Y2K Action Plan

[as adopted by the Advanced Information and Telecommunications Society
Promotion Headquarters on September 11, 1998)

The "Y2K problem" is the risk that computer systems may malfunction if their programs fail to recognize dates after the year 2000. This is an enormous and urgent problem as it may shake confidence in the establishment of highly advanced information and telecommunication infrastructures in the 21st century and must be dealt with by a definite deadline.

Today, with less than 500 days to the year 2000, both government and private sectors need to take all possible measures to deal with the problem as quickly as possible.

Considering the importance and urgency of this problem, H.Q. decided Y2K Action Plan and asked both government and private sector to cooperate to implement it.

At the same time, because the Y2K problem affects other countries as well and has considerable potential cross-border impact, we will also promote international cooperation to tackle the problem.

I. Promoting Y2K awareness

1. H.Q. will work with local governments and private sectors to heighten public awareness of the Y2K problem, to minimize the possible risks in the year 2000, and to ensure a smooth transition into the new millennium. HPAIS will thus widely provide information on what can be done and what are actually being done on this Y2K problem and will work with the public and private sectors to ensure that everyone is fully informed on Y2K measures.

2. In seeking to ensure that this information is widely available and widely understood, H.Q. will not only call for general cautions but also thoroughly inform all concerned parties that the appropriate way to tackle the Y2K problem is to ensure implementation of following measures:

(1) To clarify the organizational lines of authority and responsibility and to ensure that the entire organization is able to respond.

(2) To conduct extensive testing, including simulation tests in order to make sure that the entire system is able to function without problems, as well as to set up contingency plans so as to be prepared for possible system shutdowns, malfunctions, and other contingencies.

(3) To check not only the computers and software but also all of the equipment with embedded microcomputers. To confirm that all the partners connected through computer network are taking appropriate measures.

(4) To inquire of manufacturers and venders of computers, software, and microcomputer-embedded equipment whether the products and the systems are Y2K compliant.

(5) To provide information on the progress etc.

II. Measures to be taken by the Central Government and Requests for Local Governments

1. Measures to be taken by Ministries and Agencies

(1) All Ministries and Agencies will take necessary measures in line with the Y2K Conversion Guidelines (Appendix 1) including implementation of final and thorough checkups, including simulation tests setting up contingency plans. These measures are aimed to avoid impacts of Y2K problem on their computer systems and to ensure that daily lives of Japanese people will not be affected.

(2) In principle, all Ministries and Agencies will complete their simulation tests on systems with high priority that are directly related to daily lives of Japanese people (hereinafter called priority systems) by the end of June 1999.

(3) All Ministries and Agencies will set up contingency plans explicitly covering the possibility of computer and other system shutdowns, malfunctions, and other contingencies for all priority systems on January 1, 2000.

(4)All Ministries and Agencies will report their progress to the Management and Coordination Agency (MCA) quarterly. The MCA will collect the results and release them to the public.

2. Guidance and Requests for the Special Corporations

(1) All Ministries and Agencies will instruct and request the special corporations under their jurisdiction which are running systems directly affecting peoples' lives as well as other special corporations doing work for the government to conduct thorough tests, including simulation tests and to set up contingency plans in line with the Y2K Response Guidelines.

(2) All Ministries and Agencies should report the progress being made by the special corporations under their jurisdiction to the MCA quarterly, and the MCA should collate the results and release them for public consumption.

3. Requests for Local Governments

(1) The Ministry of Home Affairs will call upon all local governments to implement responses following the Y2K Response Guidelines as adapted to their situations.

(2) The Ministry of Home Affairs will survey quarterly the local governments on their progress, collating the results and releasing them to the public.

(3) The Ministry of Home Affairs will extend an active support to the local government's efforts.

III. Measures for the Private Sector

1. Measures for the Private Sectors of Particular Importance

The competent Ministries and Agencies will encourage the finance, energy, telecommunications, transportation, medical care sectors crucial to society's functioning to thoroughly address the Y2K problem. Specifically, this means taking the initiative in conducting over-all checkups, including simulation tests, and provision of information as well as roporting to the competent Ministries and Agencies.

(1) The competent Ministries and Agencies will call upon corporations in the critical sectors owning and running related systems (hereinafter the critical-sector corporations), either directly or through their industry associations, not only to make sure that everyone is thoroughly aware of the Y2K problem but also to conduct independent checkups of their own accord, including conducting simulation tests, setting up contingency plans, and making information on their responses available on the Internet and elsewhere, in line with the Private Industry Y2K Check List (Appendix 2).


With respect to the simulation tests in particular, these are to be completed, insofar as is possible, by the end of June 1999.

(2) The competent Ministries and Agencies will call upon these critical-sector corporations to report quarterly on the progress made in their independent testing and should then collate these reports and make the results available to the public.

2. Reaching out to Industry

(1) Along with seeking to ensure that the industries under their jurisdiction are fully aware of the Y2K problem, the central government Ministries and Agencies will encourage all corporations to conduct independent checkups at their own initiative in line with the Private Industry Y2K Check List.

(2) The competent Ministries and Agencies will make a special effort to ensure an unstinting response when it is considered likely that a failure to take appropriate Y2K action could have major ramifications, as when private industry systems could physically endanger others or when the systems are widely linked to outside systems and networks.

(3) The competent Ministries and Agencies will collect information quarterly on how the industries under their jurisdiction are actually dealing with the Y2K problem and will release the results available to the public.

(4) The competent Ministries and Agencies will encourage the manufacturers and vendors of computers, software and microcomputers-embedded equipment to provide information how they are responding to the Y2K problem to the Japanese and, when appropriate, the international public.

3. Support for Small and Medium Enterprises (SMEs)

To promote responses by those SMEs that might otherwise find it difficult to respond in a timely manner, education, guidance, and support will be provided with a view to enhancing the consciousness of the management of SMEs through the SME leadership organizations and other bodies. Efforts will also be made to promote wider use of such current measures as those for providing the necessary financing and other support. SMEs can consult the SME Regional Information Center about the Y2K problem.

Efforts will be made to acquire information on their progress quarterly and to release the results to the public.

4. The Anti-Monopoly Law and information exchange among corporations and through industry organizations on the Y2K problem.

(1) Dealing with the Y2K problem requires efforts by corporations, and industry organizations to prevent computer malfunctions. As a part of such effort, they may exchange technical information on how to improve computer systems, the results of improvements and tests, etc. without causing problems in terms of Anti-Monopoly Law.
That being said, any act of abusing a position of power within a commercial relationship that restricts competition under the guise of dealing with the Y2K problem will be dealt with harshly under the Anti-Monopoly Law.

(2) The Fair Trade Commission will be available for consultation on whether or not specific actions by specific corporations, industry organizations, or other bodies in response to the Y2K problem are likely to run afoul of the Anti-Monopoly Law.

IV. Establishment of a System to Provide Information

1. Each Ministry and Agency will designate liaison staff for Y2K issues and work to promote information disclosure. Along with creating a home page by the end of September 1998 to provide the general public with information about its own efforts to deal with the Y2K problem and the efforts of industries under its jurisdiction, Ministry and Agency will also update the page with new information as it becomes available and make an effort to ensure that the necessary information is accessible.

2. In an effort coordinated by the Cabinet Secretariat, the Ministries and Agencies will seek to use the Internet and other means in constructing an information disclosure system and to make information about the government's own efforts widely accessible.

The Prime Minister's Office has thus established a home page (https://www.kantei.go.jp) with a section on the Y2K problem. Links will soon be established with the Ministries and Agencies, and information on how the Ministries and Agencies, local governments, private-sector bodies, corporations, and other organizations are coping with the Y2K problem will be made widely available in a user-friendly way.

V. Follow-up to the Action Plan

1. Reports on the progress of implementation of the Action Plan will be submitted quarterly to the Y2K Advisers' Conference and to the Conference to Promote Y2K Measures made up of Vice-Ministers level officials in order to ensure the appropriate responses.

2. The H.Q. will also be convened as necessary to conduct follow-up to the Action Plan, to assess the public and private sectors' responses to the Y2K problem, and to encourage the appropriate responses to this issue.


Guidelines for Coping with the Year 2000 Computing Problem


In facing the Year 2000 computing problem, each ministry shall take necessary measures such as the implementation of a final total assessment including simulation tests on its computer systems, and the development of a contingency plan, based on the present guidelines, to avoid troubles and their impacts and to prevent problems on people's daily lives.

1. Establishment of Management Structure for the Year 2000 Computing Problem

Each ministry shall designate an official ranking higher than or equal to the chief secretary as supervisor responsible for coping with the Year 2000 computing problem (hereinafter referred to as "the Y2K problem") adequately.
The supervisor shall establish a management structure such as a project team for the Y2K problem, which will consist of staff from the divisions concerned, and make the responsibilities clear within each ministry.

2. Coverage of Computer Systems

1) Computer systems to be covered in coping with the Y2K problem include computer equipment such as host computers owned by each ministry, local branch offices and facilities; application programs etc.; network-related equipment; computer-related equipment such as power suppliers; and micro-processor built-in equipment . Regarding control devices built in equipment, needed measures such as the acquisition of information from manufacturers and maintenance service providers, and the exchange of the parts shall be taken adequately. (e.g.)
* computer equipment: host computers, office computers, servers, personal computers etc.
* application programs etc.: application programs, program products, databases etc.
* network-related equipment: ATM, FR, TDM, PBX etc.
* computer-related equipment and other micro-processor built-in equipment: power suppliers, air conditioners, medical devices, control devices etc.

2) Each ministry shall make a list of systems applicable to rank A or B below, give priorities, and manage the implementation activities appropriately by grasping the current status, progress gained and so on. In making the list, deliberate consideration should be given to the fact that there are such systems as follows:
* systems of which failures would cause bad effects on people's daily lives and corporate activities directly; and
* systems which have impacts on people's daily lives and corporate activities indirectly because they are connected with other influential systems on networks.

Regarding the latter type of systems, necessary information should be mutually exchanged thoroughly.

Rank A: the first priority (prioritized systems)
* systems closely related with people's daily lives and corporate activities, such as human life, daily lives, properties, economic activity of corporations or maintenance of public safety and order
* systems concerned with trustful relationships with foreign countries or international organizations

Rank B: the second priority
* systems of which impacts come to other administrative organizations

3. Total Assessment

Each ministry shall conduct the final total assessment related with the Y2K problem immediately referring to the checklist in Appendix 1, recognizing the importance of expected bad effects on the society if the measures would not be taken completely.

1) developing a plan
Develop a plan which includes the schedule of total assessment, measures for systems not yet confirmed, final confirmation by simulation tests, etc.

2) listing up items to be assessed
Make a list of assessment items, contents of such items, name of the persons in charge of such assessment (officials in charge of activities and on contract vendors ), names of enterprises, such as relevant manufactures and suppliers, names of other related systems, names of contact persons, etc.

3) measures for systems not converted
Establish the ways of correction, its schedule, the sharing of roles, management structure and take measures deliberately and adequately as soon as the systems not yet confirmed are identified.

4) confirmation by simulation tests
Conduct the following simulation tests ( to confirm that a system runs properly) to confirm reliability of such system, rather than conducting mere logical checks on paper or tests by computer systems under the environment of contract vendors:
* All the equipment, software , etc. composing of Rank A systems (prioritized systems) shall be tested by the end of June 1999, as a rule. In addition, systems to be developed and implemented later than July 1999 shall also be tested immediately after implementation.
* Possibility of system failures and malfunctions shall be checked by giving data of before and after January 1, 2000 in as much real environment as possible and under the supervision of the staff concerned.
* When there are other systems, irrespective of the public or private sectors, which are related with a system to be tested under the Guidelines, close coordination among them should be kept, and simulation tests should be conducted in connection with those systems .

4. Contingency Plan
Each ministry shall develop a contingency plan on systems of rank A (prioritized systems), assuming unexpected situations, such as system failures or malfunctions, caused by the Y2K problem.
Existing contingency plans shall be reviewed appropriately, even if the system in question has backup systems or centers or it has security measures such as duplicated systems, considering the fact that these systems would not function because of the Y2K problem as long as they are operated on the computers or application programs that are same with the present systems to be corrected.

(items to be incorporated in the contingency plan)
The contingency plan shall be developed to identify the impacts of unexpected situations such as system failures or malfunctions beforehand, to define alternative measures clearly, and to reduce the extent of such impact to a minimum. The following items shall be described at least:

1) contents and range of impacts by troubles;
* contents and range of impacts on actual activities the Y2K problem

2) priorities of systems recovery, procedures of recovery and alternative measures considering the extent of impacts,;
* priorities of recovery, recovery schedule and procedures considering range of impacts, time limits of job processing, etc.
* alternative measures until systems recovery (manual transactions the use of alternative equipment, manpower mobilization , etc.)

3) a recovery structure, liaison network and procedures in including other related organizations;

4) route of commands, and site delegations; and

5) drills covering from occurrence of troubles to recovery, items (such as data security) to be completed by December 31, 1999 and items (such as confirmation of operation) to be conducted after January 1, 2000.

5. Reporting on Results of Total Assessment

Each ministry shall report the results of total assessment and development of a contingency plan to the Management and Coordination Agency by the end of December 1998, by submitting of the forms of Appendix 2.
The Management and Coordination Agency shall incorporate these reports and report the result to the Steering Committee for the Year 2000 Computing Problem.


APPENDIX 1

Checklist for the Year 2000 Computing Problem of the Ministries

1. Management Structure

1) Has a ministry-level management structure for the Y2K problem been established under a supervisor who is ranked higher than or equal to the chief secretary?

2) Has a management structure for the Y2K problem been established for every system?

2. Contents of Measures

1) Has the current status, progress made etc., been properly managed, with a prioritized list of the systems to be possibly impacted by the Y2K problem?

2) Has the current status been periodically reported and been made well known to the staff concerned, including the executive management?

3) Has liaison and coordination been functioning with other related organizations including the private sector of which systems are connected with the system in question or networks or closely related to it in job transactions ?

Has the status of counter-part systems in terms of coping with the Y2K problem been grasped periodically?

4) Has necessary correcting measures been given to computer equipment (host computers, office computers, servers, personal computers, etc.); network- related equipment (ATM, FR, TDM, PBX, etc.); computer-related equipment and other micro-processor built in equipment (power suppliers, air conditioners, medical devices, control devices, etc.), and application programs etc. ?

5) Have the manufactures and service providers related with the equipment and software described above been identified? Has the support structure been established? Has the liaison structure been established?

6) Has the necessary funding been gained for starting to cope with systems of without any measures taken so far ?

7) Have simulation tests and confirmation of operations been conducted regarding results of corrective measures to the equipment and software described above?

8) Have simulation tests regarding the equipment and software described above been conducted under an environment similar to that of actual operation?

9) When the system in question is closely related to a certain system of other organization, simulation tests been conducted in collaboration with that organization?

3. Contingency Plan

1) Has a thorough contingency plan been developed in preparation against troubles to be caused by the Y2K problem?

2) Has the contingency plan been made well known to the staff concerned, including those of other related organizations?

APPENDIX 2

Report on Current Status of Measures for the Year 2000 Computing Problem
(Summary table: Form 1)

Name of Ministry:
Name of Supervisor (position and name):

Contact
(Name of Division)
(Name of Person in Charge)
(Phone Number)
(Fax Number)
(e-mail)

(example)
Rank Number of Systems Corrective Measures Simulation Test Risk Management Plan
finished unfinished finished unfinished established not established
A 5 5 0 5 0 5 0
B 10 3 7 - - - -
Total 15 8 7 5 - 5 -

* Number of systems of rank A and B , and current status of measures for the Year 2000 problem are compiled in the table above, based on the table of individual system (Form 2)
* Systems which have been proved to need no corrective measures are counted into the "finished" category.

Report on Current Status of Measures for the Year 2000 Computing Problem
(individual system: Form 2)

Name of Ministry:
Name of Supervisor (position and name):

Contact
(Name of Division)
(Name of Person in Charge)

(example)
Rank Name of System Current Status of Measures and Plan
Corrective Measures Simulation Test Risk Management Plan
A * * system
(* * * job)
Replacement of equipment and conversion of application programs will be finished by July 1998. Completed in July 1998. Established as "xxx plan" in July 1998.
A # # system
( # # # job)
Replacement of equipment and conversion of application programs are now being implemented in expectation to complete by December 1998. Implement the test from October 25 to 31, 1998 for Year 2000 problem in parallel with confirmation test of replacement to a new system. Planning to establish by March 1999.
B + + system (+ + + job) Planning conversion of data and application programs by xxx - -


APPENDIX 2

Private Industry Y2K Check List

This Check List is intended as reference for private corporations taking action on the Y2K problem to avoid problems with their computer software and equipment with built-in microcomputers (hereinafter computer systems, etc.) and to keep such problems from adversely impacting their operations.

1. Gaining Executives' Awareness and Participation and Ensuring Operational Readiness

(1) Does everyone, including the Executives, have a basic understanding of the Y2K problem (including why the problem has arisen, how widespread its impact can be, and the basic things that should be done in response) ?

(2) Do the Executives see the Y2K problem as a management issue?

Is the Y2K problem taken into account in long-term management plans, short-term operational plans, and other planning?

(3) Do the Executives take an active part in drawing up and implementing Y2K responses?

1) Is it clear which Executive and which section is responsible for coordinating the Y2K response, and has an organizational structure been established for this?

2) Do the Executives get regular reports on what progress is being made on the Y2K problem?

(4) Are the Executives taking action to ensure that all employees understand basically what has to be done to deal with this Y2K problem?

1) Is it clear who is responsible for Y2K issues in every section?

2) What measures are being taken to ensure that all employees understand what is being done to deal with the Y2K problem?

2. Assessment and Response Planning

(1) Have plans been drawn up for dealing with the Y2K problem?

These plans must be drawn up systematically taking into account the financial, human, and other resources that will have to be devoted to resolving the Y2K problem in the time remaining as well as the losses the firm will suffer if the necessary policies are not put in place in time.

To cite a few specific examples of questions to be answered in devising corrective action:

1) Do you want to overhaul the entire system or just correct the vulnerable parts?

2) Do you want to change the year notation to a four-digit notation or add the necessary logic so that "00" is understood as "2000"?

3) Do you want do deal with this in-house or out-source it?

(2) Have the computer systems, etc. that will be affected by the Y2K problem been identified? Within that, have the priority computer systems, etc. been identified?

In identifying the computer systems, etc. that will be affected by the Y2K problem:

1) Have you remembered to include not only the corporation's own computer systems, etc. but also those systems that are linked to external networks?

2) Have you remembered to include branch and other outlying offices, including overseas operations?

3) Have you remembered to include control systems, security systems, elevators, and other equipment with built-in microcomputers?

To give two examples of how to identify such computer systems, etc.:

1) Look at how the computer systems, etc. are used and at their source code.

2) Question the companies responsible for making, selling, and servicing the computer systems, etc.

To give some examples of how to identify the priority computer systems, etc.:

* Is there any danger of injury or loss of life?
* Is there any chance of adversely affecting another corporation because of networks or other external linkages?
* What is the potential monetary loss in the event of a malfunction or other problem?
* Would the time constraints on restoration be severe?
* Is this a basic system for the corporation or its operations?

(3) Have clear targets been set for each of the stages in the Y2K response (e.g., the designation of vulnerable systems, system corrections, and simulation tests)?

Does the schedule allow ample time for simulation tests? It is important here to consider whether or not it is possible to run simulation tests with business partners' and other external systems that you may be networked with or linked to.

(4) Is there active effort to stay in touch with manufacturers, vendors, and other business partners on your Y2K policies?

(5) Are you aware of what your customers and main business partners are doing about the Y2K problem?

(6) Is the section responsible for coordinating your Y2K response fully aware of what is being done at each stage of the Y2K response and is it acting appropriately?

(7) Have the necessary financial, personnel, and other resources been secured to respond to the Y2K problem?

3. Fixing the Computer Systems, etc. and Running Simulation tests

(1) What progress is being made on fixing and repairing the computer systems, etc.? Is this being reported regularly to the Executives?

In fixing these systems, it is important to take note of, e.g.:

1) When will the conversion of the computer systems be completed? (It is important to give special consideration to the priority systems, to systems that will take longer to fix, and to other factors in deciding upon the conversion schedule.)

2) What is the completion rate for fixing each system? Is there any specific reasons if anything is behind?

3) Have you fixed your computer programs taking account of the fact that 2000 is a leap year?

(2) How are you conducting your simulation tests on the systems that have been fixed?

1) What specific schedule has been set for the simulation tests?

2) Do these tests include your customers and other main business partners?

3) If there are computer systems, etc. that are not part of the test, how have you ascertained that they are not Y2K-vulnerable?

4) Is the test being performed under as-close-to-real conditions as possible and are you entering Y2K date information and getting reliable data on input errors (e.g., non-acceptance of data), system shutdowns, malfunctions, and the like?

5) Are over-all tests being run on all of the equipment that comprises the system with staff from the software companies and other companies there?

4. Drawing up Contingency Plans

What kinds of contingency plans have been drawn up to deal with such problems as may arise on January 1, 2000, and beyond?

It is essential that contingency plans be drawn up to provide for the contingency that the policies to deal with Y2K system malfunctions might not be ready in time or that, even if they are, totally unexpected problems may arise and may cause system malfunctions.

A partial list of items that should be included in any contingency plan is given separately.

5. Providing Information on What is being Done

Are you using the Internet and other media to provide companies and other interested parties information on what is being done to deal with the Y2K problem?

1) Are you making an active effort to ensure that information on the Y2K response is readily accessible, e.g., by putting such information on the home page? Is it linked to the kantei home page and are other options sought to facilitate access to this information?

2) Are other means to make information on the response widely available?

6. Information from Computer Systems, etc. Manufacturers, Vendors, etc.

Are computer systems, etc. manufacturers, vendors, etc. taking the initiative in making information about their products' Y2K compliance readily available?

1) Have the specifications been checked for all products that have year-recognition functions?

2) When the end-users are known, have they been informed in brochures and by other means of the issues and how they can check the product's Y2K compliance?

3) When the end-users are not known, is an effort being made to disseminate such information widely through the Internet and other means? (Remember that this information will also have to be made available in English and such other languages as appropriate for export products.)


Addendum:

Items to be Included in Contingency Plans

1. Items that have to be covered in drawing up contingency plans

1) Structuring the organization and drawing up basic policy for contingency

2) Identifying core processes and priority systems

3) Stating explicitly who is responsible for drawing up the contingency plans and responding in times of crisis

4) Drawing up a schedule for putting the contingency organization in place

2. Analyzing the Impact

1) Acquiring the information, means, and technology needed to ensure the operation's sustainability

2) Devising scenarios on what would happen in the event of malfunctions by computer systems, etc.

3) Forecasting what could happen to core processes and analyzing the potential impact

4) Estimating the minimum output that needs to be secured from core processes

3. Responding to a crisis

1) Assessing alternatives and drawing up optimal crisis-response policies

2) Drawing up manuals on how to respond in the event of malfunctions or other crises
* Setting out means for each system to be fixed or restored (e.g., conversions, replacement, outsourcing)
* Identifying the form of conversions or restoration (e.g., manual restoration or resort to automatic systems)
* Identifying alternatives to be employed until the system can be fixed or restored
* Establishing a communication network and a means of communication means to be employed in the event of malfunction or other crises (including authorities to be notified and how the information is to be made public in the event of a malfunction or other crisis that could have a serious impact upon society)

3) Forecasting when it might be necessary to respond to a crisis and establishing response teams to deal with malfunctions or other crises

4) Establishing response procedures for January 1, 2000, when the problems are likely to be most intense

4. Conducting contingency tests

1) Establishing contingency test teams and ensuring that the necessary personnel and other resources are available for contingency

2) Drawing up contingency test plans and actually conducting the tests

(End)