Your EDI Resource

EDI Application Upgrade: A Little Planning Goes a Long Way

Posted by Shandra Locken on Mon, Jul 17, 2017 @ 08:30 AM

6611378317_c4948f659b_z.jpgPhoto appears courtesy of brownpau.  This blog was written by Kim Zajehowski, Aurora's Manager of EDI Hosting.  How many times have you scheduled to do an EDI application upgrade only to find out you have not met all of the requirements the day of the upgrade or that users were not informed that the system would be unavailable during upgrade time? The objective is to eliminate surprises during the upgrade process and reduce stress when you have to shut down your EDI functionality while you are upgrading your EDI system. Your EDI system is probably one of the most critical applications in your environment.

Proper planning is the key when scheduling your upgrades to avoid future headaches during the process. It is very helpful to develop a checklist of all of the tasks that are required during the upgrade process and check them off as you go. The checklist can then be referenced for future upgrades as well and tweaked as required.

Some key tasks that should appear on your checklists are as follows: 

  • Obtain the latest application version software and documentation from your reseller or application technical support. This may take a little time depending on your media choice. Some may have to download image files from a vendor’s FTP site and convert them to the necessary format to be able to use them. Make sure you have the image conversion process readily available. Others can download the files required directly to their system without having to convert them. 
  • You may want to reach out to the application community groups (i.e. Yahoo Groups) to poll to see if anyone has encountered any issues on upgrading to the latest version of the software.  Sometimes the best source of information is fellow users.
  • Review the documentation. There may be separate procedures for upgrading vs. a new installation of the applications.
  • Review your system requirements. Ensure that you have applied all of the necessary patches, system operating system upgrades, etc. prior to your upgrade date. You may also be required to do a step upgrade where you have to do a preliminary upgrade to a more recent version of the application prior to upgrading to the latest version.
  • Discuss the upgrade with all parties involved to help in planning the best time to do the upgrade. During the week may not be feasible and the weekend may be best time to do it. Keep in mind that support resources may be limited on weekends and off hours if you do run into an upgrade issue. Set an agreed upon upgrade date.
  • Schedule to do clean up and/or purge on your existing data and review your data retention policies prior to the upgrade date. The less data for the upgrade to work with is better and the upgrade will finish faster.  See another blog we did a while back on eHoarders.
  • Determine if there are any database or application interface changes that may affect your existing processes. You may or may not have to modify and recompile some of your processes, programs, etc.
  • Determine if there are any menu, screen, etc. changes within the application that you may have to review with users.
  • On the day of upgrade, ensure no EDI processes are running and all EDI users have been made aware that the EDI application will be temporarily down during the upgrade process. You may have to disable or shut down any automated EDI procedures. During most EDI application upgrades, you have to have exclusive use of the EDI system in order to perform the upgrade successfully.
  • Ensure that you are signed in as an administrator or security officer user and perform a backup of the necessary objects prior to any upgrade and ensure that you have the restore procedures readily available to restore the application if you run into an issue.
  • When doing the upgrade, you will want to be signed in as the administrator, security officer, or application service user when doing the upgrade depending on the application. For Liaison products, it is best to use the Liaison ECS service user to ensure the proper permissions are in place for the upgrade.  Permissions issues is the number one problem we see in upgrades and installations.
  • Follow the application upgrade documentation to perform the upgrade.
  • Once the upgrade has completed, try testing inbound and outbound communications to your networks, trading partners, etc. by resetting a functional acknowledgement to be sent and reprocess an inbound functional acknowledgement from your VAN if you have that functionality on their portal.
  • Once successful testing of transactions has been completed, start any disabled procedures and inform your users that the system is now available.
  • Provide training for users if any application changes or procedural changes that may affect them.

The more thorough the planning and preparations are prior to your upgrade, the more successful the upgrade process will be. I will always remember what a past manager of mine many years ago would say, “Plan your work, Work your plan.” This statement can be your mantra when working on any project not just an EDI upgrade.

Click below to read our case study how we helped Print Media become EDI compliant with state of the art software.

Click for Print Media Case Study

 

Tags: EDI Consultant, EDI Technology, EDI integration, data security, data integration, business processes, EDI software, EDI, EDI Documentation

What is HIPAA?  Complying and Reducing the Burden

Posted by Shandra Locken on Fri, Apr 21, 2017 @ 04:12 PM

asg_Bgip4AJNHEgV5Oxp2Fart_J2wW7etzgwOX4zC32F1492637205344-iStock-650097548.jpgReprinted with permission from Liaison Technolgies.  Written by Hmong Vang, Chief Trust Officer for Liaison Technologes.  The Health Insurance Portability and Accountability Act (HIPAA) was an amendment to the Internal Revenue Code of 1986.  And while it was enacted primarily to ensure portability and continuity of health insurance coverage and improving the exchange of health information electronically, it also was intended to protect a patient’s protected health information (PHI) which includes health status or condition, medical history, insurance coverage, payment for health care, and other data that a healthcare provider or other covered entities collect in order to provide the proper care.

Signed into law in 1996 by President Bill Clinton, the act contains five key sections that cover: policies for health insurance coverage (Title I), compliance requirements for processing electronic healthcare transactions and implementing secure access to data (Title II), guidelines for taxation and medical care (Title III), rules for defining health insurance reforms (Title IV), and provisions for life insurance policies owned by companies (Title V).

For health care providers, insurance companies, and businesses that support health systems and providers, HIPAA compliance largely pertains to adhering to the standards and guidelines defined in Title II. This post focuses on understanding the basics of HIPAA compliance and how to reduce the burden of complying with the guidelines defined in Title II.

HIPAA Isn’t Only for Doctors and their Patients

HIPAA and the US Department of Health and Human Services (HHS) provide a clear definition of covered entities and business associates that need to comply with HIPAA rules. HIPAA defines a covered entity as one of the following:

  • A Health Care Provider including doctors, clinics, psychologists, dentists, chiropractors, nursing homes, medical laboratories or pharmacies that are transmitting patients’ PHI electronically.
  • A Health Plan Provider such as health insurance companies, health maintenance organizations (HMO), companies providing health plans, and government entities paying for health care.
  • A Health Care Clearinghouse that processes nonstandard PHI into standardized electronic formats or vice versa.

Business associates are individuals or entities that assist covered entities in carrying out healthcare functions and activities. Vendors that transmit, process and/or store PHI on behalf of a covered entity or business associate are also bound to abide by HIPAA rules.

Understanding HIPAA Rules

Title II of HIPAA includes five key rules or standards which covered entities and business associates are required to comply with:

Privacy Rule. The Privacy Rule aims to protect patients’ rights to their PHI. These rights include allowing patients to examine, obtain copies of, and request corrections of their PHI. The Privacy Rule also requires covered entities to establish safeguards to protect patients’ PHI and also sets guidelines on when PHI may be used or disclosed without the patients’ authorization. Other administrative requirements laid out by the Privacy Rule includes appointing a privacy official at a covered entity, training employees on privacy policies and procedures, establishing and maintaining technical and physical safeguards to protect PHI, and creating processes that will handle patient complaints. Finally, the Privacy Rule establishes the penalties that covered entities will incur in case of a data breach.

Security Rule. The Security Rule specifies the required safeguards that need to be in place to protect patients’ electronic protected health information (ePHI). It requires covered entities and business associates to establish administrative, technical, and physical safeguards to maintain the integrity, confidentiality, and security of ePHI. Specifically, covered entities and business associates must: identify the sources of ePHI and PHI, including those that they create, receive, process, transmit, or maintain; perform regular risk assessments related to the protection of ePHI; and ensure organizational compliance through administrative safeguards. Like the Privacy Rule, the Security Rule also aims to protect patients from unauthorized, unreasonable, and impermissible use of their ePHI and PHI. While the Security Rule does not lay out specific guidelines on technical specifications, costs, and complexity of security measures, it requires covered entities and business associates to take them into consideration. Finally, the Security Rule requires covered entities and business associates to regularly review and adapt their security measures to evolving risks.

Enforcement Rule. This rule sets out the authority of the Health and Human Services (HHS) Office for Civil Rights (OCR) to enforce the Privacy and Security rules and to impose penalties in cases of violations or noncompliance. The OCR follows a three-step Enforcement Process: investigation of complaints, conducting compliance reviews, and fostering compliance through education and outreach programs. See the HHS website, where the OCR lists the most common and frequent compliance issues investigated since 2003. They include: impermissible uses and disclosures of PHI; lack of safeguards of PHI; lack of patient access to their PHI; use or disclosure of more than the minimum necessary PHI; and lack of administrative safeguards of ePHI.

Breach Notification Rule. HIPAA requires covered entities and business associates to notify affected individuals, the HHS, and the media, in more severe cases, following a breach of unsecured PHI. A breach is defined as an impermissible use or disclosure of PHI. Under the rule, covered entities and business associates must provide notifications to individuals affected by the breach without unreasonable delay and no later than 60 days from the discovery of the breach. Individual notifications must include a description of the breach and descriptions of the medical information compromised, the suggested actions individuals should take to prevent further harm, the steps the covered entity are taking to investigate the breach, minimize adverse effects, and prevent further breaches, and how individuals can contact the covered entities. For breaches involving over 500 individuals in a jurisdiction, covered entities are also required to notify prominent media outlets in the jurisdiction.

Omnibus Rule of 2013. In 2013, the HHS created the HIPAA Omnibus Rule to implement modifications to HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act. The Omnibus Rule implemented extensive changes to HIPAA, including: requirements to strengthen the privacy and security of PHI; introducing objective guidelines for a covered entity’s liability in case of a breach; defining the steps in enforcing the Security and Privacy Rules for the OCR; holding business associates to higher standards as covered entities; and increasing the penalties for violations and/or noncompliance of the HIPAA, up to a maximum of $1.5 million per violation.

Reducing the Burden of HIPAA Compliance

The scope of HIPAA is extensive and compliance can be overwhelming for covered entities and business associates. Not only do covered entities face huge upfront costs to assess and meet governing compliance standards,  but business associates and vendors supporting them need to factor this into their budgets as well.

As in most budget planning efforts, upfront costs are usually anticipated and forecasted, but many organizations underestimate the cost of maintaining compliance, which can reach hundreds of thousands or even millions of dollars as enterprises struggle to keep up with ever-changing regulations and technologthat require ongoing investments.

Considering the huge cost of compliance (and non-compliance), forward thinking organizations align as many data initiatives as possible in support of compliance.  If data integration operations are managed in-house, then all the compliance costs, burdens, and liabilities mentioned above also fall squarely the covered entity or business association, or even their vendors. Every new application, EMR platform, or change in data configuration must be accounted for the compliance strategy—no easy feat when both the amount of data and number of applications organizations must deal with are growing exponentially.

An alternative that can reduce some of this burden is data integration and management as a managed service through a third-party integration provider that follows a Trust Framework. Now the burdens of compliance, along with the growing integration complexities and staffing challenges, are being managed by a trusted partner. As new data sources are added and integrated, that same level of compliance and security is applied to all. Leveraging a cloud-based managed services platform, offloads much of the people, processes and technology compliance to the third-party.

Vendors and HIPAA Compliance

Vendors supporting covered entities and business associates, must take HIPAA compliance seriously. As more applications, operations and PHI data move to cloud-based software and platforms, entities that are bound by HIPAA rules need to be sure they are entrusting their business operations and PHI to business partners that are continuously compliant. Cloud-based platforms that offer complex integration, data transformation and harmonization in a managed services model not only offer healthcare customers the ability to scale, integration expertise, and efficiency that compliments their IT operations, but they also supplement compliance by ensuring the people, processes, and technologies are adhering to these requirements.

How are you managing the compliance burden?  Click below to read about the unique challenges the pharmaceutical industry faces and how to solve them.

Download  Pharmaceutical  Challenge  Whitepaper

Tags: cloud, cloud computing, SaaS, HIPAA, data integration, data security, Managed Services

SHA-1 vs. SHA-2 Digital Certificates - What's All the Fuss About?

Posted by Shandra Locken on Fri, Jul 22, 2016 @ 08:30 AM

3650110365_db59b26484_m.jpgPhoto appears courtesy of F Delventhal.  This week's blog was written by Aurora Manager of EDI Hosting, Kim Zajehowski.  Many of you probably know about the new requirements coming regarding SHA2 digital certificates.  Before we discuss that, let's first look at SHA-1.  What is SHA-1?  According to Wikipedia, in cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST. SHA-1 produces a 160-bit (20-byte) hash value known as a message digest.  A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long.

SHA-1 is no longer considered secure against well-funded opponents.  In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3.  MicrosoftGoogle and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

What is SHA-2?  According to Wikipedia, SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the National Security Agency.  SHA stands for Secure Hash Algorithm. Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity.  For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered with.  A key aspect of cryptographic hash functions is their collision resistance: nobody should be able to find two different input values that result in the same hash output.

We are seeing a number of trading partners in the EDI world (i.e. Walmart, Kohl's, Inovisworks.net VAN, etc.) taking a stance in the industry to convert their AS2 and SSL certificates from the SHA-1 to SHA-2 as their standard  (seen as SHA256 in some applications) to protect their customer’s data.  Some are even requiring that their suppliers convert their own existing certificates to SHA-2 with stringent guidelines as to the expiration of such certificates.

What does this mean for all of us?  If you communicate via SSL and AS2 communications utilizing SHA-1 digital certificates, it is in your best interest to make sure your communications applications can accommodate your organization to not only load and use SHA-2 certificates for your connections, but also allow to you create your own SHA-2 certificates and use them as well. It is always best to check with your application vendors to ensure that your software applications support this transition, or there is a chance that your EDI communications will experience some downtime related to this if you do not upgrade or implement SHA-2 certificates going forward. You are going to start to see e-mail notifications from some of your customers notifying you to make this change relatively soon if you have not already.

Some software applications may require that you upgrade to the latest versions/builds to be ready to accommodate for this change.  Other software applications may require that you simply apply a patch to your current version of software.

This has major implications for the EDI world.  Make sure you are compliant or there could potentially be an interruption in communications for you with some of your most important trading partners.  Note that this may end up being a several step process for you to be ready to accommodate them.  First, you may have to get your software applications current (builds/upgrade/patches).  Second, create your own SHA-2 certificates.  Third, install a customer’s SHA-2 certificates.  Fourth, perform some additional configuration to reference the new SHA-2 certificates in your environment.  Fifth, coordinate with other trading partners that may be affected with your certificate change as well.  Last but not least, test your connections both inbound and outbound.  This all involves proper planning and coordination so that you minimize your downtime and you address any other affected trading partners as well.

As we so often hear, change is really the only constant.  How we adapt to that change is what ultimately determines our success.  

Click below to view our video on Thinking About EDI "Outside the Box."

Click Now for EDI "Outside the Box"

 

Tags: AS2, technology, EDI software, communication, data security, EDI considerations

My Logs Killed MySQL

Posted by Shandra Locken on Fri, Mar 25, 2016 @ 08:30 AM

3545423115_d4f2e2f79a_z.jpgPicture appears courtesy of John Mueller.  This guest blog was written by Nathan Camp of LogicMonitor.  Death by “Doh!Nuts!” is when a seemingly harmless, completely obvious, and avoidable issue goes unnoticed, swarms, and then crushes your software applications and the servers on which they reside. When you figure out why the database server crashed, you typically hear yourself shriek out, “Doh!,” and “Nuts!”

I absolutely love Liaison’s Delta and ECS software. It’s some of the most powerful on-premise data integration software out there. But, like all powerful integration software, the initial translation map building process requires human trial and error iterations to confirm that data output matches the expected format.

A best practice, available in many software applications and supported by Delta and ECS, is to initiate verbose logging during the development and testing phases of the design process, which can then be either turned off, or better yet, turned to only log errors and issue warnings.

And this is where the Doh!Nuts! come in.

Doh!Nuts! always cost Network and System Admins time in diagnosing, correcting, and restarting services, and often impact business partner relationships.

Some users would occasionally forget to turn off the verbose logging, especially when chasing the glory of going production-live with their systems. As you can already guess, they would go live, their software would diligently report all aspects about the successful message exchanges, and stuff these kernels of non-important data into the production database. At about one month in, the software would screech to a sudden halt and stop extremely important business-to-business data exchanges.

That’s where network performance monitoring solutions, like LogicMonitor, can watch both the hardware and applications running on them and warn in advance that a pending Doh!Nut! is about to hit. A brief list of a few key Windows SQL or MySQL database metrics that are monitored and alerted on include:

  • Volume usage
  • Total IO operations per day
  • Disc throughput and latency
  • Processor queue
  • CPU usage

With loss-less database technology, the granular detailing allows predictions based on accurate trending metrics. You can see in advance when new disc volumes may need to be added to handle growing data, or better, when you may need to run your clean-up routines to remove non-important data. And with integrations to incident reporting and support ticket solutions like PagerDuty, ConnectWise, and several other leaders, LogicMonitor provides real-time, smart actions for IT rapid response.

Yet, that’s not all that can be done with advanced SaaS-based solutions. Mike Suding, one of LogicMonitor’s sales engineers, recently tested the boundaries of these performance monitoring and alerting systems. Mike took the approach that system alerts can be used as the basis to actually orchestrate a hands-free, “fix the problem” response. The below video shows a brief example of how he used network performance monitoring tools to clear out the temp files from the hard drive.Screen Shot 2016-03-04 at 3.52.57 PM

For more helpful ideas on monitoring and managing your IT infrastructure, you can subscribe to Mike Suding’s blog or his YouTube channel. Be sure to also check out LogicMonitor’s blog and video case studies list.

Click below for a case study on how Aurora helped QuiBids.com move their EDI operations to the next level.

Download  Case Study

Tags: EDI Technology, EDI software, data integration, technology, data security, Liaison Delta/ECS

EDI Lessons Learned

Posted by Faith Lamprey on Fri, Dec 05, 2014 @ 01:47 PM

EDI LessonsPhoto appears courtesy of Colored Pencil Magazine.  A painful, almost disastrous lesson learned...don't let this happen to you!

Recently a customer in the financial industry had their EDI server crash.  They moved quickly to set up a new server and reload it with the requisite software.   However, they had problems with their backup/recover software.  They signed into the EDI software website and downloaded their licensed software from there only to discover that the software was at a higher version then they were running as they had not had the time to install the latest version that they had gotten a while back.  Then they contacted us in a panic (as always happens, we were contacted after hours, but someone was still in the office and took the call).  Their backup software finally allowed them to recover and get back to normal.  We checked our vault of saved versions and had that version (and extra space was here) so we sent it to them for future recovery use.

The lesson learned from all of this?  The customer is now keeping a back-up of the latest version of the software they are running in a separate folder on the server and on a backup server.  They also promised to schedule the upgrade to the latest version. 

To remind yourself how important the EDI software is to your company, figure out the % of orders (by volume and $) that is being processed by EDI.  That should make you be very careful to take care of it the same way you do your ERP software.  Regular backups stored on multiple servers, password protection, and keeping the software up to date at the latest version are all critical factors in this effort.

Big kudos to our client and to our employees for reacting quickly to something that could have had a much worse outcome!

Click below to view a video on Thinking About EDI "Outside the Box" and become a rock star within your organization.

Click Now for EDI "Outside the Box"

Tags: EDI integration, EDI Technology, EDI considerations, integration software, EDI software, data integration, data security, enterprise resource planning, ERP integration

Five Key Questions to Ask Your EDI Software Vendor

Posted by Shandra Locken on Fri, Apr 11, 2014 @ 12:00 PM

data integration solutionPhoto appears courtesy of Susan.  Shopping for data integration solutions is a long, sometimes overwhelming process.  Before you start looking at demos and getting proposals, it's important to sit down and decide what you need for your most basic integration requirements as well as your future requirements.  In other words, the software should be flexible enough to grow with you.  The next step is to get some initial information about the packages you are considering - what are its capabilities? Most software vendors have brochures about their particular package.  That's a good place to start so you can start comparing features and functions.  To take that a step further, it's a good idea to get answers to these key questions:  

1. What communication methods are included?  Many software packages, including Liaison's Delta/ECS, come with the built-in capability of communicating with your trading partners and/or VAN via secure FTP and AS2, as well as SMTP and HTTP.  Can your current software do that?  Or are you paying annual maintenance for separate software packages to have that capability? 

2. What operating systems does the software support?  As vendors like Microsoft and IBM come out with new operating systems, is your current data integration and/or EDI software keeping up? Does the system you are considering support Windows 8?  Making sure that your software and hardware remain compatible is a long view requirement in your selection process.

3.  While file formats does the software support?  Does your current software support EDI and spreadsheets but not JSON?  How about XML?  This is an up-to-the-minute issue in data integration.  Every time we turn around there is a new darling that is going to make EDI obsolete (not going to happen), BUT you will want software that covers all your bases AND has a history of being on the cutting edge of new file formats.

4. Are major upgrades included in maintenance?  I have seen a lot of companies fall behind in versions because they don't want to pay for upgrades.  See this blog where we wrote about this topic.  Many software manufactures offer free upgrades included as long as you keep your maintenance current.  This is important to factor in when you are deciding on a budget.

5.  What kind of security protocols are included?  If you are doing HIPAA transactions, does the software meet the minimum security requirements as set forth by HIPAA?  Can you limit the data that users can view and/or manipulate based on permissions?  And what about firewall protection?  Does your software vendor have an option for sending and receiving data over the Internet without punching holes in your firewall?

These are the most basic questions, other than price, you should be seeking to answer as you start your search.  I have seen many companies not do enough homework, get dazzled by glossy presentations and fast talking sales reps...and their software was missing an important piece they needed.  This will prevent you from having a MacGyvered solution that does not earn its keep.  

Click below for a whitepaper on what getting data integration right can do for your business.  

 

Download Free  Data Integration  Whitepaper

Tags: EDI integration, EDI considerations, integration software, EDI software, data integration, data security

My Cyber Monday Woes

Posted by Shandra Locken on Fri, Jan 10, 2014 @ 12:19 PM

Cyber MondayPhoto appears courtesy of Liz West.  Guest blogging for the Aurora EDI Alliance is Nathan Camp of Liaison Technologies.  I was intent on making this last holiday season a time of reflection and peace. I would not succumb to witty advertising campaigns inducing me to spend money on needless gifts. But then those brilliant marketers at a sky-rocketing start-up called Corkcicle overcame my ability to say no. I had bought Corkcicle’s products during the summer so I knew how well their products converted my garage-warmed bottles into delightfully consumable beverages within a few minutes. This was a vast improvement over ice-in-a-glass. I knew my friends would love these products too. So when I received the offer email on Black Friday talking about the pending Cyber Monday deal, I knew I would be ordering.

  • Monday Morning – I received the email that the deal was on. I headed to work with the intention of placing my orders that night.
  • Monday Night– Corkcicle sent me the reminder email. I tried to place an order on my iPad.
    • During the first attempt, the order failed at the credit card authorization.
    • I, unlike many others, tried again. This time I placed an order successfully.
    • Although I didn’t receive an order confirmation, I decided to add a second order.
    • Still no order confirmations came through. I thought there was something going wrong with the eCommerce site. But then again, it could be I entered another email. I decided to look the next day.
  • Tuesday – No order confirmation. No billing. No emails as promised. I added a calendar entry for Wednesday to check on this.
  • Wednesday – I got my order shipped notices. Two orders at full price. Whoa, what just happened? I knew I had to call Corkcicle and get this billing issue fixed.
  • Thursday– I had a great call with Corkcicle’s support team and they issued a credit to my card, but my confidence in Corkcicle’s systems and processes was shaken.  The experience also left me asking:
    • how elastic were their systems?
    • what were they doing to secure my data and credit card information?
    • what was happening with their sales channels?
    • were their other retailers/resellers being affected by Corkcicle’s data integration issues?

Stephen Bruner, Partner at Corkcicle, responded to my emails within an hour. In the midst of the holiday season, he took the time to both apologize and quell my concerns, and he shared with me the root cause of their Cyber Monday issues as, “We did have a setting that was incidentally turned off in preparation for Cyber Monday that had simply turned off confirmation emails from being sent.  I can assure you that our systems are all using up to date and robust security and data transfer methodology. This was just the result of a costly human error.”

Over the holidays, I provided these Corkcicle packages to my friends, and they loved them. But this episode also reminded me of four obvious statements around successful eCommerce systems. And it’s now, in between seasons, where we can prepare and act, with enough time to make corrections and adjustments to guarantee a flawless 2014 shopping season.

Have A Plan

This needs to be a holistic approach to your customer experience.

  • Know how you will find customers, or better, how you can help them find you.
  • Identify all available sales and marketing channels. Actively nurture your referral and reseller partnerships. Assess performance and reward excellence.
  • Provide your customers with everything they need to make an informed decision about you and your products. This means a clean, well designed Web site, video content and tutorials, easy access to knowledgeable salespeople, client testimonials, and a simple ordering process.
  • Have a return merchandise process in place. Monitor out-sourced operations closely. If returning faulty or unwanted products is harder than ordering the products initially, you will lose repeat business.
  • Share your data broadly. You will be sharing your customer information and ordering history with your fulfillment providers, to payment gateway services, to your financial/ERP software, to your CRM systems, to your marketing automation solutions, and your supply chains. Make sure you have access to your data, and that you have a means to reformat that data for all other systems. Middleware technologies, like Liaison Delta and ECS, are vital for this.
  • Share your customer data securely. Target’s data breach of up to 40 million debit and credit cards has been a staggering blow to consumer confidence for this retail giant. Since your eCommerce operations will be exchanging valuable customer information with other systems and companies, you must have a plan in place on how to make only the necessary information available to the necessary resources. Tokenizing customer details like credit card numbers, account numbers, names, phone numbers, addresses, or other sensitive information is vital. This will allow your customer support to access customer details without the risk of compromising this data through error, negligence, or theft.
  • Share your customer data consistently. Data cleansing is a vital task. This should include address, phone, and email validation services from companies like Service Objects in my town home town of Santa Barbara, CA or Melissa Data, also in CA. Using validation services as new orders are being placed will reduce shipping packages to the wrong addresses, help you recognize fraudulent activity, and/or will de-duplicate customer contact information before it is shared across your systems. As an example, Richard Smith, Rich Smith, Dick Smith all have the same phone number of 805-882-0536, and are quite likely the same person. They should not show up three times in your CRM system.
  • Build in elasticity. Remember this commercial where the eBiz company exceeds their sales expectations? One other consequence to such success is that their IT infrastructure can crash. Virtualized machines with proper back-up, software as a service (SaaS), or completely Cloud-based managed services are very viable options for you to explore and adopt.

Stick To The Plan

Once your plan is in place, stick to it. Of course there will be exceptions and changes to the plan, but any changes should be carefully articulated, reviewed/scrutinized/approved, and documented in your living plans.

Test The Plan

It goes without saying, but having separate environments for development, test, staging, production, and disaster recovery processes and environments is a best business practice and a sound investment. As my friends at Corkcicle discovered, a single, small change introduced to a system at the eleventh hour and forty-five minutes can have very unintentional, costly consequences. Just like pilots going through their flight checks, it’s vital for you to test your end-to-end processes before leaving the gate. Test the process in your sandbox environments first. Then retest every change you make in these systems. Do your tests internally. Do your tests externally. Call up your least technical relative and have them order from your Web site. Test the system again. Don’t trip because someone forgot to turn on the light for you.

Have A Backup Plan

As the Sochi Olympics approach, buzz and attention are being focused on Lyndsey Vonn’s announcement that she will not compete next month. Lyndsey Vonn’s Olympic Supporter, Procter & Gamble, had made a huge bet on her star power as key to their 2014 marketing plan. Part of the plan building process should also include predefined contingencies that have undergone the same rigorous reviews of the initial plan. Identifying and anticipating system and process vulnerabilities is hard. Hiring professionals to help you identify and develop emergency response processes and procedures is money wisely invested. In addition, being able to recover from the unexpected requires a company-wide culture which expects excellent delivery to a customer from day one, with everyone in your organization ready and prepared to do what is necessary to give your clients the best treatment each and every time they place their confidence in you.

I know that Corkcicle believes in their plans deeply. Their deft recovery from an important stumble means more of my friends should be expecting Corkcicles and Chilsners in their stockings next year.

Click below for a free whitepaper on what getting data integration right can do for your business.

Download Free  Data Integration  Whitepaper

Tags: e-commerce, data integration, supply chain, technology, data security

Channel Partner Collaboration a Must for Integration Specialists

Posted by Shandra Locken on Tue, Oct 08, 2013 @ 06:53 PM

Integration Technology VendorsGuest blogging for the Aurora EDI Alliance is Nathan Camp of Liaison Technologies.  Photo appears courtesy of Somewhereintheworldtoday.

When I first started working with customers on data integration projects fifteen years ago, the work was hard. We had to convert structured B2B/EDI transactions into a specific format the ERP vendor made available. I looked forward to the day when standardization would sweep the landscape and make these connections much more simple and widely available.

I was half wrong. I got the widely available connection access part right, but integration work is now much more complex. Businesses of all sizes are working with an ever broadening host of systems and services, rippling away from the core, all-in-one hole left by what used to be promised as a single vendor ERP presence.  

 Examples of the systems that must be connected today include:

1. Marketing and Sales

  • CRM systems, like Sales Force, are now the center of new business leads and deals

  • Marketing Automation systems, like HubSpot and Marketo, tie prospect and client interactions into measurable reporting and nurturing processes

  • Shopping cart/eCommerce packages process new client data through both CRM and Marketing Automation systems for cross and upsell promotion activities

2. Enterprise Resource Planning (ERP)

  • Financial and general ledger details may be populated from either the shopping cart or from the CRM system or even EDI

  • Sensitive data, like credit cards, personally identifiable information (PII) like social security or client account numbers, now need to be made safe before it can be used for customer service and support

  • Geo-coded tax details may be provided by software systems like Avalara

  • Warehouse management software will be used for pick and pack processes and bills of lading. This may be tied to an internal warehouse system, or it could be used to keep track of fulfillment handled by a 3PL provider

  • Shipping/tracking services can be called to complete GS1-128 barcodes and to provide shipment details back to the shopping cart system

  • Inventory systems will be vital for current stock on-hand details to be sent to any other distribution or dot com (Amazon, Wayfair) platform

3. Web site design and shopping cart synchronization

  • While most of this development falls under Sales/Marketing, it’s also vital to keep catalog syndication and inventory details updated so only in-stock, current products are displayed for sale

  • Payment gateways for credit card processing need to be tied to ERP and PCI systems for data security and financial transaction processing

Consider how many of these systems you currently have in your organization, and if they are tied together. Evaluate your expertise around each of these sub-systems. How many alternative solutions exist for each broad category? Got this number in your head? Now imagine how rapidly this number of system permutations continues to grow. As recent trends in ERP system sales suggest, there is a shift from on-premise, big 10 ERP systems towards Cloud delivery. Further erosion of processes which used to be securely attached as modules to the big ERP systems are also rapidly being replaced by agile competitors with faster speed to solution delivery and lower price points. As the shift away from centralized ERP systems and modules escalates, there will be a growing disconnect between business IT system purchases and the knowledge base to support them.

Cloud and SaaS-delivered software options are rapidly decreasing barriers for the entry of new products and services to the market. And with on-demand service licensing, it’s now even easier to add new systems and services as-needed. Now, businesses of all sizes are sharing real-time inventory feeds for just in time supply chains and for drop-ship fulfillment. They are also adding data integration between CRM systems and marketing automation tools to win new business and reward loyal customers. As information becomes a shared resource across internal systems, these businesses are analyzing their data to uncover hidden trends to either avoid or exploit.

With so many new and creative technologies being introduced each year, and the rise of APIs allowing data to flow back and forth from system to system, the greatest challenge for every system integrator is keeping up with this expansion of integration touch points. Going quickly are the days where expertise in a few EDI transaction sets and ERP integration formats was enough to run a professional consulting business. Today, clients are so rapidly expanding their integration touch points, it’s harder for any single company to dwell deep enough in any given technology to gain expertise. What is really required today is for channel partner programs to be built with a collaborative nature in mind.

Channel partner management has always been focused on finding the most efficient ways to get a vendor’s product or service into the hands of a client (it still is). The client dictates how they purchase and consume these products and services. It has been up to the technology vendor to find and train their partners that filled special roles and capabilities that were complementary to the vendors direct delivery capabilities. This ensured that they had partners and paths to get the product to the client as quickly as possible in the desired manner. Today’s channel programs are metamorphosing in response to the myriad options of integration necessities. The biggest challenge and change I have witnessed recently is the adoption of partner-to-partner collaboration. I will highlight three examples where Liaison Technologies, Inc. partners are working in tandem to solve very complex needs together.

(1) Partner to Partner Talent Sharing

The Aurora EDI Alliance is by nature an example of a collaborative group of individual companies working together to solve client needs. Their clients are in retail, fashion, automotive, manufacturing, services, food, logistics, and medical supply/devices. But, this collective organization came across a new business that had very specific knowledge needs around HIPAA transactions. The business model for this new client is to provide medical transportation services, with billings going to the insurance companies instead of the care recipients. The Aurora EDI Alliance is a team of integration specialists, but when it came to working with HIPAA payer/provider data interactions, they needed to enlist the help of another data solution provider with hands-on experience. Early in the discussions with the medical transportation service provider, Liaison Technologies encouraged The Aurora EDI Alliance to enlist the help of a fellow Liaison partner, and that is when Hughes Systems Group became a vital, contributing member to the solution design team. Hughes Systems Group’s services team has been involved with dozens of HIPAA implementations over the years for medical insurance companies, private and public provider agencies, and medical supply and device manufacturers. It was precisely this blend of technical know-how and experience, and the joint solution support of both partners that made selecting the new HIPAA project to be led by Aurora Technologies so easy.

(2) Building It Better

When integration through the “tried and true” proves to be too expensive, cumbersome because existing modules are running on ancient technologies, or is simply no longer supported, it becomes necessary to build a new approach.

When offered the opportunity to help clients evaluate their existing EDI integration solutions for MS Dynamics GP (aka Great Plains), Liaison combined the expertise of two different partners and have co-created a new and unique solution. Copeland Buhl is a full service tax and accounting practice that also specializes in MS Dynamics GP services. Their financial process expertise is matched with their deep GP system knowledge. Liaison also brought Virtual Logistics Inc. to the design process as well. Virtual Logistics Inc. has provided EDI integration for over 450 clients in their years of service to well over 40 different ERP systems. They are also deeply involved in extending their clients’ data integration connections to marketing automation systems, business intelligence, and eCommerce.

Working through client design discussions, I kept thinking to myself how the combination of Copeland Buhl and Virtual Logistics Inc. was like being at a rock concert. You can have a pretty good concert with a set of drums, a guitar, and two talented artists hard at work (an example is the band White Stripes). The ability to walk EDI into the system, build in safety checks, use future-proofing design elements, and talk through outflow response documents end-to-end is magical, and only possible with deep skill sets and experience.

With the need to redesign from scratch, but based upon years of combined knowledge of what works best, can easily be reproduced, and streamlines common data processing issues for existing GP users (double entry, warehouse management software module requirements for ship notices and barcode creation), the three organizations have created a new system and delivery process that will enable GP clients to work with new data extensions they never were able to consider before.

(3) Creating New Capabilities

One of my favorite definitions of “genius” is simply “seeing what is not yet there.” Often, these moments of epiphany are based upon built up combinations of events, discussions, past training, and inquisitiveness. Robin Smith of Virtual Logistics Inc. studied anthropology while at university. Deeply pressed into his psyche at a younger age was a tactical way to collect, view, and make sense of evidence (data). Robin has been talking about the three dimension viewing of data for years as an important stepping stone in making information meaningful for more people.

As Liaison expanded our capabilities to receive, manipulate, and respond to data, Robin seized on the concepts, and found another solution provider to combine data into something very new and unique for his clients. Below is an example where Virtual Logistics Inc. can now take order details collected over time and processed through the Liaison Delta and ECS software, run another data translation process to collect and present the important details over to the mapping overlay system to generate the exquisitely functional and rich reports as documented below.

Sales activity map

Example of eCommerce Performance Tracking

Liaison is quite proud of the amazing things our partners are doing by working together. With the Increasing use of hybrid solutions where both on-premise and in-Cloud models are being used to access, use, and store data, it is becoming even more important for software/SaaS vendors to work closely with their partners and their clients to identify and implement the best matching Web services and servers, database options, Internet services, encryption technology, and security protocols that will best serve our clients’ requirements and needs.

Click below for a case study on how the Aurora EDI Alliance helped AliMed, a medical supply company, optimize their EDI operations using the Liaison Delta and ECS integration software package.

 Click Now for AliMed Case Study

Tags: data transformation, EDI integration, EDI Technology, data integration, EDI provider, data security, enterprise resource planning, SaaS

Three Reasons CEOs Need to Consider Data Integration

Posted by Shandra Locken on Fri, Sep 13, 2013 @ 11:31 AM

data integrationPhoto appears courtesy of Upendra Kanda. As a CEO, why should I care about data integration?  Glad you asked.  A CEO’s job first and foremost is establishing and implementing a vision and direction for the organization that they lead.  In larger companies, they usually report to a Board of Directors and are accountable to them for the profitability of the organization.  A good CEO must assess the external and internal business landscape to ensure that the organization’s goals are both appropriate and achievable.  A disconnect sometimes happens when it’s not always apparent how technology can help achieve those goals.
 
There has always been confusion as to how technology and business interconnect.  The goal is to use technology to further your business goals and data integration is a critical piece of that equation.   In looking up "data integration" on Wikipedia, the first paragraph states, "Data integration appears with increasing frequency as the volume and the need to share existing data explodes."  In the past, data integration was for big companies with deep pockets.  This is no longer true as more technology companies are now offering affordable solutions, making data integration accessible to the SMB sector.  Read on as I offer three compelling reasons you should consider data integration.
 
Reason number one – data integration allows business processes to be automated.  In an integrated environment, B2B transactions happen almost instantaneously, yet you can build in process controls for approval and/or exception handling for errors.  Integration helps uphold the integrity of your data since you are reducing the possibility of human error.  Also, such integration possibilities include the ability to streamline your supply chain planning and scheduling.  For example, forecast planners would be able to establish effective inventory levels and accurately drive production activities to satisfy the needs of your customer.  This kind of automation leads to reduced inventory through a faster and more efficient procure-to-pay cycle (P2P).  A quicker P2P cycle means more cash on hand which is good news for a CEO.
 
Reason number two – with so much out there regarding data, Big Data, Data Mining, Dark Data, I have seen relatively little written about Data Security.  First of all, integration protects you and your customers to a certain extent against employee theft and external hacking threats.  Furthermore, today’s data integration tools allow you to dictate who, when and how users can view and use data, which is especially important in industries like healthcare where the HIPAA police are watching.  Data management from a security standpoint gets more difficult as you add variables.  Lorraine Lawson of ITBusinessEdge.com writes in her blog, “At one time, identities were easily segregated into ‘employee,’ ‘vendor,’ ‘partner’ and ‘customer.’  Which data you accessed, which applications you used were based on these hard identities, but no more as companies see the value in exposing some of the same information or applications to customers, employees and partners.”  As CEOs and business owners begin to see the value in tools like marketing automation, Webstores, PunchOuts, as well as EDI, integrating all these processes will be necessary to maintain data security.    
 
This leads me to reason number three – integration keeps you competitive in the marketplace which should be top of mind for a CEO.  It’s not enough anymore to be EDI compliant and have a Webstore.  It's not uncommon today to find a small company selling artisan toffee to the big retailers using EDI, all while also selling direct to consumers using an e-commerce site AND successfully marketing using social media.  The difference between them and those on the cutting edge is that the latter has all of these processes integrated.  Kevin Jordan of Tibco writes in his blog, “With an integrated platform, it becomes possible to predict what a customer or client will do with accuracy, and allow for a decision based on a customer’s historical data correlated with real-time events.  Imagine this: A customer is wandering around a store trying samples and suddenly receives an email or text offer for that product. Upon opening the message, it can also display some of the customer’s regular purchases and favorite products as an added offer. With well-integrated systems, the company has the opportunity to exceed shopping expectations.”  And this, my friends, is how you go from good to great.

Click below to download an impressive whitepaper from Liaison Technologies on how getting data integration right can help your business.

Download Free  Data Integration  Whitepaper

Tags: integration software, data integration, supply chain, EDI compliant, data security