This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The Treasury Board of Canada Secretariat (TBS) Year 2000 Project Office requires that Federal Departments and Agencies with Government-Wide Mission-Critical (GWMC) business functions identify, report and manage Year 2000 project risks.
In order to provide guidance for identifying Year 2000 project risks, this Year 2000 Taxonomy provides for a comprehensive and structured classification scheme. Standard use of the TBS Year 2000 Taxonomy will provide for a common basis across departments for risk identification.
The purpose of this appendix is to describe and document the TBS Year 2000 Taxonomy that can be used by Federal Departments in identifying the Year 2000 project risks associated with the Government-Wide Mission-Critical (GWMC) and Department-Wide Mission-Critical DWMC business functions. Departments may use their own taxonomy, but must ensure that all risk areas identified in the TBS Year 2000 taxonomy are addressed.
This appendix includes a description of "How to use the Year 2000 Taxonomy", the Year 2000 Taxonomy questionnaire, a description of the Year 2000 Taxonomy questionnaire template data elements, and tips for using the Year 2000 Taxonomy.
This document relates to the following documents as identified
The following glossary is intended to clarify certain terminology contained in the Year 2000 taxonomy.
Asset: |
This refers to all items which may be impacted by the Year 2000 problem such as:
|
---|---|
Mission-critical business functions: | Mission-critical business functions consist of specific business functions that have a high impact on Canadians, the operations of the government, and/or its employees. The level of criticality can be determined based on a series of criticality criteria provided in Appendix D. Within the context of this guide, functions will be classified as government-wide mission-critical or department-wide mission-critical. |
Time event horizon: | A date or point in time when a specific asset will experience the impact of its Year 2000 problem, which may be a date in advance of 2000. |
Year 2000 compliance: | Year 2000 compliant means that the asset accurately processes date/time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000 and leap year calculations. |
The TBS Business Continuity Guide [Reference 1] provides detailed sections devoted to conducting risk identification and analysis in support of Year 2000 projects.
The main tool utilized in identifying Year 2000 project risks is the Year 2000 Taxonomy as depicted in the diagram below. The Year 2000 Taxonomy is a questionnaire used in a workshop or interview setting that highlights important aspects of a Year 2000 project life-cycle which must be addressed otherwise issues/problems may arise. The information captured as a result of the risk identification and analysis activities is to be documented and formatted as per the TBS Year 2000 Risk Information Sheet [Reference c].
Communicate = communiquer
Identify = identifier
Analyze = analyser
Plan = planifier
Track = suivre
Control = contrôler
Figure H-1 : "Conduct Risk Assessment" Activity
2.1.1 Participants to the Workshop or Interview
The TBS Year 2000 Taxonomy can be used during a 3 hour
workshop or ½ - 2 hour interview with project stakeholders.
These Year 2000 project stakeholders may include resources such as
the Year 2000 project office personnel including the Project
Manager, practitioners, Year 2000 Steering Committee members, the
Year 2000 Project Director, the Year 2000 Project Sponsor, other
senior executives (ADMs, DMs), business line managers (including
personnel), and technical managers (including personnel responsible
for applications, infrastructure, facilities, etc.).
2.1.2 Tailoring
The TBS Year 2000 Taxonomy is a comprehensive
questionnaire used to support the identification of Year 2000 risks
during a risk assessment (risk identification and analysis).
Ideally all questions should be asked, however, the taxonomy may
contain questions that are not relevant to some participants of the
risk assessment, or relevant at a particular point in the Year 2000
project life-cycle.
As a guideline to help with the tailoring of the questionnaire, an indicator has been associated with each question to identify a mandatory (answer required) or tailorable question. The questionnaire can also be tailored for the type of personnel being interviewed. As a general rule, the questionnaire can be tailored as follows:
An additional suggested approach for tailoring the questions is to determine your organization's Year 2000 project stakeholders (as in section 2.1.1 above). You then create additional columns alongside the questionnaire corresponding to the stakeholders, and check-off the questions that are to be asked to a particular stakeholder (refer to the example figure below). Overlapping questions asked to various stakeholders is considered to be acceptable and will provide different viewpoints to a particular subject area.
# |
Question |
Y |
N |
DK |
NA |
Stake- holder A |
Stake- holder |
Stake- holder C |
Stake- holder D |
---|---|---|---|---|---|---|---|---|---|
1.1.1 | 4 | 4 | |||||||
1.1.2 | 4 | 4 | 4 | ||||||
1.1.3 | 4 | 4 | |||||||
1.1.4 | 4 | 4 | 4 | ||||||
1.1.5 | 4 | 4 | 4 | ||||||
. | 4 | 4 | |||||||
N | 4 | 4 | 4 |
Figure H-2: Example of Tailoring Questions and Targeting Stakeholders
2.1.3 During the Workshop or Interview
During the Year 2000 risk assessment workshops or
interviews, questions from the TBS Year 2000 Taxonomy should be
asked to the participants in order to elicit discussion and
determine if a risk exists in the subject area. The facilitator for
the risk identification workshop/interview should also attempt to
link risks to the business functions of the department.
The general steps include:
i) Yes – This is considered to be a positive response to the question indicating that there is no risk with regards to the subject area of the question;
ii) No – This is considered to be a negative response to the question indicating that there may be a certain level of risk with regards to the subject area of the question. The risk including the potential negative consequence must be recorded including any contextual information;
iii) Do Not Know – This is considered to be an uncertain response to the question indicating that there may be a risk with regards to the subject area of the question. Further investigation is required outside of the workshop or interview in order to determine if there is a risk; and
iv) Not Applicable – This response means that there is no risk with regards to the subject area of the question. Ensure that the question and context is well understood (refer to c. below).
2.1.4 Recording Risks
The risks identified as a result of the risk
identification process should be documented using the TBS Year 2000
Risk Information Sheet [Reference c] serving as the primary means
for documenting and retaining information about a risk.
The TBS Year 2000 Taxonomy Questionnaire is located in Addendum 1 to this appendix.
This table describes the data elements (column headings) in the TBS Year 2000 Taxonomy.
Table H-1: Year 2000 Taxonomy Questionnaire Data Element Definition
Field Name |
Description |
---|---|
Tailor | This is a guideline for tailoring the TBS Year 2000 Taxonomy. The guideline will
|
Question |
The first question in the column is the main question, versus sub-questions (if applicable). The main question is the means for identifying risk in a particular Year 2000 life cycle phase or management area. Sub-questions are not considered to be part of the main question, but rather help provide context for the main question. |
Yes | A positive response to the question indicates that there is no risk with regards to the subject area of the question. |
No | A negative response to the question indicates that there may be a certain level of risk with regards to the subject area of the question. |
Do Not Know | An uncertain response to the question indicates that there may be a risk with regards to the subject area of the question. |
Not Applicable | The question does not apply signifies that there is no risk with regards to the subject area of the question. |
Observation | An observation is considered to be contextual information for an identified risk. Observations may also arise from discussions with regards to the sub-questions. |
The following guidelines and tips are aimed at improving the use of the Year 2000 Taxonomy during risk assessments:
Tailor |
Question |
Yes |
No |
Do Not Know |
NA |
Obser- |
---|---|---|---|---|---|---|
1 Year 2000 Project Life-Cycle Processes | ||||||
1.1 Awareness/Inventory | ||||||
M |
1.1.1 Is the Year 2000 problem among the top priorities of your organization?
|
|||||
M |
1.1.2 Is the awareness level across your organization reflective of the priority level required by Year 2000 activities? | |||||
M |
1.1.3 Is there a Year 2000 communication plan/strategy in place?
|
|||||
M |
1.1.4 Has your organization identified all its mission- critical business functions?
|
|||||
M |
1.1.5 Has your organization assessed the potential business impact of the Year 2000 problem on its mission-critical functions?
|
|||||
M |
1.1.6 Has your organization identified the assets supporting the business functions? Examples of possible assets are:
|
|||||
M |
1.1.7 Has your organization's asset inventory been prioritized?
|
|||||
M |
1.1.8 Is there a controlled repository of the asset inventory information?
|
|||||
M |
1.1.9 Has the number of assets in the inventory remained unchanged since the completion of the inventory phase? | |||||
M |
1.1.10 Have owners for business functions and assets been clearly identified?
|
|||||
1.2 Assessment (Analysis/Design) | ||||||
M |
1.2.1 Have Year 2000 compliance requirements been defined for all types of assets?
|
|||||
M |
1.2.2 Has a standard for dates been established and approved?
|
|||||
M |
1.2.3 Are resources, assigned to the assessment phase, appropriately trained in assessment techniques and tools, and knowledgeable of the assets being assessed? | |||||
M |
1.2.4 Has your organization determined the number of assets which are susceptible to the Year 2000 problem? | |||||
M |
1.2.5 Has your organization determined the time event horizon (a date which could be before 2000) for Year 2000 failure for all assets that are susceptible to the Year 2000 problem? | |||||
M |
1.2.6 Has the magnitude/impact of the year 2000 problem been established for each asset or asset type?
|
|||||
M |
1.2.7 Are the assets accurately documented? Do they include:
|
|||||
M |
1.2.8 Has a triage (repair, re-engineer, replace, or retire) been conducted on the assets? | |||||
M |
1.2.9 Has the triage on assets been approved by senior management? | |||||
M |
1.2.10 Have the conversion techniques and tools been identified for asset types?
|
|||||
T |
1.2.11 For assets requiring replacement, have vendors been solicited for Year 2000 compliance? | |||||
T |
1.2.12 Have issues with electronic partners (e.g. electronic output and input requirements) been identified and resolved?
|
|||||
T |
1.2.13 For assets utilizing external source data (such as application software), has a data conversion strategy been identified?
|
|||||
T |
1.2.14 For IT assets, will the existing IT infrastructure support the added load of Year 2000 conversion activities? | |||||
T |
1.2.15 For IT assets, have the changesto the IT production environment (HW, SW, network) been identified and costed? | |||||
M |
1.2.16 Have issues with vendor responses for Year 2000 compliance been identified and resolved?
|
|||||
M |
1.2.17 Have the results from the assessment phase been used to re-evaluate/confirm the effort estimates and budget? | |||||
T |
1.2.18 Have vendors been solicited for their Year 2000 strategy with respect to their suppliers (supply chain issues)? | |||||
M |
1.2.19 Have business continuity artifacts been collected (e.g. business resumption plans, disaster recovery plans, etc.)? If yes, are they up-to-date? | |||||
M |
1.2.20 Has the ability of the organization to ensure business continuity been assessed? If yes, were deficiencies identified and resolved? | |||||
M |
1.2.21 Have relevant crisis scenarios been identified and documented? | |||||
1.3 Renovation (Build) | ||||||
M |
1.3.1 Are resources, assigned to renovation activities, appropriately trained in renovation techniques and tools, and knowledgeable of the assets being renovated? | |||||
M |
1.3.2 Can your organization state the exact number of assets that have been converted (repaired or replaced) to date? | |||||
M |
1.3.3 For assets requiring replacement, have Year 2000 compliant versions of the assets been ordered?
|
|||||
M |
1.3.4 Have issues with renovation activities been identified and resolved?
|
|||||
T |
1.3.5 Has your organization planned for the development of bridges and filters to handle non-conforming data?
|
|||||
M |
1.3.6 Is the following documentation being updated as part of renovation activities:
|
|||||
M |
1.3.7 Has unit/component testing been conducted (where applicable)? | |||||
M |
1.3.8 Have issues with regards to Year 2000 compliance for suppliers and business partners been identified and resolved?
|
|||||
M |
1.3.9 Are standards being adhered to? | |||||
T |
1.3.10 Have the phase out plans for assets, scheduled for retirement, been prepared?
|
|||||
M |
1.3.11 Are contingency plans, at the business function level, in place?
|
|||||
1.4 Validation (Testing) | ||||||
M |
1.4.1 Have the types of resources required for validation activities been identified (such as users, business/functional resources, and technical resources)? | |||||
M |
1.4.2 Are there sufficient resources for conducting testing activities? | |||||
M |
1.4.3 Does test coverage include full functional testing as opposed to only Year 2000 specific testing? | |||||
M |
1.4.4 Has test data (where applicable for assets such as application software) been developed, collected and/or converted to support the validation activities? | |||||
M |
1.4.5 Are automated test tools/equipment in use?
|
|||||
M |
1.4.6 Do you have sufficient time allocated for the testing activities that have been planned to be conducted? | |||||
M |
1.4.7 Is problem tracking and reporting being utilized for the Year 2000 project?
|
|||||
M |
1.4.8 Has the corrective action process (the protocol for the fixing of problems encountered) during the validation phase been properly identified and documented?
|
|||||
M |
1.4.9 Is the Year 2000 certification of assets a formal approval process? | |||||
1.5 Implementation | ||||||
M |
1.5.1 Is Year 2000 related client training planned for the implementation of new or modified systems? | |||||
M |
1.5.2 Are all the contingency procedures for the restoration of assets in place and ready to be activated?
|
|||||
M |
1.5.3 Have conflicts with current operations and maintenance activities been identified? |
Tailor |
Question |
Yes |
No |
Do Not Know |
NA |
Observ- |
---|---|---|---|---|---|---|
2 Management | ||||||
2.1 Technical / Project Management Processes | ||||||
M |
2.1.1 Is there a Project Charter for the Year 2000 Project?
|
|||||
M |
2.1.2 Is there a Project Management Plan?
|
|||||
M |
2.1.3 Is the Project Management plan based on an industry approved Year 2000 life cycle or approach complete with structured activities? | |||||
M |
2.1.4 Are there plans (or work packages) for Year 2000 activities at the asset level? | |||||
M |
2.1.5 Has the Year 2000 budget been fully approved until implementation?
|
|||||
M |
2.1.6 Is there a Year 2000 Project Management Office PMO?
|
|||||
M |
2.1.7 Has a manager been assigned the responsibility of defining and fulfilling the Year 2000 project objectives (converting Year 2000 susceptible assets in order to maintain business continuity beyond 2000, within the estimated budget and timeframe)?
|
|||||
M |
2.1.8 Is there a Year 2000 steering committee?
|
|||||
M |
2.1.9 Is cooperation among the stakeholders effective? | |||||
M |
2.1.10 Is the master schedule realistic for mission critical business functions/assets?
|
|||||
M |
2.1.11 Does the project have scheduled checkpoints or "gates" when it will be reviewed and where management will decide on its future, and if necessary, take appropriate corrective action? | |||||
M |
2.1.12 Is there an audit plan for the Year 2000 project? | |||||
M |
2.1.13 Is the project plan updated to reflect the results uncovered during the previous Year 2000 life-cycle phase?
|
|||||
M |
2.1.14 Are internal project reviews conducted periodically with asset category owners/conversion teams to track progress and issues? | |||||
M |
2.1.15 Does your organization track actual progress against the year 2000 planned activities (as identified on the master schedule)?
|
|||||
M |
2.1.16 Are frequent progress reports available?
|
|||||
M |
2.1.17 Are the budget and schedule stable (unchanging)? | |||||
M |
2.1.18 Are your organization's budget and schedule intermediate objectives being met? | |||||
M |
2.1.19 Are there critical success factors established for the Year 2000 project?
|
|||||
M |
2.1.20 Has a human resource strategy been developed and approved? | |||||
M |
2.1.21 Have the human resource requirements for each phase been allocated?
|
|||||
M |
2.1.20 Has your organization re-assigned resources to the Year 2000 project when requested? | |||||
M |
2.1.23 Do you have access to the right people when you need them?
|
|||||
M |
2.1.24 Have all the systems, tools, and facilities required for each phase been identified, committed or acquired?
|
|||||
O |
2.1.25 Are all the contracts for the resources to be procured in place (human, computing, facilities, etc.)? | |||||
T |
2.1.26 Are the contracts secured beyond Year 2000? | |||||
M |
2.1.27 Are Year 2000 warranty clauses being inserted in contracts for goods and services (where applicable)? | |||||
M |
2.1.28 Is there a documented risk management process (including tools, techniques, practices) being utilized? | |||||
M |
2.1.29 Are risk action plans being developed and implemented to manage identified risks on the Year 2000 project? | |||||
M |
2.1.30 Is project tracking and oversight being conducted?
|
|||||
T |
2.1.31 Is subcontractor management being conducted?
|
|||||
M |
2.1.32 Is quality assurance being conducted?
|
|||||
M |
2.1.33 Is configuration management performed?
|
|||||
M |
2.1.34 Is there a Crisis Management organization? If yes, is the organization trained and tested with scenarios? |
|||||
M |
2.1.35 Has a Crisis Operations Centre been established? Does the organization have a pre-designated spokesperson for crisis events to inform your end users (client?)? |
|||||
M |
2.1.36 Is there a business continuity plan for the organization? Does it address risk management, contingency planning, crisis response and business resumption activities? |
|||||
M |
2.1.37 Has a top-level executive been identified to lead the crisis management team? Is this person aware of their responsibilities? |
|||||
2.2 Business/Program Management | ||||||
M |
2.2.1 Are there any system development/upgrade projects currently in progress?
|
|||||
O |
2.2.2 Are there any plans to minimize non-Year 2000 initiatives until the Year 2000 problem is resolved or under control? | |||||
M |
2.2.3 Is disruption to operations and production service levels being monitored? | |||||
M |
2.2.4 Has the current business environment been evaluated for constraints that may impact the Year 2000 project implementation?
|
|||||
M |
2.2.5 Has your organization assessed its legal liabilities associated with the Year 2000 problem and potential business function failures?
|
|||||
M |
2.2.6 Have you discussed your Year 2000 Plan with your organization's Legal representative? | |||||
M |
2.2.7 Is your organization's Legal representative conducting a Legal Risk Assessment? | |||||
M |
2.2.8 Is there a legal action plan? |