OR WAIT 15 SECS
Caroline Hroncich was associate editor for Pharmaceutical Technology, Pharmaceutical Technology Europe, and BioPharm International from 2015 to 2017.
Industry experts discuss IIoT and its impact on pharmaceutical manufacturing.
As the pharmaceutical industry begins to automate manufacturing processes, many companies are looking to the Industrial Internet of Things (IIoT) to provide a way to more efficiently transfer information. While the IIoT provides a viable method for automating the flow of data, the concept of and security risks associated with cloud-based data storage is still new to many in the industry.
Pharmaceutical Technology sat down with Ben Blanchette, director of Strategy and Business Development for IIoT, and Torsten Winkler, lead of the Life Sciences Center of Excellence in EMEA, both at Honeywell Process Solutions; Dave Sharpe, global industry director, and Tony Baker, security lead, both at Rockwell Automation; and Lee Sullivan, regional manager, COPA-DATA UK Ltd to discuss IIoT and its impact on pharmaceutical manufacturing.
PharmTech: How does IIoT technology improve the flow of information?
Sullivan (COPA-DATA): IIoT can provide you with data; lots of data. IIoT’s real potential comes from the ability to monitor and connect. For example, Zenon [a human machine interface/supervisory control data acquisition system and communication platform from COPA-DATA] has more than 300 communication protocols, in real-time; therefore, hardware devices and business enterprise (SAP enterprise resource planning) systems can be linked to obtain data--and historical data--on demand. Furthermore, mobile technology and instant reporting capabilities allow for increased efficiency across a manufacturing site, as an IIoT-enabled system can pinpoint who, what, when, where, and how errors have and will occur.
Blanchette (Honeywell): In terms of IIoT technology improving the flow, I don’t know if there is any major improvement in our ability to move data, and flow information up and down the supply chain. I think what’s different with respect to IIoT, the IIoT philosophy, and a fully capable IIoT infrastructure and network, is that it becomes easier to move that information. Because of the way we’re collecting and storing the data and because the applications we’re using to support IIoT are typically cloud native, it [improves] collaboration across separate enterprises and up and down the supply chain [because] data can be transmitted more easily. That’s what is different about IIoT versus technology we’ve had for 20 years. We’ve had the ability to connect systems together, but it was typically customized integrations that required a lot of up front effort and large switching costs if you were to switch from one supplier to another up and down the supply chain. Going to cloud native IIoT infrastructure framework simplifies all of that and improves flexibility. I think that’s probably the biggest opportunity there, the ease and flexibility with which data can move up and down the supply chain to allow collaboration. Everybody’s seeing the same data in the same way.
Winkler (Honeywell): Especially for the pharmaceutical industry there is an increasing demand for documented evidence and documented data for the production [of drugs]. One initiative, for example, from the [regulatory] authorities is serialization. Serialization is a requirement by the [regulatory] authorities that you have a proven record from where the final drug was produced, and you need to document this. Of course, if you have one supplier and proprietary interfaces, you can achieve the same thing, but the industry is moving away from these monolithic systems to more modular systems because they want to have the capability to exchange information in an easier way. If you build special interfaces between the different modular systems to achieve for example serialization, this requires dedicated interfaces, dedicated software, and in terms of GMP compliance, these interfaces are a different class. There is a tremendous effort to achieve fully validated systems with these customized interfaces. The Internet of Things and the collaboration between all the different components allows the customer to achieve a better modularity and reduce the validation cost with standardized interfaces and standardized data flow.
PharmTech: How does the IIoT impact or enhance process controls?
Winkler (Honeywell): The intention of IIoT is not to increase the position of a process analytical technology (PAT) controller, or real regulatory control, but the IIoT gives you the infrastructure in a validated environment that reduces cost for validation to achieve the initiative, for example FDA’s PAT initiative. This means you can collect manual data more easily, do something with this [data], and the result is available for control. That means you can set up in a better or easier way multi-variable modeling, for example, or you can do indirect measurements. In a biopharmaceutical plant, it is relatively impossible to measure the quality of the products, but you can indirectly measure this information. That way you make this information and results more easily available for real control. The umbrella is the infrastructure to fulfill the PAT initiative.
Sullivan (COPA-DATA): At an IIoT-enabled facility, all process values can be accessed at any stage, including temperature, pressure, weight, flow, pH, dissolved oxygen, humidity, and energy. IIoT makes it possible to visualize the process, understand the science, and see where the edge of failure lies. Additionally, engineers can parameterize processes and monitor with increased resolution to create a control strategy and alerting mechanism that prevents the equipment from ever reaching, or getting close to, their predetermined limits. When we talk about process, we are referring to every small process loop or discrete control in the plant. This is a science, to advance with an accurate vision. And it is in this vision that you can find the paradigm shift for improvement.
Blanchette (Honeywell): I don’t think that going to an IIoT framework or infrastructure directly impacts process controls. I think we’re pretty good at that within a plant--we’re pretty good at controlling the process. Where the impact will probably be felt is in the fact that those process controls will probably be more consistent. You will probably have better repeatability and better reliability of those control systems so they will be functioning at peak efficiency all the time. I think what IIoT really enables is the ability of external experts and the right person to solve the current problem … the ability to look at the data, analyze the data, and provide some recommendations about how to improve the control of process. [The impact is] on the collaboration side and the optimization of the controls we already have, and the assurance that all those controls are performing as efficiently as possible. It’s maybe a level above the process controls. It’s that level of automation, watching how they perform, and providing some tools to enable experts to fine tune and refine those process controls and maybe even some automatic analytical-based enhancement to those controls from the cloud. I think that’s where we’ll see the impact on performance of process controls.
PharmTech: How do you think the IIoT will impact pharmaceutical manufacturing in the near future?
Sharpe (Rockwell): Pharmaceutical manufacturers can look forward to the next generation of quality, productivity, and efficiency gains thanks to improvements in workflow standardization and scalable analytics. These capabilities are increasingly made possible because of IIoT technology that connects and contextualizes disparate data from production and enterprise IT systems.
Workflow standardization is replacing time-consuming and error-prone manual operations like following recipe instructions and tracking work performed. Key to providing process guidance and enforcement are manufacturing execution systems (MES). This technology offers operator instructions while collecting product data as it moves across the facility and noting nonconformance issues. Easy-to-access information can then be electronically stored for however long the pharmaceutical manufacturer needs it, helping with serialization and track-and-trace efforts.
Scalable analytics have provided pharmaceutical manufacturers the ability to leverage actionable information when and where it is needed. Exact analytics capabilities vary based on the users’ need, but the technology is helping to pull and analyze data as close to the source as possible. On the plant floor, a maintenance engineer can connect directly to a device in order to access near-instantaneous incident data. At the enterprise level, information collected across a number of plants can integrate with business systems to evaluate production trends. From plant floor to distribution, information for individual users’ needs helps make enterprise wide improvements.
Winkler (Honeywell): From a pharmaceutical market point of view, [IIoT] is the infrastructure; it will allow for completely paperless production. The digitization of the company’s procedures, production, supply chain--that is how it will impact the industry. Digitization is the key word here.
Sullivan (COPA-DATA): The pharmaceutical manufacturing facilities of the future will go well beyond current standard methods of operations and development. The IIoT will add orders of magnitude to quality by design (QbD), with six sigma performance made possible on all quality parameters. The IIoT vision is one of highly automated production with high levels of visibility in all processes. Equipment will be highly precise, process controls will be well understood and constantly refined. As a result, in the IIoT-driven plant, products remain cost-effective long after patent expiration.
PharmTech: What are some best practices to prevent unauthorized intrusions, or cyberattacks, on pharma IT systems?
Baker (Rockwell): A number of prevention best practices are available to avoid unauthorized intrusions and attacks. Pharmaceutical manufactures can determine what is the best fit for them based on system design, sustainability, and cost sensitivity. Good infrastructure design, for instance, is a recommended first tactic, including segmentation through industrial demilitarized zones, firewalls, virtual local area networks, and access control lists.
Today, a pharmaceutical manufacturer needs to look beyond prevention, focusing on investments to detect, remedy, and recover from intrusions. A number of tools are available that can inspect and monitor industrial automation control systems. Best security practices also go beyond the network by taking advantage of capabilities within applications that manage who is allowed to access the system and to what extent.
Another best practice is to sufficiently harden operating systems in order to prevent malicious applications from spreading. Devices and computers should be physically hardened and locked up to keep unauthorized individuals from modifying or accessing the system. In addition, authorized personnel need to be trained on how to work with the security controls, such as being prepared for USB devices with malicious applications, phishing emails, and a number of other threats.
Blanchette (Honeywell): There’s a perception that hosting your data in a private cloud that is maintained is safer, but we’re starting to hear the argument that a publically hosted cloud with thousands of users and thousands of different and unique security requirements is much more secure just because you have so many more users of that public cloud space. The reason it’s more secure is the hosting companies have to meet the requirements of all of those users. Because of that, and the way that the deployments are built out today, if I meet the security units of one of those users on the public cloud, all of those users get to benefit from that security measure. We’re starting to get to the point in the market where the ability of large cloud hosting markets to secure their cloud environment is starting to get so far ahead of what any private entity can provide. I think ultimately you’ll see that public hosting will be a quantum leap better than anything you can develop in private. I think there’s some truth to that, and [there’s] starting to be some acceptance of that. That’s probably one of the single biggest ones. If you host it privately, you have to build all the security yourself. You have to develop it all, and there’s no way one entity can keep up with the giants out there that do this for a living. Those companies have tens of thousands of times more eyes on the security of those public clouds than any one business can build internally. I think that’s going to be important, that’s probably the most secure way to do it. The other thing we’re seeing a lot of, instead of just trying to be proactive, is the ability of companies to have people monitoring and reactively providing an intruding defense. You’ll have people fighting off those intrusion attempts. That proactive and reactive defense of the system is probably what we’re going to have as a standard across the space in the future. The first step is recognizing that no matter what you do you’re never going to be 100% secure. Don’t ever rest on thinking that you have a secure system in place. You have to be vigilant and consistently trying to improve proactively, and reactively respond to attempts to attack the systems.
Volume 41, No. 3
When referring to this article, please cite it as C. Hroncich, “Integrating Industrial Internet of Things and Pharmaceutical Manufacturing Processes,” Pharmaceutical Technology 41 (3) 2017.