For Your Eyes Only: Safeguarding EDI File Data
We all want the convenience of sharing information seamlessly across departments and business partners.
To eliminate cumbersome manual processes, manufacturers share Electronic Data Interchange (EDI) documents—such as shipping notices and purchase orders—with 3PLs, sourcing companies, expeditors, and freight forwarders so that these parties have the information they need.
EDI documents bring manufacturers added convenience and faster time-to-market—but at what cost? With paper records, implicit and explicit rules exist around what information can be shared and who is responsible for which roles.
In the transition to online communications, however, technical restrictions often impede these rules from being carried over, which can lead to security breaches, loss of negotiating power, and a host of other troubles.
Traditionally, manufacturers have utilized a single EDI account for their entire staff as well as external partners. This simplistic approach has major flaws.
In highly regulated environments, such as pharmaceutical and medical manufacturing, the inability to trace activities back to specific individuals is unacceptable to auditors.
In other verticals, such as consumer goods and automotive suppliers, business data could be destructive if it fell into a competitor’s hands.
Imagine, for example, if your business rivals knew what you paid for raw goods or how you structured your partnerships. They could easily exploit this information to undercut you in competitive bids or usurp your key alliances by offering a better deal to critical partners.
Revealing certain information to external suppliers can also be detrimental, negating your bargaining position.
3PLs, for example, want access to electronic purchase orders to gather the information they need to package goods. This saves them considerable time, eliminates error-prone data entry, and speeds product delivery. But some purchase order data shouldn’t be shared with suppliers.
Say the 3PL realizes that the manufacturer is doing $5 million of business and is only paying five cents a box. The 3PL is likely to push for larger profits if it knows how much the manufacturer is bringing in. Likewise, a manufacturer won’t want to let on to outsourced contractors how much it’s selling the end product for.
Manufacturers must be careful when sharing remittance advice, which contains bank routing information. One slip in revealing financial information opens the door to potential theft, or worse, embezzlement.
The best approach to EDI password structure allows a considerable level of granularity. For example, the organization could enable the account manager for customer A to view invoices (without editing them), but not see any information for customer B.
Likewise, manufacturers can share important data with suppliers while shielding confidential information. A company might give its 3PLs access to purchase orders so they know what to pack, but automatically filter out prices and other sensitive information.
Implementing such approaches forces businesses to think about who should have access to what information. This empowers manufacturers to improve processes practically and fluidly.
In a global manufacturing environment, enabling role-based EDI access empowers manufacturers to share information securely while improving productivity across the supply chain.
This approach affords the organization control over not only what data employees and external partners see, but also what they do with the information.