Shop Floor Data Collection

Shop floor data collection (SFDC) is the disciplined capture of production and test data at the point of execution. It spans automated acquisition from equipment (PLCs, sensors, checkweighers, vision, environmental monitors) and guided manual entries (e.g., barcode scans, weigh-and-dispense, verification steps, comments), bound to the batch/lot, recipe step, equipment, and operator identity. In ISA‑95 terms, SFDC sits in Level 3 (MES/MOM) but consumes Level 0–2 signals and supplies Level 4 with trustworthy status and KPIs.

In regulated operations, SFDC must enable contemporaneous, attributable, legible, original, and accurate (ALCOA+) records with secure audit trails, enforced permissions, unique user accountability (e-signatures), and validated workflows. These records underpin batch records (21 CFR 211.188), device history (21 CFR 820.184), and electronic records/signatures compliance (21 CFR Part 11), and they must withstand data integrity scrutiny under EU GMP Annex 11 and MHRA guidance.

SFDC intersects directly with electronic records and signatures rules. 21 CFR Part 11 requires system validation, audit trails, record retention/retrieval, and controls for e-signatures and user identity. EU GMP Annex 11 expects data integrity by design, including access controls, validated interfaces, backup/archival, and change management. MHRA and PIC/S publications emphasize governance, risk assessment, and periodic review of data flows. For batch release, device release, and investigations, the SFDC data set must be complete and readily reconstruct the manufacturing event sequence.

• Attributable: operator ID, equipment ID, material lot, location
• Contemporaneous: automatic timestamps, time-sync across sources; no post-dated entries
• Original/true copy: raw signals preserved with metadata; derived values traceable
• Audit trail: secure, time-stamped, reason-for-change, before/after values
• Control of blank fields and corrections: enforced entry rules and reason codes
• Retention/availability: records accessible for the required lifecycle

SFDC aggregates a spectrum of signals: discrete events (start/stop, interlocks), analog measurements (temperatures, loads, pressures), transactional scans (materials, tools, labels), test results (torque, leak, vision), and human-entered confirmations or comments. Automated capture reduces transcription error and latency; manual capture provides necessary context for product contact operations, verifications, and exception handling. Interfaces commonly leverage OPC UA/DA, message brokers (MQTT/Sparkplug), file drops, REST, and equipment-specific drivers.

Raw signals lack meaning without robust context. ISA‑88 structures recipes into procedures, unit procedures, and phases, while the physical model anchors process cells, units, and equipment modules. ISA‑95 extends this to materials, personnel, and operations definitions. Effective SFDC binds each datum to: recipe version and step/phase; equipment/unit/module; material (lot/serial and status); location; operator; and order/batch identifiers, enabling coherent reconstruction and genealogy.

• Recipe context: general/master recipe → site recipe → control recipe; step identifiers
• Equipment context: unique asset IDs, state model, calibration/qualification status
• Material context: lot ID, status, CoA, expiry/FEFO, dispensed vs backflushed quantities
• Personnel context: training/qualification checks, role at time of action
• Spatial-temporal context: area/line/room; synchronized timestamps with timezone offsets

This context underpins review-by-exception, deviations/CAPA triggers, and efficient batch review. It also supports master data governance: controlled vocabularies, version control, and change history for recipes, specifications, and thresholds—core expectations under Annex 11 and GAMP 5.

Manual capture remains critical for identity checks, weigh-and-dispense, line clearance, and observations. To be reliable, UI design must minimize free text, prefer scans and picklists, and enforce ranges and units. Two-person verification is warranted for high-risk steps (e.g., component identity, sterilization load confirmation). Each manual entry must be attributable and contemporaneous, with controlled corrections and reason codes recorded in the audit trail.

1. Replace transcription with direct device integration (scales, checkweighers) wherever feasible.
2. Use barcode/2D GS1 data carriers to reduce misidentification (lot/serial, GTIN).
3. Enforce specification limits and plausibility checks; block out-of-range submissions.
4. Implement role-based prompts and conditional workflows tied to risk assessments.
5. Require reason codes and annotations for deviations and rework paths.

SFDC must remain reliable despite network outages and equipment resets. Edge collectors buffer messages locally (store-and-forward) with cryptographic integrity checks and replay prevention. Interfaces should support idempotency and duplicate detection. Time synchronization across equipment, collectors, and MES is necessary for accurate sequencing; implement authenticated NTP, monitor drift, and record source clock quality with each event to support forensic reconstruction.

• Buffered ingestion with durable queues; back-pressure handling and retry policies
• Deterministic event ordering within equipment/phase scope; global ordering via timestamps
• Secure transport (TLS), endpoint authentication, allowlisting
• Schema versioning for payloads, with backward compatibility and deprecation plans
• Health telemetry: lag, drop rates, and clock drift KPIs with alerts

For batch/phase events, prefer event-driven designs: start/hold/resume/complete, parameter captures at defined sampling intervals, and exceptions flagged with context and reason. Alarm floods should be rationalized to avoid noise overwhelming quality-relevant signals.

Computerized systems used for SFDC must be validated commensurate with risk. GAMP 5 (2nd ed.) promotes critical thinking, supplier assessment, and leveraging vendor documentation. Define intended use, classify components (COTS connectors, custom mappings, configurations), and focus testing on data integrity controls: access, audit trails, timestamp behavior, error handling, and interface failure modes. Part 11 and Annex 11 require documented validation, periodic review, and change control that preserves data integrity.

1. Trace requirements to risks and test cases; emphasize data capture, context binding, and exception handling.
2. Qualify interfaces with negative testing (loss of comms, duplicates, malformed payloads).
3. Verify audit trail completeness and review workflows; ensure filters cannot suppress required entries.
4. Challenge time-sync and late-entry flags; verify daylight-saving, timezone, and leap-second handling.
5. Document backup/restore tests proving data and audit trail recoverability.

Once captured and contextualized, SFDC fuels in-process control, SPC, and performance KPIs. Control limits and specification bands should be enforced at capture to prevent bad data from propagating. Review-by-exception reduces batch review effort by automatically highlighting excursions, missing checks, or sequence violations. Exception rules must be versioned and validated, with audit trails capturing rule changes and their effective dates.

• SPC on critical process parameters (e.g., tablet weight, torque, leak rate) with Nelson/Western Electric rules
• Alarm and hold logic that triggers QA disposition steps on out-of-spec/out-of-trend
• OEE and cycle-time metrics derived from start/stop and downtime events
• Data completeness checks (all required scans, witnesses, samples collected before release)
• Automated reconciliation of theoretical vs actual yield and backflush vs measured consumption

Analytics must not re-write source data; derived metrics should reference immutable raw records and carry lineage so investigations can drill down to original evidence. Where data are redacted or masked for privacy/security, ensure full unmasked access is available to authorized QA for release decisions.

SFDC is the evidentiary backbone for batch production records (21 CFR 211.188) and device history records (21 CFR 820.184). Genealogy requires one-up/one-down traceability of materials, intermediates, and subassemblies, plus association to equipment and tools that contacted product. Each lot movement and transformation step should be captured with operator identity, timestamp, and location, creating a verifiable pedigree from receipt to release and, where applicable, through distribution.

• Bind each material add/remove to lot and quantity; reconcile against BOM and tolerances
• Record sterilization/cleaning cycles with cycle parameters and equipment IDs
• Associate test results and sampling points to specific units/sub-batches
• Capture label issuance and verification events to prevent mix-ups
• Enable rapid forward/backward tracing for recalls and complaints

Electronic batch records (eBMR/eBR) and eDHRs should compile SFDC in a human-readable, chronologically coherent narrative with hyperlinks to raw data, audit trail excerpts, and approvals, enabling efficient QA review and regulatory inspection.

• Un-synchronized clocks across equipment cause mis-sequenced events; remediate with authenticated NTP and drift monitoring.
• Manual re-entry of instrument readings invites transcription errors; integrate devices or use digital transfer.
• Generic user accounts break attribution; enforce unique credentials and e-signature controls.
• Audit trails that omit configuration changes (e.g., limits) undermine data trust; ensure full-scope audit coverage.
• Interface failures silently drop records; implement store-and-forward, dead-letter queues, and reconciliation reports.
• Lack of data completeness checks leads to late discovery during batch review; implement pre-release gatekeeping.

Data integrity requires secure-by-design collection. Enforce least-privilege access, segregate duties for configuration vs execution, and apply network segmentation between Level 0–2 and Level 3–4. Protect interfaces with mutual TLS, certificates lifecycle-managed, and allowlisting. Maintain configuration baselines for tag mappings, limits, and workflows under change control with impact assessment on validation state.

• Role-based access with periodic review and removal of dormant accounts
• Change control linking risk assessment, testing, and deployment records
• Backup/restore procedures with routine drills and evidence
• Monitoring of interface health, authorization failures, and unusual data patterns
• Vendor management and patching strategy aligned to validation constraints

"Data should be complete, consistent, and accurate throughout the data lifecycle. Organizational and technical controls should be implemented to assure data integrity."

V5 Ultimate implements event-driven SFDC aligned to ISA‑95/ISA‑88, ingesting machine telemetry and operator entries into a single, versioned execution record. Interfaces support secure store-and-forward, idempotent processing, and deterministic binding of data to recipe steps, equipment, materials, and personnel. Audit trails capture every addition, change, and configuration adjustment with reasons and effective dating. Review-by-exception, data completeness gates, and automated reconciliations expedite QA release while preserving a defensible evidence trail.