Putting Teeth Into Y2K Compliance

Putting Teeth Into Y2K Compliance

It's time for a standard year 2000 compliance policy and inspection process, or we are all at risk.

You wouldn't buy a house without an inspection, or place your child in a car seat that hasn't met safety standards, or buy an electric appliance that isn't UL certified.

Yet many business people ? whose common sense usually would rebel if asked to take something so important at face value ? are curiously appeased when told that a trading partner, a software provider or even their own bank will be year 2000 compliant.

As the turn of the century approaches, no one needs to be reminded of the seriousness of the year 2000 problem, or that the window for compliance is rapidly closing. Most organizations will tell you they are moving aggressively toward compliance, and some may even get there in time.

But what does it really mean to be year 2000 compliant? With no standard definition for compliance, it's hard for anyone to know if you are truly compliant. It's hard for even you to know.

By the same token, how can you judge if your business partners are compliant? Many concerned companies send their partners a year 2000 questionnaire, but those can be answered with a simple, unqualified "yes." Or you can read the businesses' Web sites to see what they have to say about their compliance efforts.

That information is typically excellent public relations, but what kind of frame of reference is it when there is no standard definition of compliance?

What we need is a standard definition of year 2000 compliance ? and we need it now. We also need a standard audit and certification process to put some teeth into what it means to be year 2000 compliant.

Without a standard, there is no way to accurately determine who is and who is not year 2000 compliant. And without an objective audit and certification process, we must take a company's word only at face value, no matter how well meaning it is. That is like waiving a home inspection and buying the house without relying on anything more than the real estate agent's description or the seller's good faith.

Just as with a home inspection, where unbiased third parties follow a standard audit list, we need to define a similar template that companies, their business partners, risk managers and, yes, lawyers can use when assessing year 2000 compliance.

Such an audit trail would enable information officers to say they've looked at all the industry-defined areas, and those areas are compliant with the industry-standard specification. This approach is far more scientific ? and eminently more defensible ? than the typical "Don't worry, we're doing all we can," public relations message.

The key question is who is going to supply a standard definition and audit process: industry trade associations? The Department of Commerce? The American National Standards Institute? Ralph Nader?

Sooner or later (and there's not much "later" left), some group must take on this task.

After all, until every enterprise and government agency is truly year 2000 compliant, we are all at risk, and the problem is not going to disappear after the initial crisis.

An industrywide group should establish an open standard on year 2000 compliance and an inspection process that will finally put some teeth into what it means to be compliant.

Many of us are dealing with year 2000 issues day in and day out, and we are ready and willing to help define such a policy. Let's tackle this critical task before it's too late.

Timothy Chou is chief operating officer at Reasoning Inc., Mountain View, Calif., a consulting firm and provider of transformation software for legacy applications. His e-mail address is timothy.chou@reasoning.com.