Book Review: EDI Security, Control, and Audit

[The date of publication is not known.]

EDI Security, Control, and Audit
Albert J. Marcella, Jr. and Sally Chan
0-89006-610-8, Artech

Electronic Data Interchange (EDI) is a computer-to-computer or application-to-application exchange of business information in a standard format. In 1992, there were over 31,000 known EDI users, with a steady increase since 1987. EDI users can be found in such industries as transportation, retail, grocery, automobiles, warehousing, pharmaceuticals, healthcare and financial institutions.

“EDI will change our lives, just as computers did. It will redefine the ways we work as it pushes us toward a knowledge-based society in which we pursue intellectual challenges while routine, noncreative tasks are assigned to computers.” – Gene A. Nelson

As a comprehensive book on EDI, several parts of the book deal more with the operation and setup of such a network. This leads into the areas that explain in technical detail the security and auditing of EDI networks. Beginning with the basics of EDI, the book walks through the pros and cons of such networks. It gives guidelines for who should implement and use it, operating issues, risks, control concerns and more. These sections are brief and to the point, suitable to give to non technical managers who may be considering EDI as a solution.

The following three chapters (2 – 4) delve into the technical aspects and the standards governing their development and operating procedures. Covering infrastructure and standards, networks and telecommunications, and cross-vulnerabilities in EDI Partnerships, these chapters give a solid understanding of the issues at hand. This reading is not suggested for the technical neophyte!

Dropping back out of the technical jargon, Chapter 5 (Managing Interenterprise Partnerships) seems to be more suited toward managers and legal staff. The next chapter jumps back into technical land and covers Application Control Issues, Security/Environmental/Project controls, Inbound/Outbound Control Issues and more. Maintaining the ping-pong style of writing, Chapter 7 (EDI Management and Environmental Control) delves into higher level project and planning.

If your organization uses EDI, or is considering implementing it, this book is for you. Both management and the technical staff can get something out of this book by passing it back and forth to read chapters. For a one stop shop on EDI, this is it.

Leave a Reply