Requirement Description

The hosting infrastructure must support scaling

Scalability resources up or down based on demand, ensuring
performance consistency.

Robust security measures including data encryption,

Security
secure access controls, and regular security audits.

Adherence to relevant industry standards and

Compliance regulations for data handling and privacy (e.g., GDPR,
HIPAA if applicable).

Mechanisms to ensure data accuracy, consistency, and

Data Integrity
protection against corruption or loss.

High availability with commitments to service level

Uptime agreements (SLAs) for system uptime, possibly 99.9%
or higher.

Capability to integrate with other enterprise systems or

Integration
third-party applications through APIs or middleware.

Regular data backups and a disaster recovery plan to

Backup & Recovery
minimize data loss and downtime.

Support for multiple users or organizations while

Multi-tenancy
ensuring data isolation and security.

Real-time monitoring of application performance and

Monitoring & Logging extensive logging for troubleshooting and auditing
purposes.

24/7 support with defined response times, regular

Support & Maintenance updates, and maintenance without significant
downtime.

Responsibilities and Accountabilities Matrix:

Activity Responsible

Infrastructure
Cloud Service Provider
Management

Security Implementation Security Engineers

Compliance Checks Compliance Officer

Data Management Data Managers

Performance Monitoring System Administrators

System Integration Integration Specialists

Backup & Disaster

IT Operations
Recovery
User Access
System Administrators
Management

Application Maintenance Software Developers

Support Services Customer Support

 Accountable Consulted Informed

SaaS Provider IT Operations Executive Team

SaaS Provider Compliance Officer All Users

SaaS Provider Legal Team Executive Team

SaaS Provider Data Analysts All Departments

SaaS Provider IT Support Operations Team

SaaS Provider IT Architects Affected Departments

SaaS Provider Risk Management All Users

SaaS Provider HR for Permissions All Employees

SaaS Provider Product Managers Customer Support

SaaS Provider Product Team All Users

 Requirement

1. Cloud Infrastructure

2. Application Deployment

3. Data Storage

4. User Management

5. APIs and Integrations

6. Security and
Compliance

7. Backup and Recovery

8. Monitoring and Logging

9. Scalability and
Performance

10. Documentation

RACI Matrix
Roles
P: Product Owner

A: Application Administrator

D: Developer

Q: Quality Assurance
S: Security Specialist

I: Infrastructure Engineer

U: User Support

Activities and Responsibilities

 Activity

1. Cloud Infrastructure
Setup
2. Application Deployment
3. Data Storage
Configuration
4. User Management
Configuration

5. API Development

6. Security Audits

7. Backup and Recovery

Setup
8. Monitoring and Logging
Configuration

9. Scalability and
Performance Optimization

10. Documentation
Creation
11. User Support
12. Application Updates
Legend
R: Responsible
A: Accountable
C: Consulted
I: Informed
 Description Priority

Scalable, secure cloud infrastructure (e.g.,

High
AWS, Azure)

Containerized deployment (e.g., Docker) for

High
easy updates

Secure, compliant data storage (e.g.,

High
encrypted, access-controlled)

Role-based access control, authentication,

High
and authorization

RESTful APIs for integrations with existing

Medium
systems

Regular security audits, GDPR, HIPAA

High
compliance

Automated backups, disaster recovery plan High

Real-time monitoring, logging, and alerting Medium

Auto-scaling, load balancing for high traffic High

Comprehensive documentation for users and

Low
administrators

and Responsibilities
P A D Q

R R

R R

R R R
Requirements for Hosting L4 RFxL in Saa

Requirement Area

Infrastructure

Data Security

Application
Configuration

Integration

Validation

Backup & Recovery

Audit Trail

Access Control

Support & Maintenance

Scalability

Licensing & Subscription

RACI Matrix for Activities Relevant to Saa

Activity

Infrastructure
Provisioning
Application
Configuration
 Data Security
S I U
Implementation
Integration with
R
ERP/MES
Validation (IQ/OQ/PQ)
Backup & Recovery
R
Setup
Audit Trail Configuration

Access Control
Implementation
Ongoing Support and
R
Maintenance

R Compliance Monitoring

R
Key:
R
R R: Responsible (Performs the task)
A: Accountable (Ensures the task is completed)
C: Consulted (Provides input or feedback)
I: Informed (Kept updated on progress/results)
 for Hosting L4 RFxL in SaaS Model

Details Key Considerations

Cloud-hosted environment (e.g., Must meet scalability, availability (99.9%+ uptime),

AWS, Azure, GCP) and disaster recovery requirements

Compliance with regulatory

Encryption at rest and in transit, multi-factor
standards (e.g., GDPR, HIPAA, 21
authentication (MFA), and data access controls
CFR Part 11)
Hosted application must meet
Support for GS1, EU FMD, US DSCSA, and other
traceability and serialization
regional serialization standards
standards

Seamless integration with ERP (L5) Use of APIs, middleware, or secure file exchanges for
and MES (L3) systems real-time data synchronization
SaaS vendor provides validation IQ, OQ, PQ documentation and ongoing validation
packages for compliance support
Automated backups and quick SLA for Recovery Time Objective (RTO) and Recovery
restoration processes Point Objective (RPO)
Fully compliant audit trail Complete logging of changes, with user access logs
functionality meeting 21 CFR Part 11 and Annex 11

Role-based access control (RBAC)
for all users
24/7 support from SaaS provider
Application must scale with
transaction volume
Subscription-based model covering Flexible pricing based on the number of users and
required modules
Segregation of duties, user group hierarchies, and
privilege escalation monitoring
Service-level agreements (SLAs) for incident resolution
and scheduled maintenance notifications
Support for peak loads during production cycles
modules

or Activities Relevant to SaaS Hosting

SaaS Vendor Pharma Company IT

R A

R A
 R C

C R

C R

R C

R C

R C

R A

C C

erforms the task)

Ensures the task is completed)
vides input or feedback)
updated on progress/results)
Quality Regulato
Team ry Team

C C

C C
A C

A C

A C

A C

A C

A C

C C

A R