+353 1 450 5050
contact@bonner.ie

Integration of Water for Injection (WFI) System with TCU Control Platform

Case Study: Integration of Water for Injection (WFI) System with TCU Control Platform
Client: Pharmaceutical Manufacturing Facility
Integrator: BONNER (Process Control & Hygienic Systems Integration)

Overview

1. Project Background and Objectives
A pharmaceutical client operating a multiproduct mill room engaged BONNER to integrate their existing Water for Injection (WFI) utility with a newly deployed Temperature Control Unit (TCU) system. The objective was to synchronise batch water delivery with TCU batch operations without compromising the independence, sanitisation controls, or regulatory integrity of the WFI skid.

The required operational workflow was:

  1. Operator requests WFI from the WFI system HMI.
  2. Operator enters batch volume at the TCU HMI and starts the batch.
  3. After completion, the operator returns the WFI system to recycle mode.
  4. Lines are fully drained to leave the system hygienic and ready for the next batch.

BONNER’s role was to add the feed/return-side field devices, sequencing logic and handshakes required for a fully automated, hygienic, and compliant batch delivery cycle within Area 050 without altering the validated WFI skid’s core operation.

Field devices integrated by BONNER

  • CV-050-1 – Modulating feed valve for flow/batch control
  • XV-050-3 – Drain valve for end-of-cycle line emptying
  • FT-050-1 – Hygienic flowmeter for batching, verification, and drain confirmation
  • XV-050-1 / XV-050-2 – Fill/Flush hygienic valve block with mutual exclusion
  • TT-050-1 – Drain temperature transmitter for drain permissive and safety

The WFI skid maintained complete authority over sanitisation, recycle, and water generation. BONNER implemented the TCU-side logic only for valves, flow control, sequencing, alarms, handshakes, and safe operation of the feed/return paths.

2. BONNER Control Philosophy
2.1 Operating Modes
BONNER developed a structured mode suite to reflect production and hygiene requirements:

  • Auto – Batch
    Executes optional prime, fill, dribble, settle, batch completion and post-batch drain.
  • Auto – Flush
    Time- or volume-based flushing for hygiene and morning start-up, routed to recycle.
  • Drain / Standby
    Ensures all valves are closed except the drain valve; confirms line empty.
  • Maintenance (Manual)
    Individual device jog control with interlock protection; Engineer-only bypass timers.

2.2 Interlocks & Permissives Engineered by BONNER

  • Verified WFI_Ready handshake from the WFI system.
  • Mutual exclusion: XV-050-1 (Fill) and XV-050-2 (Flush) cannot physically or logically open together.
  • XV-050-3 (Drain) must be closed before opening any fill/flush valves or CV-050-1.
  • Healthy flow signal from FT-050-1; no-flow and reverse-flow conditions latched as alarms.
  • Optional pressure-available signal from WFI skid (if supplied).
  • Drain temperature permissive: TT-050-1 must be ≤ safe temperature (typically 60 °C) before drain valve is opened protecting operators and drain infrastructure.
2.3 Auto-Batch Sequence Engineered by BONNER
  1. Pre-checks – Readiness, valve closure, WFI_Ready = TRUE.
  2. Optional pre-flush/prime via XV-050-2 for time/volume.
  3. Fill path selection – Open XV-050-1; prove flush valve closed.
  4. Flow-controlled fill
  • CV-050-1 ramps to coarse Flow_SP
  • Dribble near V_PREACT
  • FT-050-1 integrated to monitor Delivered
  1. Batch complete – CV closes; XV-050-1 closes; Batch Complete latched.
  2. Optional post-flush – Hygienic rinse to recycle line with separate totalisation.
  3. Drain – Once TT-050-1 ≤ limit, open XV-050-3 until flow ≈ zero.
  4. Return to Standby – All valves closed; operator returns WFI to Recycle at the WFI HMI.
2.4 Aborts and Failsafe Behaviour
  • Abort → CV-050-1 closes immediately; XV-050-1/-02 close sequentially. XV-050-3 unchanged unless Emergency Drain (engineer-only) is selected.
  • Loss of TCU power → All valves move to validated fail positions (typically fail-closed).
  • WFI faults mid-batch → Controlled shutdown and alarm, with operator guidance on recovery.
3. HMI / Operator Experience Delivered by BONNERBONNER implemented a clear, production-friendly set of HMI pages:
  • WFI/TCU Overview
  • WFI handshake state (Ready/Recycle/Fault), live valve statuses, FT-050-1 flow and TT-050-1 temperature.
  • Batching Screen
  • Target and Delivered volumes (count-up), real-time flow control, and a clear status rail:
  •  Idle → Prime → Coarse → Dribble → Settle → Complete → Drain
  • Flush Screen
  •  Configurable pre/post flush by time or volume with independent accumulation totals.
  • Alarm Pages
  •  Rationalised priorities, delays, clear operator actions compliant with BONNER’s ISA-18.2 alarm methodology.
  • Reports
  •  Batch records (set volume, delivered, flush volumes, duration), drain confirmation, and exception logs.

5. Alarm Set Developed by BONNER
  • No flow on demand (CV position > threshold, FT flow < minimum)
  • Reverse/unexpected flow when all valves should be closed
  • Overshoot pre-act (Delivered > Target + tolerance)
  • High drain temperature inhibiting drain
  • Valve state mismatch (command ≠ proven)
  • Mutual exclusion breach (Fill + Flush open)
  • WFI Not Ready / WFI Fault – batch hold and operator guidance
6. Performance and Acceptance Criteria
  • Batching accuracy: ±0.5% of target volume
  • Repeatability: ±0.2% (verified by draw-down tests)
  • Flush accuracy: ±2% of defined flush volume
  • Drain performance: Line evacuated within t_DRAIN; FT ≈ 0; TT ≤ permissive limit
  • Handshake latency: < 2 seconds command-to-acknowledge
If you're interested in finding out more about any of our services, please Contact Us here
See All