Please enable JavaScript.
Coggle requires JavaScript to display documents.
Electronic Data Interchange part -1 (EDI system requires (communications…
Electronic Data Interchange part -1
proper controls and edits need to be built within each organization’s application system to allow this communication to take place.
EDI system requires
communications software
moves data from one point to another, ease the start and end of an EDI transmission
determines how acknowledgments are transmitted and reconciled
#
translation software
build a map
and
shows how the data fields from the application correspond to elements of an EDI standard
uses this map to convert
data back and forth between the application and EDI formats.
#
access to standards
#
Types of EDI
Traditional EDI
involves three functions
Communications handler
Process for transmitting and receiving electronic documents between trading partners via dial-up lines, public switched network, multiple dedicated lines or a value-added network (VAN).
The VAN receives all the outbound transactions from an organization, sorts them by destination and passes them to recipients when they log on to check their mailbox and receive transmissions.
They may also perform translation and verification services
VANs help in
configuration of software
offer upgrades to telecommunications
connectivity
provide data and computer security
audit and trace
transactions
recover lost data,
confirm service reliability and
availability.
EDI interface
Interface function that manipulates and routes data between the application system and the communications handler.
EDI translator
This device
translates
the data between the
standard format (ANSI X12) and a trading partner’s proprietary format.
Application interface
moves
electronic transactions to or from the application systems and performs data mapping.
interface may
generate and send functional acknowledgments
1 more item...
verify the identity of partners
,and check the validity of transactions
by checking transmission information against a trading partner master file.
Application system
programs that process the data sent to, or
received from, the trading partner
Web-based EDI
Access through Internet service providers (ISPs) offers generic network access
can attract new partners via web-based sites
to exchange information,
take orders, and
link the website to back-end order processing and financial systems via EDI.
beneficial
particularly for smaller organizations wanting to enter the ecommerce EDI market
because
ISPs have a ready network infrastructure of servers
offering email, web services and the network of routers,
and modems attached to a permanent, high-speed Internet “backbone” connection
traditional procedures for managed and controlled implementation of system software apply to software used for EDI
there are issues and
risk unique to EDI.
Transaction authorization is the biggest EDI risk
responsibilities of trading partners are not clearly defined
by a trading partner agreement, there could be uncertainty related to specific, legal liability.
risk is the loss of business continuity
Corruption of EDI applications, whether done innocently or deliberately
Additional security types of risk include:
•
Unauthorized access to electronic transactions
•
Deletion or manipulation of transactions
prior to or after establishment of application controls
• Loss or duplication of EDI transmissions
•
Loss of confidentiality and improper distribution of EDI transactions
while in the possession of third parties
EDI Process Controls
To protect EDI transmissions EDI process should include the following electronic measures:
•
Standards
should be set to indicate that the
message format and content are valid
to avoid transmission errors.
•
Controls
should be in place to ensure that
standard transmissions are properly converted
for the application software by
the translation application
.
#
• The
receiving organization
must have controls in place to
test the reasonableness of messages received
..
This should be based on a
trading partner’s transaction history or documentation received
that substantiates special situations
•
Controls
should be established to guard
against manipulation of data in active transactions, files and archives
.
#
Attempts to change records should be recorded by the system for management review and attention.
•
Procedures
should be established to determine
messages are only from authorized parties and transmissions are properly authorized
.
#
•
Direct or dedicated transmission channels
among the parties should exist
to reduce the risk of tapping
into the transmission lines.
•
Data
should be
encrypted using algorithms
agreed on by the parties involved.
•
Electronic signatures should be in the transmissions
to identify the source and destination.
•
Message authentication codes
should exist to
ensure that what is sent is received
.