A software provider wanted to develop a customizable health care information management system that could be installed on-premise or provided as software as a service (SaaS). The solution involved a master module handling security and subscriptions that could create "tenants" or "orgs" for each customer. Customized modules could be added separately to each org. The system was designed using service-oriented architecture and a service broker to allow independent modules to share information without being directly connected. The authorization system used access control lists and user groups to manage permissions for different features across customers.