Introduction

Certification is a measure of assurance by a designated Y2K authority (or their representative), that an item is operationally ready. Any company working toward Year 2000 compliance must ultimately be concerned with Year 2000 certification. To meet this challenge, a Y2K Certification Tracking Document (CTD), originally developed by the Air Force, is available for downloading. This document is intended for persons at all levels who are responsible for assuring that their program will be Year 2000 compliant, and meet Year 2000 certification requirements and deadlines of their company. It is expected that each company using this process would establish a Y2K Project Office, which should be headed by a person with significant rank and authority.

Y2K Compliance and Certification Guidelines

To increase the likelihood of achieving Y2K compliance, the Certification Tracking Document provides guidelines through all five phases of Y2K compliance to ensure no issue or concern is overlooked. It is essential this document be followed, as it describes the necessary steps each program must follow to receive Y2K Certification. This document should be completed contemporaneously with the Y2K compliance phases, then submitted to the appropriate manager. It is strongly recommended that you immediately refer to this document to understand the scope of the Y2K Certification Process.

Y2K Certification Process: Five Steps to Certification

To attain "Certification" for a system, the following activities must be accomplished:

1. The Y2K Project Office designates a certifier for that system. This should ideally be done during the awareness phase. See Certifier Qualifications for characteristics and experience of a "perfect" certifier.
   
   
2. Certifier downloads a copy of the Certification Tracking Document to use for that system and fills in identification information for that system.
   
   
3. Certifier keeps in close contact with the system manager/POC/programmer using the Certification Tracking Document as a tool to ensure all necessary actions are taking place and documentation is being prepared. Certifier fills out Certification Tracking Document as life-cycle progresses. This document and all supporting material and reports should be kept together as a Certification Package for each system.
   
   
4. When the system is determined to be Y2K compliant (end of validation phase) to the satisfaction of the system manager, certifier, and management chain, the certifier obtains required signatures on the Certification Tracking Document and sends the Certification Tracking Document to the appropriate person in the Y2K Project Office.
   
   
5. Program Team implements Y2K compliant system under guidance of Certifier. Certifier continues to use and fill out Certification Tracking Document. Certifier also continues to maintain all documentation for system.

In addition, please see the Year 2000 Remediation Process Flowchart which depicts the overall relationships between the different activities and data needed within a program's Year 2000 activity to achieve final certification.

Due Diligence After Y2K Certification

If a system is already Y2K certified and there is about to be a new release of the system fielded, the Y2K Project Office (PO) may wish to take additional steps to maintain due diligence after the initial Y2K Certification. A copy of the original Certification Tracking Document (CTD) has been tailored for documenting post-certification releases. This Post Certification - Certification Tracking Document (PC-CTD) should be completed for each new release as described below.

• Determine the appropriate level of regression testing that needs to be performed based on changes made. Tailor existing plans and procedures as necessary. All modified plans, procedures, and test results should be included as supporting documentation for the PC-CTD.
• Download the PC-CTD and fill in the appropriate "delta" information associated with the Renovation through Implementation phases for the system. (The Y2K Compliance Checklist is embedded in the Validation Phase section and should be filled in for the "delta" release.)
• Obtain signatures for the "delta" PC-CTD to the Program Manager level. This should include the Certifier and User signatures.
• Add the "delta" PC-CTD to the original Certification Tracking Document (CTD).
• Update the other Y2K documentation (program management plans, implementation plans, contingency plans, etc.) as necessary.

The Five Phases of Compliance

1. The Awareness Phase is relatively straightforward, as the Certification Package itself is evidence of awareness of the Year 2000 problem. However, this phase requires that one validate their system is in the database with correct information. It also requires that one develop a Project Management Plan (PMP), to ensure one adequately prepares for this task.
   

2. The Assessment Phase documentation should include a complete system inventory. This includes all hardware and software. It should also include all Commercial Off-the-Shelf (COTS), Government Off-the-Shelf (GOTS), developed software, and interfaces. Although each organization is only responsible for certifying their system, it is important to identify each system or piece of equipment the system interfaces with throughout the entire communications string. The assessment plan and documentation should identify the method of assessment, whether accomplished by inspection, automated tools, by testing each piece of equipment, or by relying on information provided by others. The documentation should also identify each piece of software which processes the date, and identify the source of the date, whether from external device, set by the user on power-up, or some other means. The format of the date should also be noted, whether it accepts two- or four-digit dates, and the consequences of entering an ambiguous date such as entering a one-, two- or three-digit date, when four is expected. When conducting an assessment it is important not to duplicate efforts, so a ranked list of COTS products to be evaluated should be made.

3. The Renovation Phase documentation should include the plans that were drafted as a result of the assessment. The Renovation document should include the strategy adopted to remedy the problem, whether by replacing (with a new system), renovating (repairing affected applications), or retiring (abandoning the software). Also included should be the timeline to implement these plans. When dependent upon another organization to replace or repair the software, it is important to identify the responsible organization, and the deadlines towards which they are working. It is also important to identify any other changes that organizations may make to their product that would alter some other aspect of the functionality or interface provided by their product which would diminish your system's capabilities.

4. The Validation Phase is the part of the Compliance which validates that all the renovations worked as expected. The validation phase document would include all test procedures and test results which demonstrate the systems' capabilities. The test procedures should include all Year 2000 relevant test dates as well as tests where multiple dates are used.

5. The Implementation Phase document contains the resulting plans for implementing the system, and integrating that system with the rest of the world.