Y2K Site Map | Terms of Use | Problem | Steps | Certification | Briefings | Compliance | Solutions | BIOS | Test & Evaluation | Cost

The following Y2K material has been kept available by MITRE for historical purposes only and has not been updated unless noted.

Guidelines for a Consequence Management Plan

One of the unique aspects of the Year 2000 Problem is that we know when the risks to our organizations are going to be greatest. Consequence Management is the discipline of dealing the best hand to our organizations based on this added knowledge.

INTRODUCTION

Although everyone is working diligently to ensure that a high percentage of Year 2000 (Y2K) and related problems will be resolved before they might have any impact, we must anticipate that some things will be overlooked, ignored, or not completed on time. We must also realize that there are things beyond our control that could affect us in the Year 2000. An important way to prepare for this is through the development and application of well-defined and executable Contingency Plans and continuity of operations plans. With only a short time left before the turn of the century, the development of these plans must be a top priority, with proper testing and training to follow.

Additionally, you may want to establish a Y2K Command Center, as many companies are doing, to deal with unexpected Y2K issues and possible disruptions. For more information on Y2K Command Centers, please see Y2K Command Centers from DavisLogic, and Building a Y2K Command Center by Gregory J. Blatnik. In addition to a 12-page report on Command Centers, the DavisLogic site has links to additional sources of information.

Many organizations already have Contingency Plans or Continuity of Operations Plans for dealing with natural disasters and other types of unforeseen emergencies. However, the difference for Year 2000 related problems is that the potential widespread and simultaneous nature of failures is such that traditional backup or alternative strategies may falter AND we know when it is going to occur.

This prior knowledge of the arrival times for potential problems allows us to minimize and manage risks as well as providing time to preposition resources in a way that gives us a better chance of quickly recovering. These additional activities are referred to as Consequence Management since we are attempting to minimize the impacts by managing the consequences of any Year 2000 problems that do occur.

The objective of the following guidance is to establish a minimum set of requirements that can be used by others for consideration when developing the Consequence Management Plans. The MITRE/ESC Year 2000 Website already hosts guidelines for helping ensure that your Contingency Plans address the unique challenges of the Year 2000 problem so this will not be discussed further in this material. Likewise, it is understood that there are higher level Continuity of Operations Plans (COOPs), aimed at permitting an organization to carry out its basic functions in spite of any evolving Y2K problems among its systems and means of communication.

BACKGROUND ASSUMPTIONS

There will not be enough time and/or money to fix everything. As triage principles are applied, some low priority systems will not be fixed at all. Similarly, some medium priority systems may not be thoroughly tested. Finally, some mission-critical systems may still have errors, even after thorough testing, just due to complexities and oversights.

Also, some solutions may not be available or work in time; either because they were overlooked, too complex, too costly, or they were implemented incorrectly. Further, it is impossible to ensure that all the other organizations interfaced with externally with have fixed their systems. Consequently, an organization's systems may be "infected" by bad data from other organizations, and their systems or critical capabilities may not be provided which include all of the infrastructure issues and problems that could occur.

CONTINGENCIES, CONSEQUENCES, AND REQUIRED PLANNING

This guidance will address the development of Consequence Management Plans.

A Consequence Management Plan is intended to aid with containment and mitigation of consequences of problems as they may occur, and is focused on risk management.

Plan Objectives

The Consequence Management plan should describe an organization's preemptive actions and planned responses to an unexpected year 2000 problem. This plan will better prepare the organization to react if a Year 2000-related problem does occur. It will pay specific attention to preventing loss of life or property and appropriate actions to initiate if loss of life or property were to occur due to a year 2000 failure. Additionally, this Plan describes reporting requirements for a Y2K-related failure.

The Consequence Management Plan must be closely coordinated with the Contingency Planning efforts. Relevant contingency information should be exchanged with system managers of those systems that interface with each system and also with all system users.

Plan Considerations

The scope of the plan must be clearly stated, including expected duration of the execution of the Plan. Priorities must be carefully defined, established, and agreed to by all parties concerned. Cost estimates to set up and implement the plan should be considered for possible trade-offs. The responsibilities for developing and maintaining each Plan must be established, as well as time period between major reviews. Continued Plan maintenance will be tracked through each organization's implementation process. Finally, because of its importance, the Plan should be dated, signed and promulgated at a high level within the organization.

The next sections provide details for the preparation of the Consequence Management Plan, with the last section being Recommendations.

CONSEQUENCE MANAGEMENT PLAN

Consider and Coordinate Consequence Management Opportunities and/or Needs

• Identify organization's most critical missions and functions, and rank.
• Understand impacts of loss of each mission and function.
• Consider effective uses of command center, response team(s), and help desk.
• Consider resources to ensure success of command center, response team(s), and help desk themselves, such as heat, power, water, accommodations, and the like.

Consider and Coordinate Scenarios for Consequence Management Opportunities and/or Needs

• Establish scenarios; rank by likelihood.
• Determine impacts of the scenarios.
• Understand how to recognize degradation of system functions and infrastructure.
• Remember, there is the possibility of multiple simultaneous events.
• Consider impact of scenario(s) on command center, response team(s), and help desk themselves.

Consider and Coordinate Identification Procedures for Consequence Management Opportunities and/or Needs

• Develop thresholds for recognizing degradation of system functions and infrastructure.
• Develop thresholds for declaring need to activate command center, response team(s), and help desk.
• Develop procedures for activating command center and response team(s).
• Identify key performance indicators and their presentation.
• Develop means of measuring success of command center, response team(s), and help desk.

COMPONENTS OF CONSEQUENCE MANAGEMENT PLAN

Risk Avoidance Measures

• Specific plans to preposition supplies and people.
• Specific plans to shutdown equipment in advance.

Command Center(s)

• Specific plans to staff and operate; define roles and responsibilities.
• Keeps track of key performance indicators; executes "wellness checks."
• Provides early warnings for safety, property and readiness concerns.
• Tracks results of consequence management actions.
• Re-plans, re-deploys as necessary.
• Can include "Problem Clearing House" and "Coordination and Information Center" functions.

Response Team(s) ("Day Zero"…"Day 1"…etc.

• Specific plans to staff, deploy, direct, and conduct remedial actions; define roles and responsibilities.
• Ensures availability of resources, including people, equipment, tools, and documentation.
• Practices and strives to improve response times.
• Monitors key operational and service performance measures; monitor exceptions.
• Reports to Command Center(s).

Help Desk (Problem Clearing House)

• Specific plans to staff and operate; define roles and responsibilities.
• Could be part of Command Center coordination and information dissemination activities.
• Matches up problems with resources to resolve or contain.
• Understands systemic and local problems.
• Looks for common themes and emerging problems.
• Facilitates redirection of plans and teams.

Rumor Control (Coordination and Information Center)

• Specific plans to staff and operate; define roles and responsibilities.
• Could be part of Command Center coordination and information dissemination activities.
• Builds on existing structures and processes.
• Links to external parties at appropriate level.
• Set this up early and test often.

Scenarios

Loss of AC Power

• Specific steps to be supplied by users and operators in coordination.

Loss of Environmental Controls

• Specific steps to be supplied by users and operators in coordination.

Breaches of Security

• Specific steps to be supplied by users and operators in coordination.

Interruptions of Internal Communications

• Specific steps to be supplied by users and operators in coordination.

Interruptions of External Communications

• Specific steps to be supplied by users and operators in coordination.

System Hang-up or Shutdown

• Specific steps to be supplied by users and operators in coordination.

Degradation of Performance

• Specific steps to be supplied by users and operators in coordination.

Irrational Data Presented to Users

• Specific steps to be supplied by users and operators in coordination.

Produces Results with Incorrect but Acceptable Errors

• Specific steps to be supplied by users and operators in coordination.

Files Corrupted or "Lost"

• Specific steps to be supplied by users and operators in coordination.

Unreliable/Unpredictable Results

• Specific steps to be supplied by users and operators in coordination.

More.......

• Further risk types and specific steps to be supplied by users and operators in coordination. Result of this activity is a set consisting of:
  • Validated lists and scenarios to anticipate Y2K-related failures
  • Validated lists and procedures to execute during Y2K-related failures
  • Validated lists and procedures to wind down after Y2K-related failures

RECOMMENDATIONS

These recommendations are related to the implementation of your plan, as detailed in the paragraphs below.

Distribution of Plan Guidance

• The Consequence Management Plan should be included in each organization’s Y2K Guidance or "Best Practices" Package.

Plan Development Recommendations

• As stated earlier in the document, every organization should have a Consequence Management Plan.

Plan Emplacement Recommendations

• The crucial importance of the Consequence Management Plan and the resources it could require dictate that it receive a high-level date and signature, and official promulgation.

Conduct Exercises, Wherever Feasible

• It is very important to train operational personnel in the execution of the Plan, i.e., the "nuts and bolts" as much as possible. Otherwise, the likelihood of failures increases greatly in case of actual, but unprepared, execution of the Plan.