safety-related applications or high-hazard process operations. For organizations that are certified to OHSAS 18001:2007 Occupational health and safety management systems — Requirements, management-of-change procedures must be established to assess the potential hazards of PLC modifications prior to any changes being made. After the fact validation is not acceptable.
There are a number of potentially applicable regulations and standards – whether they are actually applicable to your operations depends on the nature of the processes and equipment being controlled. It is important for organizations to carefully assess which requirements need to be met and institute the processes needed for conformance. In addition, organizations should periodically evaluate the robustness of the established systems to ensure the ongoing integrity of all PLC controlled operations.
Examples of potentially applicable regulations and standards include:
- IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems defines the requirements for programmable electronic systems used in the safety-related parts of controls systems.
- U.S. regulations, including 29 CFR 1910.147 (Lockout/tagout requirements), 29 CFR 1910.119 (OSHA Process Safety) and 40 CFR 68 (EPA Risk Management Plan)
- NFPA 79 – Electrical Standard for Industrial Machinery
- ANSI B11.1 and EN 692 – safety requirements standards for mechanical presses
- ANSI/RIA 15.06 – standard for industrial robots and robot systems
This is a complex area that requires input from individuals with specific training and competence in working with PLC controlled equipment. It is not an area to for improvisation – the risks are too high.
Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
Largo, FL
http://www.enlar.com
For more on this topic, please visit ASQ’s website.