Managed File Transfer Survival Guide Table of ConTenTs Introduction.....................................................................................................1 Secure FTP Between Platforms is No Longer Enough...................................1 How to Use This Guide..........................................................................................2 Your System Today................................................................................................3 Assessing Your Current Processes.....................................................................4 Who is Going to Implement Your Program?.....................................................6 How to Develop a Transitional Strategy.......................................................8 Step 1: Define System and Business Problems.......................................8 Other Criteria to Consider...............................................................9 Step 2: Identify System Requirements........................................................9 Step 3: Identify Critical System Resources................................................11 Step 4: Prioritize Areas of Improvement...................................................11 Points to Consider When Choosing a New System...................12 Step 5: Developing a Phased Approach to Implementation..............12 Benefits of a Phased Approach.....................................................12 Phase 1 : Project Initiation................................................................13 Phase 2: Blueprint..............................................................................13 Phase 3: Execution.............................................................................14 Phase 4: Testing..................................................................................14 Phase 5: Rollout..................................................................................14 Phase 6: Production Support.............................................................15 Summary..........................................................................................16 Glossary of Terms..............................................................................17 Table of ConTenTs i inTroduCTion If you are responsible for the data management functions of your business, you are probably in survival mode. You are probably sending ever-increasing volumes of business-critical information across systems and exchanging data with members of your extended enterprise (customers, partners, suppliers, distributors, service providers and even governmental agencies). As the challenges become exponentially greater and more complex, the question of how data is managed becomes increasingly important. As your business grows, requirements of your job become increasingly complex … and data becomes more difficult to manage. Out of necessity or convenience, many individuals or departments often manage their own file transfers. This piecemeal approach typically offers no visibility into what data is being transferred, who is responsible for it, and no security for what data is leaving the enterprise. What do you say when your Customer calls and says, “Where is my file?” You may already be seeking a Managed File Transfer (MFT) solution to help protect sensitive data at all times and manage, scale, consolidate and integrate existing file management processes into a single, secure file transfer solution. For example, a large customer, Nestle, may demand you provide them with new methods of connectivity as a requirement for doing business with them. Or, you may have additional challenges for managing files because your business must now comply with security and audit mandates such as HIPAA and Visa Payment Card Industry (PCI), or Sarbanes-Oxley. seCure fTP b eTween PlaTforms is no l onger enough As your business grows, file management becomes more than just two systems exchanging data: it becomes many diverse systems and servers that must be integrated to exchange information effectively. Your business must be agile enough to: • Handle the diversity of new trading partners, with protocols and data types they require and security requirements they impose Bring customers “on-board” quickly Have a clear, easy way to manage your business processes and handle the inevitable exceptions Provide a way for you and your customers and partners to see and understand how and when critical transactions are taking place Track Key Performance Indicators (KPIs) • • • • Whether you send purchase orders, invoices, Automatic Ship Notifications, CAD/CAM files, employee/HR records, or logistical data, transactional data flows can often get disrupted. Throw in mergers and acquisitions that create even more heterogeneous environments, and the challenges escalate. Translations fail. Documents get corrupted and data doesn’t always match up. Messages get lost. All this leads to lost revenue and escalating costs, both in terms of manpower and resources. Meeting audit requirements, responding to Service Level Agreements (SLAs) imposed on your business and establishing efficiencies in your business require technology speaks the language of your business. In some cases, transferred files not only represent your business – they ARE your business. inTroduCTion 1 how To use This guide For a variety of business reasons, you need a Managed File Transfer solution that offers you a scalable and phased-in approach to: • • • • Internal and external file transfer The ability to “bridge” files and messages Central management and control Global visibility/Business Activity Monitoring (BAM): intra- and extraenterprise Automation for file transfer related activities and processes Encryption/Decryption Security – End-to-end Auditability Guaranteed delivery (non-repudiation) Performance metrics/monitoring • Define the system you need, and key criteria you should consider when choosing an MFT suite Devise a best practices plan, to make the transition from your old system to your new system, with minimum disruption in your day-to-day workflow • • • • • • • You know you need to consolidate your data into a single, manageable solution available to your entire enterprise. An enterprise-wide transmission gateway, implemented in a service-based model, helps you manage the transfer and integrity of data at any level — locally, nationally and globally. By following the step-by-step procedures in this guide, you will learn to : • Determine the capabilities of your current file transfer system how To use This guide 2 Your sYsTem TodaY This questionnaire is designed to help you begin planning now. By answering these questions, you can decide if a Managed File Transfer solution is right for the needs of your current business environment. 1 Do you need availability of audit and log information to comply with industry, financial, regulatory or legal obligations? 2 Do you want to offer new, Internet-based file exchange services that will provide better connectivity with your partners and/or customers? 3 Are you worried about issues affecting your business, such as maintaining your competitiveness in the marketplace, responding to security audits, and/or compliance issues? 4 What about security? Inside your organization, is your data safe as it travels between different systems, from application to application, or department to department? Do you have security concerns regarding confidential data residing in the Demilitarized Zone (DMZ)? 5 Is your business agile enough to rapidly engage new trading partners? Can you, your customers and partners monitor how and when critical transactions are taking place? 6 Would you like to increase revenue potential by understanding and optimizing your trading relationships and processes? 7 Does your current file transfer solution have hard-coded scripts sitting on multiple servers that are a security, change management and maintenance nightmare? 8 Do you need to switch from a costly Value-Added Network (VAN) to direct connections? 9 Does your current file transfer solution fail to meet your growing business needs? 10 Do you need to reduce manual processes and increase data accuracy with global, centralized management of every file transfer – securely and automatically even for the most complex business processes? 11 Would you like to make better-informed business decisions with customized, event-driven workflows for real-time exception management? Your sYsTem TodaY 12 Do you need to consolidate various internal, “one-off” point solutions into to a single, streamlined solution that provides end-to-end visibility of each file across your entire supply chain? YES YES NO NO YES NO YES NO YES NO YES YES NO NO YES YES YES NO NO NO YES NO YES NO If you answered yes to any of these questions, you need to ensure the end-to-end integrity of data in your supply chain. This guide will help you get started. 3 Read on to learn more about tools and perspectives that will help your business survive–and thrive! Figure 1. File transfer begins with several business applications that reside on a server and need to communicate with one another. assessing Your CurrenT ProCesses Although your current FTP or other homegrown processes have supported operations well thus far, the tools that support them may be obsolete. In order to remain competitive, management may recommend that you update your file-transfer tools to become more cost-effective, secure, efficient and compliant. Again, both internal and external managed file transfer may be required. Typical Limitations of Conventional File-Transfer Tools Most conventional file transfer tools have limited capabilities, and lack security. In addition, these tools suffer from: • Lack of centralized management, audit capabilities and effective monitoring Lack of visibility into your business – file transfer details are not always available, or only available in the context of the business they represent • Integration issues – lack of control of the entire file transfer process (it has many places to go); not an integrated, streamlined system with end-to-end visibility Current security risks – as well as the risk of losing data, or the risk of data being corrupted Lack of ownership – Operations staff unable to respond to problems—no way to fix the problem easily, because it is it neither an operating system or application issue. Therefore, there is seldom any accountability for solving the problem • • These limitations result in dissatisfied customers both inside and outside the enterprise, and a distinct lack of agility in the organization. assessing Your CurrenT ProCesses Figure 1 shows how file transfer in most businesses begins with a few business applications that reside on a server and need to talk to each other via file transfer. • 4 Then your business starts to grow, and soon there are customers who need to communicate with your systems via file transfers, as shown in Figure 2. Figure 2. As your business grows, customers need to communicate with your systems via file transfers. Now scripts are running everywhere. Various servers may be added to connect to your business partners. In business terms, the information flowing externally and internally is connected. Your business processes expand beyond the firewall. These internal and external one-offs are connected, but can barely be pieced together using conventional scripts and scheduled jobs. What if there is a breakdown? How do you know if data representing your business is late? assessing Your CurrenT ProCesses Figure 3. As file transfer becomes increasingly complex, the need to manage it becomes increasingly critical. Now add the challenge of corporate governance mandates such as Sarbanes-Oxley and others. How can you comply with these mandates and still enhance your business? 5 who is going To imPlemenT Your Program? Evaluate who on your team has the capability, the time and talent to help you develop and implement your plan. Determine what third-party tools you already have and how well they are working. Listen to your business. Understand where problems tend to occur, where SLAs exist, where corporate governance comes into play, and areas where fines have been or can be assessed. Talk to management about more than basic file transfer concepts – talk to them about the business the file transfers represent. Ask management these questions: • • What file transfer capabilities would be helpful to the business? Where can the business make more money (such as new business ventures that may have been deemed prohibitive to venture into due to current technology)? Where does the business need more visibility, advanced warning of service level risks, etc? • Set realistic expectations. Based on staffing levels, set realistic expectations regarding what to change and when the transition to a managed solution will occur. Set up a preliminary schedule for the transition and discuss it with your staff. Consider the value of independent consultants and software providers. They can help your transition to a managed solution using an orderly, phased approach. The market has a variety of expert resources, such as Axway, available to help. who is going To imPlemenT Your Program? 6 when should You begin? You started out small and grew and grew. As things grew, you used what was available. Now you need a better way to: • • • • • • Secure confidential data residing inside your organization—between different systems, from application to application, and department to department Maintain your competitiveness in the marketplace Respond to security audits, and/or compliance issues Implement a file transfer solution that scales to meet your growing business needs Bridge your message based solution with application related files Consolidate a variety of internal, disparate, “one-off” point solutions into a single, streamlined solution that gives you end-to-end visibility of each file across your entire supply chain Integrate disparate, external ”point solutions” into a single managed server for all external traffic Make appropriate audit and log information available to comply to industry, financial and legal obligations Offer new, Internet-based file exchange services that will provide better connectivity to your partners and/or customers Install a secure, open solution that is both platform- and protocol-independent Switch from a costly Value-Added Network (VAN) to direct connections • • • • • There’s an old saying that the best time to invest in real estate is today. We believe the same holds true for moving to a managed and auditable file transfer solution. when should You begin? 7 how To develoP a TransiTional sTraTegY You probably already have a good idea of your current workflow, workload, system bottlenecks, and budget. A phased approach to implementation allows you to invest incrementally, and provides you with the flexibility to customize your process to meet growing business needs. You will use your answers to the questionnaire to complete Step 1 of Your Transitional Strategy: Defining System Problems. sTeP 1: define sYsTem and business Problems 1. Determine what bottlenecks, inconveniences, risks or problems you currently experience with file transfer. (Please check all that apply). Data security risks □ Increased risk of losing data, or of data being corrupted Operations staff unable to respond to problems. There’s no way to fix the problem easily. It isn’t an OS or application issue, so there’s no accountability for solving the problem Dissatisfied internal customers No visibility into where a file is, if it arrived at its destination, if it was received in an uncorrupted state, or if it was consumed by an application Cannot compete in marketplace (Unable to offer new services to customers because of limitations of current system) Current system is costly to use Unable to automate an application to consume a file when it is delivered to a specified destination I am not experiencing any problems □ □ Downtime □ □ □ Dissatisfied external customers No centralized file transfer management □ □ □ Unable to make audit and log information available to comply with industry, financial and legal obligations Current solutions are not extensible and not scalable Integration issues: lack of control of the entire file transfer process Others? Please describe: □ □ □ □ □ □ □ how To develoP a TransiTional sTraTegY Tracking files is just one problem—imagine a tool that can help you manage your bu siness better b y q u ick l y tra ck ing y o u r b u s ines s i n t e r m s o f k e y performance indicators, in real-time. A comprehensive MFT suite will provide you with a key competitive advantage over the competition. Read on to find out how. 8 Other Criteria to Consider Are your existing file management processes slow, not secure or disparate? What would your internal clients list your as your top five system problems? For example: Are you losing sales revenue and/or profit due to customer SLA violation penalties and charge-backs? 1. 2. 3. 4. 5. Next, determine who your most vocal users are. They may be your best indicator of on-going performance issues. Finally, determine the geographic spread of your customer base, and if you are having problems with remote users. Determine if you need to purchase or lease additional software to meet their needs. Add this equipment to the list on the previous page. sTeP 2: idenTifY sYsTem requiremenTs Answer the following questions to identify additional system requirements: 1. 2. What are your business requirements for external file transfers? What are the processes in your business that the Managed File Transfer solution will support? What protocols do you need today, or envision for the future, for file-based communication between you and your business partners? What is your internal environment related to file transfers? • How many servers do you currently have available for file transfers? • What is the network connection between sites? Do you have a topographical depiction of your servers and their required connectivity? Can you draw it here, or, provide an example of the type of connectivity your servers currently use? 3. 4. 5. oTher CriTeria To Consider 9 6. What is the total number of file transfers in your organization (transfers are unique by source system, destination system, protocol and document type)? Note: While multiple document types can traverse one path, these different document types may have different post-processing requirements. How many transfers are: • Originating from inside your organization and terminating in the outside world? • Originating and terminating internally? • Originating from outside clients and terminating inside your organization? 7. What applications will trigger a file transfer and how do you anticipate this being done? (Check all that apply) □ Batch command file □ Shell Script □ C-API □ Java-API □ Web Service □ Perl script □ JCL □ COBOL or other? □ Directory polling? □ Message based 8. What level of process automation do you need to achieve on the sending and receiving ends of a file transfer? • On both the sending and receiving side, what applications or processes will be triggered by a completed file transfer? How do we need to trigger these processes? What is the platform and means? • What are the current applications or processes that your business uses? 9. What are the monitoring requirements? Are you only monitoring the transfer process (the transfers themselves) – or do you need to incorporate business level monitoring? What is that business data? 10. What are your security requirements? • DMZ requirements? • Internal file transfer security requirements - Data or session level encryption - Encryption for data at rest • External file transfer security requirements - Multi-factor authentication - Data- and/or session-level encryption - Encryption for data at rest • Do you perform authentication by an external security realm (i.e., LDAP) • What do you use for a Certificate of Authority (CA) or key management? Are you looking for a vendor to provide this? 11. What are your High Availability requirements? Do you have Service-Level Agreements (SLAs) for High Availability? What are the anticipated volumes and frequencies for each of the transfers? 10 idenTifY sYsTem requiremenTs Step 3: IdentIfy CrItICal SyStem reSourCeS Refer to your answers on the System Planning Questionnaire and the chart below to list the software and operating systems you currently use for file transfer. Try to determine the pros and cons of each type of software or operating system, and if you would like to replace any existing resources. Explain why you need to keep or replace each item listed. Software Applications Order Management System FTP Operating System MVS Process Order fulfillment File transfer Pros Cons Expensive and slow Unsecure, unreliable, unmaintainable Keep or Replace ? Keep Why ? Legacy apps run on this mainframe Need an integrated, scalable solution NA Replace Step 4: prIorItIze areaS of Improvement Make a list of all the processes you perform while transferring files. Which of these processes have maximum impact? Rank the process that has the highest business risk as #1. For example, if there’s a process area where ServiceLevel Agreements have been violated, or penalties have been assessed, that process may be considered to be a high risk (#1). For example: idenTifY CriTiCal sYsTem resourCes 1. 2. 3. 4. 5. 6. A partner connects in using FTP and the file is received into an FTP server in the DMZ. A scheduled job “wakes up” and goes out to the DMZ to retrieve the file. The scheduled job brings the file into a staging server within the organization. A scheduler notifies a scheduled job to “wake up” and transfer to a mainframe. A job wakes up on the mainframe and moves the file to the mainframe’s native file system. Another job “wakes up” and consumes the file by processing it and triggering the business app that is consuming it, such as an order processing appliction that’s creating a pick list for items to ship to the partner. 11 List the processes you currently perform while transferring files. Which of these processes do you want to improve first? 1. 2. 3. 4. eXamPles 5. 6. Points to Consider When Choosing a New System The following list of features and benefits is based on an analysis of the most commonly asked-for features requested by Axway customers. We listened to our customers, and designed these features into our Synchrony™ for MFT solution. Please check all the features and benefits that you think may help your business. F Service-Oriented Architecture (SOA): Managed File Transfer with an open, Service-Oriented Architecture (SOA) provides an integrated, agile software infrastructure for quickly responding to changing business needs. Business Activity Monitoring (BAM): A complete MFT solution should include a BAM solution. When BAM runs on an SOA, it quickly automates business processes, assesses overall business health, and responds to exceptions. BAM provides real-time visibility into automated IT systems and business execution to help ensure that business commitments and customer expectations are always met. Trade Partner Management (TPM): Connect to your business partners with a TPM solution that helps improve the movement of goods through your facilities and throughout the entire supply chain. Your new MFT solution should also be: F Powerful — Allows implementation based on powerful naming conventions that can dramatically reduce the customization workload when implementing new data flows (transfer and post processing), new partners, and advanced file transfer capabilities such as broadcast and collect. Secure — Includes a robust security framework with total process encryption, auditable logging of data and activity, “logical” naming of files across platforms, and an adaptable architecture for new security standards. Scalable and Flexible — Offers business flexibility for growth and change by being protocol and platform independent. Extensible — Provide pre-built APIs for integration with existing applications to integrate with a wide variety of security frameworks. The solution should also be scalable for high-performance environments and requirements. Manageable — Provides control and audit capabilities. Service Oriented — Delivers agility – a must for any new technology. While file PrioriTize areas of imProvemenT F F F F F F F 12 transfer concepts may not traditionally fall into a service-oriented discussion, your file transfer solution should be service oriented, allowing file transfers to be triggered, managed and queried as a service. F Strategic — Allows you to manage and audit file transfers in the context of your business. Track KPIs in real time and provide self-service capabilities to your customers. File transfers represent your business or movement of goods. In fact, sometimes the file transfer can even be your product.. Platform-Independent — Your file transfer solution should be agnostic to all major environments and provide the same seamless user experience regardless of infrastructure. Performance Advantage — Centralized management of file transfer and business activity monitoring ensures rapid integration. Intelligent — User-friendly interface; smart monitoring, management and alerting; system-wide change management; intelligent processing queue and bandwidth optimization; advanced check-point restart. A Complete Solution — Flexible yet complete integration suite; modular design allows enterprise customers to pick and choose configurations that are right for particular needs F F F F sTeP 5: develoPing a Phased aPProaCh To imPlemenTaTion Benefits of a Phased Approach An innovative, incremental and highly structured approach to implementing your MFT solution should use a repeatable process that captures and preserves knowledge, best practices and lessons learned while implementing process and data integration solutions. An incremental approach to implementation provides your business with these key benefits: • Maintain a rational allocation of time, money, and resources to project activities. This allocation is ever-changing and must be constantly monitored and updated. Provide a framework for communicating project issues and a process for pushing these issues to resolution. The Project Manager (PM) is the driving force behind the project issues list and is constantly pushing these to resolution. Assure that each project deliverable meets quality and level-of-detail standards. The PM should review and approve each deliverable produced by the project team in order to ensure activities are completed at the appropriate level-of-detail. • develoPing a Phased aPProaCh To imPlemenTaTion • 12 Consider an Incremental, Six-Phase Approach Axway offers a six-phase approach to implementation that encompasses the entire life cycle of your implementation project. The diagram below illustrates the six phase approach to implementation. Phase 1 : Project Initiation During this phase, the project team performs “due-diligence” required to establish a phased program plan and an estimate of the related project benefits and costs. Your participation in these activities will provide an in-depth education into the potential of the proposed MFT solutions and to the deployment process. Tasks performed during this phase should include: • • • • • • Information gathering Project scoping Creation of services proposal Signing of contract Creation of a preliminary project plan Hand-off to project manager Successful completion of this phase establishes a mutual understanding of the project’s strategic goals, the components and capabilities of the solution, the deployment approach and timeline, and project team roles/responsibilities. This mutual understanding is a crucial first step to organizing a successful project. Phase 2: Blueprint The Blueprint phase quickly establishes a “master” design and architecture that supports the long-term vision of the MFT solution. Key deliverable of this phase should include : • • • • • Team preparation Requirements discovery Requirements assessment Detailed project and system design plans Customer blueprint acceptance Consider an inCremenTal, siXPhase aPProaCh Successful completion of the Blueprint phase establishes the long-term solution architecture that will support the phased addition and layering of scope, without the need for lengthy and costly modifications to the overall infrastructure within each phase. This phase should complete enough detailed integration design so that the Execution phase may be initiated with deep knowledge of the information that can be supplied to the applications. 13 Phase 3: Execution This phase should provide a forum for developing a common, detailed understanding of the relevant business processes, understanding and refining the phase requirements, proposing solutions, and testing those solutions for accuracy and adequacy. Key deliverables of this phase should include: • Software installation • Tailoring and/or programming • Data preparation • System configuration • Testing and training preparation • Customer execution acceptance • Detailed project plan • Design documents • Tailoring log • On-going creation of management documents • Customer acceptance form The successful completion of this phase depends on the project team using real data from real systems to execute use cases in a pilot instance of the application platform. This allows the team to accurately: • • • • Assess data availability Understand timing Identify gaps in data and process Validate potential solutions before committing the resource required to build the production solution Phase 4: Testing In Phase 4, all MFT processes and integrations are configured and developed. All trading partner configuration, B2B services, file brokering, Web services, trading partner maps, business process flows are set up and tested at the unit level. The business layer should be configured to present proper information to the right audience, as well as generate alerts and notifications to enable management-byexception processes. Key deliverables of this phase should include : • • • • • • • • • Comprehensive unit testing Integration testing User acceptance testing Other testing Customer test acceptance Test plan Test reports Ongoing creation of management documents Customer acceptance form Consider an inCremenTal, siXPhase aPProaCh Phase 5: Rollout This phase should: • Bring all internal and external applications and the MFT solution together for intense testing • Identify technical and procedural disconnects and track them to resolution in preparation for production operation of the solution 14 Key deliverables of this phase should include : • • • • • • • • • • • Preparation for production User training Production data finalization Documentation finalization System certification and customer acceptance Go live Training plan Training materials Design documents On-going management documents Customer acceptance form The Rollout phase should bring new business processes on-line and include a tuning period that allows business users time to understand the power of the new capabilities offered by the solution. Various techniques may be used to bring the system up to full operation while keeping risk to a minimum. The Rollout phase ends by the project team taking a “reading” of the key performance indicators to gauge the actual benefits realized by the implementation. Phase 6: Production Support During this phase, the project team should perform the following tasks : • • • On-site go live support Knowledge transfer to support Project wrap-up and customer acceptance Key deliverables of this phase should include: • • • Production support guidelines Ongoing management documents Customer acceptance form Consider an inCremenTal, siXPhase aPProaCh 15 summarY When you use the charts in this guide to assess your current document control processes and departmental resources, you get a clear picture of how your current process works, what pieces of equipment you need to replace, and what tasks you want your new solution to perform. Based on this information, Axway can help you prioritize the areas you want to improve, and help you develop a phased approach to implementation designed to suite your specific needs and budget. We can help you: • • • • • Fully test the impact of new technologies on your internal processes prior to committing to full deployment of a new Managed File Transfer solution. Reduce disruption to your on-going business operations. Minimize the cost, time and staffing required for implementation. Save time, save money and eliminate risks involved in making the transition to a digital environment. For more information: Call 1.877.564.7700 or +1 480-627-1800 or visit our web site at www.axway.com summarY 16 Glossary of Terms Acronym BAM Term Business Activity Monitoring Definition Business Activity Monitoring (BAM) is software that aids in monitoring of business processes, as those processes are implemented in computer systems. BAM is an enterprise solution that provides a real-time summary of business processes to operations managers and upper management. BAM presents dashboards that contain key performance indicators (KPI) that support root cause analysis and alerts that warn of impending problems. Trouble notification functions are integral to most BAM solutions. For example, whole groups of people can be sent e-mails, voice or text messages, according to the nature of the problem. CA Certificate of Authorization An Certificate of Authorization (CA) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. The permission can be delegated. CAPI (Common Application Programming Interface) is an international standard interface that applications can use to communicate directly with ISDN equipment. In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall. Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network. FTP File Transfer Protocol File transfer protocol (FTP) is the language used for file transfer from computer to computer across the WWW. An anonymous FTP is a file transfer between locations that does not require users to identify themselves with a password or log-in. An anonymous FTP is not secure, because it can be accessed by any other user of the WWW. The U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191, improved efficiency and effectiveness of health care, and included provisions that required Health and Human Services (HHS) to adopt national standards for electronic health care transactions. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. CAPI Common-ISDNApplication Program Interface Demilitarized Zone DMZ glossarY of Terms HIPAA Health Insurance Portability and Accountability Act of 1996. 17 glossarY of Terms, ConTinued Java-API Java Application program Interface Job Control Language Key Performance Indicators Java API is a source code interface that a computer system or program library provides to support requests for services to be made of it by a computer program. Job Control Language (JCL) is a scripting language used on IBM mainframe operating systems. KPIs are metrics used to quantify the strategic performance objectives of an organization. The act of monitoring KPIs in real-time is known as business activity monitoring (BAM). KPIs help an organization to measure progress towards their organizational goals, especially toward difficult-to-quantify, knowledge-based processes. A KPI is a key part of a measurable objective, which is made up of a direction, KPI, benchmark, target and time frame. For example: “Increase Average Revenue per Customer from £10 to £15 by EOY 2008”. In this case, ‘Average Revenue Per Customer’ is the KPI. MFT Managed File Transfer Operating System Managed file transfer is a technology standard that supports secure transfer of files within and among organizations. An operating system (OS) is a set of computer programs that manage the hardware and software resources of a computer. Examples of operating systems include: UNIX, Linux, Microsoft Windows, Mac OS X, and DOS, among others. A Compliance Program that provides a comprehensive strategy to address payment card fraud. A SLA is a formal negotiated agreement between two parties. It is a contract that exists between customers and their service provider, or between service providers. Its main purpose is to agree on the level of service. For example, it may specify the levels of availability, serviceability, performance, operation or other attributes of the service like billing and even penalties in the case of violation of the SLA. Service-orientation describes an architecture that uses loosely coupled services to support the requirements of business processes and users. Trading partner management (TPM) is a solution that connects you with your business partners so you can improve the movement of goods through your facilities and throughout the entire supply chain. A value-added network (VAN) is a specialized application service provider (ASP) that acts as an intermediary between trading partners sharing data or business processes. VANs usually service a given vertical or industry and provide value-added services such as data transformation between formats (EDI XML, EDI, etc.). JCL KPI OS PCI Payment Card Industry compliance Service-Level Agreement SLA SOA glossarY of Terms Service-Oriented Architecture Trading Partner Management TPM VAN Value-Added Network 17
"Survival Guide_Move beyond FTP"