Add to collection(s) Add to saved
  1. Business
  2. Finance

EDI Guidelines - Section 3

advertisement 
OBF/EDI GUIDELINE
GENERAL SECTION
3
Legal Considerations
3.1
General Introduction
LEGAL CONSIDERATIONS
Electronic Messaging Systems (EMS) and applications such as EDI affect practices. Because the
law does not directly address the complexities of these technologies, doing business via EMS may
involve legal uncertainties. EMS complexity can only increase as more sophisticated hybrid and
enhanced service offerings become available. The law has not kept pace with the complexity of
EMS.
Business requires control over their contractual correspondence. Such control includes
determination of when correspondence is transmitted, to whom it is transmitted, when it reaches
the recipient, and an appraisal of the accuracy, integrity and risks of the communication. Some of
the legal issues include, e.g., various offer and acceptance rules, the propriety of paperless
communications, competency of sufficiency of evidence, EMS and electronic mailbox control,
legal and regulative record retention issues, ownership and liabilities, and various risks of
transmission. Further study is required to identify problem areas and to propose flexible and
adaptive rules fostering greater legal certainty.
EDI has been used successfully for a considerable number of years. For a large and impressive
list of companies, legal uncertainties have not posed a substantial obstacle to the adoption of EDI.
In many instances, the legal risks of using EDI -- when compared to the risks associated with
traditional paper-based trading systems -- have been considered manageable. Certain legal risks
have been addressed with special agreements between trading partners and the adoption of
appropriate in-house policies.
It is important that new users consult with counsel throughout the EDI implementation
process. This chapter provides a very brief introduction to some of the issues counsel should
consider addressing when a new user implements EDI. The full range of issues that must be
dealt with, and the importance of any particular issue, will vary from one user to the next.
EDI implementation should bring about a rethinking by the business entity of its entire records
management and retention policies. The ultimate decision regarding scope and duration of
retention of electronic (i.e., EDI) records will depend on the company's overall business strategy
and requirements.
3.2
Record Keeping
Internal control systems should be reevaluated in the context of EDI to assure responsibility for
data maintenance, including audit trail, transaction reconciliation, and backup capability.
When business transactions are recorded on paper documents, businesses can store those
documents as evidence of what took place. EDI does away with the exchange of paper
documents. Internal record keeping systems should therefore be reevaluated in the context of
EDI. Among the issues to be addressed are these:
1. Will the user keep a record of each EDI message sent and received?
2. Will EDI messages be reformatted or altered by the user before final storage?
3. On what medium (paper printout, magnetic disc, etc.) will EDI messages be stored?
November 2007
3-1
OBF/EDI GUIDELINE
GENERAL SECTION
LEGAL CONSIDERATIONS
4. Will records (or "audit trails") be kept to show when and by what means messages were
sent, transferred through intermediaries, and received?
5. Will records be kept to show how the user compared and reconciled related messages?
6. To what extent can the records that are kept be expected to be admissible in any potential
judicial or other proceedings?
7. How long will EDI records be kept?
8. Will the stored record maintain/include the authentication "stamp" or non-repudiation
signature?
9. If paper documents are no longer kept, will controls over the retention of resulting
electronic files be tightened?
3.3
Authentication
It is important that the source and the integrity of data transferred between the trading partners be
assured before the data is acted on. The security and controls needed to provide a proper level of
assurance is a business decision that should be based on an assessment of the risks involved.
The decision to implement and Message Authentication Code (MAC) should be mutual between
trading partners and stated as a requirement in the trading partner agreement.
Traditionally, paper documents and signatures have been used to authenticate the data that
constitute commercial transactions. Authentication of EDI transmissions requires different
methods. With the implementation of any particular EDI system, users and their counsel should
consider these issues in the context of the user's particular needs:
1. Will the integrity and completeness of data transferred between trading partners be
adequately assured before it is relied upon?
2. Will the source of a message, and the legal authority of that source, be satisfactorily verified
before the message is relied upon?
3. If determined necessary, will adequate records be kept to show that authenticity of messages
were tested?
Users and their counsel should refer to X12.42 and X12.58 regarding methods commonly used
under the X12 standards to authenticate messages.
EDI poses no different threat than any automated system which utilizes telecommunications. The
issue is automation and electronic data vs. a paper-based system. EDI formats simply provide
structure to that data.
3.4
Trading Partner Agreements
Users should exercise care in developing and entering into trading partner and third party
agreements. Comprehensive trading partner and third party agreements should be considered
prior to commencing EDI trading. In addition to conventional "standard terms and conditions"
which (with some variability) are used to define conventional trading relationships (such as terms
and conditions typically appearing on purchase orders), users should consider what impact data
communications and computer systems have on their business correspondence and trading
November 2007
3-2
OBF/EDI GUIDELINE
GENERAL SECTION
LEGAL CONSIDERATIONS
relationships, as well as including the manner of customarily doing business, such as use of
responses, acknowledgments, etc. and thus appropriate provisions for EDI trading.
Many EDI users enter a special agreement with each of their trading partners to govern their EDI.
The provisions that should be included in such an agreement will vary from user to user. Among
the issues that might be addressed in a trading partner agreement are these:
1. The specification of the version/release of the EDI format the parties will use.
2. The specification of the third party network (if any) each partner will use.
3. The division of the costs of conducting EDI.
4. The confidentiality of messages.
5. The authentication of messages.
6. The records trading partners must keep.
7. An affirmation of the legal enforceability of the transactions entered under the agreement.
8. The procedures for requesting and communicating legal offers, acknowledgments and
acceptances and amendments thereto.
9. The specification of the time when messages become effective.
10. The interpretation of EDI codes.
11. The specification of the substantive terms and conditions that will govern underlying
transactions communicated through EDI.
12. The allocation of responsibility (including liability for any resulting damages) for any EDI
error or fraud or for the occurrence of uncontrollable disasters.
Similar considerations are required for financial institutions and clearing house use in the
transmission of Payment Order/Remittance Advice (Transaction Set 820).
3.5 Third Party Agreements
If a third party service provider is used for data transmission services, the provider will probably
require that the user enter into data communications agreement with it. Among the issues the
user should consider addressing in such agreements are the following:
1. A description of the services to be provided.
2. The warranty by the provider of it's services.
3. The liability of the provider for a breach of the agreement or any damages resulting from
the mistakes of the provider or its employees.
4. The security, confidentiality, and integrity of messages handled by the provider.
5. The responsibility of the provider in the event of a system failure or disaster
November 2007
3-3
OBF/EDI GUIDELINE
GENERAL SECTION
LEGAL CONSIDERATIONS
6. The disposal of data stored by the provider in the event of a disagreement or an
interruption or termination of services.
7. A description of the applicable pricing structure.
8. The termination of the agreement.
9. An assumption of an independent third party review of the third party vendor.
3.6
Laws, Rules, and Regulations
When implementing EDI, users and their counsel should consider whether any special laws, rules
or regulations apply to the users. Utilities and government contractors should carefully consider
whether regulations applicable to them.
November 2007
3-4
Related documents
US-EDI-Teacher-Instruction-Sheet-for-software
US-EDI-Teacher-Instruction-Sheet-for-software
EDI registration form - Department of Agriculture
EDI registration form - Department of Agriculture
Secondary Curriculum, Instruction & EL SERVICES EDI Overview
Secondary Curriculum, Instruction & EL SERVICES EDI Overview
Job Description
Job Description
Dell Boomi EDI Boot Camp - Remote Training Agenda
Dell Boomi EDI Boot Camp - Remote Training Agenda
Medical EDI Services recently celebrated a decade of service in the
Medical EDI Services recently celebrated a decade of service in the
Measuring Early Child Development in Scotland
Measuring Early Child Development in Scotland
Australian Early Development Census National Conference 2015
Australian Early Development Census National Conference 2015
BizTalk - EDI & B2B - Biztalkusergroup.se
BizTalk - EDI & B2B - Biztalkusergroup.se
Introduction to the Azure Service Bus EAI/EDI features
Introduction to the Azure Service Bus EAI/EDI features
Download
advertisement