In-Depth
On Air: Putting Teeth into Year 2000 Compliance
It’s time for a standard Year 2000 compliance policy and inspection process — or we’re all at risk. Would you buy a house without an inspection? How about placing your child in a car seat that hasn’t met rigorous safety standards? Or buying an electrical appliance that isn’t UL certified? Of course you wouldn’t. Yet many business people –– whose common sense would usually rebel if asked to take something so important at face value –– are curiously appeased when told that a trading partner, a software provider, or even their own bank will be "Year 2000-compliant."
As the turn of the century approaches, no one needs to be reminded of the seriousness of the Year 2000 problem. Nor do we need to be told that the window for compliance is rapidly closing. Most organizations will tell you they are moving aggressively towards Year 2000 compliance and some may even get there in time.
But what does it really mean to be Year 2000-compliant? With no standard definition for compliance, how can anyone know if you are truly compliant? How can you even know? By the same token, how can you judge if your business partners are compliant? Do you, like many concerned companies, send them a Year 2000 questionnaire that can be responded to with a simple unqualified "yes" answer? Or do you read their web sites to see what they have to say about their compliance efforts? If so, that information is typically excellent PR, but what is the frame of reference when there is no standard definition of compliance?
While each company must address its own Year 2000 issues, the "millenium bug" is a universal problem. Compliance is only as strong as the weakest link in the supply chain. Already, lawyers around the world are sharpening their pencils in anticipation of the finger pointing that will inevitably result. Soon simply saying, "Trust us, it will all be okay" won’t be enough.
What we need is a standard definition of Year 2000 compliance –– and we need it now. We also need a standard audit and certification process to put some teeth into what it means to be Year 2000 compliant. Without a standard, there is no way to accurately determine who is and who is not Year 2000 compliant. And without an objective audit and certification process, we must take a company’s own word — no matter how well meaning—only at face value. That’s like waiving the home inspection and buying a house without relying on anything more than the agent’s description or the seller’s good faith.
Just as with a home inspection, where unbiased third parties follow a standard audit list, we need to define a similar template that companies, their business partners, risk managers, and, yes, lawyers can use when assessing Year 2000 compliance. Such and audit trail would enable information officers to say: "We’ve looked at all the industry-defined areas and are compliant with the industry-standard specification." This approach is far more scientific, and eminently more defensible, than the typical "Don’t worry, we’re doing all we can" PR message.
Now the key question: Who is going to supply a standard definition and audit process? Industry trade associations? The Commerce Department? The American National Standards Institute (ANSI)? Ralph Nader? Who would you like to see take the bull by the horns? Who would you not?
Sooner or later (and there’s not much "later" left), some group must take on this task. After all, until every enterprise and government agency is truly Year 2000 compliant, we are all at risk — and the problem isn’t going to just disappear after the initial crisis on January 1, 2000.
I am calling for an industry-wide group to establish an open standard on Year 2000 compliance and an inspection process that will finally put some teeth into what it means to be Year 2000 compliant. There are many of us dealing with Year 2000 issues day in and day out and we’re ready and willing to help define a such a policy.
Is there is an industry or standards body out there that is ready and willing to take the lead on this critical task? Let’s get going on this, before it’s too late!
ABOUT THE AUTHOR:
Dr. Timothy Chou is the Chief Operating Officer at Reasoning Inc., responsible for software development, software manufacturing, product support, product management and Reasoning’s transformation services.