This article was published in CAUSE/EFFECT journal, Volume 22 Number 1 1999. The copyright is by EDUCAUSE and the author(s). See http://www.educause.edu/copyright for additional copyright information.
Ten Questions Campus Executives Should Be Asking to Assess Year 2000 Readiness
by E. Michael Staman
What questions should college and university executives be asking to be confident that your institutions are making progress on the year 2000 computer problem? How do you know that this progress is satisfactory? Are the priorities the correct ones? Is your institution paying sufficient attention to ancillary questions, such as vendor relations and legal implications?
Sources for the questions in the list below are those commonly found at most year 2000 Internet sites. The information has been collected and distilled with a focus on higher education and presidential needs. As such, the list contains no new insights into the problem, just a new presentation of existing information along with some explanatory comments about why each question is important.
Remember, the problem for campus executives is one of ensuring that senior management is focusing on effective management processes and follow up, not on the technical issues. The less difficult part of the challenge, the technical elements, should be left to those with technical knowledge, especially given that technical repairs for almost any conceivable problem are both well known and not difficult to accomplish. One might think in terms of this being no different from any of the other technology-related challenges that we have had over the years, except that this time there is a very real deadline!
Given these caveats, here are the ten questions campus executives should be asking to assess year 2000 readiness.
1. How many systems do we have in our inventory?
This is the beginning, and the smallest part of the project. Every institution should know this answer by now. Note that a full inventory will include software systems, hardware, networking devices, and operating systems.
2. What are the impacts on facilities?
Some buildings have systems or facilities within that cause them to be high risk, and sometimes the question is more simply related to building security or other infrastructure. A simple punch list of base infrastructure tests should suffice for most buildings. Remember that this question applies to embedded chips as well.
3. How many of these systems are "mission critical" for my institution?
Triage is a critical next step. Few institutions, if any, will fix every problem. The key is having a solid management approach: make lists, establish priorities, follow up, pay intense attention to details. Technical solutions are important, but in comparison to management processes, technical solutions may prove to be the less difficult part of the problem.
4. What criteria did we use to determine which systems were mission critical and which were not?
The question here is whether all management agrees on the critical list, not just the technical personnel. Asking for examples to get a sense of current thinking would be a good idea.
5. How many of our mission critical systems are Y2K ready--and have been tested?
The basis for systems being deemed Y2K ready should not be that someone says they are, but that they were tested and found to work. Given the time remaining, and the critical nature of this activity, a system of checks and balances might not be out of the question. A second, high-level manager to simply review and confirm results might be appropriate.
6. What are our critical Y2K milestones for the systems that are not ready?
Do we have a plan that will work and that is achievable? Can we be comfortable that testing will be complete well in advance of December 31? Many organizations have targeted March 31, 1999 as a more appropriate deadline for completion. And there are other important dates that ultimately relate to January 1, 2000--the July 1 start of the fiscal year or early student registration might be examples. An important question that may emerge at this stage is whether the project is adequately funded and, of course, identifying additional sources of funding if the answer is no.
7. Have we identified, contacted, and heard back from all of our critical vendors and other suppliers?
Unfortunately, solving only your institutionís problems is not sufficient. You need to know the answer to this question to prepare to answer the next question.
8. Do we have written contingency plans?
Assume that after all of your preparation something that was supposed to be a "sure thing" breaks. Perhaps a system breaks because internal code and testing turns out to be insufficient after all; perhaps a vendor did not tell the truth. What written plans do you have if, for some reason, you canít meet a payroll, food for students does not arrive, the student registration system fails, or heating and power systems fail? At the least, you need to understand the risk and be prepared in case some of the negative Y2K predictions actually occur.
9. Are our senior managers fully informed and involved?
Perhaps a one-page summary should be presented to you and your immediate reports on a weekly basis through sometime this summer, then more frequently from that point on. A simple list of projects and contingency plans under development, along with targeted dates, status, and comments, might prove to be very useful as you work to involve your institution in the compliance process.
10. What are the legal implications in all of this?
At a minimum you should understand the extent to which you, your institution, and your board are liable in the event that you are the target of a lawsuit. What if, for example, a current or former student claims career or significant financial damage because you are unable to get a transcript out in support of a high profile opportunity of some kind? Suppose a vendor provides you with goods, you are not able to process payment, and the vendor claims bankruptcy because of cash flow as a result? Lawyers can probably write pages of questions such as these, and probably are doing so--even as we work to meet the challenges of Y2K readiness.
EDUCAUSE maintains a Current Issues Web page on Y2K that includes links to miscellaneous Web resources on this topic, as well as links to fifty campus Y2K Web sites. See http://www.educause.edu/issues/issue.asp?issue=y2k.
E. Michael Staman (firstname.lastname@example.org. edu) is Vice Chancellor and CIO of the Board of Regents of the University System of Georgia.
...to the table of contents