The Autonomous Supply Chain · Page 02

MedDevice Industries GmbH

Client Brief & Requirements

The requirements layer of the TOGAF ADM. Every architectural decision in the seven design phases traces back to a documented requirement on this page. This is the single source of truth for what the Autonomous Supply Chain is designed to achieve for MedDevice Industries GmbH.

TOGAF Phase A Input MoSCoW Prioritisation EU AI Act · MDR 2017/745 ISO 13485 · FDA 21 CFR Part 820 GDPR Art. 6 · Art. 35 DPIA 9 Stakeholders 8 Use Cases · Requirements Traceability Matrix ADR-001 · ADR-002 referenced

Section 01

Organisation Profile

A composite of real regulated-industry enterprise patterns from the German medtech sector. Every requirement, constraint, and architectural decision on this page is grounded in the specific operational context of a medical device OEM operating under EU AI Act, MDR 2017/745, ISO 13485, and FDA 21 CFR Part 820 simultaneously.

34%

Forecast error rate — surgical robotics components

BR-01 target: ≤12% within 12 months

€180M

Annual inventory carrying cost across 14 manufacturing sites

CFO primary concern · InventoryOrchestrator target domain

23 days

Average NCR resolution time — quality non-conformance

BR-03 target: ≤5 days · QualityTrace module

480

Active suppliers — risk assessed by annual questionnaire only

Tier 1–3 network across 34 countries

Organisation Facts

Legal nameMedDevice Industries GmbH

HeadquartersDüsseldorf, Germany

Revenue€2.4B (FY2025)

Employees6,800 across 22 countries

Product portfolioSurgical robotics, implantable sub-assemblies, sterile disposables

Active suppliers480 · Tier 1–3 · 34 countries

Manufacturing sites14 sites across Europe, APAC, Americas

Regulatory Environment

EU AI ActAnnex III high-risk — 5 ML models · Art. 9, 10, 11, 13, 14

MDR 2017/745Medical Device Regulation — full vigilance reporting · Art. 87 72-hr SLA

ISO 13485Quality Management System — device lifecycle traceability

FDA 21 CFR Part 820QSR — DHR, DHF, CAPA documentation · BR-09 operationalised

GDPR Art. 6(1)(b/c/f)Lawful basis: contract performance, legal obligation, legitimate interest. DPIA required under Art. 35 — 5 high-risk AI systems processing operational data. Data controller: MedDevice GmbH. Data processor: Google Cloud (DPA executed).

EU CSRDScope 3 reporting mandatory from FY2025

ISO 14001Environmental management — Scope 3 integration required

      Architectural positioning note. MedDevice operates SAP S/4HANA as the system of record for ERP, procurement, and finance. SAP IBP handles demand planning. Ariba manages strategic sourcing across four regional instances. The Autonomous Supply Chain does not replace any of these. It delivers intelligence across the enterprise — spanning the supplier network, the manufacturing sites, the quality management system, and the CSRD obligations that no single SAP module boundary contains.
    

      GDPR Data Processing Framework. The Autonomous Supply Chain processes operational data only — no patient personal data is ingested directly. Supplier data (financial signals, performance records) is processed under Art. 6(1)(f) legitimate interest (supply chain risk management). Contract and procurement data is processed under Art. 6(1)(b) contractual necessity. QualityTrace ingests device serial and batch records linked to MDR events — processed under Art. 6(1)(c) legal obligation (MDR Article 87). A Data Protection Impact Assessment (DPIA) is mandated under Art. 35 for all five high-risk AI models prior to go-live. Data controller: MedDevice Industries GmbH. Data processor: Google Cloud Germany GmbH (DPA and SCCs executed). All personal and sensitive operational data remains within the europe-west3 VPC-SC perimeter — architecturally enforced, not policy-only.
    

      FDA 21 CFR Part 820 — Operationalised. MedDevice manufactures surgical robotics and implantable sub-assemblies sold in the US market. Part 820 (QSR) requires: Design History File (DHF) per device, Device History Record (DHR) per unit, and documented CAPA workflows. QualityTrace addresses this directly: automated device genealogy traces produce DHR-compliant records queryable from a single API call; CAPA workflows are structured within the NCR resolution pipeline; DHF linkage is maintained via immutable audit store cross-referencing Veeva Vault document IDs. See BR-09 for the dedicated FDA traceability requirement.
    

Section 02

Stakeholder Map

Nine stakeholders. Nine different conversations. An enterprise architecture that satisfies the CISO's data residency requirements but cannot answer the Quality Director's MDR audit question will not be adopted. Each stakeholder below has a primary pain point, a specific capability the Autonomous Supply Chain must deliver for them, and a documented adoption risk or concern that must be addressed in the change management plan.

S-01

VP Supply Chain

Supply Chain Operations

Primary Pain

34% forecast error on surgical robotics components drives excess inventory and stockouts simultaneously. No real-time visibility across 14 manufacturing sites.

What the AS Delivers

DemandIQ reduces forecast MAPE to ≤12%. InventoryOrchestrator provides multi-site stock visibility and automated replenishment recommendations.

S-02

Chief Procurement Officer

Strategic Procurement

Primary Pain

480 suppliers assessed by annual questionnaire only. No early-warning capability for supplier financial distress, geopolitical exposure, or quality deterioration.

What the AS Delivers

SupplierSentinel surfaces risk events ≥30 days before impact. ProcureGuard provides ML risk-adjusted sourcing scores. ContractIntelligence flags non-standard terms.

S-03

Chief Compliance Officer

Legal & Regulatory Affairs

Primary Pain

EU AI Act Annex III obligations unassessed. MDR Article 87 vigilance reporting is manual. CSRD Scope 3 data is quarterly and unauditable. Five production models have no SHAP or HITL.

What the AS Delivers

All five high-risk models EU AI Act compliant at go-live. MDR 72-hour SLA satisfied architecturally via QualityTrace. CSRD Scope 3 automated and real-time via ScopeTracer.

S-04

Quality Director

Quality & Regulatory

Primary Pain

23-day average NCR resolution time. MDR Article 87 vigilance reporting is manual and paper-based. ISO 13485 traceability requires cross-system data stitching by hand.

What the AS Delivers

QualityTrace reduces NCR resolution to ≤5 days. MDR vigilance report drafted automatically within 72 hours. Full ISO 13485 device lifecycle trace from a single query.

S-05

Head of Sustainability

ESG & Corporate Affairs

Primary Pain

CSRD Scope 3 reporting is a quarterly manual process across freight portals and supplier questionnaires. FY2025 mandatory reporting date is at risk without automation.

What the AS Delivers

ScopeTracer automates Scope 3 Category 1 and 4 data collection from 6 freight portals and 480 supplier nodes. Real-time CSRD dashboard from FY2025.

S-06

CFO

Finance & Treasury

Primary Pain

€180M annual inventory carrying cost. €60M stockout exposure in surgical robotics. No ML-assisted working capital optimisation across 14 sites.

What the AS Delivers

InventoryOrchestrator targets 20–25% reduction in carrying cost. DemandIQ eliminates surplus buffer stock driven by forecast error. SupplyChain Command provides CFO-level financial visibility.

S-07

CISO

Information Security & Risk

Primary Pain

No VPC-SC perimeter enforcing EU data residency at infrastructure layer. CMEK not yet deployed for supplier financial and quality data. Zero-trust posture incomplete.

What the AS Delivers

VPC-SC perimeter in Terraform enforces EU residency architecturally. CMEK with 90-day rotation. BeyondCorp zero-trust for all HITL operator access. All agent actions logged to immutable audit store.

S-08

Head of Legal

Legal & Contract Management

Primary Pain

480 supplier contracts reviewed manually. Non-standard liability caps, force majeure, and IP ownership clauses pass through procurement without legal review at volume.

What the AS Delivers

ContractIntelligence reads every contract at clause level. Non-standard terms flagged to Legal HITL with risk score, precedent references, and draft counter-position. 24-hour SLA enforced by state machine. A2A commerce is bounded: agents may negotiate only pre-approved standard clause sets; any deviation triggers mandatory Legal HITL before any commitment is formed. See BR-10 for A2A mandate boundary.

S-09

IT / ERP Director

IT & Digital Transformation

Primary Pain

SAP S/4HANA, Ariba (4 regional instances), IBP, Salesforce, Veeva Vault, and 6 freight portals are all disconnected. No unified event fabric. No cross-system orchestration layer.

What the AS Delivers

Pub/Sub event fabric as the integration bus. AS is the orchestration layer — SAP, Ariba, IBP, Salesforce, Veeva all remain systems of record. No replacement, no new system of record created. Adoption risk: S-09 is a high change-resistance stakeholder. Adding an orchestration layer above S/4HANA requires SAP BASIS team co-operation, API license review, and joint ownership of the integration runbook. Change management plan must include S-09 as a co-delivery partner, not a downstream consumer.

Section 03

AI Readiness Audit

Where MedDevice Industries stands today — five dimensions. The AI Readiness Assessment is the input to the TOGAF Architecture Vision. It defines the starting position and frames the gap the Autonomous Supply Chain is designed to close. Scored 1–5. Findings are actionable, not evaluative.

Data Maturity

3 / 5

SAP IBP BigQuery exports, Ariba REST, Veeva Vault REST, Salesforce REST, and 6 freight portals via Pub/Sub. Data exists but fragmented across systems with no unified event fabric or feature store.

Action: Unified Pub/Sub event fabric + BigQuery feature store as AS Day 1 infrastructure.

ML Maturity

1 / 5

No production ML models. Excel-based demand planning. Supplier risk via annual questionnaire. No Vertex AI Pipelines, no Model Registry, no drift detection. No XAI capability.

Action: Vertex AI Pipelines + Model Registry + monitoring jobs — mandatory before first model promotion.

Compliance Infrastructure

1 / 5

MDR traceability is manual. EU AI Act compliance not yet assessed. CSRD Scope 3 is a manual quarterly process. Five ML models intended for production have no SHAP or HITL design.

Action: XAI layer + HITL spec + Model Cards + risk documentation — all required at go-live.

Integration Readiness

3 / 5

SAP S/4HANA, Ariba (4 regional instances), IBP, Salesforce, Veeva Vault, and Excel/SharePoint all present. Integration patterns defined (Pub/Sub, REST, BigQuery export) but not yet unified.

Action: Pub/Sub event bus as single integration layer. AS decouples all producers from all consumers.

Org Readiness

3 / 5

Domain SMEs exist — planners, quality managers, procurement directors. No ML/AI team in-house. HITL-ready: named approvers identifiable for all five high-risk models across all domains.

Action: HITL visibility is the organisational unlock. Deploy HITL interface first, expand model coverage second.

Scoring methodology: Aligned to the Google Cloud AI Adoption Framework (five capability dimensions) and the Gartner AI Readiness Assessment model. Scale 1–5, where 1 = no capability and 5 = fully mature. Scores derived from structured discovery sessions against each dimension's capability indicators with MedDevice stakeholders S-01 through S-09. Sources: Google Cloud AI Adoption Framework (cloud.google.com/adoption-framework) · Gartner AI Readiness Model (2024).

Section 04

Systems Landscape — As-Is

The TOGAF ADM Phase B input. Eight core systems across four domains. Integration patterns are defined and present in the landscape — the gap is the absence of a unified orchestration layer connecting them into a coherent, auditable event fabric.

System	Vendor	Domain	AS Integration Pattern
SAP S/4HANA	SAP	ERP — procurement, inventory, finance	Event stream via Pub/Sub
SAP Ariba	SAP	Strategic sourcing, supplier management (4 regional instances)	REST API + event webhook
SAP IBP	SAP	Integrated Business Planning — demand	BigQuery data export
Salesforce	Salesforce	Customer orders, opportunity pipeline	REST API (ADR-001 pattern)
Veeva Vault	Veeva	Quality management, regulatory documents	REST API
CODA / Thomson Reuters	Thomson Reuters	Supplier financial health data	Pub/Sub ingestion
Six freight / 3PL portals	Multiple	Logistics execution, Scope 3 emissions data	Pub/Sub ingestion pipelines
Excel / SharePoint	Microsoft	Demand planning, supplier scorecards	GCS upload + Document AI

      Architectural gap. No orchestration layer connects SAP S/4HANA · Ariba · IBP · Salesforce · Veeva Vault · freight portals into a coherent, auditable, human-supervised supply chain intelligence flow. The Pub/Sub event fabric is the AS Day 1 infrastructure deliverable that closes this gap before any ML model is deployed.
    

Section 05

Use Case Catalogue

Eight use cases mapped to modules, pain points, and EU AI Act risk classification. Five are classified High-Risk under Annex III — classification mapped to specific Annex III provisions (noted per card). All High-Risk models require SHAP explanations per inference, documented HITL checkpoints, versioned Model Cards, and a DPIA under GDPR Art. 35 before go-live. Three are not high-risk and operate without mandatory HITL, but all are auditable. Model references specify capability requirements — specific model versions are tracked in Vertex AI Model Registry and subject to change.

UC-01

DemandIQ

Demand forecasting — surgical robotics & implantable sub-assemblies

High-Risk · Annex III §5(a) drives €180M inventory cost and €60M stockout exposure. DemandIQ ingests SAP IBP exports, Salesforce order pipeline, and external signals to deliver a SHAP-explained forecast model with HITL approval at Planner checkpoint before replenishment orders commit.

PAIN 01 S-01 · S-06 BR-01 Vertex AI Forecasting

UC-02

SupplierSentinel

Real-time supplier risk monitoring across 480 suppliers

High-Risk · Annex III §5(b)

Annual questionnaire-based supplier risk assessment provides zero early-warning. SupplierSentinel ingests financial health signals from Thomson Reuters, news feeds via Pub/Sub, and Ariba performance data to surface risk events ≥30 days before operational impact, replacing annual assessments with continuous monitoring.

PAIN 02 S-02 · S-06 BR-02 Gemini Ultra (long-context) · BigQuery

UC-03

ProcureGuard

Intelligent procurement — ML risk-adjusted sourcing

High-Risk · Annex III §5(b)

Strategic sourcing decisions across Ariba's four regional instances are made without ML risk-adjustment. ProcureGuard scores every shortlisted supplier against quality, financial, geopolitical, and sustainability dimensions and presents a SHAP-explained recommendation to the Procurement Director HITL checkpoint before contract award.

PAIN 03 S-02 · S-07 BR-07 Vertex AI · Ariba REST

UC-04

ContractIntelligence

Contract analysis + A2A sourcing capability

High-Risk · Annex III §5(b)

480 supplier contracts are stored but not analysed. Non-standard liability caps, force majeure, IP ownership, and indemnification clauses pass through procurement without Legal review at volume. ContractIntelligence reads every contract at clause level via a long-context Gemini model (≥1M token window), flags risk to Legal HITL, and enables A2A agent-to-agent sourcing negotiation bounded to pre-approved clause sets only. A2A mandate boundary: agents may negotiate standard delivery, payment, and warranty terms autonomously; jurisdiction, liability cap, IP, or indemnification deviations require Legal HITL approval before any commitment. Counterparty agent authentication via mTLS + Agent Card identity verification per A2A protocol specification.

PAIN 03 S-02 · S-08 BR-07 · BR-10 Gemini Ultra (1M+ context) · A2A Protocol

UC-05

InventoryOrchestrator

Multi-site inventory optimisation across 14 manufacturing sites

High-Risk · Annex III §5(a)

€180M annual inventory carrying cost reflects the absence of ML-assisted cross-site optimisation. Safety stock is calculated per-site in IBP without awareness of supplier risk signals or demand forecast uncertainty. InventoryOrchestrator operates across all 14 sites simultaneously, incorporating DemandIQ forecasts and SupplierSentinel risk scores into replenishment decisions. Autonomy boundary (BR-11): replenishment recommendations ≤€50K execute autonomously after SHAP review; €50K–€500K require Supply Chain Planner HITL approval within 4 hours; >€500K require VP Supply Chain approval with CFO notification. Cross-site inventory transfers always require HITL regardless of value, given regulatory traceability obligations under ISO 13485.

PAIN 01 PAIN 02 S-01 · S-06 BR-01 · BR-11

UC-06

QualityTrace

NCR resolution + MDR Article 87 vigilance reporting

High-Risk · Annex III §6(a) reporting create simultaneous regulatory and patient safety exposure. QualityTrace ingests Veeva Vault quality events, traces the full device genealogy across S/4HANA and ISO 13485 records, and generates a draft MDR Article 87 vigilance report within 72 hours — routed through Quality Director HITL before submission.

PAIN 04 S-04 · S-03 BR-03 · BR-04 Veeva REST · MDR Art. 87

UC-07

ScopeTracer

Scope 3 emissions + CSRD reporting — automated, real-time

Not High-Risk · Informational

CSRD Scope 3 reporting is a manual quarterly process across six freight portals and 480 supplier questionnaires. FY2025 mandatory reporting is at risk without automation. ScopeTracer ingests logistics emissions data from all six freight portals via Pub/Sub and supplier-reported Scope 3 data from Ariba, producing a real-time CSRD-compliant dashboard from Day 1 of operation.

PAIN 05 S-05 · S-03 BR-05 Pub/Sub · BigQuery · Looker

UC-08

SupplyChain Command

C-suite unified intelligence dashboard across all modules

Not High-Risk · Aggregated View

No single view connects forecast accuracy, supplier risk posture, inventory cost exposure, NCR pipeline, and CSRD compliance status for executive decision-making. SupplyChain Command aggregates outputs from all seven AS modules into a single C-suite dashboard — real-time, drill-through, and traceable to the underlying model inference that produced every figure.

All PAINs S-01 · S-06 · S-03 All BRs Looker · BigQuery

Section 06

Business Requirements

Every requirement below is traceable to a stakeholder concern, a regulatory obligation, or a business pain point identified in the preceding sections. Prioritised using MoSCoW — BR-01 through BR-09 are Must Have; BR-10 and BR-11 are Should Have as they refine delivery of Must Have capabilities. Each requirement includes a measurable acceptance criterion. Eleven requirements covering the primary commercial outcomes, compliance obligations, and governance boundaries.

BR-01

Demand forecast error reduced from 34% to ≤12% within 12 months

Forecast MAPE on surgical robotics components must be reduced from 34% to ≤12% within 12 months of DemandIQ go-live. Measured at SKU level across all 14 manufacturing sites using SAP IBP actuals as the baseline (FY2024 12-month rolling MAPE, n=847 SKUs). Improvement must be attributable to the ML model, not safety stock increases. Acceptance criterion: ≤12% MAPE sustained for 3 consecutive calendar months as measured in the Vertex AI monitoring dashboard, validated against SAP IBP actuals by the Supply Chain Analytics team.

Must Have DemandIQ
InventoryOrchestrator

BR-02

Supplier risk events surfaced ≥30 days before operational impact

SupplierSentinel must detect and surface material supplier risk events — financial distress, geopolitical exposure, quality deterioration — with a minimum 30-day lead time before operational impact. Current detection lag is 11 days (FY2024 post-incident review across 12 disruption events). Lead time measured as the interval between model alert timestamp and confirmed impact event date. Acceptance criterion: ≥30-day lead time across ≥80% of material risk events in the 6-month post-go-live monitoring window, reviewed in joint quarterly business review between SupplierSentinel product owner and CPO.

Must Have SupplierSentinel

BR-03

NCR resolution time reduced from 23 days to ≤5 days

Average NCR resolution time must fall from 23 days to ≤5 days within 6 months of QualityTrace go-live. Baseline: FY2024 average across 143 NCR events, measured from event creation in Veeva Vault to Quality Director sign-off. Reduction achieved through automated device genealogy tracing, intelligent triage, and structured HITL workflow — not by lowering NCR quality standards or reclassifying resolution events. Acceptance criterion: ≤5-day average NCR resolution time over any rolling 30-day window post go-live, validated from Veeva Vault timestamps by Quality Director and independently auditable under ISO 13485 internal audit.

Must Have QualityTrace

BR-04

MDR Article 87 vigilance reporting within 72-hour SLA — architecturally satisfied

MDR Article 87 requires notification of serious incidents within 72 hours of becoming aware. QualityTrace must satisfy this SLA architecturally — by producing a complete, structured vigilance report draft within 72 hours of event ingestion from Veeva Vault — not by accelerating existing manual processes. HITL Quality Director approval is the final gate before submission.

Must Have QualityTrace
MDR Art. 87

BR-05

CSRD Scope 3 reporting automated, real-time, and compliant from FY2025

CSRD Scope 3 Category 1 (purchased goods) and Category 4 (upstream transportation) must be reported in real-time from FY2025 mandatory reporting date. ScopeTracer must ingest data from all six freight portals and 480 Ariba supplier nodes without manual intervention. The output must be CSRD-compliant and auditable — not a dashboard estimate.

Must Have ScopeTracer
ISO 14001

BR-06

All five high-risk ML models EU AI Act Annex III compliant at go-live

Every model classified as High-Risk under EU AI Act Annex III — DemandIQ, SupplierSentinel, ProcureGuard, InventoryOrchestrator, QualityTrace — must satisfy Articles 9, 10, 11, 13, and 14 at go-live. This requires: SHAP explanation per inference written to audit log before action; named HITL checkpoint per model; versioned Model Card in Vertex AI Registry; risk management documentation complete.

Must Have All high-risk
modules · XAI Layer

BR-07

Strategic sourcing decisions supported by ML risk-adjusted scoring + A2A commerce

Every strategic sourcing decision across Ariba must be supported by a ML risk-adjusted supplier score from ProcureGuard, with SHAP explanation identifying the top contributing factors. ContractIntelligence must provide A2A agent-to-agent commerce capability enabling autonomous negotiation of standard contract terms before escalating to Legal HITL for non-standard clauses.

Must Have ProcureGuard
ContractIntelligence

BR-08

All HITL checkpoints resolve within defined SLOs — 4-hour SLA for high-urgency events

Every HITL checkpoint across all five high-risk modules must have a defined SLO with automated escalation on breach. Target: 4-hour HITL response for high-urgency events (supplier disruption, MDR vigilance, critical NCR). The HITL state machine tracks elapsed time from entry to decision and escalates to a named backup approver if the primary approver exceeds SLO. All HITL decisions logged to immutable audit store before action executes.

Must Have HITL Layer
All modules

Next in the portfolio

Requirements captured. Architecture follows. This document is the input to TOGAF Phase A — Architecture Vision. Every diagram, decision record, and architecture component in the pages that follow traces back to a requirement, constraint, or stakeholder concern documented here.

PG 03

TOGAF ADM — Phases A through F

Architecture Vision · Business · Data/App · Technology · Migration · ADRs

In Design →

PG 04

Delivery & Product Design

SAFe Solution Train · Personas · FRD · HITL Specification

In Design →

PG 01

← Back to The Autonomous Supply Chain

Concept · Philosophy · Architecture Overview

→