Electronic Data Interchange archives - IT Governance, Risk, and Compliance
Home > IT Blogs > IT Governance, Risk, and Compliance >

IT Governance, Risk, and Compliance:

Electronic Data Interchange

May 26 2009   6:14PM GMT

Electronic Commerce - Part IV



Posted by: Robert E. Davis
Internet, Electronic Commerce, Message Integrity, Business-to-Business, Business-to-Consumer, Business-to-Employee, Business-to-Government, Electronic Data Interchange, Public Key Infrastructure, Uniform Commercial Code, E-commerce, B2B, B2C, B2E, B2G, EDI, PKI, UCC

EDI is commonly defined as the transfer of data between different companies utilizing networks. For the vast majority of entities, enhanced transactional traceability, reliability, and accessibility are derived EDI benefits; but without appropriate controls, communication interdependency can elevate legal, security and operational risks. As an accepted remedial risk measure, public key infrastructure (PKI) is the primary technological resource permitting E-commerce portable trust. However, to achieve E-commerce security transparency requires an appropriate trading partner compatibility solution that addresses various entity-centric encryption and digital signature techniques.

“View Part I of the Electronic Commerce series here

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend

May 22 2009   7:00PM GMT

Electronic Commerce - Part III



Posted by: Robert E. Davis
Internet, Electronic Commerce, Message Integrity, Business-to-Business, Business-to-Consumer, Business-to-Employee, Business-to-Government, Electronic Data Interchange, Uniform Commercial Code, E-commerce, B2B, B2C, B2E, B2G, EDI, UCC

EDI between trading partners can be interpreted as legally binding contracts. For instance, when a transaction is initiated by one of the trading partners, such as a purchase order, it constitutes an “offer”. In turn, if a trading partner agrees to supply the merchandise requested, it normally is considered “acceptance” of the offer. Thus, interpretively, under the U.S. Uniform Commercial Code a contract between buyer and seller is established.

Regarding effective security, two topics have gained notoriety: managerial ease and portable trust. Managerial ease focuses on making the security infrastructure’s integration and utilization with various applications transparent to enable adoption by trading parties. Portable trust supports telecommunication links with external parties through faith in resource authorizations and reliable message delivery. Inadvertent data loss during transmission reduces the cost savings generally associated with EDI deployment. Furthermore, message integrity issues can jeopardize connectivity status.

“View Part I of the Electronic Commerce series here

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend

May 19 2009   7:52PM GMT

Electronic Commerce - Part II



Posted by: Robert E. Davis
Internet, Electronic Commerce, Business-to-Business, Business-to-Consumer, Business-to-Employee, Business-to-Government, Electronic Data Interchange, E-commerce, B2B, B2C, B2E, B2G, EDI

Delineated, B2B is E-commerce between discernibly distinct entities. B2B links enable the exchange of products, services, or information between entities. Cascading down, Electronic Data Interchange (EDI) methodologies are the precursors and pillars of Internet integrated B2B relationships. Depending on activity frequency and application, EDI control risk can become material. Where EDI is implemented, lack of direction, reliance on third parties, and system dependencies potentially expose an entity to additional legal, security, and operational risks.

“View Part I of the Electronic Commerce series here

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend