Centralized Location: A
chief concern at Level 4 is
providing functional areas
to handle business logistics.
Centralization and secure
connectivity is a must. It is
common for various user and
system roles within a given
organization to require access
to various functional areas or
APIs provided by Level 4.
For example, warehouse and
distribution center workers
will need to perform business
processes on data collected at
the packaging line (Level 2) and
aggregated by a site-level system
(Level 3). Before these workers
can do their jobs, Level 3 must
send relevant data to Level 4.
In this scenario, without a
proper Level 4, warehouse
workers and distribution center
workers would be operating
on different networks and
unable to share important data.
Therefore, the Level 4 system is
centrally located and accessible
by authenticated and authorized
users and systems.
Security: Identity Access
Management (IAM) plays a
critical role in this requirement.
Not all actors—whether
human or electronic—will have
the same access to Level 4
functionality and API operations.
A secure Level 4 will use multi-
factor authentication (MFA),
certificates, API keys, and https,
at a minimum.
Electronic Signature: FDA
Regulation CFR 21 Part 11
clearly states that all changes
within systems dealing with
must record electronic
signatures for any changes made
to the data. This mandate likely
will also be included in pending
Auditing: It is critical that all
Level 4 actions taken by any
actor (human or electronic) is
audited. Audits include actor
identifiers, dates and times,
underlying objects changed, and
values before and after change.
Centralized Logging: This
describes the ability to collect and
centralize logs from site-wide Level
3 systems as well as the Level
4 system itself, and to provide
insight into that data. Centralized
logging provides valuable, system-wide usability metrics and faster
Centrally locating logs is the
first step toward using newly
mined data for competitive
Message Intermediation: Level 4
is where message interoperability
between two or more systems
occurs, transforming AJAX into
XML, XML into CSV, or one
XML format into another XML
format before data is moved to