Additional Security Procedures and Services. To respond fully to the various risks associated with electronic data interchange, parties may wish to consider, as to some of the following risks, implementing some of the following procedures and services, which are independent of the UN/EDIFACT structure:
・ the use of additional identification codes, unique sequence codes or similar non-encrypted tracing and labelling schemes;
・ employing value-added third party service providers to record message transaction logs or similarly archive or verify transaction activity;
・ using protected automatic storage on local work stations within a company's computer network; and
・ monitoring the availability and integrity of communication facilities.
2.6 Record Storage
"The parties shall store and retain records and the Messages communicated under this Agreement as may be specified in the Technical Annex."
Relevant details and specifications regarding the storage and retention of records and the Messages might include:
・ the range of records to be maintained
・ the format(s) in which storage is to made
・ time periods for which records are to be retained
・ the media to be used for the storage and retention
・ the rights of access to the records to be provided
・ the manner in which storage will be maintained (including testing, environmental conditions and the like)
・ requirements for integrity and irreversibility of the records
・ the rules relating to the availability of the records.
Parties are encouraged to consider, in responding to this item, the details specified in response to Section 2.5, Security Procedures and Services.
Section 3: Message Processing
3.1 Receipt
"Any Message transmitted in compliance with this Agreement shall be deemed received when accessible to the receiving party in the manner designated in the Technical Annex."
Designation of the manner of accessibility could include:
・ accessibility through a service provider acting on behalf of the receiver
・ accessibility by the receiver to the Message as stored by a service provider (in an electronic mailbox, for example)
・ accessibility through the internal computer system of the receiver.
3.2.1 Acknowledgement
Parties may designate when acknowledgement is to be required in more than one manner. Messages to be acknowledged may be specified by message type (for example, by using the UN/EDIFACT Message names) or by specifying the circumstances in which transmitted Messages require acknowledgement. Parties may wish to specify that acknowledgement is required when requested in the Message that has been transmitted.
When acknowledgement is to be required, the parties should also specify the details regarding how the acknowledgement is to be provided, including:
・ the method of acknowledgement (re-sending the Message received; sending another Message, such as a CONTRL Message; the use of other media, such as facsimile transmissions)
・ the time periods during which an acknowledgement must be received
・ the relevant security procedures and services to be used (such as the AUTACK Message).
