In-Depth
December Countdown to Year 2000
OK, you’ve spent lots of time and money finding and fixing all the date problems in your applications. You’re on track, on schedule and even on budget. You’re feeling pretty confident – you’ve lived through the biggest clean-up project in the history of IT.
You never want to go through that, again. But wait a minute. How are you going to keep the data you’ve fixed from becoming contaminated once its back in production? Oh, and by the way, the corporate attorney tells you that to satisfy any question of due diligence, you must be able to show that you have a process in place that includes subsequent protection. It is not enough to complete Year 2000 conversion. Your systems must be audited to ensure compliance and then protected against contamination by users and developers long after all the Y2K work is finished. You must set-up proper controls.
In other words, you must be able to certify and label compliant code, track certification, control parallel development and protect the compliant code from non-certified changes. All these processes fall under what IBM and others have dubbed "CLEAN management," and, which for IS organizations, is akin to the Holy Grail.
The process of tracking, testing, coordinating and managing large-scale conversions has always been a challenge for developers. Now Y2K makes it imperative. The Securities and Exchange Commission has mandated that public companies must evaluate and report the financial impact of Y2K, and the American Institute of Certified Public Accountants (AICPA) has approved interpretations regarding the auditor’s responsibility and communication of internal control deficiencies related to Y2K. The legal exposure and associated business risk have elevated clean management to priority status.
But how do you turn a concept into reality? Source and change configuration management (SCM) software, like Endevor from Computer Associates, provides an organized, structured and efficient development lifecycle process where programmers can do things like standardize compile options and go to prior versions and levels for reference. SCM software is also a great management tool, providing a central place where source code is logically stored and the development process can be controlled and monitored. The problem is that the software is complicated and cumbersome to use. It also lacks a strong audit trail and labeling for work unit status and enforcement.
At the mainframe level, existing SCM platforms - Endevor, ChangeMan, Librarian, Panvalet, etc., and even external data sets (PDS’s) that are being used for source management - all lack a central point of control for a large development project like Y2K. SCM users have immense parallel development going on, that needs to be merged, and they must identify, report, label and enforce a rule set on modules of compliant code.
CLEAN management requires a documented method and tool for tracking and reporting on certification, enforcement, testing and exceptions. IBM and the other big conversion companies that came up with the concept have only been able to restate the problem and provide reigning industry recommendations.
The experience, complexity and integration required seems to have prevented most software suppliers from tackling the problem. I’ve only found one company that offers a mainframe solution, and I don’t know of any labeling tools. For the most part, IS managers have had to rely on consultants that will set-up a methodology that includes manual monitoring of parallel development and compliance enforcement. Some shops may think they can write labeling or monitoring software themselves, but as you know, time is running out, and it is unbelievably tedious, manual work; almost as boring as Y2K remediation!
Instead, I suggest you take a look at GREENHOUSE from Chicago Interface Group (CIG). Founded in 1994, CIG provides change and configuration management solutions to Fortune 500 clients. It’s GREENHOUSE product, through the use of User Defined Labeling and Enforcement, allows users to establish a repeatable and trackable process that captures activity against defined units of work and provides a standard method for proving due diligence to auditors and stockholders. Several of the popular SCM platforms are supported, today, and CIG will add support for most within the next three months, with the goal of extending these features across various operating platforms within the next year.
Of course, compliance labeling, tracking and enforcement is only part of the answer. For successful CLEAN management, you’ll also have to decide whether to go with the basic "compliant/non-compliant" terminology or adopt custom language. Either way, get the standard established and publish it. You’ll also want to work with other interested groups in your organization, such as auditing and legal. Take the lead - remember, you’re responsible, ultimately.
ABOUT THE AUTHOR:
Nancy Meachim is Director of International Programs for the Aberdeen Group (Boston ) and has tracked the IT industry for more than 20 years, both as an editor and a market analyst. Most recently, she edited Software Magazine’s Year 2000 Survival Guide. She can be reached via e-mail at nmeachim@aol.com.