Revisions
Ver |
Date |
By |
Pages |
Description |
1.0 |
January 1997 |
E Roberg |
Overview only. |
|
2.0 |
November 1997 |
E Roberg |
Added sections on Programme Management; Detailed Discovery and Assessment Phase. Created in MS Publisher 95. |
|
3.0 |
May 1998 |
E Roberg |
Reverted to Word 97. Added sections on Remediation, Verification & Validation and Implementation. Reworked much of existing text. |
|
3.1 |
July 1998 |
E Roberg |
Various adjustments and corrections made. |
Confidentiality and Process
Restrictions
This document is the property of Business Transformation Services.
In the interests of a successful and timely completion of Year 2000 projects, the document is made available for general use.
This document may thus be freely copied and used subject to the following provisions:
Disclaimer: The author, nor Business Transformation Services, can accept no liability for any unsuccessful results that may flow from the use of this document and any aspect of it.
Every care has been taken to ensure the correctness of the information provided in this document, however, considering the urgency of dealing with Y2000 problems, expediency has taken precedence over rigour.
References
ANSI/IEEE 1008-1987 Software Unit testing.
ANSI/IEEE 1012-1986 Software Verification and Validation Plans.
Beizer, Boris. Testing and the Year 2000 Problem. American Programmer, Vol10 No8, Aug97. Cutter Information Corp.
Chaabouni, Moez. A Framework for Testing Year 2000 Application Conversions. Compuware Corp. Internet Article.
IEEE 2000.1 Standard for Year 2000 Terminology.
IEEE 2000.2 Recommended Practice for IT Year 2000 Test Methods.
ISO 8601:1988 Data elements and interchange formats – information interchange – representation of dates and times. (Available in South Africa as ARP010 : 1989)
ISO/IEC 12207 Information Technology Software Lifecycle Processes.
ISO 9001 : Quality Systems – Model for Quality Assurance in Design / Development, Production, Installation and Servicing.
ISO 9000-3 : Quality Management and Quality Assurance Standards – Part 3: Guidelines for the application of ISO 9001 to the design, development, supply, installation and maintenance of computer software.
Jones, T Capers. The Year 2000 Software Problem. Wokingham: Addison-Wesley, 1997.
Kaner, Cem; Falk, Jack; Nguyen, Hung Quoc. Testing Computer Software. 2nd Edition. New York: van Nostrand Reinhold. 1993.
Kappelman, Leon A. Year 2000 Problem: Strategies and Solutions from the Fortune 100. Boston: International Thomson Computer Press. 1997.
McCabe, Thomas J; Watson, Athur H. Structured Testing: A Testing Methodology Using Cyclomatic Complexity Metric. Internet Article.
Ragland, Bryce. The Year 2000 Problem Solver: A Five-Step Disaster Prevention Plan. New York: McGraw-Hill. 1997.
SABS ARP 021: 1992 The application of SABS 0259 to the validation of computer programs.
SABS ARP 034 : 1993 Quality assurance in the verification of computer software development.
Ulrich, William M. & Hayes, Ian S. The Year 2000 Software Crisis: Challenge of the Century. NEW Jersey: Yourdon Press. 1997.
Contents
Introduction
*Managing a Year 2000 Programme
*Introduction
*Programme Management Framework
*Best Practices and Worst Practices
*Zachman Framework for Enterprise Architecture
*Methodology Framework Summary
*General Approach
*Project Administration
*Overview
*Awareness & Planning
*Overview
*Year 2000 Compliance
*Is the Y2000 a Leap Year?
*The Responsibility of Directors
*Discovery & Assessment
*Overview
*Determination of Y2000 Risk Level
*Is it critical?
*Is there a Y2000 impact?
*Will it be a lot of work to fix?
*Taxonomy
*Classification Process.
*Remediation
*Overview
*Verification & Validation
*Y2000 Testing Process
*Awareness
*Discovery & Assessment
*Remediation
*Validation
*Implementation
*Y2000 Testing Project Deliverables
*Testing Proposal
*Testing Strategy
*Test Plans
*Functions
*Acceptance Criteria
*Refined Test Bed Requirements
*Test Case
*Test Log
*Test Incident Reports
*Reducing Testing Time
*Implementation
*This document describes a generic approach to managing Y2000 projects. But why have another Y2000 methodology?
The Year 2000 Software Problem presents the IT industry with some never-before faced challenges.
The word deadline comes from a line that was around prisons of old. If a prisoner crossed over that line, he was shot. No warning given.
Now the IT industry is faced with a project that has such a deadline. What’s more, almost every organisation world-wide is faced with it, at the same time.
In fact, project management is just not adequate to deal with the challenge. Senior IT project managers will have to learn, very quickly, to become programme managers.
The date is fixed, resources limited, technology will vary in every organisation resulting in unusually high risk.
What every project manager needs, like a hole in the head, is to learn a new method.
What we are presenting here, is the application of familiar techniques, to a complex problem.
This methodology distinguishes itself from its peers in the following ways:
Further, we proceed from the following two basic assumptions:
Managing a Year 2000 Programme
In essence, Y2000 projects are no different from many other familiar type of project.
So why make such a fuss of Y2000 projects? Mainly, because there are some characteristics of Y2000 projects that demand a slightly different approach.
Usually, when speaking of critical success factors (CSF), we would think of factors like time, cost, scope, quality and communication. They all apply here, but there is tendency towards a particular alignment of CSFs.
Firstly, there is the fixed end date. In the case of Y2000 projects, it cannot be moved. No legislation, no edict from the pope, nothing, will change when 1 January 2000 will occur.
Secondly, there is the matter of quality. South African IT staff have tended to lag in the ability to find most bugs before handing applications over to their users. In the case of Y2000 projects, this is not acceptable - so, much more attention will have to be paid to the quality aspects - reviews, walk-throughs, testing, and so on.
Thirdly, cost. One may take the high-handed approach, which says, it will cost what it will cost, however, this is not likely to win lifelong friends - and remember, we will probably need jobs after the Y2000 has finally been put to rest.
What is a given, is that costs will rise, as the gap between supply and demand gets greater. Better, would be if we could show our customers that we are doing everything in our power to keep those, inevitably high costs to a minimum.
Finally, there is the matter of communication. There is nothing worse than nasty surprises. Y2000 projects offer the opportunity for many.
So far, so good, as to what are considered to be project CSF’s. Here however, is another, one you will agree, that becomes almost paramount: risk management.
If we accept the conventional wisdom that 50% of organisations will not be ready in time, what do we do? The trick will be in choosing which items to focus on, so that the organisation is not unduly threatened.
Programme management ensures that there is a common vision across all sub-projects. Furthermore, it ensures that the failure of one or more projects will not jeopardise the success of the programme as a whole. It considers that the whole is made up of many independent and interdependent chunks that are tangible, achievable and measurable. It ensures that the interfaces (between projects, partners, applications, etc.) are managed effectively, especially where dependencies occur.
Based on the flock of geese principle, it ensures that the end objective is not dependent on one critical component. It is concerned with business risk, as opposed to project risk, so that the project objectives may be modified if these are found to not be in line with business objectives. Finally, it recognises that there are many different strategies that may be applied, given the characteristics of a project.
In keeping with the programme management approach, the tendency to focus on one deliverable (or set of deliverables) to the detriment of business objectives is avoided and each deliverable is merely seen as one part of the overall goal.
Programme Management Framework
The accompanying diagram describes the different components of a Year 2000 Programme.
Some of the key functions of the programme office would be to
Best Practices and Worst Practices
During 1995, the US Dept of Defence contracted a group of highly respected industry experts (called the Airlie Software Council) to define what would be considered to be the best practices in the IT software development industry.
9 best practices were identified. We believe that every one of the "best practices" is applicable in a Y2000 project, and we have structured the methodology to take them into account. In addition, we believe there are some additional best practices that extend the work done, that are specific to Y2000 project.
Adopt a programme management architecture (there are just too many interdependent projects to manage independently).
Apply robust, Y2000-specific project management life cycles that take into account the different compliance approaches and strategies.
Use appropriate tools (researchers have shown that the starting time for a large Y2000 programme aiming for completion by end 1999, without effective tools, has passed).
Validate conversion strategies and approaches against the plan. Whilst certain conversion strategies and approaches may be the most desirable, the plan may not allow for such "luxuries". For example, there has been much debate that compliance approaches like windowing or language extensions are merely postponing the problem. However, from a business risk perspective, this may be the only workable approach. This validation needs to be done at each project review point. If this approach becomes a paradigm, then projects will be planned with the assumption that it may need to be necessary to change course mid-stream.
Recognise that there are probably as many opportunities as there may be risks. Plan flexibly, so that opportunities may be capitalised, when they are identified.
Part of the programme management approach would be to identify additional "best practices" and "worst practices" and communicate these to all partners.
In addition to these "best practices", the Airlie Software Council also identified 9 "worst practices". We believe that these are as applicable to Y2000 projects.
Caveat Emptor!
Airlie Software Council: Worst Practices
Airlie Software Council Best Practices
Zachman Framework for Enterprise Architecture
The Zachman Framework for Enterprise Architecture is a model of the real world as it applies to an enterprise. Models are abstractions of real objects (which Zachman calls "artefacts") or situations (e.g. a risk occurrence). In fact, Zachman suggests that it would be possible to apply the framework to a much broader scope, namely, life itself. That, however, is not the subject of this exercise, except to indicate, that if it can be applied to something much larger, it can also be applied to a more constrained example (like an enterprise).
Models are useful because they allow us to take a very complex real-life and abstract it down to a level where we can deal with it in a manageable fashion. For example, consider the problem of two trains hurtling towards each other on the same track. If the problem is "what will the impact be when they collide", we probably do not need to consider the context (involving the weather at the time, whether the wheels were made of stainless steel, what the driver’s name was, who was the sultan of Brunei at the time, or whether Bill Gates was still the richest man in the world), in fact, we can probably abstract the problem down to a simple mathematical formula. One, in fact, which could probably be resolved by a high school pupil. It obviously depends on what the question is which will determine which factors must be included in the abstraction (or model). For example, if Bill Gates is on one of the trains, that fact may be relevant, or it may still not be.
Since humans (and computers even less) are not very good at dealing with masses of facts, it is imperative that we break the problem down (abstract it) to a level where it can be dealt with. It is amazing how simple some abstractions can be, regardless of the complexity of the problem. All will agree that there are probably only a handful of people who really understand what the theory of relativity is all about, it can be abstracted to a level where even a child can at least memorise one of its major assertions: E = mc2. His first paper on the subject was published at the age of 26 (in 1905), but the concept was already there, at age 12, when he "decided to devote himself to solving the riddle of the ‘huge world’". It was only on 29 May 1919 when his theory was verified by a scientific expedition to photograph a solar eclipse, and "the modern world began" (as the historian Paul Johnson asserts).
From observation, it is possible to organise Einstein’s work into a framework - from the concept (and even the concept can be abstracted into: Why? What? How? When? Where?) to a physical reality: the atom bomb.
The framework was first proposed in the IBM Systems Journal in 1987 and has, thus been around for a substantial period of time. In that time, it has been picked up by a number of people and applied to a variety of problems. Zachman originally got the idea of the framework from a combination of looking at the way a manufacturing company build products, and realising that it was not a miraculous invention how they went about it, but merely common sense. No doubt, his degree in chemistry, with its fundamental Periodic Table, must have got the juices flowing as he struggled with IBM’s Business Systems Planning methodology to which he was a contributor. This common sense he then applied to creating a model of the enterprise.
At is lowest level, the framework is made up of 6 rows and 6 columns.
The rows define a perspective of the problem or issue. Zachman described these to be the perspectives of the planner, the owner, the designer, the builder and the sub-contractor (as the one who actually does each little bit of work). The final perspective is (or should be) that of some result or reality.
Secondly, the columns describe a particular focus, namely, the "What? How? Where? Who? When? Why?" of whatever is being considered. So, R2C1, would describe what was required from the perspective of the owner. R2C2 would describe how the owner wanted it to be done. Note also, that whilst that may the owner’s primary perspective at that time, no cell is independent of the cells above, below or beside it.
Zachman went on to show that whilst the framework could be used to effectively represent the dimensions of the reality, the framework is in fact multi-dimensional and recursive.
Firstly, there may be any number of product frameworks in any enterprise (many iterations, which vary in content to the nature of the product).
Secondly, there is also a framework that describes the enterprise and how it works to produce or service the products that it provides. All these procedures, etc. are the model of the enterprise.
Thirdly, whilst there may be many enterprise frameworks (many iterations which vary in content to the nature of the enterprise), it is possible to create an abstraction of how the enterprise works. This abstraction, the information system, is really the meta-model of the enterprise.
Finally, we have a model that describes the way in which we create the enterprise information system. This model consists of similar artefacts that exist in the other three abstractions - and answer the "What? How? Where? Who? When? Why?" of the model of the model (or meta-meta-model). This is the framework that the CASE manufacturer uses to manufacture a repository which contains all the artefacts which are required to build the enterprise information system, which supports the enterprise which makes the product.
But there still appears to be one interrogative that is missing: "Which?" In fact, it should be evident that each framework describes the "Which?"
Furthermore, it is even possible to have parallel iterations of the various frameworks that describe the current situation ("is") as opposed to desired future situations ("to be").
Also notice the following: as an artefact passes from one row to the next, it undergoes a transformation. For example, a plan results in a number of design specs, which result in various types of diagrams (e.g. an electrical circuit diagram). These diagrams result in spec sheets, which ultimately result in a physical unit (e.g. a circuit board, or a transistor). This process of transformation usually also results in an explosion in detail. Whilst there may be less than 10 artefacts in row 1, there could be many millions of artefacts in row 6.
We believe that the Zachman Framework for Enterprise Architecture is particularly useful as a "control mechanism to ensure that nothing is missed. Since it is not known very widely as yet, we have taken the time to discuss it in more detail.
We suggest that the proposed standardised deliverable address levels 1 and 2 (Scope & Enterprise). At levels below that, the deliverables should be customised to the environment and objectives.
Year 2000 projects can vary dramatically according to the objectives and scope of the work to be done.
On the one hand, we may need fix a system that was developed internally. In some cases, the system may be so old that much of the original source code is lost. In other cases, the versions of the underlying platforms may have to be upgraded before the code can be fixed.
In other cases, we may need to upgrade a package to the latest version. This may be as simple as purchasing the latest version and letting the software do all the work for us, or it may be necessary to perform a cascade of upgrades (from v3 to v4 then to v5 to finally get to v6). Along the way, there may have been a change in technology, so that the platforms would need to be upgraded first, before an upgrade can be made to a particular version.
Then there may be cases where the original builders of the system no longer exist, and, if the software is important enough, we will have to replace it with something else, or worse, rebuild it ourselves.
The point is that there is such a wide variety of problems that no single detailed methodology would be able to address every variation and problem domain.
Thus, whilst we have tried to address the as many of the most common issues as possible, the methodology cannot be all things to all men.
In any event, project management is a "thinking head process" and what we are attempting to do here, is to provide a good starting point for the project manager who has been given a Year 2000 project and has been told "go and solve it".
Now he sits with a blank sheet of paper before him and wonders where he should start.
We have followed the general life cycle for Year 2000 projects as described by IEEE P2000.1.
We identify every task by a CoA ID (Chart of Accounts identifier), which is not the same as a WBS ID (work breakdown structure identifier), although it would be preferable that the CoA ID be used as a part of a WBS ID. Our recommendation would be the WBS be made up of CoA ID and Deliverable ID. If this is done, it is easy to record actual time spent (effort) and duration for the completion of each deliverable. This information is invaluable for calibrating estimating models.
The structure of the CoA ID is as follows: PATTS where
P: Phase (0 – 9)
A: Activity (A – Z)
TT: Task (01 – 99)
S: Sub-task (a – z)
Deliverables are identified according to the following convention:
TT: Deliverable type
NNN: Number
Exit Criteria describe the checkpoints that define completion of the task. There are 3 priorities: A (must be conformed to); B (should be conformed to, or by way of an alternative, if appropriate); C (is a useful check, though may not always be applicable).
We have created an MS Access 97 database that can be used to capture and store the information that is collected during the Assessment phase. The database is under continual enhancement (for example, at the time v3.0 of this document, the database was being enhanced to incorporate Change Control and Time Recording).
In addition, MS Excel 97 and MS Word 97 templates have been created to support various of the tasks defined by the methodology.
Resources
The following resources are available:
Please see the Project Management Guide for the general discussion of how to plan projects. What follows is a list of the activities and tasks that would typically be performed in any project.
It is our experience that around 25% of total project effort be budgeted for these activities. This is much higher than what one normally expects for IT projects (usually 9% - 18% depending on the size of the project), but is borne out by observation.
0A Feasibility Study |
|||||
0A01 |
Create Project Request |
||||
0A02 |
Perform Feasibility Study |
PM010 |
Feasibility Report |
||
0A03 |
Create Project Definition |
PM030 |
Project Definition |
||
0A04 |
Obtain Approval |
A feasibility study is initiated by the receipt of a project request. Typically, the amount of effort is determined by the amount of time available to do the study. When the time is up, the results are documented, and presented to management. As a consequence, one or more projects may be defined. These are then described in the Project Definition.
B Planning |
|||
0B01 |
Scope Definition |
YM101 YM102 YM111 YM112 YM121 YM122 YM901 YM902 YM903 YM904 YM905 |
Business Unit Inventory Locations Inventory Application Area Inventory System Inventory Platform Inventory Vendor Inventory BU / Location xref BU / Application Area xref Applic Area / System xref Vendor / System xref Vendor / Platform xref |
0B02 |
Estimating |
PM102 PM100 |
Est Criteria Y2 Estimating Template |
0B03 |
Scheduling |
PM202 PM231 PM303 |
GANTT Chart Resource Histogram Milestone Summary |
0B04 |
Budgeting |
PM013 |
Project Budget |
0B05 |
Create Project Charter |
PM040 |
Project Charter |
Planning involves collecting summary information about the scope, so that a detailed estimate may be prepared.
If possible, an estimating tool should be used.
Once the size of work is known, and the levels of skills required, it is possible to schedule the work.
Rates are typically associated with skill level. This, timephased as per the schedule, together with additional costs (travelling, infrastructure, training, etc.) then go into the budget.
Finally, all of this is consolidated into the Project Charter, which becomes the formal contract between management and the project team.
0C Organise Project |
|||
0C01 |
Staff Project |
PM232 PM233 PM231 PM230 |
Resource Inventory Skills Inventory Resource Histogram Responsibility Matrix |
0C02 |
Establish Project Environment |
YI601 |
Facilities Required Memo |
0C03 |
Establish Reporting Requirements |
QM110 |
Project Reporting Requirements |
0C04 |
Project Kick-off |
Organising the project involves recruiting and selecting staff for the project team, defining roles, agreeing what reporting will be required, and setting up the physical environment - work areas, hardware, software, and so on. A kick-off meeting is held to describe how the project will be run, its objectives and so on.
0D Risk Management |
|||
0D01 |
Perform Risk Assessment |
PM501 |
Risk Memo |
0D02 |
Manage Risks |
PM511 |
Top-10 Risks Summary |
0D03 |
Problem/Opportunity Management |
PM512 |
Opportunity Memo |
Risk Management is one of the most important activities in any Y2000 project.
Two types of risk need to be distinguished: Business risks, which describe what will happen to the business should we fail in any way; and Project risks which describe what could cause us to not complete on time.
Understand that inherent in any risks, there are also usually opportunities. These opportunities typically involve an entirely new set of risks.
However, it may only be from taking risks, that we can achieve the best results.
0E Quality Management |
|||
0E01 |
Establish Quality Requirements |
QM001 |
QM Statement |
0E02 |
Maintain Mission, Objectives, Procedures, Guidelines & Standards |
||
0E03 |
Perform Joint Reviews |
QM911 |
Joint Review Report |
0E03a |
Conduct Joint Review of Software Architectural Design |
QM911 |
Joint Review Report |
2E03b |
Conduct Joint Review of Software Detailed Design |
QM911 |
Joint Review Report |
0E04 |
Perform Quality Audits |
QM912 |
QR Audit Report |
Y2000 projects cannot afford defects to creep through. After all, this is the reason we are conducting Y2000 projects.
0F Communication |
|||
0F01 |
Management Communication |
PM301 PM302 |
Progress Report Progress Summary |
0F02 |
Steering Committee |
||
0F03 |
Users |
||
0F04 |
Project Team |
PM301 PM310 |
Progress Report Time Report |
0F05 |
External |
Communication within projects and between projects making up the programme is vital. At every step of the way, concerned parties must be kept informed about how the work towards readiness is progressing.
0G Configuration Management |
|||
0G01 |
Change Management |
||
0G01a |
Administer Change Requests |
PM412 |
Issue |
0G01b |
Perform Impact Assessment |
YI900 |
Impact Assessment Report |
0G01c |
Approve Change Requests |
||
0G01d |
Perform Impact Analysis |
||
0G01e |
Plan Changes |
PM411 PM210 |
Change Control Summary Project Plan |
0G02 |
Manage Project Office |
||
0G02a |
Manage H/W Baseline Library |
||
0G02b |
Manage S/W Baseline Library |
||
0G02c |
Manage Support Tools |
||
0G02d |
Manage Policies, Procedures, Standards & Guidelines |
||
0G02e |
Manage Training Baseline Library |
||
0G02f |
Manage Work Products |
||
0G02g |
Configuration Status Reporting |
TD821 |
Version Control Report |
Once the Project Charter has been accepted, the estimates and schedule become the baseline against which progress and costs must be measured.
Inherent in every Y2000 project is change - scope will fluctuate as the degree of compliance is revealed. Missed items will be identified.
To retain control, every one of these changes must be recorded, course of action determined, approval obtained and then tracked in concert with the baseline plan.
Similarly, the project environment needs to be kept up to date and modifications made where necessary.
The format of deliverables should be modified as the need arises.
0H Controlling |
|||
0H01 |
Status Management |
PM300 |
Project Control Workbook |
Project control involves regularly checking on the status of work, determining whether the plan is still on target. If not, then contingency action must take place, or the baseline must be reviewed. The plan can only be changed if management approval is first obtained.
Often changes in approach, or re-assignment of staff can make the difference to bring the project back on track again.
The best form of control is still via management by the sole of the foot!
0I Contract Administration |
|||
0I01 |
Negotiate Contract |
PM030 PM090 PM012 PM502 |
Engagement Cost Summary Billing Summary Arrangement Letter/ Contract Engagement Risk Assessment |
0I02 |
Administer Contract |
PM310 PM091 |
Time / Expense Report Invoice |
0I03 |
Contract Close Off |
Engagement Sign Off |
Contract administration involves ensuring that the relationship between all parties involved in the assignment is at an optimum level. That there are no undue risks as a consequence of improperly defined responsibilities, that everyone is paid correctly and on time, and that all issues of due diligence are properly taken care of.
Awareness
: Define the year 2000 problem and gain executive level support and sponsorship. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.)During the Awareness & Planning Phase, a quick assessment of the possible impact of the Year 2000 on the systems must be done, and the organisation must be then be convinced that urgent action to rectify these problems is required.
Experience has shown that most organisations have taken up to 9 months to pass through this phase.
Usually, the Y2000 champion is faced by disbelief that there could be such a problem (after all, what difference could two digits in a date make - be real!). This is then followed by denial (it can’t be that big. Bill Gates will invent a tool that will fix it. We spent millions to buy a system that would last us 10 years. You promised us.)
When the nature of the beast really dawns, panic often sets in.
Since we just do not have 9 months, in most cases, the Y2000 champion must convince senior management as soon as possible that there is a problem, and how it can be solved.
Some early estimating techniques to determine impact and cost have been proposed by groups like Gartner ($x per line of source code), the British Computer Society (Rx per head working in the organisation) and Capers Jones (cost per function point, normalised to industry and technology). By mid 1997, many estimates had already started appearing in the press, so that organisations can find comparable situations elsewhere as an order-of-magnitude measure.
None of these measures are likely to be definitive, and it is necessary to move to a Discovery & Assessment Phase. However, to be able to do this, one needs to obtain commitment and resources. These are the major challenges of the Awareness phase.
In practice, the Awareness exercise will probably continue in parallel with other activities, because the level of awareness varies within the enterprise, let alone in the supply chain.
We will not say much more here, except to mention that there are many resources available in places like the Internet, which include descriptions of the problem, presentations, and so on.
Some of the most useful sites on the Internet are:
By 1998, numerous books have been written on the subject. Some of which have been included in the references at the front of this document.
In addition, there are a seemingly endless list of conferences and there is hardly a week that goes by without extensive references to the problem in the media.
There are many differing views on compliance. Here are some definitions.
The IEEE P2000.1 Standard for Year 2000 Terminology has the following definitions:
"Conformance
"Vendors who claim that their products conform to this standard declare that their use of the term "Year 2000 Compliant" and of defined terms within its definition are in accordance with the definitions in this standard.
"Definitions
"Year 2000 compliant: Technology is Year 2000 compliant if it is capable of accurately processing, providing, and/or receiving date data within and between the 20th and 21st centuries, provided that:
1. the technology is used in accordance with its associated documentation, and
2. all other technology used with it properly exchanges date data with it.
"Technology: Hardware, software, and firmware systems and system elements including but not limited to information technology, embedded systems, or any other electro-mechanical or processor-based systems.
"Date processing: The handling of date data within a system or system element.
"Date exchange: The interchange of date data between two or more systems or system elements. In order to facilitate proper date data exchange between two or more systems or system elements, defined formats should be identified and documented by the suppliers of systems or system elements. Such formats may be specified by the standards or other publications listed in section 2, other generally accepted industry date representations, or other documented methods of date representation. Depending upon the date formats selected, additional information such as, but not limited to, valid date interval, pivot year, and encoding technique may also need to be documented."
The British Standards Institute views compliance this way:
"Year 2000 conformity shall mean that neither performance nor functionality is affected by dates prior to, during or after the year 2000. In particular:
"Rule 1: No value for current date will cause any interruption in operation.
"Rule 2: Date-based functionality must behave consistently for dates prior to, during and after the year 2000.
"Rule 3: In all interfaces and data storage, the century in any date must be specified either explicitly or by unambiguous algorithms or inferencing rules.
"Rule 4: Year 2000 must be recognised as a leap year.
"Amplification:
"Rule 1: Known as "general integrity rule".
Ensures that rollover between all significant demarcations (days, mths, years, centuries) will be performed correctly.
Current date means today's date as known to the equipment or product.
"Rule 2: Known as "date integrity rule".
All equipment and products must calculate, manipulate and represent dates correctly for the purposes for which they were intended.
Functionality includes both processes and the results of processes.
Rule does not exclude reference points for date values and calculations (e.g. integer date)
No equipment or product shall use particular date values for special meanings (e.g. "99" = "do not erase", or "00" = "beginning of file")
"Rule 3: Known as "explicit/implicit century rule"
Explicit: representation of century in year
Implicit: based on inferencing rules (e.g. yy>50 implies 19yy, yy<=50 implies 20yy)."
Others have described less complex definitions. For example, the US State of Washington, describes Y2000 Compliance as follows:
"Information systems are Y2000 compliant if they are "able to accurately process date data - including but not limited to, calculating, comparing, and sequencing - from, into, and between the twentieth and twenty-first centuries, including leap year calculations."
The definitions assume that all software must be able to process dates correctly. Since this is unlikely to be true of many older applications, this could result in enormous costs, and more importantly, reduce the chances of being ready on time.
Organisations therefore need to take a more pragmatic view and focus on the software items that are most critical to the organisation and assess to what degree compliance is important.
For example, many fax machines have the ability to print the date and time of transmission or receipt, together with the sender name and telephone number. If your organisation is a firm of attorneys, where the automatic logging of date and time is important to establish when something was done, then there is no question that this needs to be fixed, but otherwise? Does it really need to be fixed?
To avoid delays later, you need to define your rules early.
Leap years are years that are divisible by 4, unless the year is also divisible by 100.
However, if the year is divisible by 400, then it is a leap year.
Therefore, 2000 is a leap year (divisible by 4 and by 400), but 1900 wasn’t (divisible by 100, but not 400), nor will 3000 be a leap year (ditto). 2004 will also be a leap year (divisible by 4, but not by 100).
The reason for these strange (or so it appears) rules, is that a year is not 365 or 366 days, but approximately (ha!) 365.24219878 days.
The Responsibility of Directors
This matter is sometimes referred to as "Due Diligence" and it involves the responsibility of directors and others entrusted with the protection of stakeholders’ interests.
In essence, directors have the responsibility to ensure that the concern under their supervision is maintained as a "going concern". As such, they have the responsibility to take every reasonable action to ensure that the enterprise does not fail, or failing that, to make this known to stakeholders.
If they do no do so, they may expose themselves to legal action. If lives are lost, the legal action may involve criminal prosecution.
What we have been able to establish from discussion with various attorneys is the following:
There are a number of firms of attorneys that are specialising in this field. If in doubt, an attorney should be consulted.
Deliverable |
Exit Criteria |
|||||
CoA |
Name |
Description |
ID |
Name |
Prio |
Description |
1 Awareness & Planning |
||||||
1A |
Determine Exposure |
|||||
1B Create Awareness & Obtain Support |
||||||
1B01 |
Internal Awareness |
|||||
1B02 |
Business Partners Awareness |
|||||
1B03 |
Other Agency Awareness |
|||||
1C |
Develop Macro Estimate |
|||||
1D |
Establish Executive Committee |
Assessment
(Inventory): Evaluate the year 2000 impact on the enterprise; develop contingency plans to handle data exchange issues and system failures (dysfunction or system crashes); triage (prioritise) systems by identifying those that are mission critical. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.)Before we start, we need to be clear about just what we mean by compliance. This compliance needs to be defined in context: in the case of COTS, the context is what it interfaces with, and the platform(s) it runs on. In the case of embedded software, what would be the consequences of an incorrect date being returned. Sometimes it matters, sometimes it does not.
Vendors and other developers need to specify what the degree and level of compliance is. Be aware that a conditional reply may be of no value.
The scope of the project is confirmed by checking that all application areas that support a business area have been identified. As well as who the key decision-maker is. We need to also identify the systems, or applications, that make up the application area. In addition, identify the platforms that the systems require to operate effectively and the vendors that supplied the software.
This information would typically be obtained by conducting interviews with the key people. They also need to be asked about how important the systems are to the business - would business operations be unaffected if date problems had to cause errors. Establish to what degree the business would be affected.
All this data should be captured into an inventory, and the results published.
The next step is to conduct a Detailed Investigation.
Each of the platforms must be described in detail to identify whether the specific version or release has Y2000 implications. This would be obtained from the vendors who supply or support the platform.
Each system, or application, must also be described in full. Note however, that if a COTS package is being reviewed, the amount of detail will depend on how it is used. In some cases, it may be sufficient to establish that the COTS is Y2000 compliant.
In many cases, these systems interact with other systems, and it is important that the nature of this interaction is defined. Again, judgment should be used: the level of detail one is required to collect depends on the nature of the interaction.
Having now collected a great deal of information, it is now possible to review the priorities and the degree of Y2000 impact. It may also be necessary to revisit some aspects to gain greater clarity.
In the case of bespoke or custom developed systems, it may be necessary to do code and database analysis to identify exactly which lowest level items (line of code or data field) may have Y2000 implications.
Whilst one is performing this exercise, it may also be possible to identify redundant code, or improvements.
Having completed this detailed analysis, priorities and risks need to be re-evaluated. If it is found that risks are very high, it may be necessary to adopt a different approach - possibly fast-tracking the readiness project for one of the systems or platforms.
At this time, we would also determine, for each system, what the course of action should be - do we retire the system, modify it, upgrade it, or how else should we deal with it.
Then we need to define just how we may be certain that we were successful, by identifying what testing will be required, and the nature of that testing.
All of these changes must then be documented.
The full inventory is then reviewed during the Level 1 Compliance Verification, to ensure that nothing has been left out. Assumptions regarding risk and readiness must be revisited to ensure that they are still correct. Finally, the work required to convert non-compliant systems and platforms must be estimated, and the time that is required to complete the conversion work must be determined.
Typically, the results will be unacceptable because of timing and resource constraints, which means that one will have to review different scenarios to determine the most appropriate course of action.
Having done this, the plans need to be authorised by the client, so that work may start on the conversion activities.
Considering the great number of variables and concurrent tasks that need to take place, project and programme management will need to be effectively conducted.
Determination of Y2000 Risk Level
Risk level is a summary of the overall risk that a Compliance Configuration Item (CCI) is seen to have. As the accompanying figure shows, Risk Level considers three basic factors:
This implies one or more of the following:
JM Juran describes the process of Criticality Analysis as to "identify the ‘vital few’ features so that they will receive priority of attention and assets." He goes on to list what he calls the product features that should be considered as critical:
Juran’s perspective is essentially a manufacturing one, but it looks at criticality from the view of the customer and the supplier and it is a useful model.
(Juran, J.M. Juran on Quality by Design. New York: The Free Press. 1992. pp174-175.)This question addresses whether there is a date-related impact to do with the changeover from 1999 - 2000. The answer is either Yes or No.
Will it be a lot of work to fix?
This question is not so easy to answer, since "a lot" is a relative term. A lot of money means something quite different to a poor person as opposed to the CEO of a Fortune 500 company. Similarly, "a lot of work" seen in our context must be taken in relation to the enterprise. A company like Fluor manages multibillion projects as a matter of course. The same is not true of most companies. We recommend that a questionnaire be created that would place the following issues into context in the company concerned, to ensure that subjectivity is reduced and classification can be consistent.
We describe "a lot of work" in one or more of the following ways:
All of these require, potentially, a lot of work to resolve. Note: the guidelines given assume that remediation projects will commence by latest 3rd quarter 1998!
Note that none of the above lists are necessarily conclusive! The evaluation of the risk level criteria could be a lot broader than what we have described above.
That is why we have developed a classification scheme of CCIs to assist with the determination of risk level.
This classification scheme considers each CCI from a number of different perspectives. The exact classifications are summarised at the end of this document.
CCI type classification.
Configuration Item Type.
This describes whether the CCI is an application or a platform. If it is a platform, what type of platform is it.Configuration Item Type (Jones).
Capers Jones has described 20 different types that give a good indication of the complexity and effort associated with each type.Configuration Item Scope.
The scope ranges from a single line of code (which is the CCI that a code scanner typically addresses), through to a compound system (like SAP, BPCS, etc. which are actually sets of systems).Importance Index
. This describes the level of usage, ranging from a single user to a COTS, which may be used by millions. There is usually a correlation between development and maintenance cost and rigour and the nature of the use of the CCI.Date Involvement.
This set of classes describes the extent and nature of date usage in the CCI.
Date Class.
The date class considers the manner in which dates play a role in the applicationAcceptability Index.
This classification considers the types of dates used (Julian, ordinal, ISO8601, etc.).Risk Assessment.
Compliance Certification Level.
This classification describes the level of certification of the CCI. The range is from a system that has already been retired (but still appears on lists) to uncertified.Note also that certification is a sticky issue. Very few and quite possibly only foolhardy vendors would be prepared to offer a carte blanche certification for their product. This is because certification depends on so many different factors, including the way in which the CCI is installed and its interaction with other CCIs. As a consequence there has been significant backtracking on the part of many vendors in the last year with regards to the certification level of each CCI.
In any event, compliance level can only be verified if the certificate is accompanied by a description of the testing process (often a proprietary issue, or trade secret) and documented test results, which can be replicated consistently.
Risk Category.
The risk category considers the likely result if a CCI is not fixed. It ranges from no impact (if there is no date processing involved – although there may be dates in the system, but they are for sight purposes only, not used in calculation, access, sequencing, manipulation, etc.)Compliance Item Priority.
This classification describes the use of the CCI in the enterprise and its likely effect if it should fail.Proposed Action.
Compliance Strategy.
We need to determine how the problem will be addressed at a high level. For example, elimination, repair, retirement, developing an interim solution, replacement, transfer, and so on.Compliance Action.
The compliance action describes what should be done to address non-compliant CCIs (nothing, fix, etc.).Compliance Approach.
If the proposal is to fix a date related problem, then what is the approach that is proposed – expansion, masking, etc.All of these aspects come into play in finally determining the risk level of a CCI.
The process that is followed can be roughly described as follows:
The classification of items is based on the following simplified model of the role of technology in the enterprise (see the accompanying figure).
In its most simple form, an enterprise is made up of business units, which are supported by application areas. Application areas are made up of one or more applications or systems.
Business units can be functional, geographical, hierarchical, or according to any other classification. For example, they may be Admin, Finance, Manufacturing. Or they may be Gauteng region, Western Cape region.
Application areas are typically groups of applications or systems that work together to support a particular function or set of functions, for example, Financial Accounting, Production Planning, Order Processing, etc.
The terms systems and applications are used interchangeably as any combination of software and procedures that are applied to supporting a business function (for example, Debtors, General Ledger, Salaries, Master Production Scheduling, etc.)
A platform is any technology that is required by the application or system
Platforms therefore only have a reason for existence by virtue of the applications that require them.
Deliverable |
Exit Criteria |
|||||
CoA |
Name |
Description |
ID |
Name |
Prio |
Description |
2 Discovery & Assessment |
||||||
2A Preparation |
||||||
2A01 |
Define Y2000 Compliance |
Year 2000 compliant: technology, including but not limited to, information technology, embedded systems, or any other electro-mechanical or processor-based system, when used in accordance with its associated documentation, is capable of accurately processing, providing, and/or receiving date data from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations; provided that all other technology properly exchanges date data with it. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.) Describe how the enterprise views compliance. Note that there are instances where it will not be necessary for technology to be compliant. |
YI001 |
Compliance Requirements Definition |
A |
Approved YI001 |
2A02 |
Create Draft Compliance Information Request |
As a pert of the "due diligence" process, it is essential that one obtains statements of compliance from vendors, customers, partners and other enterprises that provide services or sell products to the enterprise. It is not practical to send the same letter to everyone. Letters need to be tailored according to potential risk and information required. If you right one all-encompassing letter, and send it to 5-6000 enterprises that interact with your enterprise in some way, and let us say that a miracle occurs and they all complete the 20-page missive completely, how will you process all the information received? |
YI101 |
Compliance Information Request |
B |
Compliance Info Request letters sent |
2A03 |
Confirm Scope with Sponsors |
Scoping a Y2000 project is very difficult. It is only at the end of this phase that one will be able to say with some measure of confidence what the impact of the Y2000 on the enterprise is likely to be. Be especially careful to not use "definite language" in this phase. Most enterprises find that they are faced with scope ballooning (rather than scope creep) when entering into a Y2000 project. |
YM101 YM102 YM111 YM112 YM121 YM122 YM901 YM902 YM903 YM904 YM905 YM101 YM102 YM111 PM230 FD400 WP001 |
Business Unit Inventory Locations Inventory Application Area Inventory System Inventory Platform Inventory Vendor Inventory BU / Location xref BU / Application Area xref Application Area / System xref Vendor / System xref Vendor / Platform xrefBU Inventory Locations Inventory AA Inventory Responsibility Matrix System Inventory Meeting Notes |
A |
Scope agreed to. |
2A04 |
Create Macro Inventory |
All known information, at a high level, should be captured using a reusable mechanism, so that detail may be added as it is discovered. |
YI801 YI803 |
CCI Inventory CCI Summary |
||
2A05 |
Determine Priorities |
Identify which systems are most important to the enterprise, and where the highest Y2000 impact is likely to be (in conjunction with the projected work to make the systems Y2000 ready). Identify which systems will need to be code scanned. Start preparations for taking code off-site for scanning. Agree whether the approach is to be impact assessment only, scanning only or scanning and remediation. If code scanning is to be done, be aware that most factories will have a methodology that is to be followed. |
FD400 FD400 |
System Inventory Inventory of Systems to be Scanned Impact Assessment Strategy |
||
2A06 |
Document Findings |
The purpose of this deliverable is to act as the first definitive measure of the impact of Y2000 on the enterprise. It can be used to determine a macro estimate for the amount of work, cost and time that is to follow. Users should use this deliverable to verify that no important areas have been missed, and that the project team is on the right track. |
YI901 |
Macro Assessment Report |
A |
User signoff of information presented. |
2B Detailed Investigation |
||||||
2B01 |
Describe Platforms |
YI121 YI122 |
Platform Summary Vendor Summary |
A |
All platforms identified |
|
2B02 |
Obtain Vendor Compliance Statements |
YI101 YI121 YI122 FD401 |
Compliance Information Request Platform Summary Vendor Summary System Summary |
A A A |
All vendors identified Vendors ranked by importance Letters sent to all important vendors |
|
2B03 |
Investigate System |
Depending on the Assessment strategy, assess the systems through interviews, documentation reviews, sight checking, or code scanning. |
WP001 YI131 YI411 YI422 |
Notes Database Compliance Summary Inputs Compliance Summary Outputs Compliance Summary |
||
2B04 |
Describe System |
YI655 FD401 |
System Map System Summary |
|||
2B05 |
Define Application & System Interfaces |
FD430 FD431 YI432 |
Interface Inventory Interface Description Memo to Partner System Project |
|||
2B06 Check Compliance |
||||||
2B06a |
Do Code Analysis |
YI804 YI806 YI805 |
Code Removal Contract Code Removal Plan Code Changes List Unused Code Summary Collateral Improvement Summary |
|||
2B06b |
Identify Replacement / Upgrade Items |
YI113 |
COTS Replacement / Upgrade Summary Compliance Requirements High Level Compliance Assessment |
|||
2B07 |
Confirm Priorities |
FD400 |
Systems Inventory |
|||
2B08 |
Confirm Business Risks |
YI412 PM504 |
Contingency Requirements Business Risk Summary |
|||
2B09 |
Determine Compliance Strategy |
YI652 YI801 YI803 |
Recommended Compliance Strategy CCI Inventory CCI Summary |
|||
2B10 |
Specify Changes & Action Steps |
YI802 YI651 YI602 YI670 YI701 YM014 |
CCI Segmentation Summary Implementation Alternatives Conversion Tool Recommendation Conversion Environment Recommendation Configuration Management Tool Recommendation High Level Cost Estimate |
|||
2B11 |
Define Compliance Testing Requirements |
TD701 YI702 YI703 |
Test Proposal Testing Facility Requirements Testing Tool Recommendation |
|||
2B12 |
Finalise Requirements Specification |
YI900 |
Impact Analysis Report |
|||
2C |
Level 1 Compliance Verification |
YM112 YM121 |
Platform Inventory Platform Summary |
|||
2D |
Planning & Authorisation |
PM014 PM203 PM210 |
Programme Budget Sub-Programme Work Plan Project Plans |
Client Authorisation of Budget Client Authorisation of Sub-Programme Work Plan |
Remediation
(Renovation): Convert, replace, or eliminate one or more system elements; modify interfaces. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.)The Remediation Phase is the most difficult to provide a definitive framework for, since the exact tasks will depend on the remediation strategy (replace, retire, repair) and approach (expansion, encapsulation, masking). The tasks below should thus be regarded as being at a high level only. We recommend that sub-projects be created for, especially, the system renovation tasks. These can then be consolidated into tasks at a macro level in order to provide a comprehensive picture.
For example, if the renovation strategy is that a system will be replaced with new development, then the sub-project would be made up of the tasks that are typically associated with a new development framework. If the strategy is to repair, the sub-project would be made up of all the tasks typically involved with a maintenance framework. Instead of a project per system, one could group similar systems, or the systems that make up an application area. Alternatively, systems could be group by strategy.
However one groups remediation work, risk must be considered. It would generally be bad practice to group together high-risk systems with those of lower risk.
In fact, if a system is high risk (Risk Level is A or B), one should consider managing it as a separate project. This ensures that the focus on high risk systems is not lost.
When lower risk systems are grouped with a high-risk system, there is the possibility that attention will focus on the lower risk items to the detriment of the high-risk system.
The first step in remediation is to review the strategy that was proposed during the Assessment phase. One needs to confirm whether this strategy is still the right one – especially if there has been a number of parallel Assessment phases (typical in large enterprises).
The activity is concluded with the acceptance of Project Charter(s) for the Remediation Phase. A separate Charter should be created for each remediation project.
Having obtained management approval on the way to go, the next step is to prepare for the renovation work. If platforms are non-compliant, then they need to be updated (typically involves a "patch" or a "service release) or upgraded (usually involves a new version). The amount of work varies quite dramatically, depending on whether we are dealing with an update or an upgrade. Updates are often free, whilst upgrades must usually be paid for.
Upgrades may also involve changes in functionality. Therefore, it is possible that follow-on work may be involved (for example, if functionality has been added, or existing functionality has changed, or underlying data structures have changed).
Then, if a platform runs on other platforms, the upgrade may result in a cascade of upgrades. For example, the enterprise uses an MS-DOS-based accounting package that is not compliant. As it turns out, the only compliant version is the latest version, which requires Windows 95. In this case, to upgrade the package, the enterprise will probably have to replace the hardware, then upgrade to Windows 95 before the accounting package can be upgraded. As an additional knock-on effect, it is possible that other software would also need to be upgraded (like the word processor, spreadsheet and so on). Then, the users will have to be trained to work with a mouse, graphical user interface and so on.
In addition, if physical renovation work has to take place, it may be necessary to prepare the technical environment for this – latest versions of platforms must be ordered and installed, etc.
If code renovation is to be done off-site, authorisation must be obtained to do so, etc. In addition, it may be necessary to obtain software factory quotes, negotiate impact analysis and / or code renovation contracts, and so on.
Having done the preparatory work, it is then necessary to design the changes that will be made. This will depend on the nature of the remediation strategy. If a system is to be replaced, the existing system must be taken out (retired), this may involve modifications to partner systems, since it is unlikely that the functionality of the replacing system will match the existing system exactly.
If a system that is no longer required, is being replaced, one needs to be certain that there are no partner systems that depend on functionality that will no longer be available.
Therefore, the design of the solution can be quite complex and an essential task.
If there are any interfaces, the changes need to be planned, designed and implemented very carefully. An interface always has at least three essential components.
The "owner" of the interface is the system that has control over the layout of the data in the interface, how often it occurs, what the format must be, and so on. The owner is usually the system that required the interface to be created in the first place.
One of the main challenges is co-ordinating that all of these things occur in a properly synchronised fashion.
If the remediation approach is to expand dates, then data file layouts will change. Again, there may be other systems (partner systems) that share the same data. Changes to data layouts may impact on these partner systems.
Regardless of the strategy and approach that is adopted, the changes to the system need to be designed.
If a masking approach is adopted, bridging routines must be developed.
Before the renovation is attempted, the production system must be backed up and a freeze zone started. By definition, no changes may be made to the production system during the freeze zone (other than what one would call emergency changes - statutory changes or bug fixes).
The remediation strategy is then implemented, and regression testing is performed (note: it is vital that the remediation work be limited to Y2000-related changes to ensure that the duration of the frozen zone and complexity be kept to a minimum). Regression testing merely tests that the changes that have been made have not caused the software to regress – or go backwards, i.e. the system still does exactly what it did before the changes were made.
There is often a temptation to fix other problems that are uncovered in the process. Care should be taken that this extra work does not jeopardise the successful and timely completion of the Y2000 project. Note that allowing other changes to be made would impact on regression testing, and could require changes to be made to standard test cases.
Before the system can then be transferred back into production, a delta analysis must be performed to identify any changes that were made to the production system that slipped past change control. This is typically done by doing a binary comparison between the copy made of the production system when it was transferred to "maintenance" and the production system. If any changes did slip through, plus if there were "emergency" changes recorded by change control, these must first be retrofitted to the renovated system before it can be transferred back to production.
Finally, there would typically be a "warranty period" during which time the renovation project team would be on hand to fix any failures that might occur, before the renovated system is signed off.
Deliverable |
Exit Criteria |
|||||
CoA |
Name |
Description |
ID |
Name |
Prio |
Description |
3 Remediation |
||||||
3A Confirm Phase |
||||||
3A01 |
Review Remediation Strategy |
Consider whether the strategy proposed during the assessment phase is still correct (replace, retire, repair). This may have changed as a consequence of elapsed time (there is not enough time anymore to implement the proposed strategy, if the time to go-ahead decision point was too long); enterprise priorities as a result of other projects force a change, etc. |
PM040 |
Project Charter |
A |
Approved Strategy |
3A02 |
Review Remediation Approach |
Review the proposed approach (expansion, bridging, windowing, etc). Is the approach still feasible within the time remaining? |
PM040 |
Project Charter |
A |
Approved Approach |
3A03 |
Approve Phase |
Create a Project Charter for each system to be remediated. |
PM040 PM220 |
Project Charter Remediation Phase Plan |
A |
Signed-off Charter |
3B Prepare for Remediation |
||||||
3B01 Perform Platform Update / Upgrade |
||||||
This activity is required if the system is dependent on platforms, that must be updated (apply patches, service releases, etc) or upgraded (install new version of software / hardware). |
||||||
3B01a |
Confirm Version |
Verify that the version of the software identified in the Assessment phase is still current. If the required CIs are not available, record follow-up notes for when they are. Identify the material differences between the current version and the new version (defect fixes, new features, changed functions, etc). Identify whether there will be a ripple effect (platform upgrade requires upgrade to the platforms it runs on – for example, operating system upgrade, which in turn requires a hardware upgrade. Do these upgrades have consequent knock-on effects, e.g. that other software that run on them must be upgraded?) |
YI101 PM413 YI121 YT210 |
Vendor Information Request Follow-up Note Platform Summary Delta Summary (New Features, Changes, etc.) |
||
3B01b |
Obtain Update / Upgrade |
Investigate the contractual terms that exist between the company and the vendor that is supplying the platform. Is the update / upgrade free? What are the conditions that apply? (Note that this task may involve a little effort, but may materially affect the duration.) |
Contract Software |
|||
3B01c |
Plan Installation |
Identify how much work will be involved, who will do it and by when. Note especially how any new features and changed functions will be dealt with – changed procedures, retraining, etc. |
PM220 |
Software Update/Upgrade Plan |
||
3B01d |
Perform Installation |
When the update / upgrade has been received, it must be installed. |
Updated / Upgraded Software |
|||
3B01e |
Validate |
Test that the installation was correctly done. Especially verify that there were no unexpected knock-on effects. |
TD710 QM591 |
Test Plan Confirmation Report |
||
3B01f |
Update Environment |
If there were changes to / new features it may be necessary to train personnel and update procedures. |
Updated Procedures Trained Personnel |
|||
3B01g |
Warranty Period Support |
Provide hands-on support for required period after successful completion. |
PM414 |
Incident Reports |
||
3B02 Prepare Remediation Environment |
||||||
3B02a |
Prepare Technical Environment |
This task would involve obtaining and setting up all the components that are required to perform remediation work. For example, to purchase bridges, language extensions and standard date routines, if these are available. In addition, it may be necessary to consider licence issues like having a temporary copy available for testing purposes, ensuring that the system date may be rolled forward / back without licence agreements being violated. |
Obtain language extensions, tools, etc. Establish remediation technical environment |
|||
3B02b |
Prepare Organisation Environment |
If software is to be renovated off-site, there may be a need to establish a removal contract. The change control policy and a freeze period enforcement approach must be completed to ensure the minimum retrofitting of emergency changes. Worst case should be that production software libraries are password protected and that copying into production can only be done under controlled circumstances. Look out especially for violations after hours when control tends to be more lax because of batch run failures. |
YM201 YM211 YM210 |
Source Removal Agreement Change Control Policy System Freeze Policy |
A |
Enforceable Freeze Zones |
3B03 Design Remediation Architecture |
||||||
3B03a |
Confirm Renovation Approach |
Having been through the initial work in this phase, we must once again re-look at the renovation approach. Expansion is theoretically the best approach, since it will have the effect of reducing follow-on work, however, on large projects, it could take more than 3 times as long to implement as a language extension (if this is available) and almost twice as long as masking (which purists would argue is wrong, because it merely postpones the problem. The interface policy must be determined early, as it may have to be negotiated with external partners. There may be third parties as well, who might force the issue because of a lack of resources (e.g. the government, data transmission agencies like VANs and the ACB, where financial transactions are concerned). The data management policy has to do with the management of data and the interactions of the system with the database (including "flat files"). Is it even feasible to adopt expansion – regardless of the cost and time issues (sometimes files sizes may be so large that adding 2 extra bytes is not a desirable option? Should one mix expansion and masking? What about timing of the data changes? What about backups, archiving, disaster recovery? After a detailed look at these matters, the renovation approach summary describes the proposed architecture. |
Interface Policy Date Management Policy Renovation Approach Summary |
|||
3B03b |
Confirm Data Conversion Strategy |
If data conversion is to take place, then describe why, what, how, when, who, where this should be done. Of key concern is the interrelationship of different systems with the database. Especially the synchronisation of the required changes to the systems that the database changes will necessitate. |
Data Conversion Strategy |
A |
DBA approval |
|
3B03c |
Confirm System Architecture |
Describe the changes to the system, review the system map and plot the changes, identify and record the key dates by when actions must happen, before which they cannot happen, when decisions must be taken, when status of the implementation of critical path decisions must be checked, etc. Describe how versioning will be controlled, how emergency changes will be kept to a minimum during changes, how changed system will be transferred back to production, synching issues with other systems. |
System Summary System Map Key Dates Summary Configuration Management Issues |
A A |
Management approval Decision to proceed |
|
3C Renovate Interfaces |
||||||
3C01 |
Design Interface Renovation |
Review the list of interfaces, is it complete? Has it changed? Are the interface details described correctly and completely? Is the list of configuration items that may be affected by date related interfaces complete? Have the required changes been described in sufficient detail to act as a "change spec"? Are all of the interface partner systems listed and described? If masking is to be implemented, create a spec for the different routines to be used, including rules as to where they need to be implemented. Produce the interface design spec. |
FD430 FD431 YI801 YI803 YI804 TD431 |
Interface Inventory Interface Summary CCI Inventory CCI Summary Masking Spec Interface Design Spec |
A A |
Passes design walkthrough Conforms to strategy |
3C02 |
Plan Interface Implementation |
Confirm implementation dates with partner system owners. If any partner dates do not fit in with critical path dates, develop a contingency plan, modify specs accordingly. |
TD431.1 PM220 PM420 |
Interface Design Spec: List of partner systems Interface change deployment plan Contingency Plan |
A B |
Approve plans Partner system owner approval |
3C03 Change Interfaces |
||||||
This task would typically only be required if there are actual changes to the interface file(s), e.g. as a consequence of adopting expansion as the renovation approach. If the approach is masking, this task will not be required. |
||||||
3C03a |
Change Interface File Layouts |
Modified Data CCIs |
A |
DBA approval |
||
3C03b |
Change Partner System Programs |
If interface file layouts change, the programs that interact with those files will need to be changed. Keep in mind that since it is not always possible to modify all partner systems simultaneously, masking routines will have to be developed to present that new data in the old format to unchanged programs. |
Masking Routines Modified CCIs |
|||
3C03c |
Test Changes |
Test the changed programs, check before and after images of interface data – either to check that they are identical (if masking is used) or that they have changed correctly (if expansion is used). Ensure that processing of interface is correct, via transaction trace and via data file comparison. |
Data Delta Analysis Change Confirmation |
A A |
Interface contents confirmed Data processing correctness confirmed |
|
3D Renovate Data Files |
||||||
This task would typically only be required if there are actual changes to the data file(s), e.g. as a consequence of adopting expansion as the renovation approach. If the approach is masking, this task will not be required. Note that the scope is not limited to permanent files (i.e. those described as internal logical files by the rules of function point analysis), but also temporary files as well (those that exist by virtue of the technology or processing approach). |
||||||
3D01 Design File Changes |
||||||
3D01a |
Define Data Changes |
Check that all of the data files were identified and have been recorded, as well as that there is sufficient information about each to design the changes. Check that CCI’s exist for each field that is impacted. Describe the changes that must be made. |
FD140 FD145 FD115 |
Data File Inventory Data Record Inventory List of Impacted Fields |
||
3D01b |
Design Conversion Programs |
Design the programs and procedures that will be required to do data conversion. If the data is accessed by more than one system, there may be a need to implement masking for those systems that cannot be modified simultaneously. |
TD650 UD850 UD851 |
Data Conversion Spec Conversion Program Spec Conversion Process Flow Diagram |
A |
DBA approval |
3D02 |
Plan Data Conversion & Roll-out |
Develop a detailed plan for the development and testing of conversion programs and describing when and how conversion will be done. If synchronous conversion is planned, define a contingency plan in case of failure. |
PM220 PM420 |
Data conversion & deployment plan Contingency Plan |
B |
Partner systems approval |
3D03 Convert Data |
||||||
3D03a |
Write Conversion Programs |
Conversion Program Operator Instructions |
||||
3D03b |
Back Up Files |
Before files are converted, ensure that they are backed up and in a safe place and that the recovery procedures work. |
Backed-up Files Contingent Software and Data backups DRP Copies Recovery Procedure |
|||
3D03c |
Perform Conversion |
Converted Files |
||||
3D03d |
Validate Successful Conversion |
Check that conversion was executed successfully. Confirm that data was changed, or was unaffected as the case may be. |
Delta Analysis Report Confirmation Report |
A |
DBA approval |
|
3E Roll-out Data Changes |
||||||
3E01 |
Inform Partner System Owners |
Confirm the plan to role out the converted data files with partner system owners. Review contingency plan if critical dates cannot be met. |
Interface Change Memo Contingency Plan |
B |
Partner system owner approval |
|
3E02 |
Agree Implementation Dates |
Finalise role out planning by agreeing firm role-out dates. |
Follow-up Dates |
|||
3E03 |
Apply Changes to Production |
Copy changed data files to production. |
Changed Data Files |
|||
3E04 |
Provide Warranty Period Support |
Be ready to provide immediate support if this should be required. |
Incident Reports |
|||
3F Renovate Systems |
||||||
3F01 Design System Renovation |
||||||
3F01a |
Confirm Impact Analysis |
Review the findings of the Assessment study. Identify any missing issues. Confirm the recommendations made at that time. |
System Summary |
A |
Business Owner Approval |
|
3F01b |
Design System Changes |
Design changes based on the strategy adopted (retire: ensure no dependent components will be adversely affected. Replace: ensure that dependent components will continue to operate without failure. Repair: design to normal maintenance project standards, with additional risk management activities.) Also include the design of standard date routines, masking routines, etc. |
As per risk-management-influenced maintenance methodology. Date Routine Inventory |
A |
Design sign off |
|
3F02 Renovate Systems |
||||||
3F02a |
Develop Standard Routines |
Code and test standard routines. |
Date Routine Inventory Date Routine Module |
|||
3F02b |
Freeze Production System |
Implement freeze procedures and ensure that no program changes can occur without passing through formal change control and without the use of configuration management tools, if possible. |
Incident Reports Change Control Log Change Control Summary |
A A A |
Regular monitoring of change control Effective change control in place Only "A" priority changes are permitted |
|
3F02c |
Back Up Production System |
|||||
3F02d |
Update / Upgrade System |
This process assumes that the software is COTS, or a "package" developed by an outside party, which is subject to version and release control. Releases are typically involve maintenance updates (i.e. fixes), whilst versions typically include new or changed function. This is often the easiest to manage, unless there are knock-on effects. For example, data structures may have changed, requiring data conversion. If the software had previously been customised, it may be necessary to remove the changes before the upgrade can be made, after which the customisation may have to be retrofitted. If version upgrades have been missed, it may be necessary to do a stepwise upgrade. Be aware that if version numbers are substantially different, technology changes may have occurred as well (for example, from "green screen" to Windows-based). Thus the upgrade may involve retraining, procedure changes, data conversion, etc. |
Most suppliers have standard project planning templates for updating / upgrading their software. It is preferable to use those and not make your own. However, be aware of critical dates and follow-on projects. Consider these carefully when finalising the detailed plan. |
|||
3F02e |
Replace System |
This strategy involves replacing the existing, non-compliant system with a completely different system. It usually applies when the existing system cannot be made Y2000 ready, for whatever reason. This is a high risk approach, as it often involves technology unfamiliar to the enterprise. |
Develop Replacement Plan Execute Development Plan Convert Old to New Database |
|||
3F02f |
Renovate Code |
Code renovation may be performed in house, manually or with semi or fully automated tools. Alternatively, it may be done externally by a software factory. |
If done by a software factory, there usually are project planning templates describing tasks and deliverables. |
|||
3F02g |
Retire System |
When retiring a system, be aware that there may be other systems that share data, or receive interfaces from or provide interfaces to the retired system. Procedures may also need to be changed, and staff retrained. |
Retirement Agreement Retirement Plan Partner System Change Design Partner System Change Specs Partner System Changes Partner System Test Plans |
|||
3F02h |
Develop Interim Solution |
An interim solution is intended to provide key functionality for a limited time only. Because controls are typically not as tight as in a proper functioning system, care needs to be taken that there are manual controls in place to ensure that errors are trapped before major failure occurs. In interim solution is often a drain on resources and requires much higher level of ongoing support. |
Existing System / Interim Solution Difference Report |
|||
3F02I |
Develop Workaround |
Workarounds should be developed for every critical function. Workarounds are typically designed to be activated if a system remains non-operational for a predetermined period of time. Be aware that in enterprises where re-engineering has recently taken place, It may not be a simple matter to re-activate discontinued manual procedures. |
List of Workarounds Workaround Procedure Spec Workaround Workaround Procedure Checklist Workaround User Guide Training Materials |
|||
3F02j |
Transfer System |
This typically involves transferring the running and maintenance of a system to an outside party (outsourcer). |
The outsourcer typically has project planning templates to assist with planning the project tasks and deliverables. Be aware of critical dates and follow-on projects. |
|||
3G Regression Testing |
||||||
3G01 |
Develop Test Plans |
Test Plans Configuration Management Procedure |
||||
3G02 |
Create Test Packs |
Test Scripts Test Data Files Baseline Pack |
||||
3G03 |
Test System & Data Changes |
Test Log Incident Reports |
||||
3H Transfer |
||||||
3H01 |
Plan Return to Production |
Cut-over Plan Recovery Proposal |
||||
3H02 Apply Changes to Production |
||||||
3H02a |
Perform Delta Analysis |
|||||
3H02b |
Retrofit Emergency Changes |
|||||
3H03 |
Transfer Renovated System |
|||||
3H04 |
Provide Warranty Period Support |
|||||
3H05 |
Develop Fallback Procedures |
|||||
3H06 |
Sign Off Renovation |
|||||
Validation
(audit): Test, certify and validate one or more converted or replaced system elements. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.)During remediation, our objective was to disrupt business as little as possible by keeping frozen zones as short as possible. As a consequence, we recommended that testing should be limited to regression testing.
It is unlikely that any sizeable enterprise will have only one system that is impacted by the Y2000 problem and must consequently be fixed. Since it is quite likely that there are multiple systems, these systems must be tested specifically for the Y2000 as well as that one will not upset the other.
There is a strong case to be made that Y2000 testing will be the greatest challenge any Y2000 programme will face – not only in terms of effort and duration (there is much evidence to indicate as much as 50 –70% of total project duration and more than 50% of effort (person hours)), but also in complexity.
During Verification & Validation, we must verify that the Y2000 changes were correctly done and validate that the different system will work together correctly during the year 2000 and after.
For example, we will need to set the system date forward to 1 January 2000, 29 February 2000, etc.
Year 2000 testing is one of the most critical activities that any Year 2000 project will engage in. Practice has shown that most companies are rather poor at testing. The average system will be delivered with only around 95% of "bugs" removed.
The accompanying table shows the generic types of testing that are usually performed. Of interest, is also the percentage of organisations that actually perform those types of tests. Not all of the tests apply to Y2000 projects, and the type of test often depends on the nature of the system.
In the case of Year 2000 projects, this means that these bugs will only be discovered after the 31 December 1999, with the consequent disruptions to business and associated problems.
When modifying code, most organisation will inject one new defect for every 14 they fix (the best organisations achieve 1:50 and the worst 1:5).
It is therefore critical that proper attention be paid to the planning and management of testing. This is especially true because testing is the last major activity to occur and time will in all likelihood have run out – i.e. there will be no time for recovery from lost opportunities or unavoidable error.
What makes Y2000 testing particularly difficult and complex is the number of systems that must be tested at the same time (this may be by choice or by requirement) and the divergent nature of the systems being tested. In addition, it is likely that the testing phase will be subjected to severe time constraints.
We will describe the testing-related activities that should be executed during each of the phases of a year 2000 project in this section.
There are no specific testing related activities envisaged during the Awareness Phase, other than to warn the enterprise of the criticality of testing and the input that will be required on the part of business.
Since management is requested to approve a strategy for Y2000 compliance remediation at the end of the Assessment phase, it is important that the risks are clearly defined for review.
Associated with risk, testing must be performed to "prove" that the enterprise will not be subjected to excessive business risk (beyond what it has normally accepted and lived with in the past). Since there are broader issues involved than just the correct operation of systems (for example, there is quite possibly an issue of "due diligence" that affects directors and officers of the enterprise, and there is the likelihood that auditors will be required to report on the effectiveness of Y2000 remediation exercises), it is important that management be made aware, and have the power to influence, the plans to prove the remediation work.
It is thus important that a Test Proposal and High Level Test Plan be completed before the conclusion of the Assessment Phase, and that these documents be included as a part of the Assessment Phase exit criteria.
Create Test Proposal
The purpose of the Test Proposal would be to describe to management what the different options for testing are (from no testing at all, to in depth testing), including the rationale for each. A recommendation is made.
Describe Hi-level Test Strategy
The team that has done the assessment of systems should have a good understanding of what testing will be required. For the recommended approach (a la the proposal), a broad strategy is described – what should be done, what input will be required from the business, when it should be done, what the test bed requirements are likely to be, etc.
During remediation, whilst the changes are being made to the system, is the time when detailed test cases should be developed.
Ideally, a separate team should be working on this. They can act as check on the remediation team to ensure that the most important objectives are being achieved. If the remediation team develop the test cases, there is a chance that the time pressure will seduce them into cutting testing, or developing test cases that prove what they have done (rather than proving what they should have done).
The remediation team should be responsible for unit testing of changes, limited integration testing (for example, at the function level) and regression testing (proving that the changes have not changed existing functionality, or introduced new errors.
Test beds should be readied during this phase.
The validation phase should be restricted to Y2000 testing.
The test beds should be ready, configuration management in place to manage the relationship of systems in production and test, etc.
The testing of each system should be concluded with an acceptance test, where users take back control of the fixed systems.
Implementation should not include any testing activities.
Y2000 Testing Project Deliverables
Base assumption: it will not be possible / may not be necessary to test everything. Test Proposal is created during Assessment Phase to propose to business what, why, how, where, when testing should be done, and by whom. Dec’97 Cap-Gemini survey indicated that all surveyed companies would perform partial testing only.
Purpose: to show the decision-making process involved in determining what should be tested, and what not. Reason: for the sake of "due diligence".
Test Strategy applies to those systems that will be considered for testing. (Note this important distinction!)
Test Proposal should describe how different systems may be grouped for portfolio testing (note that a system may be a part of more than one portfolio) as well as the objectives of enterprise testing.
Proposal assumes a risk driven approach. Generic strategies are:
The Testing Proposal should include the following components:
A high level Testing Strategy, which would include:
For those systems that will be subjected to testing, describe what, why, how, where, when this testing will be done. I.e. the test strategy would be a refinement of the Test Proposal, for the subset of systems that will be included for testing.
A Test Strategy is typically determined for each system, or portfolio of systems to be tested. Partition on the basis of what can conveniently be handled by one team. Note that the remediation team would typically be involved in the testing effort. This should make scheduling interesting.
Testing should generally be restricted to date-related testing. There is unlikely to be enough time and resources to do more.
The Test Strategy should address the following aspects:
The Test Strategy is typically made up of the following components:
The Test Plan describes the scope, approach, resources and schedule of intended testing activities, as well as the testing environment. The Test Plan describes the specific functions, transactions and features to be tested, who will do the testing, how they will do this and when, and what contingency action will be taken should major risks be realised.
The nature and comprehensiveness of testing should be tailored to the criticality of the item. (See the Classification Codes for more information on determining criticality, impact and approach.)
It is often useful to make use of a network-diagramming tool (such as may be found in a project management tool like MS Project) to describe the dependencies and flow of a major testing activity.
An Inventory of relevant (date-impacted) Business and Technical Events should be created during the Assessment Phase. Events result in processes that are supported by Business and Technical Functions. Inventories of these, together with Function Summaries for relevant functions should also be created.
Business and Technical Functions should be categorised according to the degree of date impact and the criticality to the enterprise or business unit.
Critical Functions should be reviewed to determine the nature and level of testing that should be performed. Test cases would be devised for these functions.
Functions are performed by executing transactions. Thus, test cases should describe the event that causes a transaction to be executed, followed by a detailed transaction flow until the condition arises that causes activity to stop.
For each relevant function, identify whether (or not) the function will be included for testing and the rationale behind the decision.
There are generally two types of criteria: generic (which apply across the board, and should be considered for test cases in all test plans) and specific (which apply to a specific application).
Examples of generic criteria include testing for century change, leap year, etc.
Examples of specific criteria include for specific action that would relate to specific application-determined dates, century-spanning, etc.
As the nature and comprehensiveness of the testing is clarified, it is possible to be more specific about the exact requirements of the test bed.
Information required for the provision of the test bed includes:
A Test Case specifies the set of test data, together with the associated procedures developed with a particular objective in mind. Test data includes a populated database, input values and expected results. The amount of data will depend on the nature of the testing (whether an aspect of performance is included, possible condition coverage, etc). Test cases must be defined for both internal interactions of a system, as well as interaction with other systems (interfaces).
In some instances, Pass/Fail criteria may be defined. For example, if a range is acceptable, the low and high values need to be specified.
The objective of the test case should be clearly defined (why this test case should be executed).
Test conditions should be described, which define different scenarios that would apply (for example, century rollover, century spanning). In addition, any constraints should also be defined (time constraints, dependencies, etc).
The test procedures should list the exact steps that need to be followed to achieve the desired level of certification.
Expected test results should be identified that can be used to verify a successful test.
A test log should be used during the course of applying test cases to ensure that every test step is executed according to plan.
Small incidents that are resolved immediately by the testing team, and do not require additional follow-up should be recorded on the test log.
A test incident report should be completed for every incident that occurs that requires additional action. Small issues that are resolved immediately can be included in the test log.
Considering the comment made in the introduction about the risks associated with testing (that there will in all likelihood be no time for error), it would be useful to consider some ways in which the elapsed time could be reduced.
Remember that there are usually benefits associated with risk taking (else why would you take the risk?). The key is to ensure that one receives the benefit, and is not punished (by realising the risk).
Deliverable |
Exit Criteria |
|||||
CoA |
Name |
Description |
ID |
Name |
Prio |
Description |
4 Verification & Validation |
||||||
2T Assessment Phase Activities |
||||||
2T01 |
Business Area Analysis |
Identify what the major functions of the business unit are, and how these are supported by technology. This exercise can be useful as a check to ensure that all systems have been identified. |
FD220 FD221 |
Business Function Inventory Business Function Summary |
||
2T02 |
Business Function Analysis |
Prioritise the business functions to identify which are the most important ones. |
TD902 FD430 |
Business Function / System Function xref System Interfaces Inventory |
||
2T03 |
Critical Function Analysis |
Identify the technology that is used to support each of the most important functions. |
TD902 FD902 FD431 |
Business Function / System Function xref Function / Entity xref System Interface Summary |
||
2T04 |
Testing Tool Investigation |
Investigate whether there are tools available to assists with testing. |
YI703 |
Tools Survey Tool Recommendation |
B |
Tools / lack of identified |
2T05 |
Describe Testing Requirements |
Based on the information gathered about systems, a testing proposal should be developed that describes what should be tested and to what degree. Subject to management approval, a testing strategy is then defined. |
TD700 TD701 |
Test Proposal Hi Level Test Strategy |
A |
Testing Proposal Approved |
3T Remediation Phase Activities |
||||||
3T01 Y2000 Test Planning |
||||||
3T01a |
Review Testing Proposal |
TD700 |
||||
3T01b |
Review Testing Strategy |
TD701 |
||||
3T01c |
Review Test Bed Requirements |
|||||
3T02 Y2000 Test Preparation |
||||||
3T02a |
Create Test Plans |
TD710 |
||||
3T02b |
Create Test Cases |
TD711 |
||||
3T02c |
Establish Test Beds |
|||||
4T Y2000 testing |
||||||
4T01 Prepare for Testing |
||||||
4T01a |
Review Testing Strategy |
TD701 |
||||
4T01b |
Approve Phase Plan |
|||||
4T02 Perform Y2000 Testing |
||||||
4T02a |
Conduct Future Date Tests |
|||||
4T02b |
Conduct Y2000 Regression Tests |
|||||
4T02c |
Conduct System Integration Tests |
|||||
4T02d |
Conduct Other Specialised Tests |
|||||
4T03 Y2000 Certification |
||||||
4T03a |
Create Certification Packs |
|||||
4T03b |
Verify Successful Test Completion |
Implementation
: Place into production one or more converted or replaced system elements. (IEEE P2000.1 Draft Standard for Year 2000 Terminology.)During Implementation, the usual tasks associated with placing systems back into production are addressed. However, in most case, these have been addressed in prior phases. For example, after code renovation, regression testing was done, after which the system was placed back into production. At the end of Y2000 validation, there should not have been any issues that would require special handling - after all, the system should have been working in production for some time.
What we will need to focus on, is to prepare the enterprise for the year 2000. For example, making staff fully aware of contingency plans and fallback procedures. If the decision has been made to place less important functions on hold during the fist weeks of January 2000, and use the staff to support critical functions, then they would need to be trained.
Time need to be taken to do "what if" scenarios, to ensure that as many critical failure issues are covered as possible.
Finally, it is conceivable that processes and procedures will have changed during Y2000 Validation. These need to be implemented.
Deliverable |
Exit Criteria |
|||||
CoA |
Name |
Description |
ID |
Name |
Prio |
Description |
5 Implementation |
||||||
5A |
Training |
|||||
5B |
Update Procedures |
|||||
5C |
Enterprise preparation |
|||||
5D |
Enterprise Y2000 Risk Management |