Multiple instances vs Single

Good day, Our company is currently busy with a POC to implement Securedrop for our news websites. We currently support multiple News sites with the audience and the journalists for each being different.

What is the best practice for setting up the environment? Can the App and Monitor server be shared between the different Apps with each having its own secure content location, so that Journalists for News Site 1 don’t have access to the content for News Site 2 and vice versa, or should each Site have its own App and Monitor servers?

What is the best practice for a scenario like this? If separate App and Monitor servers are required for each configuration, can all the app servers be in the same Subnet and all Monitor servers in its subnet?

Just need some advice here.