The "Y2K problem" is the risk that computer systems may malfunction if their programs fail to recognize dates after the year 2000. This is an enormous and urgent problem as it may shake confidence in the establishment of highly advanced information and telecommunication infrastructures in the 21st century and must be dealt with by a definite deadline.
Today, with less than 500 days to the year 2000, both government and private sectors need to take all possible measures to deal with the problem as quickly as possible.
Considering the importance and urgency of this problem, H.Q. decided Y2K Action Plan and asked both government and private sector to cooperate to implement it.
At the same time, because the Y2K problem affects other countries as well and has considerable potential cross-border impact, we will also promote international cooperation to tackle the problem.
The competent Ministries and Agencies will encourage the finance, energy, telecommunications, transportation, medical care sectors crucial to society's functioning to thoroughly address the Y2K problem. Specifically, this means taking the initiative in conducting over-all checkups, including simulation tests, and provision of information as well as roporting to the competent Ministries and Agencies.
1. Each Ministry and Agency will designate liaison staff for Y2K issues and work to promote information disclosure. Along with creating a home page by the end of September 1998 to provide the general public with information about its own efforts to deal with the Y2K problem and the efforts of industries under its jurisdiction, Ministry and Agency will also update the page with new information as it becomes available and make an effort to ensure that the necessary information is accessible.
2. In an effort coordinated by the Cabinet Secretariat, the Ministries and Agencies will seek to use the Internet and other means in constructing an information disclosure system and to make information about the government's own efforts widely accessible.
The Prime Minister's Office has thus established a home page (https://www.kantei.go.jp) with a section on the Y2K problem. Links will soon be established with the Ministries and Agencies, and information on how the Ministries and Agencies, local governments, private-sector bodies, corporations, and other organizations are coping with the Y2K problem will be made widely available in a user-friendly way.
1. Reports on the progress of implementation of the Action Plan will be submitted quarterly to the Y2K Advisers' Conference and to the Conference to Promote Y2K Measures made up of Vice-Ministers level officials in order to ensure the appropriate responses.
2. The H.Q. will also be convened as necessary to conduct follow-up to the Action Plan, to assess the public and private sectors' responses to the Y2K problem, and to encourage the appropriate responses to this issue.
In facing the Year 2000 computing problem, each ministry shall take necessary measures such as the implementation of a final total assessment including simulation tests on its computer systems, and the development of a contingency plan, based on the present guidelines, to avoid troubles and their impacts and to prevent problems on people's daily lives.
1. Establishment of Management Structure for the Year 2000 Computing Problem
Each ministry shall designate an official ranking higher than or equal to the chief secretary as supervisor responsible for coping with the Year 2000 computing problem (hereinafter referred to as "the Y2K problem") adequately.
The supervisor shall establish a management structure such as a project team for the Y2K problem, which will consist of staff from the divisions concerned, and make the responsibilities clear within each ministry.
2. Coverage of Computer Systems
1) Computer systems to be covered in coping with the Y2K problem include computer equipment such as host computers owned by each ministry, local branch offices and facilities; application programs etc.; network-related equipment; computer-related equipment such as power suppliers; and micro-processor built-in equipment . Regarding control devices built in equipment, needed measures such as the acquisition of information from manufacturers and maintenance service providers, and the exchange of the parts shall be taken adequately. (e.g.)
* computer equipment: host computers, office computers, servers, personal computers etc.
* application programs etc.: application programs, program products, databases etc.
* network-related equipment: ATM, FR, TDM, PBX etc.
* computer-related equipment and other micro-processor built-in equipment: power suppliers, air conditioners, medical devices, control devices etc.
2) Each ministry shall make a list of systems applicable to rank A or B below, give priorities, and manage the implementation activities appropriately by grasping the current status, progress gained and so on. In making the list, deliberate consideration should be given to the fact that there are such systems as follows:
* systems of which failures would cause bad effects on people's daily lives and corporate activities directly; and
* systems which have impacts on people's daily lives and corporate activities indirectly because they are connected with other influential systems on networks.
Regarding the latter type of systems, necessary information should be mutually exchanged thoroughly.
Rank A: the first priority (prioritized systems)
* systems closely related with people's daily lives and corporate activities, such as human life, daily lives, properties, economic activity of corporations or maintenance of public safety and order
* systems concerned with trustful relationships with foreign countries or international organizations
Rank B: the second priority
* systems of which impacts come to other administrative organizations
3. Total Assessment
Each ministry shall conduct the final total assessment related with the Y2K problem immediately referring to the checklist in Appendix 1, recognizing the importance of expected bad effects on the society if the measures would not be taken completely.
1) developing a plan
Develop a plan which includes the schedule of total assessment, measures for systems not yet confirmed, final confirmation by simulation tests, etc.
2) listing up items to be assessed
Make a list of assessment items, contents of such items, name of the persons in charge of such assessment (officials in charge of activities and on contract vendors ), names of enterprises, such as relevant manufactures and suppliers, names of other related systems, names of contact persons, etc.
3) measures for systems not converted
Establish the ways of correction, its schedule, the sharing of roles, management structure and take measures deliberately and adequately as soon as the systems not yet confirmed are identified.
4) confirmation by simulation tests
Conduct the following simulation tests ( to confirm that a system runs properly) to confirm reliability of such system, rather than conducting mere logical checks on paper or tests by computer systems under the environment of contract vendors:
* All the equipment, software , etc. composing of Rank A systems (prioritized systems) shall be tested by the end of June 1999, as a rule. In addition, systems to be developed and implemented later than July 1999 shall also be tested immediately after implementation.
* Possibility of system failures and malfunctions shall be checked by giving data of before and after January 1, 2000 in as much real environment as possible and under the supervision of the staff concerned.
* When there are other systems, irrespective of the public or private sectors, which are related with a system to be tested under the Guidelines, close coordination among them should be kept, and simulation tests should be conducted in connection with those systems .
4. Contingency Plan
Each ministry shall develop a contingency plan on systems of rank A (prioritized systems), assuming unexpected situations, such as system failures or malfunctions, caused by the Y2K problem.
Existing contingency plans shall be reviewed appropriately, even if the system in question has backup systems or centers or it has security measures such as duplicated systems, considering the fact that these systems would not function because of the Y2K problem as long as they are operated on the computers or application programs that are same with the present systems to be corrected.
(items to be incorporated in the contingency plan)
The contingency plan shall be developed to identify the impacts of unexpected situations such as system failures or malfunctions beforehand, to define alternative measures clearly, and to reduce the extent of such impact to a minimum. The following items shall be described at least:
1) contents and range of impacts by troubles;
* contents and range of impacts on actual activities the Y2K problem
2) priorities of systems recovery, procedures of recovery and alternative measures considering the extent of impacts,;
* priorities of recovery, recovery schedule and procedures considering range of impacts, time limits of job processing, etc.
* alternative measures until systems recovery (manual transactions the use of alternative equipment, manpower mobilization , etc.)
3) a recovery structure, liaison network and procedures in including other related organizations;
4) route of commands, and site delegations; and
5) drills covering from occurrence of troubles to recovery, items (such as data security) to be completed by December 31, 1999 and items (such as confirmation of operation) to be conducted after January 1, 2000.
5. Reporting on Results of Total Assessment
Each ministry shall report the results of total assessment and development of a contingency plan to the Management and Coordination Agency by the end of December 1998, by submitting of the forms of Appendix 2.
The Management and Coordination Agency shall incorporate these reports and report the result to the Steering Committee for the Year 2000 Computing Problem.
1. Management Structure
1) Has a ministry-level management structure for the Y2K problem been established under a supervisor who is ranked higher than or equal to the chief secretary?
2) Has a management structure for the Y2K problem been established for every system?
2. Contents of Measures
1) Has the current status, progress made etc., been properly managed, with a prioritized list of the systems to be possibly impacted by the Y2K problem?
2) Has the current status been periodically reported and been made well known to the staff concerned, including the executive management?
3) Has liaison and coordination been functioning with other related organizations including the private sector of which systems are connected with the system in question or networks or closely related to it in job transactions ?
Has the status of counter-part systems in terms of coping with the Y2K problem been grasped periodically?
4) Has necessary correcting measures been given to computer equipment (host computers, office computers, servers, personal computers, etc.); network- related equipment (ATM, FR, TDM, PBX, etc.); computer-related equipment and other micro-processor built in equipment (power suppliers, air conditioners, medical devices, control devices, etc.), and application programs etc. ?
5) Have the manufactures and service providers related with the equipment and software described above been identified? Has the support structure been established? Has the liaison structure been established?
6) Has the necessary funding been gained for starting to cope with systems of without any measures taken so far ?
7) Have simulation tests and confirmation of operations been conducted regarding results of corrective measures to the equipment and software described above?
8) Have simulation tests regarding the equipment and software described above been conducted under an environment similar to that of actual operation?
9) When the system in question is closely related to a certain system of other organization, simulation tests been conducted in collaboration with that organization?
3. Contingency Plan
1) Has a thorough contingency plan been developed in preparation against troubles to be caused by the Y2K problem?
2) Has the contingency plan been made well known to the staff concerned, including those of other related organizations?
APPENDIX 2
Name of Ministry:
Name of Supervisor (position and name):
Contact
(Name of Division)
(Name of Person in Charge)
(Phone Number)
(Fax Number)
(e-mail)
(example)
Rank | Number of Systems | Corrective Measures | Simulation Test | Risk Management Plan | |||
finished | unfinished | finished | unfinished | established | not established | ||
A | 5 | 5 | 0 | 5 | 0 | 5 | 0 |
B | 10 | 3 | 7 | - | - | - | - |
Total | 15 | 8 | 7 | 5 | - | 5 | - |
* Number of systems of rank A and B , and current status of measures for the Year 2000 problem are compiled in the table above, based on the table of individual system (Form 2)
* Systems which have been proved to need no corrective measures are counted into the "finished" category.
Name of Ministry:
Name of Supervisor (position and name):
Contact
(Name of Division)
(Name of Person in Charge)
(example)
Rank | Name of System | Current Status of Measures and Plan | ||
Corrective Measures | Simulation Test | Risk Management Plan | ||
A | * * system (* * * job) |
Replacement of equipment and conversion of application programs will be finished by July 1998. | Completed in July 1998. | Established as "xxx plan" in July 1998. |
A | # # system ( # # # job) |
Replacement of equipment and conversion of application programs are now being implemented in expectation to complete by December 1998. | Implement the test from October 25 to 31, 1998 for Year 2000 problem in parallel with confirmation test of replacement to a new system. | Planning to establish by March 1999. |
B | + + system (+ + + job) | Planning conversion of data and application programs by xxx | - | - |
This Check List is intended as reference for private corporations taking action on the Y2K problem to avoid problems with their computer software and equipment with built-in microcomputers (hereinafter computer systems, etc.) and to keep such problems from adversely impacting their operations.
1. Gaining Executives' Awareness and Participation and Ensuring Operational Readiness
(1) Does everyone, including the Executives, have a basic understanding of the Y2K problem (including why the problem has arisen, how widespread its impact can be, and the basic things that should be done in response) ?
(2) Do the Executives see the Y2K problem as a management issue?
Is the Y2K problem taken into account in long-term management plans, short-term operational plans, and other planning?
(3) Do the Executives take an active part in drawing up and implementing Y2K responses?
1) Is it clear which Executive and which section is responsible for coordinating the Y2K response, and has an organizational structure been established for this?
2) Do the Executives get regular reports on what progress is being made on the Y2K problem?
(4) Are the Executives taking action to ensure that all employees understand basically what has to be done to deal with this Y2K problem?
1) Is it clear who is responsible for Y2K issues in every section?
2) What measures are being taken to ensure that all employees understand what is being done to deal with the Y2K problem?
2. Assessment and Response Planning
(1) Have plans been drawn up for dealing with the Y2K problem?
These plans must be drawn up systematically taking into account the financial, human, and other resources that will have to be devoted to resolving the Y2K problem in the time remaining as well as the losses the firm will suffer if the necessary policies are not put in place in time.
To cite a few specific examples of questions to be answered in devising corrective action:
1) Do you want to overhaul the entire system or just correct the vulnerable parts?
2) Do you want to change the year notation to a four-digit notation or add the necessary logic so that "00" is understood as "2000"?
3) Do you want do deal with this in-house or out-source it?
(2) Have the computer systems, etc. that will be affected by the Y2K problem been identified? Within that, have the priority computer systems, etc. been identified?
In identifying the computer systems, etc. that will be affected by the Y2K problem:
1) Have you remembered to include not only the corporation's own computer systems, etc. but also those systems that are linked to external networks?
2) Have you remembered to include branch and other outlying offices, including overseas operations?
3) Have you remembered to include control systems, security systems, elevators, and other equipment with built-in microcomputers?
To give two examples of how to identify such computer systems, etc.:
1) Look at how the computer systems, etc. are used and at their source code.
2) Question the companies responsible for making, selling, and servicing the computer systems, etc.
To give some examples of how to identify the priority computer systems, etc.:
* Is there any danger of injury or loss of life?
* Is there any chance of adversely affecting another corporation because of networks or other external linkages?
* What is the potential monetary loss in the event of a malfunction or other problem?
* Would the time constraints on restoration be severe?
* Is this a basic system for the corporation or its operations?
(3) Have clear targets been set for each of the stages in the Y2K response (e.g., the designation of vulnerable systems, system corrections, and simulation tests)?
Does the schedule allow ample time for simulation tests? It is important here to consider whether or not it is possible to run simulation tests with business partners' and other external systems that you may be networked with or linked to.
(4) Is there active effort to stay in touch with manufacturers, vendors, and other business partners on your Y2K policies?
(5) Are you aware of what your customers and main business partners are doing about the Y2K problem?
(6) Is the section responsible for coordinating your Y2K response fully aware of what is being done at each stage of the Y2K response and is it acting appropriately?
(7) Have the necessary financial, personnel, and other resources been secured to respond to the Y2K problem?
3. Fixing the Computer Systems, etc. and Running Simulation tests
(1) What progress is being made on fixing and repairing the computer systems, etc.? Is this being reported regularly to the Executives?
In fixing these systems, it is important to take note of, e.g.:
1) When will the conversion of the computer systems be completed? (It is important to give special consideration to the priority systems, to systems that will take longer to fix, and to other factors in deciding upon the conversion schedule.)
2) What is the completion rate for fixing each system? Is there any specific reasons if anything is behind?
3) Have you fixed your computer programs taking account of the fact that 2000 is a leap year?
(2) How are you conducting your simulation tests on the systems that have been fixed?
1) What specific schedule has been set for the simulation tests?
2) Do these tests include your customers and other main business partners?
3) If there are computer systems, etc. that are not part of the test, how have you ascertained that they are not Y2K-vulnerable?
4) Is the test being performed under as-close-to-real conditions as possible and are you entering Y2K date information and getting reliable data on input errors (e.g., non-acceptance of data), system shutdowns, malfunctions, and the like?
5) Are over-all tests being run on all of the equipment that comprises the system with staff from the software companies and other companies there?
4. Drawing up Contingency Plans
What kinds of contingency plans have been drawn up to deal with such problems as may arise on January 1, 2000, and beyond?
It is essential that contingency plans be drawn up to provide for the contingency that the policies to deal with Y2K system malfunctions might not be ready in time or that, even if they are, totally unexpected problems may arise and may cause system malfunctions.
A partial list of items that should be included in any contingency plan is given separately.
5. Providing Information on What is being Done
Are you using the Internet and other media to provide companies and other interested parties information on what is being done to deal with the Y2K problem?
1) Are you making an active effort to ensure that information on the Y2K response is readily accessible, e.g., by putting such information on the home page? Is it linked to the kantei home page and are other options sought to facilitate access to this information?
2) Are other means to make information on the response widely available?
6. Information from Computer Systems, etc. Manufacturers, Vendors, etc.
Are computer systems, etc. manufacturers, vendors, etc. taking the initiative in making information about their products' Y2K compliance readily available?
1) Have the specifications been checked for all products that have year-recognition functions?
2) When the end-users are known, have they been informed in brochures and by other means of the issues and how they can check the product's Y2K compliance?
3) When the end-users are not known, is an effort being made to disseminate such information widely through the Internet and other means? (Remember that this information will also have to be made available in English and such other languages as appropriate for export products.)
(End)