SCADA & DCS Integration in Pharmaceutical Manufacturing

TL;DR: Connecting SCADA and DCS systems to a pharma MES is the highest-risk integration work in an ISA-95 project — because errors here produce corrupted batch records and invalid audit trails, not just incorrect reports. This Blueprint covers OPC-UA server configuration, alarm rationalisation, batch event journalling for GMP audit trails, and historian tag naming conventions for pharma environments. Includes a worked interface specification template for a DCS-to-MES integration. Read time: 10 min.

Why SCADA/DCS Integration Is the Hard Part

In pharmaceutical manufacturing, the Level 2–Level 3 interface (SCADA/DCS to MES) is where two fundamentally different system worlds meet: the deterministic, real-time world of process control and the transactional, record-keeping world of GMP documentation. Getting this interface wrong produces consequences that are difficult to detect and expensive to remediate — specifically, process data that appears in batch records but cannot be proven to be contemporaneous, accurate, or attributed to the correct batch.

A DCS controlling a granulation process samples temperature and humidity every 500 ms. The MES batch record needs those values to demonstrate that the process stayed within validated limits. The interface between them must answer three GMP questions: Was the data captured at the moment it was generated (contemporaneous)? Has the data been modified between capture and batch record lock (accurate)? Is the data tagged to the correct batch lot number (attributed)? OPC-UA, configured correctly, answers all three. Configured incorrectly, it answers none.

For the regulatory framework governing these electronic records, 21 CFR Part 11 and EU GMP Annex 11 are the source of truth — see N4.1: 21 CFR Part 11 & Annex 11 Compliance Guide for full detail.

OPC-UA Server Configuration for GMP Environments

OPC-UA is the integration protocol of choice for new pharma SCADA/DCS-to-MES interfaces. Its adoption in pharma is driven by two properties absent from legacy OPC-DA (Classic): security at the protocol level (encryption, authentication, certificate management) and a structured data model that carries semantic context alongside raw values.

Server Configuration Checklist

Security policy: Configure OPC-UA server with Security Policy "Basic256Sha256" minimum. "None" policy (no encryption) is not acceptable for GMP-critical data in a pharma environment — it creates an undocumented attack surface and produces data without integrity guarantees.

Certificate management: Every OPC-UA client (MES, historian, middleware) must be issued a signed certificate by the site's PKI. Self-signed certificates are acceptable for development/testing only. Production certificates must have a defined renewal process managed through the site's change control procedure.

Session configuration: Set SessionTimeout to 30,000 ms (30 seconds) minimum. Set MaxSubscriptions per session to a value above the expected MES subscription count (add 20% headroom). Under-configured session limits cause data gaps during peak MES polling periods — this is a common root cause of missing batch record entries.

Tag access rights: Configure tag-level read/write permissions. MES should have read access to process data tags and write access only to recipe download tags and status setpoints. Write access to process control tags from the MES layer creates a change control boundary issue: MES-initiated process setpoint changes may not be captured in the DCS audit trail, leaving an unexplained gap.

Monitored item sampling interval: Set sampling interval at 50–100% of the process variable's critical sampling requirement. For a temperature loop with a 1-second validation specification, set the OPC-UA monitored item to 500 ms to ensure no measurement is missed due to polling timing.

Alarm Rationalisation Before Integration

Alarm rationalisation is not optional before integrating SCADA alarms into a pharma MES. A SCADA system with 300+ active alarms — the typical state of an un-rationalised pharma SCADA — produces an MES alarm journal that is functionally useless for batch record review. QA reviewers faced with 400 alarms in a 8-hour batch record cannot identify GMP-critical alarms without scrolling through noise.

The EEMUA Publication 191 (Guide to the Design of Alarm Systems) and ISA-18.2 (Management of Alarm Systems) provide the rationalisation methodology. For pharma, the output of alarm rationalisation that is directly relevant to MES integration is a three-tier classification:

  • GMP-critical alarms: Automatically journalled to the batch record. Require operator acknowledgment with justification logged in MES. Examples: temperature out-of-range, pressure excursion, environmental monitoring alert in classified area.
  • Operational alarms: Captured in SCADA historian; available for review but not mandatory in batch record. Examples: equipment status changes, utility supply interruptions (if backup engaged within tolerance).
  • Informational alarms: Not transmitted to MES. Retained in SCADA only.

This classification must be agreed with QA before interface configuration begins. The alarm rationalisation document becomes a controlled GMP document — changes to alarm classification require formal change control and potential OQ retest of the MES batch journal function.

Batch Event Journalling: GMP Audit Trail Architecture

The batch event journal is the MES's chronological record of everything that happened during a batch: recipe steps executed, process data captured, operator actions, alarm events, and electronic signatures. For GMP compliance, it must be:

  • Contemporaneous: Events recorded at the time of occurrence, not reconstructed afterward.
  • Immutable after batch record lock: No post-close modification without a documented and audited change.
  • Complete: No missing events for GMP-critical process steps.
  • Attributable: Every entry carries the identity of the person or system that generated it.

The architecture that achieves this in a SCADA-to-MES integration: the SCADA generates a batch event message (OPC-UA event or MQTT publish) at the exact moment a GMP-critical process step changes state. The MES subscribes to these events and writes them to the batch journal with a server-side timestamp. The server-side timestamp — not the client's clock — is the authoritative time for the event. This prevents timestamp manipulation by operator workstations with incorrect system clocks.

For SCADA-to-MES event transmission, define a canonical event message structure. A minimum-viable GMP batch event message includes: EventType (step start/complete/abort/alarm), BatchID, Equipment ID, RecipePhase, Timestamp (UTC), ProcessValue (if applicable), Units, Operator ID (if manual event), and EventSource (SCADA system name and tag path). Deviating from this structure — even for "minor" events — creates schema inconsistencies that complicate batch record export and regulatory submission formatting.

Historian Tag Naming Conventions for Pharma

The data historian is the permanent record of process variable time-series data. For pharmaceutical GMP environments, the historian tag naming convention is a controlled document — because tag names appear in batch records, validation protocols, and regulatory submissions. Changing a tag name after validation requires formal change control and impacts every document containing that tag name.

Use a hierarchical naming convention aligned with ISA-95 levels and the ISA-88 physical model. A recommended structure is:

[Site].[Area].[ProcessCell].[Unit].[EquipmentModule].[TagName].[Extension]

For example: VN01.MFG.GRAN01.GRAN_UNIT_A.BLENDER.TEMP_PRODUCT.PV

Where: VN01 = Vietnam Site 1; MFG = Manufacturing Area; GRAN01 = Granulation Process Cell; GRAN_UNIT_A = Granulation Unit A; BLENDER = Equipment Module; TEMP_PRODUCT = Tag descriptor; PV = Process Variable (vs SP = Setpoint, MV = Manipulated Variable, ALRM = Alarm status).

This naming structure allows the historian to be queried by any level of the ISA-95 hierarchy, which is essential for MES batch record queries (retrieve all process data for GRAN_UNIT_A between batch start and batch end times) and for regulatory submission datasets (retrieve all temperature data for GMP-critical equipment in Area MFG during Q3 2025).

For AVEVA PI System-specific configuration of pharma historian tagging and integration with MES, see Data Historian: AVEVA PI vs Open Source.

Worked Interface Specification Template

An Interface Specification Document (ISD) governs one SCADA/DCS-to-MES interface. Minimum sections:

Section 1 — Interface Overview: Source system (SCADA/DCS name, version, vendor), destination system (MES name, version), integration protocol (OPC-UA 1.04), middleware if applicable, GMP classification (Direct impact — batch-critical data flow).

Section 2 — Data Object Map: Table listing each process variable: Tag Name (source), OPC-UA Node ID, MES Data Field Name, Data Type, Engineering Units, Sampling Interval, GMP Classification (critical / non-critical), and Journalling Rule (journal to batch record Y/N).

Section 3 — Event Message Specification: Event types transmitted, canonical message structure, timestamp source, error handling (what happens if MES unavailable — buffer locally in SCADA and resend, or discard?).

Section 4 — Security: OPC-UA security policy, certificate management process, network path (VLAN IDs, firewall rule references).

Section 5 — Test Specifications: FAT test cases (5–8 minimum), SAT test cases, OQ test cases referencing this ISD.

Section 6 — Change Control: Documents that must be updated if this interface is modified. Approver list for changes.

Vietnam Context: DCS Integration Landscape in Vietnamese Pharma

Vietnam's legacy pharma DCS landscape is predominantly Siemens (PCS 7, S7 series) and Yokogawa (CENTUM VP), with older sites running Honeywell TDC or Delta-V. These systems have OPC-DA (Classic) servers that function but do not support OPC-UA natively without a wrapper or migration.

The practical integration path for these legacy systems: deploy a Kepware OPC-DA-to-OPC-UA gateway server in the DMZ between Level 2 and Level 3 networks. This gateway translates OPC-DA tag data to OPC-UA objects that the MES can consume. The gateway itself becomes a validated component — requiring IQ (hardware/OS installation) and OQ (data accuracy and latency testing). This adds 4–6 weeks to the integration phase but is significantly faster and cheaper than replacing the DCS to achieve native OPC-UA.

Newer pharma installations in Vietnam (DHG Pharma's 2025 betalactam line, Imexpharm capacity expansion) are specifying native OPC-UA from the DCS layer — typically Siemens PCS neo or Emerson Delta-V DeltaV v15 — which eliminates the gateway requirement and reduces the validated scope.

FAQ

Q1: Can we integrate a 15-year-old Siemens S7-300 PLC directly to our MES via OPC-UA? Not natively. The S7-300 supports OPC-DA via the Siemens OPC server (WinCC) but not OPC-UA directly. You need either a Kepware OPC-DA-to-UA gateway or a CP343-1 ADVANCED communication module for the S7-300 that supports OPC-UA. Validate the gateway as part of the MES integration scope.

Q2: How often should process data be sampled and stored in the historian for a pharma batch process? This is defined by the process parameter's Critical Process Parameter (CPP) classification and the validated specification. Typical: every 1 second for critical temperature/pressure loops, every 5–10 seconds for non-critical utility parameters. Storage compression (deadband) should be disabled for GMP-critical tags — every measured value must be stored, not filtered.

Q3: What happens to SCADA integration when the MES goes offline for scheduled maintenance? The SCADA must buffer GMP-critical batch events locally during MES downtime (in a temporary historian or local database) and resynchronise when MES reconnects. This resync behaviour must be validated during OQ — specifically, the test must confirm that buffered events carry the original SCADA timestamp (not the resync timestamp), maintaining contemporaneous record integrity.

Q4: Should alarm management be configured in the SCADA or the MES? Alarm generation and first-tier handling (acknowledgment, setpoint) stays in the SCADA. GMP-critical alarm journalling and batch record inclusion is configured in the MES. The integration point: the MES subscribes to the SCADA's OPC-UA alarm and condition service and writes classified alarms to the batch journal.

Q5: Is OPC-UA mandatory, or can we use Modbus/TCP or MQTT instead? Modbus/TCP has no built-in security and no data model — it transmits raw register values without context. It is not suitable as a primary protocol for GMP-critical batch data. MQTT is a valid complementary protocol (especially for IIoT sensor data), but a broker architecture requires additional validation work (broker redundancy, message ordering guarantees). OPC-UA remains the validated-state standard for DCS/SCADA-to-MES batch data in pharma GMP environments.

Q6: How do we handle a batch that spans two SCADA system boundaries (e.g., granulation in one system, coating in another)? Define a unified Batch ID at the MES level that persists across both SCADA systems. Each SCADA publishes batch events tagged with the MES-assigned Batch ID. The MES aggregates events from both sources into a single batch journal. Test this cross-system batch assembly explicitly in OQ — it is a common failure point for multi-area batch manufacturing implementations.

References

  1. QBD Group — "SCADA Automation in Pharma: Boosting Efficiency and Compliance." https://qbdgroup.com/en/blog/scada-automation-in-pharma-boosting-efficiency-and-compliance
  2. American Pharmaceutical Review — "Bridging Legacy DCS and Modern Automation." https://www.americanpharmaceuticalreview.com/Featured-Articles/624885-Bridging-Legacy-DCS-and-Modern-Automation/
  3. OPC Foundation — OPC UA Specification Part 4: Services (v1.04). opcfoundation.org
  4. ISA-18.2 — Management of Alarm Systems for the Process Industries. isa.org
  5. EEMUA Publication 191 — Guide to the Design of Alarm Systems. eemua.org
  6. LinkedIn / Prabhat Mishra — "SCADA, DCS, and MES in Pharmaceutical Manufacturing." https://www.linkedin.com/posts/prabhat-mishra-9437b916
  7. Kepware (PTC) — KEPServerEX OPC-UA Configuration Guide. kepware.com
  8. Siemens — SIMATIC PCS 7 OPC Interface documentation. siemens.com/pharma

| N1.6 | PLC/HMI Modernization Decision Matrix | 1,000 | ⬜ |

TYPE 2 — Expert synthesis based on industry-standard GMP guidelines, regulatory publications and real-world pharmaceutical automation deployments in Vietnam and Southeast Asia. Transparency note: This resource reflects the author's professional experience and publicly available regulatory guidance. Readers should verify specific requirements with their qualified regulatory consultants.