The ability for businesses to communicate securely with partners, suppliers and customers around the world is a necessity in today’s global economy. In the wake of high-profile data security breaches at several major companies in recent years, the interrelated issues of data integrity and electronic communications security have become top priorities for management teams at public and private organizations alike.
For companies, structural weaknesses stemming from poorly-designed or outdated infrastructure can be addressed in a relatively straightforward manner: IT resources can be directed at fixing security problems, and encryption can be improved to reduce the chances of external penetration. No matter how secure an organization’s IT infrastructure is, however, potentially costly problems can arise from an often overlooked situation – repudiation.
Repudiation occurs when the recipient or sender of a message denies that the communication was ever sent, or received. When a buyer or supplier assumes a position of repudiation, there can be serious legal, financial or regulatory consequences for businesses along the transaction chain. Without the existence of a verifiable data trail that proves a communication was sent and received, agreements can be rendered null and void; important orders can go unfulfilled; and in the worst-case scenario, entire projects can be hampered or derailed by one partner refuting the existence of certain correspondence.
The use of an EDI Value-Added-Network (VAN) provides trading partners with confirmation whenever a message is sent or received, ensuring that the exchange of transaction documents such as Purchase Orders, Invoices and Advance Shipping Notifications are logged, tracked and delivered with no possibility of misinterpretation. The irrefutable nature of communications sent and received using a VAN ensures non-repudiation by automatically protecting the interests of all parties, from buying organizations and internal employees to suppliers and third parties.
How VAN Protects Your Business
In order to protect the integrity of important conversations and agreements during the course of doing business, companies must be sure that they are able to confirm and prove the delivery of specific messages, often within a certain time frame. For example, if an agreement between a buying organization and a supplier stipulates that a product order must be delivered by a certain date, failing which a penalty may be levied on the supplier, both companies involved would benefit from knowing that the confirmation of delivery will be logged and verified using a VAN. This ensures that any disputes regarding the timeliness of a shipment or execution of a service can immediately be resolved – without resorting to legal action – by reviewing the terms of the contract, transactions that have particular responses and the audit trail available from VAN records.
Trusted Third Parties (TTP’s) vs. Manual Transaction Management
Another way to benefit from the security and accountability of verified communication is by working with a Trusted Third Party, or TTP. By definition, an EDI VAN is considered a Trusted Third Party. A TTP manages the encryption and secure delivery of messages between two parties, and provides proof of delivery and receipt for every transaction made through the TTP. As a result, companies working with a Trusted Third Party do not have to worry about the risks associated with manually processing communications using a direct connection, such as AS2 or FTP. The possibility for human or technical error during manual message delivery is substantial, and can lead to miscommunication, unforeseen costs, or disagreements about transaction details. It is these examples that can lead to one party repudiating the validity of a communication; the use of a TTP allows buying organizations to avoid such costly and potentially contentious situations.
Many major retailers require that their suppliers register with a Trusted Third Party in order to become a verified vendor for the company. In this way, retailers ensure that all of their suppliers are using a standardized communication protocol, eliminating the difficulties associated with manually reviewing multiple communication standards for security issues, and lowering the possibility of repudiation.
The development of policies and systems to discourage repudiation is a crucial element of project management at major companies. In a 2008 case study titled “Boeing 787: Global Supply Chain Management Takes Flight”, the importance of secure data management and the assurance of non-repudiation are referenced as necessary aspects of the project management process. Data encryption, well-defined access parameters for stakeholders, and a verified communications infrastructure in the form of VAN or a Trusted Third Party are all required to implement a comprehensive data security strategy.