Programmatic Contingency Plans should be developed for each "mission critical" system, or group of functionally related systems, by Information Technology (IT) system managers, developers, and maintainers in consultation with regular users. In general, Programmatic Contingency Plans apply only to IT systems, such as mission and decision support systems, database and communications systems, and logistics and financial systems. Each Programmatic Contingency Plan deals with problems related to and/or resulting from any inability to remediate a system's Y2K performance in a timely fashion. The Plan should delineate Triage Criteria and procedures for applying triage. Finally there should be statements regarding the objectives and the intended duration of the Plan.

Programmatic Contingency Plans General Details

Precontingency (Planning Phase)

Evaluate potential hazards

• Replacement or repairs not completed on time
• Significant and repeated schedule slippages
• System believed to be compliant encounters date problems
• Date problems are encountered earlier or later that expected
• Interface between two systems is non-compliant

Evaluate reliability of system's certification

• System "certified" by recognized independent entity
• System "certified" by its vendor
• Unknown

Develop Triage Plans

• Criteria for selecting survivors
• Levels of acceptable remediation
• Procedures for application
• Estimate costs to set up and implement

Identification of dates of action for Programmatic contingencies

• Timelines that trigger specific actions at different intervals
• Establish criteria for declaring contingency onset
• Identify dates that system could experience problems (Time Event Horizons)
• Procedures to recognize degradation of system functions and judge the results
• Procedures for declaring invocation of contingency actions
• Establish Drop Dead remediation/replacement and/or completion milestone dates

Evaluate potential failure modes of alternatives

• Able to process non-date sensitive information
• Produces results with incorrect but, acceptable errors
• Unreliable and/or unpredictable results
• Predictable complete failure

Establish support agreements as required

• Communications equipment (phone, radio)
• Standby "hot" or "cold" processing site

  CAUTION: Standby May Be Similarly Affected

• Possibility to "team" with another organization with similar function/capability

  CAUTION: Other Organization May Be Similarly Affected

• On-site technical support (vendor or contractor provided)
• Establish Y2K help desk (internal and contractor)

Identify ways to preserve and protect system data

• System backups before date problems occur

  CAUTION: Backup System May Be Similarly Affected

• Printouts of databases

Establish methods to detect and correct corrupt data

• Manual review of system output
• Manual review of communications (external interfaces) input

Designate roles, responsibility, and authority of managers, maintainers, and developers

• Note where different than normal operations
• Establish lists and procedures for emergency notification of all personnel

Identify emergency procedures to perform during contingency, set thresholds

• Establish procedures to complete remediation on extreme emergency basis
• Set date backward (such as 28 years)
• Change method of date calculation or representation
• Disable certain date-sensitive processes, functions, or sub-systems, if possible

Identify contingency recovery procedures for Programmatic contingencies

• Establish criteria for testing to return system to on-line implementation
• Procedures to test system functions and judge results

Establish and perform training program

Practice and test the Programmatic Contingency Plan

• Risk much higher without rehearsed Contingency Plan
• Result of this phase is a set consisting of:
  • Validated lists and procedures to execute Before Emergency Remediation/Validation/Implementation
  • Validated lists and procedures to execute During Emergency Remediation/Validation/Implementation
  • Validated lists and procedures to execute After Emergency Remediation/Validation/Implementation

During Contingency (Execution Phase)

• Monitor for contingency triggers; e.g., serious and repeated schedule slippages
• Check system remediation and implementation progress and judge results, using to determine next steps
• Notify appropriate authorities of nature and scope of problem
• Execute contingency plans, including application of triage principles, as required
• Modify and improve contingency plans as required; i.e., be clever and flexible
• Minimize damage to equipment
• Minimize damage to data

Postcontingency (Recovery Phase)

• Execute post-contingency plans as required
• Test system functions and review results
• Restore systems back on track for implementation as determined by testing
• Notify appropriate authorities of resolution of problem

Mission-oriented (operational) Contingency Plans are developed by actual using organizations in consultation with IT developers, operators, and maintainers, based upon mission critical functions as decided upon by the organization. Mission-oriented (operational) Contingency Plans should consider both IT and non-IT equipment (i.e., infrastructure items), such as mission and decision support systems, database and communications systems, logistics and financial systems, industrial process control, heating and cooling, fire and security systems, etc. Considerations should also include plans for mission critical infrastructure items, systems, and suppliers.

Planners should apply Operational Risk Management analyses to identify the hazards, impacts, probabilities, and mitigation procedures, for Mission-oriented contingencies.

Be aware that mission-oriented (operational) Contingency Plans deal with continuing and completing missions in "worse case" scenarios. Finally there should be statements regarding the objectives and the intended duration of the Plan.

Mission-Oriented Contingency Plans General Details

Precontingency (Planning Phase)

List types of failures, their effects, and their likelihood

1. Identification of the hazards to Life, Property, Environment, such as mission non-completion and/or failure, explosion, fire, chemical release, mechanical failure, etc.
2. Identify mission critical functions as determined by the organization
3. Identify systems supporting mission critical functions
4. Assess probability of system failure due to Y2K problem

Develop matrix per four steps above to assess the likely impacts of system failures

• Loss of life, property
• Mission failure

Assign operational priorities per agreed-to definitions

Identify critical resources that may be affected

• Power, fuel, communications, transportation, heating/cooling
• Stock pile resources as required

Set up Crisis Center

• Communications
• Personnel support (refrigerator, cots, etc.)
• Help desk

Consider alternatives

• Communications for telephones and data

Designate roles, responsibility, and authority of user organization

• Particularly identify where roles are different than normal operations
• Establish lists of critical skills among personnel
• Establish lists and procedures for emergency notification of personnel

Develop contingency identification procedures for mission-oriented contingencies

• Establish criteria for declaring contingency onset
• Procedures to recognize degradation of system functions/results
• Procedures for declaring contingency

Consider potential security breaches

• Password maintenance
• Physical access

Identification of dates for mission-oriented contingencies

• Timelines that trigger specific actions at different intervals
• Identify dates that system could experience problems

Establish and evaluate potential failure modes

• Loss of AC Power
• Loss of Environmental Controls
• Breaches of Security
• Interruptions of Internal Communications
• Interruptions of External Communications
• System Hang-up or Shutdown
• Degradation of Performance
• Irrational Data Presented to Users
• Produces results with incorrect but, acceptable errors
• Files Corrupted or "Lost
• Unreliable/unpredictable results

Establish support agreements as required

• Take into account contingency planning being done for systems that interface with your systems
• Communications equipment (phone, radio)
• Possibility to "team" with another organization with similar function/capability

  CAUTION: Other Organizations May Be Similarly Affected

• On-site support (additional personnel, vendor support, standby equipment)

  CAUTION: Standby May Be Similarly Affected

• Establish Y2K help desk (internal and contractor), as part of "Crisis Center"

Identify ways to preserve and protect system data

• Database printouts
• System backups before date problems occur

  CAUTION: Backup System May Be Similarly Affected

• Establish methods to detect and correct corrupt data

  - Manual review of system output

Identify general emergency alternative procedures to perform during contingency, set thresholds

• Change method of date calculation or representation
• Disable certain processes, functions, or sub-systems
• Use of "Office Automation" functions to perform mission

  - Word processors, spreadsheets, copy machines, fax machines, etc.

  CAUTION: COTS S/W May Be Similarly Affected

• Perform the operation of the failed system/infrastructure item manually
• Shift or call in personnel as needed to support the mission
• Shift communications channels to alternates as needed
• Transfer function/mission to different organization/system/contracting

  CAUTION: Other Organization May Be Similarly Affected

Identify contingency recovery procedures for Mission-oriented contingencies

• Establish criteria for returning to normal operations
• Procedures to restore/restart systems as required
• Procedures to check system functions/results
• Procedures to correct and restore corrupt/lost data

Establish and perform training program

• Practice/test Contingency Plan to reduce risks during actual execution
• Estimate costs to set up and implement plans
• Identify training needs to carry out plans

Result of this phase is a set consisting of:

• Validated lists and procedures to execute before Y2K-related failures
• Validated lists and procedures to execute during Y2K-related failures
• Validated lists and procedures to execute after Y2K-related failures

During Contingency (Execution Phase)

• Maintain manual logs, as required
• Monitor for specific risk contingency triggers (see Risk Management details, below)
• Check system functions and judge results, using to determine next steps (see Risk Management details, below)
• Notify appropriate authorities of nature and scope of problem
• Execute specific risk contingency plans as required
• Modify and improve contingency plans as required; i.e., be clever and flexible
• Minimize threat to life and property
• Minimize damage to equipment
• Minimize damage to data

Postcontingency (Recovery Phase)

• Execute post-contingency plans as required
• Restore and restart systems as required
• Check system functions and results
• Correct and restore corrupt and/or lost data
• Notify appropriate authorities of resolution of problem

Mission-Oriented Contingency Plan Risk Management Details

Loss of AC Power

• Specific steps to be supplied by users and operators in coordination.

Loss of Environmental Controls

• Specific steps to be supplied by users and operators in coordination.

Breaches of Security

• Specific steps to be supplied by users and operators in coordination.

Interruptions of Internal Communications

• Specific steps to be supplied by users and operators in coordination.

Interruptions of External Communications

• Specific steps to be supplied by users and operators in coordination.

System Hang-up or Shutdown

• Specific steps to be supplied by users and operators in coordination.

Degradation of Performance

• Specific steps to be supplied by users and operators in coordination.

Irrational Data Presented to Users

• Specific steps to be supplied by users and operators in coordination.

Produces Results with Incorrect but, Acceptable Errors

• Specific steps to be supplied by users and operators in coordination.

Files Corrupted or "Lost"

• Specific steps to be supplied by users and operators in coordination.

Unreliable/Unpredictable Results

• Specific steps to be supplied by users and operators in coordination.

More.......

• Further risk types and specific steps to be supplied by users and operators in coordination.

RECOMMENDATIONS

There are four recommendations, as detailed in the paragraphs below.

Distribution of Contingency Plan Guidance

This Contingency Plan Guidance Document should be included in each organization's Y2K Guidance or "Best Practices" Package.

Contingency Plan Development Recommendations

As stated earlier in the document, every organization should have a Contingency Plan. Also, every mission critical date cognizant system and process needs a Contingency Plan. Current plans can be updated and used if they meet the minimum requirements of this document, with the additional precaution of being vigilant against simultaneity of Y2K failures in backup and alternative systems.

Contingency Plan Emplacement Recommendations

The crucial importance of each Contingency Plan dictates that each receive a high-level date and signature, and official promulgation.

Contingency Plan Exercises, Where Feasible

It is very important to train operational personnel in the execution and test of the Plan; i.e., the "nuts and bolts" as much as possible. Otherwise, the likelihood of failures increases greatly in case of actual, but unprepared, execution of the Plan.