05.11.08
What is an ERP Firewall?
In my last post, I made the argument that ERP applications are not designed to support the growing levels of outsourcing in today’s manufacturing ecosystem. I think what is needed is an “ERP Firewall” for manufacturers to protect their enterprise systems from bad data. Let me explain this ERP Firewall concept further:
ERP Firewall Defined
ERP Firewall -
noun
1. fire•wall \’fī(-ə)r,wȯl\: an application which permits, denies or takes correction action to electronic data interchanges between an enterprises’ applications and its external business partners systems based upon a configurable set of rules or criteria.
Restated, an ERP Firewall ensures that bad data from external business partners doesn’t enter your ERP system polluting the quality of information in your enterprise applications. Much like a normal firewall, an ERP firewall examines all incoming and outgoing data against a pre-configured rule set. A traditional firewall rule might be to block all incoming clear text FTP traffic on port 21. Similarly, an ERP firewall rule might be to block all documents which are not in the manufacturer’s list of standardized e-commerce processes. For example, the firewall might block all ANSI X12 EDI formats which are not 810, 820, 850, 856 or 997 (or EDIFACT formats INVOIC, PAYMUL, ORDERS, DESADV, CONTRL). As a result, a document such as a 214 or 824 which is not the expected input for any ERP module does not even pass the firewall. Another example of a rule set might be to route any 810/INVOIC documents without a street address, general ledger code or appropriate tax identifier to an exception queue for manual resolution by the supplier.
Firewall Severity Classes and Actions
There are four typical actions that an ERP firewall might take based upon its configured rule set. The action taken will, of course, depend upon the scenario encountered:
1. Fatal – In this scenario, the electronic document is beyond repair. Not only will the document fail during later processing, but it could result in financial losses to the company or its trading partners if not stopped. As a result, the firewall should reject the electronic document entirely by sending a failure notification back to the originator.
2. Error – The electronic document has a critical error that will fail upon attempted processing. In this scenario, the error can be remedied, but only with the manual intervention of an end-user at the originating company. For such scenarios, the firewall should hold the electronic document in an exception queue for the originator to review and repair.
3. Warning – The electronic document has a minor data quality error that will not disrupt processing, but should be corrected, if possible, in future scenarios. The firewall will pass the document through to the ERP, but also log the data quality issues in a report. The logged warnings should be trended for frequency and root cause. The most common occurrences should be identified and remedied through collaboration with the originating trading partner.
4. Auto-Fix – In this scenario, the original document has an error that can be automatically corrected by the firewall. This is the real power of the ERP firewall. In many cases, bad data can be corrected automatically before reaching the ERP. For example, missing fields may be looked up in a table, database or via an application web services call. The original document is then augmented or enriched with the new fields then forwarded for processing. What other types of auto-fix functionality might exist? Documents can be split and routed to different ERP systems. Conversely, outputs from multiple ERPs might be merged into a single document. A fourth function is data filtering, in which, unnecessary data can be stripped out of incoming or outgoing documents to simplify subsequent processing at the destination.
Manufacturers are investing tens of millions to consolidate, standardize, upgrade and extend their ERP applications to optimize value from their ERP applications. However, these efforts are undermined and compromised when bad data from business partners corrupts and pollutes the ERP. An ERP firewall, which can be implemented at a small fraction of the annual maintenance royalty you pay your software vendor, can reduce bad data by up to 50% with just a few simple rule sets.
Steve Keifer
© Copyright 2008 GXS, Inc. All Rights Reserved.
Bryan Larkin said,
May 13, 2008 at 10:05 am
The question is, should the ERP provide this firewall, or another application. An ERP Firewall, or a Business Data Shield, would be best if it protected all internal applications. Implemented as part of an existing app, a company might then need to configure and support multiple such solutions - one for each externally facing application.
A stand alone solution that is application agnostic and that can provide a Firewall against both transactional and non-transactional data could do so regardless of the back office systems - and could stay in place as the back office systems were upgraded or replaced.
At a recent speaking engagement, I was approached by a line-of-business manager who was distraught over a problem that could be addressed by such a Firewall. This person worked for a well-known small appliance manufacturer. He indicated that retailers were constantly sending him orders for two-packs of his products, but referencing the price of a single unit. Because his company has agreements with his retailers that state that acceptance of the order is an acceptance of the terms, his company is receiving half the payments they are entitled to because his systems don’t do a price/order quantity validation check before sending out a PO Acknowledgement. Many manufacturers face this same problem.
A Firewall would validate incoming Purchase Orders against known current pricing and configurations and alert the sales or customer service team of an issue BEFORE allowing through. This would be a 5th role for the Firewall - alerting of appropriate staff of potential problems and then holding the document until it is approved.
At the same time, the Firewall could validate product information inbound to a retailer to assure the data is complete, accurate, and consistent before it is allowed to populate all the systems that support a modern multi-channel retailer. This would assure a unified message to consumers no matter which channel they use.