Skip to main content

2.2 Recipe / Program Management

A machine recipe (reflow profile, torque script, pick-and-place file) is not a "setting"; it is a manufacturing specification. If a process engineer modifies a temperature profile by 5˚C to "fix a yield issue" without validation, they have effectively created an undocumented product revision. Treat machine programs as Software Source Code: versioned, protected, and immutable during execution.

The "Golden Copy" Architecture

Never rely on the machine's local hard drive as the master repository. Local drives are "Data Islands" where revisions go to die.

  • The Repository: All Master Recipes must live in a centralized PLM (Product Lifecycle Management) or MES database.
  • The Cache: The machine's local storage is for buffering only.
  • Synchronization Rule:
    • If Production Order Starts → Then MES pushes the specific "Golden Copy" to the machine.
    • If Network fails → Then Machine may run from Local Cache only if the Checksum matches the last known valid Master.

The "Check-Sum" Handshake

Trusting that the file name matches the content is negligence. Profile_Rev2.rcp on the server might be different from Profile_Rev2.rcp on the machine. Use cryptographic hashes to guarantee integrity.

The Verification Logic

  1. Download: MES downloads recipe to Machine.
  2. Calculate: Machine calculates MD5/SHA256 hash of the loaded parameter set.
  3. Verify: Machine sends Hash back to MES.
  4. Decision:
    • If Hash_Machine == Hash_Master → Enable Start Button.
    • If Hash_Machine ≠ Hash_Master → Trigger Interlock (Stop Line). Alert Engineering immediately.

Pro-Tip: Some legacy machines cannot calculate hashes. In this case, use "Parameter Scrape." The MES reads back all 50 critical setpoints and compares them value-by-value against the database before allowing the run.

Lifecycle State Machine & Approvals

Recipes must mature through a governance process. Do not allow "Draft" programs to run on saleable product.

States

  1. Draft / Engineering: Editable. Allowed only on NPI (New Product Introduction) orders or "Engineering" flag.
  2. Pending Approval: Locked (Read-Only). Waiting for Quality Sign-off.
  3. Released (Active): The Standard. Read-Only. Executable on Production Orders.
  4. Obsolete: Archived. Blocked from execution.

The Approval Gate

No single person should have the power to change a process variable and release it. Implement the "Two-Person Rule."

  • Editor (Process Engineer): Modifies the parameter. Transitions state to "Pending."
  • Approver (Quality/Lead Eng): Reviews the change (Delta Report). Transitions state to "Released."
  • Constraint: The Editor and Approver cannot be the same User ID.

Role-Based Access Control (RBAC) Matrix

Hard-code these permissions into the machine HMI or the centralized management console. Shared passwords (e.g., "1234") are forbidden.

Role

Capabilities

Constraint

Operator

Load Recipe, Start, Stop.

Cannot edit parameters. Cannot bypass interlocks.

Process Engineer

Edit Parameters, Save As New Version.

Cannot Release to Production.

Quality Manager

View Parameters, Approve/Reject Release.

Cannot Edit parameters.

Maintenance

Calibrate offsets (Z-height, Vision).

Changes limited to "Machine Constants," not "Product Recipe."

Handling "Tolerances" vs. "Setpoints"

Operators often need minor adjustments to account for material variance. Define what is "Fixed" and what is "Floating."

  • Critical Process Parameters (CPPs): Fixed. (e.g., Reflow Temp, Press Force). Locked.
  • Machine Variables: Floating within a window. (e.g., Conveyor Width, Vision Brightness).
  • The Window Logic:
    • Allow Operator adjustment of ± 5%.
    • If Adjustment > 5% → Then Require Supervisor Password.

Final Checklist

Category

Metric / Control

Threshold / Rule

Storage

Centralization

100% of Master Recipes stored on Server (not local).

Integrity

Hash Check

Machine must verify Recipe Checksum before every run.

Access

Segregation

Operators have 0 Write access to process parameters.

Lifecycle

NPI Control

"Draft" recipes blocked from Mass Production Work Orders.

Governance

Dual Sign-off

Release requires 2 distinct digital signatures.

Change

Audit Trail

Who changed it, When, From Value X to Value Y.

Backup

Disaster Recovery

Nightly backup of all "Golden Copies" to off-site storage.

Back to top