Modifying Programmable Logic Controllers (PLCs)

PLCs, programmable logic controllers

Q: I am seeking a standard to monitor, control and communicate existing Programmable Logic Controller (PLC) program changes.

We have a team of 15 electricians. They have access to various machinery and their PLCs. They can make modifications to majority of PLC programs.

The changes are under communicated and the current process in not monitored. We do capture log in/log out and some changes, but this is not sufficient.

Bud Salsbury’s take:

A: If these are Ethernet IP equipped PLCs that support remote login and can be network attached at all times, it isn’t an issue. It becomes an IT admin thing. For example, Allen Bradley’s PLCs can have their programs placed out on the network and treated like an FTP site. The PLCs can pull their programs at each start up from their predefined folders.

If we are talking about standalone PLCs, with no network,  it becomes a whole different animal. It is then more of a procedural thing. You must again place the master copy of the program on a network location, but it is up to each programmer to follow a routine, pull the program from the network, update, upload to the PLC, test/verify, and if good–replace the master copy. Now, if any step is missed, you’re up that well known waterway without any visible means of locomotion.

Ethernet IP is your friend. Note: they have to be newer/smarter PLCs to play nice.

Now if you are making changes to the program (whether it is a robot, or an NC machine, or a molding press), then these changes would probably affect the overall production process. Also, if the changes could affect the quality of the product in any way (either good or bad), then, at the very least, there should be a type of “deviation” procedure where the quality level of the product is verified after the process deviation has been implemented and prior to releasing any new parts produced off of this deviated process.  Also, there should be record of the before and after settings.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Thea Dunmire’s take:

A: There are a number of significant risks associated with making modifications to PLCs used to control industrial equipment.  When you are modifying PLCs, you are making changes to “the brains” of your operations.  These changes can result in equipment that does not function properly, production lines that completely shut down or critical infrastructure that stops operating (e.g. water pumping stations that stop working). Thousands, or even millions, of dollars can be lost because of the modification or malfunction of a single PLC. These malfunctions can be caused by lack of ongoing maintenance, ill-conceived “trial-and-error” modifications, or even the insertion of malicious code by external hackers or disgruntled employees.

Organizations should have control processes in place that address all PLC modifications. Control processes are clearly required for PLCs that are used for safety-related applications or high-hazard process operations. For organizations that are certified to OHSAS 18001:2007 Occupational health and safety management systems — Requirements, management-of-change procedures must be established to assess the potential hazards of PLC modifications prior to any changes being made. After the fact validation is not acceptable.

There are a number of potentially applicable regulations and standards – whether they are actually applicable to your operations depends on the nature of the processes and equipment being controlled. It is important for organizations to carefully assess which requirements need to be met and institute the processes needed for conformance. In addition, organizations should periodically evaluate the robustness of the established systems to ensure the ongoing integrity of all PLC controlled operations.

Examples of potentially applicable regulations and standards include:

  • IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems defines the requirements for programmable electronic systems used in the safety-related parts of controls systems.
  •  U.S. regulations, including 29 CFR 1910.147 (Lockout/tagout requirements), 29 CFR 1910.119 (OSHA Process Safety) and 40 CFR 68 (EPA Risk Management Plan)
  • NFPA 79 – Electrical Standard for Industrial Machinery
  • ANSI B11.1 and EN 692 – safety requirements standards for mechanical presses
  • ANSI/RIA 15.06 – standard for industrial robots and robot systems

This is a complex area that requires input from individuals with specific training and competence in working with PLC controlled equipment.  It is not an area to for improvisation – the risks are too high.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
Largo, FL

For more on this topic, please visit ASQ’s website.

OHSAS 18001 and ISO 9001 Work Environment Requirements

Workplace safety, OHSAS 18001, work environments

Q: We had the opportunity to get the certification for OHSAS 18001:2007 Occupational health and safety management systems — Requirements. While looking at the clause interaction between ISO 9001 Quality management systems–Requirements and OHSAS 18001 given at the end of the standard, I did not find any interaction between the standards for clause 6.4 work environment in ISO 9001.

Am I missing anything or is there any reason for it?

A: I am a U.S. Technical Expert for ISO 9001 and associated  quality management system (QMS) standards and have been involved with QMS standards since 1975.

In my opinion, the answer to your question is that the developers of OHSAS 18001:2007 did not feel that ISO 9001 clause 6.4 related to 18001. This, incidentally, I find puzzling.

The requirement in ISO 9001:2008 Quality management systems–Requirements clause 6.4 reads: The organization shall determine and manage the work environment needed to achieve conformity to product requirements.

In other words, you should make sure that your employees have an adequate work environment for producing your products. They should have adequate room temperature, lighting, and etc.

The 2005 report: Integrated Management Systems (IMS) – Potential Safety Benefits Achievable from Integrated Management of Safety, Health, Environment and Quality (SHE&Q) from Environment Directorate, Organisation For Economic Cooperation And Development, Paris, includes the following which might be of interest to you:

“OHSAS 18001 and National Standards

During drafting of the original BS 8800 a major division of opinion arose as to whether or not independent assessment and certification of an organisation’s OSHMS should be encouraged, as for QMS and EMS.  Some viewed such certificates as valuable, particularly in the context of effective supply chain management, others believed that existing certification processes: added minimal value, required excessive resources and resulted in unused manuals – so new certification processes should be resisted.  It proved impossible to reconcile these views within BS8800, which was structured and published as a non-certifiable standard.

As a result, an international consortium of certification bodies, including the commercial arm of BSI, produced the OHSAS 18001 specification in 1999, followed by implementation guidelines OHSAS 18002 in 2000.  Neither document is an official British Standard, but OHSAS 18001 either is, or is likely to become, a national standard in other countries, notably in Pacific Rim.  A recent survey by BSI identified that over 8000 OSHMS certificates have been issued in 70 countries, to many different standards and guidance, and that some 46% are to OHSAS 18001.

With the revision of BS 8800, from which it is derived, it might be presumed that OHSAS would be updated automatically.  A review is indeed planned, but the decision on when to publish a revision will take into account other factors, including the needs of current new users to have time to ‘bed down’ their internal processes before revising them to meet an improved standard.  When a revision is agreed, it is likely to include some alignment with other high-quality national standards such as AUS/NZ 4801, to aid recognition as a truly global standard.

A new US standard was published in 2005: ANSI/AIHA Z10 – Occupational Health and Safety Systems.  The format includes both a standard and associated guidance, but is not intended as a basis for certification.  It is fully compatible with ISO 9001/14001 and takes account of the other national/global OSHMS documents outlined in this section.”

OHSAS 18001:2007 is not an ISO standard. It appears to be simply an update of OHSAS 18001:2000. Its development was driven by the British Standards Institute which publishes the standard and profits directly from its distribution and sales.

Part of the answer to your question is to evaluate for yourself:

1) Why did you go to the expense to be certified to 18001:2007 and who were the customers that you were satisfying by doing this?

2) What is the expectation of these customers?

From a practical standpoint, consider embracing the concept in ISO 9001 clause 6.4. I would expect that providing your employees adequate conditions for producing products can only improve your product offerings and help to enhance customer satisfaction.

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)