GOVERNMENT RECORDS NEWS

News from the State and Local Government Record Commissions
Vol. 1 No. 4
March, 1997

Year 2000 Compliance: Avoiding a Millennial Disaster

At the stroke of midnight on January 1, 2000, amid joyous celebrations of the new millennium, a lurking flaw will devastate the computerized records of many government agencies and businesses. Because their original programming stored date information in a six-digit, month-date-year (mm/dd/yy) format to conserve disk space and memory, most computers will have no inkling when the new millennium arrives. To them, a "00" year figure will mean 1900, not 2000. They will revert to that date or 1980, and will either begin producing faulty data or shut down completely. "A non-compliant bank computer calculating interest [for the years 1995-2000] might instead calculate the interest for . . . 1900 through 1995" (Jinnett). [Italicized parenthetical citations refer to sources listed in the bibliography.] Children born in 1996 may appear in local data banks as 96 years old (New York). A state agency's back-up tapes, stored in 1998 with a five-year retention period, might be destroyed on January 1, 2000, because the system's tape management software decides they were created in 1898. Mortgages, licenses, retirement records, billing cycles--any transaction based on time--will be at risk. The potential crippling effects on government cannot be overestimated.

Unless your system's hardware and software are already Year 2000 compliant, there is but one solution to the problem. Every line of source code data that contains a six-digit date must be identified and reprogrammed with an eight-digit, century-inclusive date code (cc/yy/mm/dd). The time and cost required are staggering. Last year, estimates began "at $1.10 per line of code . . . and by 1998 will average $2.45 per line of code" (Texas). In February 1997, the Office of Management and Budget (OMB) issued a preliminary estimate of $2.3 billion to make all federal computer systems fully compliant, a figure some analysts consider far too low (Violino). The cost of a worldwide "fix" may total $600 billion. Much of this expense will be borne by private business: one research group "estimates that Fortune 500 companies will spend between $10 million and $40 million each" (NIST). While the bill for many state and local governments will be less astronomical, agencies with a large volume of computerized records may face enormous costs in solving their compliance problem.

Unfortunately, the costs of not solving it are worse; nor can agencies afford to dawdle. As the National Institute of Standards and Technology (NIST) warned in March, 1996: "[A]pproximately 600 work days remain until the end of the year 1998," when all date conversion work should be finished to allow "a sufficient shakedown period for testing changes" prior to the millennium. The State of Texas has concluded that "the best service providers and project managers will be fully under contract by the start of 1997." Both these estimates were made last year. Some analysts now think that an agency that has not yet started a Year 2000 project may be too late to finish one. Finished or not, the deadline is immutable.

Alabama and the Year 2000

Here in Alabama, the Department of Finance's Division of Data Systems Management (DSMD) is already working on the Year 2000 problem. A plan to convert the state's computers is in place; and a vendor is assessing the project's likely priorities and scope. In subsequent phases, results of the assessment will be analyzed, date codes will be altered to a compliant format, and the converted system will be tested before final implementation in July, 1999. The project will require review of 47,000 data programs and an estimated expenditure of $84 million. At the appropriate time, local agencies with links to state computer systems will be notified of actions they should take to ensure their own computers are compliant. Year 2000 compliance among all linked systems will be vital; for if a compliant computer receives data from a non-compliant one, the records it stores can be affected. In that sense, the "Millennium Bug" is similar to a computer virus.

Neither in Alabama nor in other states surveyed (Alaska, California, Florida, Idaho, Indiana, Minnesota, Nebraska, New York, Oregon, Pennsylvania, Texas, Utah, Virginia, and Washington have all started projects) do there seem to be specific plans for helping local governments. DSMD strongly recommends that local agencies linked to state computer systems initiate an "upstream-downstream" dialog with their state counterparts rather than waiting to be contacted. Local agencies without links to state government should mobilize their statewide local officials' organizations and urge common action on the Year 2000 problem.

Planning Your Year 2000 Project

How can an agency find out whether its computers are compliant? For personal computers not linked to a mainframe, DSMD suggests this simple test: Reset your computer's clock to "11:45 p.m., December 31, 1999." Turn it off for half an hour. If the clock's year date reads "2000" when you turn it on again, you have dodged the Year 2000 bullet. If it reads "1900," "1980," or some other date, you are in the line of fire and should immediately start planning a date conversion project. (Be sure to run a back-up before testing, and remember to reset the clock to the correct date!)

How should a Year 2000 project be conducted? The process is fairly easy to describe, but it is costly at all levels and filled with hidden snares. The steps proposed here are adapted from sources cited in the bibliography and suggestions from DSMD.

1. Organize the project from the "top down." Year 2000 compliance is first a management problem, not a technical one. As with any major project, support from top administrators will be critical to its success. It is not easy to tell management that an agency must expend huge sums merely to maintain existing functions, but the millennial predator cannot be thwarted by an "ostrich approach" (Pegalis). Agency systems managers must prepare themselves to be convincing.

2. Assess the extent of your compliance problem and establish priorities. The assessment must include every aspect of the agency's computer system: networks, hardware, software, and associated applications. Not all non-compliance problems will be obvious. Building security systems, locks on jail cells, and key-coded parking areas are also automated processes and should be included in the project. Any other systems linked to the agency's must also be compliant. Establishing priorities will require ranking the importance of each agency function and determining how severely the Year 2000 problem will affect it. Is the application likely to terminate, produce frequent incorrect results, or merely show occasional inaccuracies? (Texas) The answer probably depends on how many date codes it contains.

3. Select a method of converting dates. Deciding how to solve your Year 2000 problem will depend on its severity. Obviously, an agency with 10,000 lines of faulty code can fix them more easily and cheaply than one with 10,000,000 lines. Possible solutions include correcting date codes manually, modifying existing hardware and software, installing a new date-conversion software package, and migrating to an entirely new computer system. In considering the last option, an agency should look beyond the Year 2000 issue and evaluate its present system's utility in meeting long-term needs.

4. Estimate cost, time, and personnel requirements. These factors will also vary with the extent of your problem. Recent estimates project an average cost of $1.10 per line for identifying and modifying date codes. A NIST bulletin (March, 1996) calculates that one staff person, working full-time, can analyze and correct between 100,000 and 167,000 lines of code per year. NIST recommends that agencies should "assemble a team of programmers, application experts, database designers, and project management," then estimate costs and personnel requirements based on "the automated tools selected" for the job. (Will it be cheaper to hire more programmers or to buy more software?) Remember, also, that the price of Year 2000 goods and services will only increase as the millennium draws nearer.

5. Investigate the legal ramifications of Year 2000 compliance. If the service contract on your agency's software extends beyond the Year 2000, the original vendor may be obligated to make it compliant as part of its fixed fee for curing "bugs," "viruses," and other defects. That possibility is worth a look from legal staff, but be prepared for counter-arguments about "assumed risk" and "force majeure." If its vendor balks, an agency "should proceed to correct the Year 2000 problem at its own expense while expressly preserving its right . . . to seek reimbursement" at a later date (Jinnett). Don't find yourself tied up in court when the millennium arrives!

6. Investigate "compliance vendors" and writing a Year 2000 service contract. Although a Year 2000 project can be planned and started by an agency, it may eventually require advice, labor, or software from a vendor. "[O]ver 40 vendors currently market in excess of 100 software tools to correct the Year 2000 problem" (Jinnett). Yet, while many of these vendors claim expertise, "few have extensive experience because of the severe lack of public awareness." Frequent personnel turnovers also limit vendors' ability "to complete projects on time and on budget." Although "the Information Technology Association of America has begun a certification process which attempts to ensure minimum standards of vendor competence," an agency should nevertheless demand "strict guarantees" from its compliance vendor (Pegalis). For a system to be "Year 2000 Certified, all computing resources must have been tested by the organization and/or certified by the supplier/vendor" (Texas). Examples of compliant language, certification statements, sample service contracts, and information on individual vendors may be found in sources listed in the bibliography.

7. Begin demanding Year 2000 compliance from your vendors now. From the time you read this article, insist that any systems, products, or services you purchase be century-compliant. If a vendor will not guarantee compliance, or has never heard of Year 2000, find another one. Any other policy will only add to the existing problem.

8. Test the modifications during and after system conversion. The last step in the Year 2000 date conversion process is an important one, for only through testing can an agency be sure its compliance problem has been solved. NIST advises allowing "40-50 percent of the overall project resources for testing, even more if the database is modified." It is also essential to allow sufficient time. One criticism of the new federal plan is that, while code will be "rewritten by December 1998 [the date most experts recommend for finishing a project] . . . full implementation still is not required until November, 1999, slightly more than a month away from New Year's Day 2000" (Violino). Considering all that can go wrong with a Year 2000 project, it seems wise to allow a longer period of grace before the millennial bell tolls.

Where to Turn for Help

Although publications on the Year 2000 problem are rapidly increasing, the best source of up-to-date material is probably the Internet. The General Services Administration (GSA) web site (http:// www.itpolicy.gsa.gov) contains a wealth of information, including the state reports cited below. Profiles of vendors, products, and services, as well as publications and news on upcoming conferences, may be found in the Year 2000 Information Center (http://www.year2000.com). A new Year 2000 video is available from the National Association of State Information Resource Executives (NASIRE) by calling (606)231-1963 or contacting NASIRE through its web site (http://www.nasire.org). Sources quoted or especially helpful in this article include:

Exchange (Winter, 1997). This issue of the NASIRE newsletter discusses a Year 2000 Symposium held in Chicago in December, 1996. Proceedings of the conference may be accessed through NASIRE's web site.

Humphrey, Mike. "Year 2000 --Ticking Time Bomb or Minor Inconvenience?" The Alabama Municipal Journal (September, 1996), p. 12.

Jager, Peter de. "You've Got to be Kidding!" Mr. de Jager's lively articles on the millennial threat may be accessed through the Year 2000 Information Center, which he manages.

Jinnett, Jeff. "Legal Issues Concerning the ‘Millennium Bug.'" Accessed through the Year 2000 Information Center.

National Institute of Standards and Technology. "Millennium Rollover: The Year 2000 Problem." CSL Bulletin (March, 1996) http://www.itl.nist.gov/div897/yr2000.htm.

New York State Governor's Task Force Office. "New York State Government Year 2000 Coordination and Resources" (January, 1997). http://www.irm.state.ny.us./yr2000/yr2000.htm.

Pegalis, Andrew M. "For Risk Managers, the Year 2000 is Now." Reprinted from Business Insurance (December 23-30, 1996) and accessed through the Year 2000 Information Center.

Texas Department of Information Resources. "Standards Review and Recommendation Publication SRRPUB 09: The Year 2000" (ca. March, 1996). http://www.state.tx.us/ftp/pub/srrpub9.txt. See especially for vendor service contracts including "century-compliant" language and requirements for Year 2000 certification.

Violino, Bob. "Year 2000: Getting Down to the Wire." Information Week (February 10, 1997), pp. 14-15. This article focuses on the federal government's action plan for Year 2000 compliance.

SALA to Hold Spring Meeting on Local Archives Programs

On Friday, March 21, the Society of Alabama Archivists (SALA) will meet to discuss "Establishing and Maintaining a Local Archives." The meeting will be held at the Morgan County Archives, 624 Bank Street, Decatur. Presiding will be Susan Bzdell, Morgan County Archivist, and Bobby Day, Morgan County Probate Judge. ADAH staff members and other local records archivists will also participate. Topics to be covered include: generating community support and financial backing for a local Archives program, developing a budget, acquiring a building, determining collection policies, addressing conservation needs, and using volunteers. Archivists, genealogists, historians, and local government officials are invited. For registration information, call Mark Palmer at (334)242-4363, ext. 257 or e-mail.

Alabama AIIM Chapter to Hold Seminar on Electronic Evidence

A meeting of the Alabama Chapter of the Association for Information and Image Management (AIIM) will be held in Montgomery on May 20,1997. Mr. John Jessen, who has been called "the nation's foremost authority on sniffing out secret or deleted computer files," will speak on the topic "The Impact of Electronic Evidence Discovery." For information on the seminar's registration costs and location, call Sandra Behel at (334)242-4452, ext. 232 or e-mail.

National Records and Information Management Week

Between March 30 and April 5, 1997, ARMA International (the Association of Records Managers & Administrators) will sponsor the third annual National Records and Information Management Week. This event is designed to focus public attention on the importance of good records and information management through seminars, tours, and exhibits conducted nationwide by local ARMA chapters. Businesses, organizations, and government agencies are invited to participate, whether or not they have employees who are ARMA members. For a free promotional kit, contact ARMA at 1-800-422-2762 or through its web site.

Records Disposition Authorities and Schedules Approved by the State and Local Government Records Commissions

At its meeting on January 23, 1997, the State Records Commission approved Records Disposition Authorities (RDAs) for the OFFICE OF THE TREASURER; OFFICE OF THE STATE AUDITOR; DEPARTMENT OF ECONOMIC AND COMMUNITY AFFAIRS; OFFICE OF VOTER REGISTRATION; CRIME VICTIMS' COMPENSATION COMMISSION; and DIVISION OF MOTOR VEHICLES, DEPARTMENT OF REVENUE. New or revised records schedules were approved for the:

COUNTY HEALTH DEPARTMENTS: Clinic Sign-In Sheets (1 schedule).

PUBLIC SERVICE COMMISSION: Motor Carrier Certificate and Permit Files (1 schedule).

The Commission also voted to include language in state agency RDAs specifying that the phrase "retain until completion of one audit and the release of the audit report" refers to an external audit by the Examiners of Public Accounts. Neither an internal audit by the agency nor an independent audit will satisfy this requirement for agencies whose records are subject to audit by the Examiners.

At its meeting on January 23, 1997, the Local Government Records Commission approved the following new schedules:

MUNICIPALITIES: Long-Distance Telephone Logs, Tax Refunds and Overpayments, Water Treatment Operational Reports, and Bacteriological Monitoring Reports (4 schedules).

The Commission also approved a proposal to allow local Emergency Management Agencies (EMAs) to use law enforcement schedules LG-3-3-1 (Dispatch Cards) and LG-3-3-2 (Radio/ Telephone Audio Tapes) for the disposition of their E-911 logs and tapes. EMAs may submit destruction notices for such records, if eligible to be destroyed, under the two schedules.

For copies of these Records Disposition Authorities or schedules, call the ADAH Government Records Division at (334) 242-4452.

The next meeting of the State and Local Government Records Commissions will be held on Thursday, April 24, 1997, in the Milo B. Howard Auditorium of the Alabama Department of Archives and History, 624 Washington Avenue, Montgomery. Starting times are 10:00 a.m. (state) and 1:30 p.m. (local).

ADAH Conducts Microfilming Survey

Since suspending its laboratory certification program several months ago, the ADAH Government Records Division has offered direct assistance to state and local agencies in micrographics. This assistance includes both on-site visits and publications, such as a forthcoming technical leaflet on microfilming service contracts. To help determine additional priorities for publications, training programs, and other guidance in this area, the division would like to survey your agency's current microfilming practices. A survey form is found on page 7 of this newsletter. Please complete the information requested from your agency and return the form to ADAH as soon as possible. Your participation will help to identify specific micrographic concerns we should address and guide the development of our assistance program. Results of the survey will be published in a later issue of "Government Records News."


"Government Records News" is published by the Government Records Division of the Alabama Department of Archives and History, Box 300100, Montgomery, Alabama 36130-0100. The newsletter, and other publications, are also available on-line through the ADAH web site.

Return to the ADAH Online Publications Page
Return to ADAH Homepage

www.archives.state.al.us/ol_pubs/govrec14.html
Revised: 3/25/97