Emory Report

August 30 , 1999

 Volume 52, No. 2

Technology source:

The millennium bug: It's time for contingency planning

Over the past 18 months, many of the schools and divisions at Emory have been actively engaged in addressing the Year 2000 problem by remediating or, in some cases, replacing systems and equipment.

Once the remediation work has been completed, an important additional step is to develop a "contingency plan," a roadmap of predetermined actions to take if, despite the work we have done, some computer systems still fail. Several departments already have "disaster recovery" or "business continuity" plans that cover what to do in the event of a tornado, a major power failure or a similar, if rare, disaster. It is prudent to have such a written plan ready in the event of Y2K "disasters"-as unlikely as those may be. The plan should describe how your department will:

  • Respond to failures in the services or vendors it uses.
  • Perform mission-critical computer tasks in the absence of normal systems.
  • Determine what simplified (perhaps manual) systems can be used to replace systems normally automated.
  • Determine how work will continue with partners accessed electronically.
  • To create a contingency plan, your department should:
  • Identify the services it provides.
  • Analyze the risk of each of those services failing (ITD ranked their services as life-threatening, mission critical, priority and nonpriority.) Concentrate first on the life-threatening and mission-critical functions.
  • Analyze the degree of technical risk for each service-how likely is it to fail? (Using the inventory you created earlier for Y2K remediation may help with this.)

In light of the above, determine which of the processes should have a formal contingency plan and develop a written plan with the involvement of your staff. The steps included within the plan should have realistic expectations of your staff and supply chain.

Then you should test the plan to find out if it's truly viable. Train your staff in any areas crucial to the success of the plan and reserve the resources that the plan, and its subsequent testing, requires for successful operation. When you have plans for the high priority services set, move on to lower priorities.

Having the contingency plan ready before a failure occurs will reduce the amount of time required to get the service working again. Your predetermined course of action then can be communicated to those who need to know about it, training can be provided and testing can be carried out. Contingency plans are communication vehicles designed to eliminate confusion, misunderstanding and inaction in the event a failure occurs.

Emory's approach to Y2K issues has been a departmental one: each unit creates and manages its own Y2K initiatives, with the University Y2K Committee providing coordination. This same policy is in effect for contingency planning. Each department, division or school should make its own plans, keeping in mind that its processes may overlap with other areas of the University. Where processes overlap, it is wise to work with that area in developing joint contingency measures. Do not make the assumption that some other area of the University is covering a process or service critical to your area. Find out if they are addressing the process or service to be covered. It's possible another department is unaware that you are depending on them to assist in addressing any potential Y2K failures.

With fewer than 140 days until Jan. 1, it is imperative that we plan for the unexpected. Together we have made significant progress in addressing the year 2000 "bug," and together we can plan for a smooth transition after New Year's Day.

Byron Nash is year 2000 project manager for Information Technologies Division.

Return to August 30, 1999, contents page