Year 2000 survival is No. 1 priority for federal agencies
- By Todd B. Kersh
- Jan 04, 1998
Is survival of the millennium the focus of your agency's Year 2000 compliance program? If not, it should be. It's too late to concentrate on overall compliance of your information technology enterprise -- the fact is, there will be problems and issues regardless of the strength of your overall approach and how long your plan has been in place.
A quick check of the grades on the congressional Year 2000 report card for federal agencies reveals a strong indication that most agencies will not be fully compliant by 2000. Therefore, the chief information officer's focus must be to ensure that those millennium bug events that occur on Jan. 1, 2000, will occur only in areas that will not significantly impact the organization's mission. CIOs must consider the potential risk of losing "mission-essential" automated processes as a result of Year 2000 faults - systems that spell success or failure, survival or mortality, for mission accomplishment and organizational functionality. It is too late to depend on the "enterprise" overall Year 2000 program strategy for Year 2000 survival. The question becomes how to survive the century date change? Every CIO's Year 2000 survival kit should contain the following items:
Mission-critical prioritization of all enterprise systems.
If it hasn't already been accomplished, an inventory and prioritization of the applications within an organization are required. Prioritization must reflect those systems most critical to organizational survival vs. organizational modernization or growth. Mission criticality must be the criteria used to determine compliance priorities.
So, what makes a system mission-critical or mission-essential? Generally speaking, applications can be considered mission-critical if the absence of that system will severely impair the accomplishment of an organization's mission. Any systems that produce data critical to the daily or monthly management or operation of the organization can easily be considered mission-critical, regardless if they are mainframe, PC, Mac, proprietary, commercial off-the-shelf or 4GL systems.
Constant re-application of "triage" to ensure survivability.
Triage is the process of evaluation that goes on during a Year 2000 project. Triage is being applied when decisions are made to keep the current system, to re-engineer the current system, to migrate the current system, to replace the current system or to just let that system die. Triage not only is applied at the start of a Year 2000 proj-ect, to determine how to approach the various Year 2000 system and software problems, but re-applied as old decisions are revalidated and every time the Year 2000 Project Team conducts a project review. After all, schedules slip, funds get re-allocated and tests find unknown unknowns.
Use of risk management principles.
There are many methodologies for conducting formal risk management programs. The minimal requirement is constant vigilance and "what-if" analysis to make sure the organization (mainframe applications, client/server, PCs, elevators, automatic locking systems, security systems, etc.) will be minimally affected and can function through and beyond the millennium.
Any good general will enter a campaign with a well-developed series of pre-existing plans that potentially take into account all possible scenarios the opposing force may choose to utilize. Similarly, Year 2000 "what-if" contingency plans form the basis for work-arounds, crisis management and emergency planning when and if something Year 2000 goes "bump in the night."
Agencies need to ensure that prioritized mission-critical systems will operate as expected and support the organizational mission. Through thinking in a risk management mode, reutilizing triage and continually revisiting Year 2000 decisions and establishing thorough contingency planning, CIOs can ensure their organization will survive the greatest challenge of the technology age: the arrival of the millennium.
Kersh is director of OAO Corp.'s Millennium Solution Center. He is a U.S. Military Academy graduate who spent 22 years in the Army, primarily in acquisition and program management positions.