Presentation on theme: "Year 2000 Compliance §Y2K Campus Coordinator: l Liason with the Chancellors Office l Project Management l Reporting §Y2K Compliance Committee has: l Been."— Presentation transcript:
Year 2000 Compliance §Y2K Campus Coordinator: l Liason with the Chancellors Office l Project Management l Reporting §Y2K Compliance Committee has: l Been formed (14 members and myself) Walter McRae will serve as resource to committee l Defined the scope of this project non-mainframe Mission Critical system/facility/service - not Y2K compliant l Adopted a methodology - covered later l Divided into 5 sub-groups, The respective chairs of these sub-groups are: –Doug Allen - Administrative Support –Fred Brackett - Academic Support –Judy Howell - Communications –John Casey - Physical Facilities –Jim Crouch - Student Life l Developed a preliminary project schedule
Year UGA Todays Agenda êDefine the Y2K Problem l 2 versus 4 digit year, Leap Year, 1999 issue, date calculation, and different interpretation of Y2K compliance êState of Georgia and USG - Y2K êWhat UGA has done so far: l Status of mainframe replacement/remediation l A wealth of information is available through the UGA Y2K web site êSolving the Y2K Problem l Discuss basic methodology l Review the step-by-step process for assessment
Defining the Y2K Problem êDeliberate Programming choice to conserve memory l i.e. December 31, 1997 = versus January 1, 2000 = l Many commercially available products employed this programming convention êCompounded by the recognition of Leap Year - or lack thereof: l Leap Year occurs every 4 years, i.e. 1992, 1996 l EXCEPTION: years ending in 00 are not leap years, i.e l EXCEPTION to the exception: years evenly divisible by 400 are leap years l By these rules (and exceptions) the year 2000 is a leap year l In reality, many date routines do NOT recognize 2000 as a leap year
Defining the Y2K Problem (cont.) ê99 is (or was) commonly used as a reference to an unknown or indefinite date, i.e = December 31, year unknown l Legitimate 1999 dates may be treated as unknown or indefinite, or l Unknown or indefinite dates may be treated as actual 1999 dates êSome products calculate dates and time by adding seconds or microseconds to a base date. If the product contains a maximum date value, a date overflow will eventually occur, resulting in a program malfunction… which is not exclusively associated with the year 2000
Y2K Compliance does NOT mean the same thing to every vendor êProduct A requires full four digit year dates êProduct B treats dates between 00 and 05 as 2000 through 2005 êProduct C subtracts 28 years from all input dates, and adds 28 years to all output dates (28 years is the factor of years that causes the same day/date to repeat) êA, B, and C may be year 2000 compliant, but they will most likely not operate together without special interface programming
Y2K - Why be Concerned êMany systems could abend/abort/stop - resulting in major disruptions to many of our critical operations êObligations under federal grants and contracts l NIH - 4/3/98 notice to awardees states that NIH Awardees are expected to ensure that the NIH activity being supported is not be adversely affected by the year 2000 problem…the NIH should be notified by 9/98 if the awardee concludes that the year 2000 will have significant impact on its ability to carry out an NIH-funded activity l All data submitted to NIH electronically must be in a four-digit format l 6/27/97 notice to presidents of colleges and universities and heads of other NSF non-profit grantees (essentially the same message as NIH) l Federal Acquisition Regulations (FAR) final rule was published on 8/22/97…requires agencies and their grantees to acquire year 2000 compliant software or software that will be upgraded)
Y2K - Why be Concerned (cont.) A mandate from our Governor: March 31, 1999: all agencies will have fixed, replaced and performed testing on all mission critical systems. This means that all code remediation, rewrite, and/or replacement along with technical testing will be complete by this date. In other words, the system is compliant and ready to be placed into production where testing in a fully Year 2000 environment and certification are the only phases remaining. October 1, 1998: alternative business processes must be defined for those systems not made compliant by 3/31/99 December 1, 1998: full contingency plans and implementation schedule must be in place
UGA Working in Teams: Serve in advisory capacity to all Area Coordinators Y2K Compliance Committee Kirk Bertram Campus Coordinator Administrative Support Doug Allen Chairperson Dale Goodhue Ken Reece Academic Support Fred Brackett Chairperson Don Hamilton Glenn Ware Communications Judy Howell Chairperson Jim Ricks Walter McRae Physical Facilities John Casey Chairperson Mary Mellein David Clements Student Life Jim Crouch Chairperson Dennis Calbos Rex Walker Deans (Area Coord.) SVPAA&P (Area Coord.) President SVPAA&P SVPFA SVPEA VPR&AP VPPSO&AP VPGR VPSPPA VPSA (Area Coord.)
UGA A description of the five support teams: l Physical Facilities will include buildings operation/ maintenance and fire/security systems, campus environmental and energy management systems, Athletic score board and timer systems, elevator maintenance scheduling systems, and parking access systems. l Academic Support will include all systems related to and in support of Instruction, Research, and Public Service (laboratory management information systems and instrument control services, and instructional delivery systems). l Administrative Support will include systems that support administrative units across campus, i.e. will most likely extend beyond areas that report to the Vice President for Business and Finance (Veterinary student health medical information management systems, departmental accounting systems). l Communications will include telecommunications (telephone/FAX/paging/ Voice Mail), , networking and campus radio and television systems. l Student Life will include all facets of student life on campus, from residence and dining halls to recreational and social support systems, including the Ramsey and Student Health Centers.
UGA In reality, the sub-groups will function as teams within a team: Administrative Support Student Life Academic Support There will likely be some overlap between Administrative Support, Academic Support and Student Life Communications Physical Facilities Communications & Physical Facilities will serve as a resource for all sub-groups, including one another Area Coordinators will become a member of one or more of these sub-groups (teams)…which will be dictated by the nature of the Y2K problem/s in their respective area
UGA Components of the Problem êY2K problems could exist in: l Hardware Systems - defined as the physical components of a computer-based system. Examples of this include all desk-top personal computers, network servers, laptops, mini (or mid-frame) computers, etc. l Software Systems and Applications - defined as the entire set of programs, procedures, and related documentation with a computer system. Within this category are operating systems like DOS, Windows 95 and Windows NT, as well as applications like Microsoft Windows, WordPerfect, Office 97, etc. CAUTION: although software may be Y2K compliant, it may be used incorrectly, i.e. Lotus 123 is Y2K compliant, but a user may be using a 2 digit year The UGA Y2K web site contains a wealth of compliance information regarding hardware & software
UGA Components (cont.) l Embedded Systems - defined as equipment containing embedded microprocessors that use calendar functions (not always readily apparent). Examples of this include: telephone switchboards, FAXs, pagers, time & attendance clocks, postal meters, cash registers, credit card readers, VCRs, security systems, HVAC, elevators, specialized research equipment wherein periodic servicing is controlled by the # of days in operation, specialized equipment that automatically control various operations, i.e. an operation that is based upon date calculations. Hospitals are greatest risk, because patient monitors, automatic drug-dosing devices, MRI and CAT scan equipment may rely on embedded technology - failure of such equipment could result in serious injury or death.
UGA Non-IT Equipment/ Process Control Devices êThis is the one area that will be the easiest to overlook … I never realized that this equipment used a date. êThis is also the most difficult equipment to evaluate Y2K compliance - difficult to test (force the date change), plus many vendors are not clear (when questioned) as to their products compliance rating. êRefer to the two sheets contained in your handout that outline 18 categories of Business Units with potential Y2K Process Control & Embedded Systems.
UGA Embedded Chip Myths êNew equipment is not affected êManufacturers will fix my systems êMy equipment only uses the day and not the date êService technicians will be readily available on January 1, 2000 (Saturday) and they will be affordable! êAt this time I would like to ask that the Communications and Physical Facilities Sub-group present some of their findings.
UGA Moral of this Story: Trust but Verify and plan on replacing any and all MISSION CRITICAL system/facility/service that is at risk and not certifiably Y2K compliant
Y2K Compliance - Defined by the State of Georgia & USG êDefinition: The standard format for data storage and calculations should follow the international standard date notation, which includes a four digit year. Applications that use or require month and day representations should conform to the following format: YYYYMMDD where YYYY = full representation of the year…. êSystems that DO NOT exchange data with other systems have the flexibility to use other solutions, i.e. year conversion. êYear 2000 is correctly treated as a leap year within all calculations and calendar logic.
UGA A Status Report êFIS - 39 systems IDd; 14 completed, with 25 in various stages of remediation (represents approx. 50% of the effort required for remediation). êSIS - 36 systems IDd; 17 completed, with 19 in various stages of remediation (represents approx. 45% of the effort required for remediation). êLibrary - 10 systems IDd; 8 completed, with 2 in various stages of remediation (represents approx. 80% of the effort required for remediation). êThese three application areas had an estimated personnel cost for Y2K of $1.3 million.
UGA Solving the Non-Mainframe Problem êAll Y2K remediation solutions/methods have serious disadvantages (time/labor/dollars) êReplacement is not always an option, even with unlimited funding êRealistically, the question is not whether we can achieve Y2K compliance, but how far short of Y2K compliance we will fall…that is to say that there is no way that we will be able to achieve 100% Y2K compliance ê contingency plans must be developed êProject Management is of utmost importance in support of this initiative l provides a process by which we can gauge our progress l create a record of due diligence l strive for clean & mean process through a prioritization of those systems that pose high risk for UGA l Communication (360 degree) is absolutely necessary This issue/project must be a topic for everyone and everyone must feel a part of this team and the solution. To do this, we will use (among other things) - a web site, Columns - faculty/staff news, as well as one another
UGA Our Methodology êAwareness - literally everyone, starting at the top of our organization, must have a basic knowledge of the problem and our approach for managing it êAssessment - using a series of instruments with background on what we already know IS/IS NOT compliant end of October êContingency Planning - a recommendation needs to go to Senior Management, which (1)outlines the problem, (2)provides a detailed assessment/risk analysis, (3)provides estimated costs associated with remediation versus status quo, and (4)recommends a course of action - listing of priorities/costs/timelines end of November êImplementation l remedeation l replacement or abandonment êTesting (reports indicate that a full year is optimal) obviously we do not have that much time!
Y2K Detailed Assessment Instructions êAlthough the focus of this assessment is on Mission Critical systems/facilities/services (SFS) that are not Y2K compliant, at this stage in the assessment, it is critical not to assume anything - this will avoid overlooking a system/facility/service that we simply take for granted these days êFor your convenience, a database of over 62,000 pieces of equipment has been created - based upon commodity code. This database can be accessed via the web, producing a listing of all the equipment acquired under a specific account or series of accounts CAUTION: this database is NOT all- inclusive, i.e. software is not included.
UGA The Detailed Assessment êA number of panels or screens are being provided in an effort to walk you through this process, from log-in through to the completion of the Area Coordinators Summary report. êThe web-based system that will be used throughout this assessment (at first glance) appears to be complex. To minimize this, I will first orient you to each of the screens/ reports and this will then be followed-up with a demo by the system developer Chito Lapena.
Step 1: log onto the UGA web site (www.uga.edu)- this will take you to the UGA homepage
Step 2: select the Resources and Services line - this will take you to a page that looks like this: Step 3: Select Y2K - this will take you to the Y2K homepage
you could also skip steps 1 & 2 and enter in the Y2K homepage address
Step 4: Select Y2K Assessment contained in the sidebar on the left of the page
this will take you to the entry point of the Y2K Assessment Database
Initially, each user will need to register their User ID and Password via the Bad User Name or Password screen. Each Area Coordinator should only provide access to this system to those people that will be providing them with assistance throughout this assessment process - this will help to avoid overlapping and possible conflicting information
Step 5: Once you have successfully entered this system, you will arrive at the User Information screen, wherein pertinent information (for contacting purposes) should be entered...the first time only.
Step 6: After entering the information from step 5, you will arrive at the Main Menu screen. This main menu feature can be found on every screen hereafter, making migration from screen-to-screen easier -(plus, as this is web- driven, you have the capability of moving forward and back, depending on where you are in the web-search). NOTE: there occasionally is a limit to the number of screens that this system will archive, which means that you may need to return to the screen desired via the main menu option. For the purposes of this assessment, you can ignore the Personal System/Service/ Facility List menu item.
The User Options menu item (from the Main Menu) is used to change your password, edit your contact information and to log out.
Step 7: This is when the Area Coordinator will bind together the accounts that they will be working with - select System/Facility/Service List by Account from the Main Menu - this will Take you to the SFS List Screen Step 8: You can enter account information here and bind them together for this assessment. The binding feature will be active throughout this assessment.
Step 9: You can now select one of three options: ALL / NON Y2K / Y2K OK - regardless, you will be able to view the equipment in the database that is associated with the account/s that you have selected. Initially: you will select ALL - (refer to next Exhibit J)
…from there you can select those items of equipment which are SUSPECT by clicking on the boxes next to the item of equipment.
Step 10: After you check-off the suspect equipment and select the MARK CHECKED ITEMS AS NON-Y2K COMPLIANT box at bottom of this screen…you will arrive at the Non-Y2K Compliant List. You can also add equipment here that is NOT on the equipment database from Property Control.
UGA The Detailed Assessment (cont.) Step 11: This is the step where the actual detailed review and assessment takes place. By selecting a UGA control number, you will receive an electronic form that can be completed for each piece of equipment on your Non-Y2K compliant list - refer to Exhibit L - which follows
Exhibit L (cont.)
Exhibit M is very similar to L, but is an example of a screen that would be used to ADD a System/Facility/Service.
Exhibit M (cont.)
The database of equipment that is provided contains: UGA Control Number, Serial Number, Account Number, Model Number, Description, Building & Room (at least the last location reported to Property Control). The following items will need to be added: Has embedded controller: in the event that a piece of equipment is suspected to contain embedded technology - as previously discussed - select yes; if not, select no. Fix Type?: There are 8 options (unknown, reboot, mfg fix, replace, retire, service, software mod or re-write, and other) - which can be explained in the additional comments section Manufacturer: this is optional and often times is already contained in the Model Number of Description fields. Y2K Detailed Assessment Instructions (cont.)
Year Made: is also optional. The Inventory Control database maintains information on the date an item was acquired. In the event further discussion is necessary with a vendor, the date an item of equipment was made may be pertinent - however often times the serial number will provide such information to the vendor. How is this equipment Utilized: This is critical in the determination of whether or not a SFS is mission critical and will be used by the Area Coordinator and their respective VP/Dean in prioritizing the mission critical SFS. NOTE: the Y2K Compliance Committee will not be determining whether or not an item is mission critical nor will we be prioritizing these SFS…such determinations will be reported through the Senior Vice President for Academic Affairs and Provost to Cabinet for contingency planning purposes. Y2K Detailed Assessment Instructions (cont.)
Is it Y2K Compliant: Compliance can mean different things to different vendors. The State of Georgias definition of compliance is that SFS that exchange date information must use 4 digits for the year (instead of 2) and accurately reflect the year 2000 as a leap year. The options are either yes or no and can be changed at any time - so the designation in steps 10 and 11 is not permanent. You will find that vendors are learning along with their customers! Y2K Detailed Assessment Instructions (cont.)
Risk Level: There are three rankings: Mission Critical, Optional, and Important; these are defined as follows: Mission Critical - the health/life/safety of an individual is dependent upon Y2K compliance and/or the operation of a unit/institution cannot proceed if the SFS is not made Y2K compliant. NOTE: the reason that the term unit/institution is used is to reflect the fact that there may in fact be SFSs within a unit that are mission critical, but when rolled-up by the VP/Dean - they are not. Optional - the operation of the unit/institution does not require that the SFS be made Y2K compliant. Important - the operation of the unit/institution would have difficulty proceeding if the SFS is not made Y2K compliant. However, workarounds are in the process of being developed to accommodate this situation. Y2K Detailed Assessment Instructions (cont.)
Approx. Cost to fix?: Completion of this column is most important for mission critical SFSs. The Area Coordinator should obtain as much information regarding all SFSs in the area covered as this will help in the discussion, prioritization, and subsequent approval of the VP or Dean. Some of the needed information is available on the UGA Y2K web site and more information is being added on a daily basis. However, it will most likely be necessary to contact the vendor for current pricing, assuming that a fix is available. Some things to consider: Embedded - SFS will almost always need to be replaced, unless the vendor has a program whereby they are replacing the microprocessors. Software/Hardware - In the older SFS, simply re- setting the calendar/clock when you return to work January 3rd will solve the Y2K problem (some SFS may require this done at 12:01 a.m. on January 1st, thus avoiding any disruption to experimental processes, data collection, etc.) Y2K Detailed Assessment Instructions (cont.)
Expenses Incurred to-date?: This information will assist upper management in their understanding of the magnitude of this problem and enable them to determine the extent to which they wish to appeal for funding from the Board of Regents, etc. Plan for Funding Conversion?: At this time, there are no external funds available for remediation/replacement. Nonetheless, this information will provide valuable insight to upper management in their contingency planning process. Curent Conversion Status: It is likely that there are some Mission Critical Non-Y2K (non-mainframe) SFSs that are in some state of conversion and it is important to reflect this here. Y2K Detailed Assessment Instructions (cont.)
Grouping Designator: This is where the preparer would record which sub-group the SFS fits into. It is anticipated that most of this data will be transferred and maintained electronically. This classification will further assist our efforts to classify the nature of the Y2K problem at UGA. Additional Comments: This field is to be used here to further explain the OTHER type of fix that is being considered. Completing this may be preceeded by discussions/strategy-setting between the Area Coordinator and their VP/Dean. The last part of this electronic form provides the Area Coordinator with record of such discussions Y2K Detailed Assessment Instructions (cont.)
Each Area Coordinator must complete a Summary Report for each System/Facility/ Service (SFS) that has been determined to be: mission critical, and not Y2K compliant. Completing these reports will serve two purposes: (1) as a vehicle for communicating the extent of the Y2K problem within an area to the respective VP/Dean, and (2) will also result in an area Y2K strategy (prioritization) being developed, It therefore must be completed in such a manner that would enable the Compliance Committee to incorporate this reported information into a Contingency Planning document that will be submitted to Cabinet through the Senior Vice President for Academic Affairs and Provost. All questions must have been answered during the detailed assessment! Y2K Area Coordinator Summary Instructions
UGA Area Coord. Summary êStep 12: after completing the detailed assessment in step 11, select modify record. Then select the main menu option. Then select System/Facility/ Service List By Account. Then select NON-Y2K. Then select Print ALL Assessment Shts.. This will produce a series of reports entitled Y2K Area Coordinator Assessment Summary for the accounts designated (Exhibit N). êStep 13: These reports should be reviewed by the Area Coordinator and their respective VP/Dean. Once approved by the VP/Dean, they should be forwarded to the appropriate sub-group chair. In the event there is no distinct sub-group, the reports should be sent to my attention.
UGA The Detailed Assessment (cont.) This homepage contains a wealth of information and a number of links to other Y2K web sites; everyone is encouraged to use this as a resource However, there is more here than most of you will ever have the time for! êStep 4: Select Y2K Assessment contained in the sidebar on the left of the page - this will take you to the entry point of the Y2K Assessment Database - see Exhibit D; at the start, each user will need to register their User ID and Password via the Bad User Name or Password screen - Exhibit E. l Each Area Coordinator should only provide access to this system to those people that will be providing them with assistance throughout this assessment process - this will help to avoid overlapping and possible conflicting information
UGA The Detailed Assessment (cont.) Step 4 (cont.): l This assessment database is account driven, which means that each Area Coordinator will need to define the account or series of accounts for which they will be accountable throughout this assessment - this will be explained in greater detail during the actual demonstration by the system developer Chito Lapena êStep 5: Once you have successfully entered this system, you will arrive at the User Information screen, wherein pertinent information (for contacting purposes) should be entered (the first time only) - see Exhibit F. êStep 6: After entering the information from step 5, you will arrive at the Main Menu screen (Exhibit G).
UGA The Detailed Assessment (cont.) êStep 6 (cont.): This main menu feature can be found on every screen hereafter, making migration from screen-to-screen easier - (plus, as this is web-driven, you have the capability of moving forward and back, depending on where you are in the web- search). NOTE: there occasionally is a limit to the number of screens that this system will archive, which means that you may need to return to the screen desired via the main menu option. êFor the purposes of this assessment, you can ignore the Personal System/Service/ Facility List menu item. êThe User Options (Exhibit H) menu item is used to change your password, edit your customer information and to log out.
UGA The Detailed Assessment (cont.) êStep 7: This is where the Area Coordinator will bind together the accounts that they will be working with - select System/Facility/Service List by Account from the Main Menu - this will Take you to the SFS List Screen (Exhibit I) êStep 8: You can enter account information here and bind them together for this assessment. The binding feature will be active throughout this assessment. êStep 9: You can now select one of three options: ALL / NON Y2K / Y2K OK - regardless, you will be able to view the equipment in the database that is associated with the account that you selected.
UGA The Detailed Assessment (cont.) êStep 10: Initially, you will select ALL - (Exhibit J) - from there you can select those items which are SUSPECT by clicking on the boxes next to the item of equipment. êStep 11: After you check-off the suspect equipment and select the MARK CHECKED ITEMS AS NON-Y2K COMPLIANT box at bottom of this screen…you will arrive at the Non-Y2K Compliant List - (Exhibit K). You can also add equipment here that may not have appeared on the equipment database from Property Control.