ARCHIVED - A Guide to Effective Business Continuity in Support of the Year 2000 Challenge

• Previous Page
• Table of Contents
• Next Page

This page has been archived.

Appendix H  -  Year 2000 Risk Taxonomy

1. Introduction

1.1 Background

The Treasury Board of Canada Secretariat (TBS) Year 2000 Project Office requires that Federal Departments and Agencies with Government-Wide Mission-Critical (GWMC) business functions identify, report and manage Year 2000 project risks.

In order to provide guidance for identifying Year 2000 project risks, this Year 2000 Taxonomy provides for a comprehensive and structured classification scheme. Standard use of the TBS Year 2000 Taxonomy will provide for a common basis across departments for risk identification.

1.2 Purpose

The purpose of this appendix is to describe and document the TBS Year 2000 Taxonomy that can be used by Federal Departments in identifying the Year 2000 project risks associated with the Government-Wide Mission-Critical (GWMC) and Department-Wide Mission-Critical DWMC business functions. Departments may use their own taxonomy, but must ensure that all risk areas identified in the TBS Year 2000 taxonomy are addressed.

1.3 Scope

This appendix includes a description of "How to use the Year 2000 Taxonomy", the Year 2000 Taxonomy questionnaire, a description of the Year 2000 Taxonomy questionnaire template data elements, and tips for using the Year 2000 Taxonomy.

1.4 Relationship to Other Documents

This document relates to the following documents as identified

1. Treasury Board of Canada Secretariat, Steering government into the next millennium: A Guide to Effective Business Continuity in Support of the Year 2000 Problem, October 1998.
2. Software Engineering Institute, Continuous Risk Management Guide, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1996. The Year 2000 Taxonomy follows the principles of the Software Engineering Institute's (SEI) Continuous Risk Management Guide, in particular the appendices regarding "Taxonomy-Based Questionnaire (Appendix A-32) and "Taxonomy-Based Questionnaire (TBQ) Interviews
   (Appendix A-33).
3. Treasury Board of Canada Secretariat, Year 2000 Risk Information Sheet (RIS), October 1998. The Year 2000 RIS is the means for documenting information about risks that are identified as a result of conducting a risk assessment using the Year 2000 Taxonomy. A sample RIS is provided in Appendix I.
4. U.S. General Accounting Office's, Year 2000 Computing Crisis, GAO/AIMD-10.1.14, September 1997. The Year 2000 Taxonomy has been verified for completeness against the GAO Year 2000 Program Assessment Checklist.
5. Department of Information Technology, California 2000 Program Guide, State of California, November 1996. The Year 2000 Taxonomy has been verified for completeness against the State of California's Year 2000 Project Approach, California 2000 Program Guide.
6. TBS, Year 2000 Mission Critical Contingency Planning Guide, Draft, April 1998. The Year 2000 Taxonomy has been verified for against the survey questions found in the TBS Year 2000 Mission Critical Contingency Planning Guide.
7. The MITRE Corporation, Year 2000 Certification Process. The Year 2000 Taxonomy has been verified for completeness against the MITRE Corporation's Year 2000 Certification Process.

1.5 Glossary

The following glossary is intended to clarify certain terminology contained in the Year 2000 taxonomy.

Asset:	This refers to all items which may be impacted by the Year 2000 problem such as: Software (includes third party vendor software, operating systems, applications, etc.); Networks (includes all equipment between the communication card on the end-terminals – LAN, MAN, WAN, PBX – including private switching equipment but excluding processing units such as PC's, servers and mainframes); Real property systems (includes electrical supply, security, climate control, elevators and other systems); Other organizations (includes other governments, departments, or organizations including these organizations that are part of the supply chain of the departments as well as the procurement and legal organizations); Hardware (includes processing units such as PC's, servers and mainframes); Utilities (includes electricity, telephone, mail service, etc.); Fleets (includes aircraft, ships, automobiles, etc.); and Embedded systems (includes manufacturing and process control; transportation and navigation equipment such as airplanes, trains, marine, traffic lights, air traffic control, etc.; office systems and mobile equipment such as faxes, copiers, videos, televisions, cell phones etc.; medical devices such as pacemakers, monitoring systems, x-rays, etc.; and lab equipment).
Mission-critical business functions:	Mission-critical business functions consist of specific business functions that have a high impact on Canadians, the operations of the government, and/or its employees. The level of criticality can be determined based on a series of criticality criteria provided in Appendix D. Within the context of this guide, functions will be classified as government-wide mission-critical or department-wide mission-critical.
Time event horizon:	A date or point in time when a specific asset will experience the impact of its Year 2000 problem, which may be a date in advance of 2000.
Year 2000 compliance:	Year 2000 compliant means that the asset accurately processes date/time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000 and leap year calculations.

2. Year 2000 Taxonomy

2.1 How to Use the Year 2000 Taxonomy

The TBS Business Continuity Guide [Reference 1] provides detailed sections devoted to conducting risk identification and analysis in support of Year 2000 projects.

The main tool utilized in identifying Year 2000 project risks is the Year 2000 Taxonomy as depicted in the diagram below. The Year 2000 Taxonomy is a questionnaire used in a workshop or interview setting that highlights important aspects of a Year 2000 project life-cycle which must be addressed otherwise issues/problems may arise. The information captured as a result of the risk identification and analysis activities is to be documented and formatted as per the TBS Year 2000 Risk Information Sheet [Reference c].

Communicate = communiquer
Identify = identifier
Analyze = analyser
Plan = planifier
Track = suivre
Control = contrôler

Figure H-1 : "Conduct Risk Assessment" Activity

2.1.1 Participants to the Workshop or Interview
The TBS Year 2000 Taxonomy can be used during a 3 hour workshop or ½ - 2 hour interview with project stakeholders. These Year 2000 project stakeholders may include resources such as the Year 2000 project office personnel including the Project Manager, practitioners, Year 2000 Steering Committee members, the Year 2000 Project Director, the Year 2000 Project Sponsor, other senior executives (ADMs, DMs), business line managers (including personnel), and technical managers (including personnel responsible for applications, infrastructure, facilities, etc.).

2.1.2 Tailoring
The TBS Year 2000 Taxonomy is a comprehensive questionnaire used to support the identification of Year 2000 risks during a risk assessment (risk identification and analysis). Ideally all questions should be asked, however, the taxonomy may contain questions that are not relevant to some participants of the risk assessment, or relevant at a particular point in the Year 2000 project life-cycle.

As a guideline to help with the tailoring of the questionnaire, an indicator has been associated with each question to identify a mandatory (answer required) or tailorable question. The questionnaire can also be tailored for the type of personnel being interviewed. As a general rule, the questionnaire can be tailored as follows:

1. The questions for Section 1.1 – Year 2000 Project Life-Cycle Processes are targeted at most stakeholders;
2. The questions from Sections 1.2 to 1.5 and 2.1 – Technical/Project Management are mainly targeted at Year 2000 project office personnel and technical managers; and
3. The questions from Section 2.2 – Business/Program Management are mainly targeted at the business line managers and senior executives.

An additional suggested approach for tailoring the questions is to determine your organization's Year 2000 project stakeholders (as in section 2.1.1 above). You then create additional columns alongside the questionnaire corresponding to the stakeholders, and check-off the questions that are to be asked to a particular stakeholder (refer to the example figure below). Overlapping questions asked to various stakeholders is considered to be acceptable and will provide different viewpoints to a particular subject area.

#	Question	Y	N	DK	NA	Stake- holder A	Stake- holder B	Stake- holder C	Stake- holder D
1.1.1						4		4
1.1.2						4	4	4
1.1.3							4	4
1.1.4						4	4	4
1.1.5						4		4	4
.								4	4
N						4		4	4

Figure H-2: Example of Tailoring Questions and Targeting Stakeholders

2.1.3 During the Workshop or Interview
During the Year 2000 risk assessment workshops or interviews, questions from the TBS Year 2000 Taxonomy should be asked to the participants in order to elicit discussion and determine if a risk exists in the subject area. The facilitator for the risk identification workshop/interview should also attempt to link risks to the business functions of the department.

The general steps include:

1. Ask a question;
2. Obtain the response to the question as follows:

3. i) Yes – This is considered to be a positive response to the question indicating that there is no risk with regards to the subject area of the question;

   ii) No – This is considered to be a negative response to the question indicating that there may be a certain level of risk with regards to the subject area of the question. The risk including the potential negative consequence must be recorded including any contextual information;

   iii) Do Not Know – This is considered to be an uncertain response to the question indicating that there may be a risk with regards to the subject area of the question. Further investigation is required outside of the workshop or interview in order to determine if there is a risk; and

   iv) Not Applicable – This response means that there is no risk with regards to the subject area of the question. Ensure that the question and context is well understood (refer to c. below).

4. Ask the sub-questions to ensure that the context of the question is well understood;
5. As a result of asking a question, the workshop facilitator may have to pursue the risk area beyond the question. This requires expert knowledge of the Year 2000 project in order to be able to react to this situation; and
6. Capture and record the risk statement and any context information about the risk (refer to next subsection).

2.1.4 Recording Risks
The risks identified as a result of the risk identification process should be documented using the TBS Year 2000 Risk Information Sheet [Reference c] serving as the primary means for documenting and retaining information about a risk.

2.2 Year 2000 Taxonomy Questionnaire

The TBS Year 2000 Taxonomy Questionnaire is located in Addendum 1 to this appendix.

2.3 Year 2000 Taxonomy Questionnaire Data Element Definition

This table describes the data elements (column headings) in the TBS Year 2000 Taxonomy.

Table H-1: Year 2000 Taxonomy Questionnaire Data Element Definition

Field Name	Description
Tailor	This is a guideline for tailoring the TBS Year 2000 Taxonomy. The guideline will M means mandatory question. (This question must be asked); and T means a tailorable question.
Question	The first question in the column is the main question, versus sub-questions (if applicable). The main question is the means for identifying risk in a particular Year 2000 life cycle phase or management area. Sub-questions are not considered to be part of the main question, but rather help provide context for the main question.
Yes	A positive response to the question indicates that there is no risk with regards to the subject area of the question.
No	A negative response to the question indicates that there may be a certain level of risk with regards to the subject area of the question.
Do Not Know	An uncertain response to the question indicates that there may be a risk with regards to the subject area of the question.
Not Applicable	The question does not apply signifies that there is no risk with regards to the subject area of the question.
Observation	An observation is considered to be contextual information for an identified risk. Observations may also arise from discussions with regards to the sub-questions.

2.4 Guidelines and Tips

The following guidelines and tips are aimed at improving the use of the Year 2000 Taxonomy during risk assessments:

1. Risk identification workshops should include peer groups with a common interest such as Year 2000 project office personnel, practitioners, Year 2000 Steering Committee members, business line resources, and technical resources (including personnel responsible for applications, infrastructure, facilities, etc.);
2. Risk identification workshops work best with 10 participants or less;
3. Risk identification interviews are generally conducted with senior executives such as Year 2000 project director, Year 2000 Project Sponsor, and other senior executives (ADMs, DMs);
4. Once the TBS Year 2000 Taxonomy has been tailored, the goal is to ensure that all remaining questions have been answered by a Year 2000 project stakeholder;
5. A common understanding of the risk can be obtained by querying various stakeholder groups with similar questions; and
6. State risks in objective terms, making sure that there is a potential negative impact on business continuity objectives.

Addendum 1 to Appendix H
Year 2000 Taxonomy

Tailor	Question	Yes	No	Do Not Know	NA	Obser- vations
	1 Year 2000 Project Life-Cycle Processes
	1.1 Awareness/Inventory
M	1.1.1 Is the Year 2000 problem among the top priorities of your   organization? Has senior   management issued a formal correspondence confirming the priority   of the Year 2000   project?
M	1.1.2 Is the awareness level across your organization reflective of the priority level required by Year 2000  activities?
M	1.1.3 Is there a Year 2000 communication plan/strategy    in place? Does it include communications to internal and external  stakeholders? Is your organization communicating with other government departments or organizations on Year 2000 issues (may include participation to various industry Year 2000 groups)? Is it effective?
M	1.1.4 Has your organization identified all its mission-   critical business functions? Is the list complete? Is the list accurate? Has it been communicated to TBS? Have the mission-critical business functions been prioritized? Has your organization used the TBS criticality criteria? Has the prioritized mission critical business function list been formally approved by senior management?
M	1.1.5 Has your organization assessed the potential business impact of the Year 2000 problem on its mission-critical functions? Was a formal assessment methodology used to determine the impact of the Year 2000 problem?
M	1.1.6 Has your organization identified the assets supporting the business functions? Examples of possible assets are: Internal/external  systems and applications Commercial-off-the-shelf systems/applications IT infrastructure components; Embedded systems (computerized devices that are literally embedded within a larger piece of equipment or industrial product); manufacturing and process control; transportationand navigation equipment (airplanes, trains, marine, traffic lights, air traffic control, etc.); facilities  (electrical supply,  lighting, heating, ventilation, elevators,  locks, security, etc); office systems and mobile equipment (fax, copier, video, televisions, cell phones etc.); medical devices (pacemakers, monitoring systems, x-rays, etc.); lab equipment; Public infrastructure /utilities /telecommunications; and Other branches/ departments interfaces. Is the list complete? Is the list accurate? Has your organization determined the nature, size, and complexity of  the assets? Are dependencies    and/or interfaces to external assets identified?
M	1.1.7 Has your organization's asset inventory been     prioritized? Was an approach used   for prioritization? Is the prioritization approved by senior management?
M	1.1.8 Is there a controlled repository of the asset inventory information? Is it available to all Year 2000 stakeholders (for read access)?
M	1.1.9 Has the number of assets  in the inventory remained unchanged since the completion of the inventory phase?
M	1.1.10 Have owners for  business functions and assets been clearly identified? Have their roles and accountability been   clearly defined?
	1.2 Assessment (Analysis/Design)
M	1.2.1 Have Year 2000 compliance requirements been defined for all types of assets? Have they been properly communicated to Year 2000 staff and asset owners? Are they documented in a guide?
M	1.2.2 Has a standard for dates been established and     approved? Does it include   interfaces? Is the standard documented in a guide?
M	1.2.3 Are resources, assigned   to the assessment phase, appropriately trained in assessment techniques and   tools, and knowledgeable of the assets being assessed?
M	1.2.4 Has your organization determined the number of assets which are susceptible to the  Year 2000 problem?
M	1.2.5 Has your organization determined the time event   horizon (a date which could be before 2000) for Year 2000 failure for all assets that are susceptible to the Year 2000 problem?
M	1.2.6 Has the magnitude/impact of the year 2000 problem been established for each asset or asset type? Has this information been documented in the asset inventory?
M	1.2.7 Are the assets accurately documented? Do they include: Design documents? As built specifications? Test data     (if applicable)? Location of source code (for assets such as   internal applications)? Identification of vendor/manufacturer (for assets such as commercial-off-the-shelf systems and embedded systems)?
M	1.2.8 Has a triage (repair, re-engineer, replace, or retire) been conducted on the assets?
M	1.2.9 Has the triage on assets been approved by senior management?
M	1.2.10 Have the conversion techniques and tools been identified for asset types? Have they been documented in a guide? For IT applications, has the impact of these techniques/tools on performance been evaluated?
T	1.2.11 For assets requiring replacement, have vendors     been solicited for Year 2000 compliance?
T	1.2.12 Have issues with electronic partners (e.g. electronic output and input requirements) been identified  and resolved? Have the decisions been recorded?
T	1.2.13 For assets utilizing external source data (such as application software), has a   data conversion strategy been identified? Has the impact of data conversion on performance been evaluated?
T	1.2.14 For IT assets, will the existing IT infrastructure support the added load of Year 2000 conversion activities?
T	1.2.15 For IT assets, have the changesto the IT production environment (HW, SW, network) been identified and costed?
M	1.2.16 Have issues with vendor responses for Year 2000 compliance been identified and resolved? Have the decisions been recorded?
M	1.2.17 Have the results from the assessment phase been used to re-evaluate/confirm the effort estimates and budget?
T	1.2.18 Have vendors been solicited for their Year 2000 strategy with respect to their suppliers (supply chain issues)?
M	1.2.19 Have business continuity artifacts been collected (e.g. business resumption plans, disaster recovery plans, etc.)? If yes, are they up-to-date?
M	1.2.20 Has the ability of the organization to ensure business continuity been assessed? If yes, were deficiencies identified and resolved?
M	1.2.21 Have relevant crisis scenarios been identified and documented?
	1.3 Renovation (Build)
M	1.3.1 Are resources, assigned   to renovation activities, appropriately trained in renovation techniques and    tools, and knowledgeable of the assets being renovated?
M	1.3.2 Can your organization  state the exact number of assets that have been converted (repaired or replaced) to date?
M	1.3.3 For assets requiring replacement, have Year 2000 compliant versions of the assets been ordered? Is your organization  aware of the lead-time for delivery? Is anything being done to ensure that new or upgraded third party/vendor's assets are Year 2000 compliant?
M	1.3.4 Have issues with renovation activities been identified and resolved? Have the decisions been recorded?
T	1.3.5 Has your organization planned for the development of bridges and filters to handle non-conforming data? Has the number of  bridges and filters increased since the completion of the assessment phase?
M	1.3.6 Is the following documentation being updated as part of renovation activities: System documentation? User documentation? Training documentation? Test cases, etc.?
M	1.3.7 Has unit/component   testing been conducted (where applicable)?
M	1.3.8 Have issues with regards  to Year 2000 compliance for suppliers and business partners been identified and resolved? Have the decisions been recorded?
M	1.3.9 Are standards being adhered to?
T	1.3.10 Have the phase out plans for assets, scheduled for retirement, been prepared? Have the stakeholders been notified?
M	1.3.11 Are contingency plans,   at the business function level, in place? Have the time thresholds been identified for  initiating the  contingencies?
	1.4 Validation (Testing)
M	1.4.1 Have the types of resources required for validation activities been identified (such   as users, business/functional resources, and technical resources)?
M	1.4.2 Are there sufficient resources for conducting testing activities?
M	1.4.3 Does test coverage   include full functional testing as opposed to only Year 2000 specific testing?
M	1.4.4 Has test data (where applicable for assets such as application software) been developed, collected and/or converted to support the validation activities?
M	1.4.5 Are automated test tools/equipment in use? Have automated test tools/equipment been verified for Year 2000 compliance?
M	1.4.6 Do you have sufficient time allocated for the testing activities that have been planned to be conducted?
M	1.4.7 Is problem tracking and reporting being utilized for the Year 2000 project? Do you track problems until their resolution? Do you utilize an automated tool?
M	1.4.8 Has the corrective action process (the protocol for the fixing of problems encountered) during the validation phase been properly identified and documented? Has enough time been allocated for problem resolution in the   schedule? Is the feedback loop to individuals renovating the assets adequate? Is regression testing part  of this process?
M	1.4.9 Is the Year 2000 certification of assets a formal approval process?
	1.5 Implementation
M	1.5.1 Is Year 2000 related   client training planned for the implementation of new or modified systems?
M	1.5.2 Are all the contingency procedures for the restoration    of assets in place and ready to  be activated? Have contingency procedures been tested? Have all personnel been trained?
M	1.5.3 Have conflicts with current operations and maintenance activities been identified?

 

Tailor	Question	Yes	No	Do Not Know	NA	Observ- ations
	2 Management
	2.1 Technical / Project Management Processes
M	2.1.1 Is there a Project Charter for the Year 2000 Project? Is the project charter understood and accepted by all stakeholders? Has the project charter been signed by all stakeholders (including external interface organizations)?
M	2.1.2 Is there a Project Management Plan? Does it include: Work Breakdown structure (project activities)? Organization Breakdown structure? Responsibility Assignment Matrix? Resource estimates? Detailed budget? Master Schedule? Is project planning being conducted according to your organization's policies, guidelines, and procedures?
M	2.1.3 Is the Project Management plan based on an industry approved Year 2000 life cycle or approach complete with structured activities?
M	2.1.4 Are there plans (or work packages) for Year 2000 activities at the asset level?
M	2.1.5 Has the Year 2000 budget been fully approved until implementation? If required, has a TB Submission for the Year 2000 project been created and submitted?
M	2.1.6 Is there a Year 2000 Project Management Office PMO? Is it properly staffed? Does the personnel have the proper expertise and experience to support the Year 2000 project?
M	2.1.7 Has a manager been assigned the responsibility of defining and fulfilling the Year 2000 project objectives (converting Year 2000 susceptible assets in order to maintain business continuity beyond 2000, within the estimated budget and timeframe)? Is the manager empowered to deliver this project? Does the manager have budget and decision making authority? Does the manager have a clearly defined escalation path for actions required by senior authorities? Is the manager a senior manager in your organization?
M	2.1.8 Is there a Year 2000 steering committee? Is there adequate stakeholder representation on the committee? Does it include representation from all Regions? Is the purpose of the committee clearly identified? Are there frequent meetings? Are minutes/actions written and given to the PM?
M	2.1.9 Is cooperation among the stakeholders effective?
M	2.1.10 Is the master schedule realistic for mission critical business functions/assets? Does it include all activities until implementation? Are the dependencies between tasks (especially between software applications) identified on the schedule? Is there a critical path? Does it include external dependencies and/or interfaces?
M	2.1.11 Does the project have scheduled checkpoints or "gates" when it will be reviewed and where management will decide on its future, and if necessary, take appropriate corrective action?
M	2.1.12 Is there an audit plan for the Year 2000 project?
M	2.1.13 Is the project plan updated to reflect the results uncovered during the previous Year 2000 life-cycle phase? Has there been a review of the critical path?
M	2.1.14 Are internal project reviews conducted periodically with asset category owners/conversion teams to track progress and issues?
M	2.1.15 Does your organization track actual progress against the year 2000 planned activities (as identified on the master schedule)? Have you identified adequate metrics to capture? Are proper management systems available to adequately monitor and control project activities? Is this level of monitoring adequate to support decision-making and to report progress to senior management?
M	2.1.16 Are frequent progress reports available? Are issues/actions identified and acted upon?
M	2.1.17 Are the budget and schedule stable (unchanging)?
M	2.1.18 Are your organization's budget and schedule intermediate objectives being met?
M	2.1.19 Are there critical success factors established for the Year 2000 project? Have they been translated into the acceptance or Year 2000 certification process?
M	2.1.20 Has a human resource strategy been developed and approved?
M	2.1.21 Have the human resource requirements for each phase been allocated? Are the human resource requirements stable (unchanging)? Have the required staff skill sets been identified?
M	2.1.20 Has your organization re-assigned resources to the Year 2000 project when requested?
M	2.1.23 Do you have access to the right people when you need them? Are people fulfilling their roles and responsibilities as identified in the project charter?
M	2.1.24 Have all the systems, tools, and facilities required for each phase been identified, committed or acquired? Have these systems and tools been assessed for Year 2000 compatibility?
O	2.1.25 Are all the contracts for the resources to be procured in place (human, computing, facilities, etc.)?
T	2.1.26 Are the contracts secured beyond Year 2000?
M	2.1.27 Are Year 2000 warranty clauses being inserted in contracts for goods and services (where applicable)?
M	2.1.28 Is there a documented risk management process (including tools, techniques, practices) being utilized?
M	2.1.29 Are risk action plans being developed and implemented to manage identified risks on the Year 2000 project?
M	2.1.30 Is project tracking and oversight being conducted? Is it being conducted according to your organization's policies, guidelines, and procedures? Is it adequate?
T	2.1.31 Is subcontractor management being conducted? Is it being conducted according to your organization's policies, guidelines, and procedures? Is it adequate? Is the subcontractor's performance monitored on a regular basis?
M	2.1.32 Is quality assurance being conducted? Is it being conducted according to your organization's policies, guidelines, and procedures? Is it adequate? Have critical success factors clearly been identified?
M	2.1.33 Is configuration management performed? Is it being conducted according to your organization's policies, guidelines, and procedures? Is it adequate? Are changes to code, systems, and documentation controlled? Does it include external interfaces?
M	2.1.34 Is there a Crisis Management organization? If yes, is the organization trained and tested with scenarios?
M	2.1.35 Has a Crisis Operations Centre been established? Does the organization have a pre-designated spokesperson for crisis events to inform your end users (client?)?
M	2.1.36 Is there a business continuity plan for the organization? Does it address risk management, contingency planning, crisis response and business resumption activities?
M	2.1.37 Has a top-level executive been identified to lead the crisis management team? Is this person aware of their responsibilities?
	2.2 Business/Program Management
M	2.2.1 Are there any system development/upgrade projects currently in progress? Are these projects approved by your senior management? Will these projects be Year 2000 compliant? Will these projects require interfacing with the existing Year 2000 compliant infrastructure or other systems?
O	2.2.2 Are there any plans to minimize non-Year 2000 initiatives until the Year 2000 problem is resolved or under control?
M	2.2.3 Is disruption to operations and production service levels being monitored?
M	2.2.4 Has the current business environment been evaluated for constraints that may impact the Year 2000 project implementation? Program delivery? Legislation? Political?
M	2.2.5 Has your organization assessed its legal liabilities associated with the Year 2000 problem and potential business function failures? Is your Legal branch/representative involved?
M	2.2.6 Have you discussed your Year 2000 Plan with your organization's Legal representative?
M	2.2.7 Is your organization's Legal representative conducting a Legal Risk Assessment?
M	2.2.8 Is there a legal action plan?

• Previous Page
• Table of Contents
• Next Page