Vendors, suppliers and business partners (long article)

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

"Y2K Crackdown"

http://www.internetwk.com/lead/lead071699.htm

-- Linkmeister (link@librarian.edu), July 19, 1999

Answers

[Fair Use: For Educational/Research Purposes Only]

Friday, July 16, 1999

Y2K Crackdown

By TIM WILSON

It started with a polite letter. Then things got ugly. Now the relationship is over.

Such is the story being told by an increasing number of IT managers alarmed by the Year 2000 status of their most critical business partners. With less than six months to go before the millennium bug bites, some companies are no longer just threatening or cajoling suppliers and other partners to get their computer systems into compliance--they're cutting the cord.

Some 15 percent of companies have already suspended or terminated contracts with partners that aren't Y2K compliant, according to an InternetWeek Research survey of 250 IT managers. Another 23 percent of respondents plan to suspend relations with critical partners that don't meet compliance deadlines over the next six months.

"We started out contacting them by letter, asking for a report on their Y2K status," said David Babler, staff engineer responsible for Y2K at AG Communications Systems, a telecommunications equipment maker. "If they didn't respond, we sent a purchasing agent to their site to check things out. In a few cases, what we found out worried us enough that we went to other vendors."

Other IT managers are taking similar steps as they seek to guard against system breakdowns in their intricate chains of dependencies with suppliers, customers and other business associates.

BankBoston, for example, has received reports on Y2K status and contingency plans from more than 100 of its suppliers, and it's tracking their progress closely, said Steven McManus, communications manager. If a supplier falls behind schedule, BankBoston sometimes calls the company's senior executives on the carpet to discuss the problem. If the supplier falls too far behind, BankBoston warns, the partnership could be terminated.

"A few of them are on that kind of watch," McManus said. "But fortunately, we haven't had to terminate anybody yet. There's still a little time left."

Reasons for the concern are as numerous as the suppliers themselves. Some are too far behind to be certain of repairing all their Y2K problems in time; others are simply unresponsive to requests for status reports. IT managers interviewed declined to name the companies they have terminated over Y2K issues, but the types of suppliers range widely, from electronics suppliers to telecom service providers.

Most businesses, especially large companies in the United States, are hustling when it comes to Y2K. The U.S. businesses surveyed said they've completed 84 percent of their Y2K remediation and testing work. Just 4 percent of those companies reported they won't be finished with everything by Dec. 31.

Some companies are more concerned about weak links in their supply chains than internal work.

"There will be some downtime associated with problems at our supplier sites," said Dwight Gibbs, chief technologist at the Motley Fool, a Web-based financial services company. "It might be one router that fails and leaves us cut off from one supplier. It might be a lot more than that. We just don't know."

Some companies are finding out about the weak links the hard way, according to a survey published in May by Y2K services vendor Cap Gemini America. Of the businesses that have experienced Y2K failures during the last year--about 72 percent of all of those surveyed--more than a third said the problem broke their supply chains.

That percentage likely will rise over the last six months of 1999, because intercompany links are less frequently tested than internal applications and networks, said CAP Gemini vice president Noah Ross. Although in-depth testing and validation is standard procedure at most IT organizations, many don't have the time or resources to test every combination of transaction that may occur across hundreds of trading partners, Ross said.

And even if IT managers could ensure the compliance of all their suppliers, they can't necessarily guarantee the compliance of their suppliers' suppliers, observed AG Communications' Babler.

"For our critical partners, we've asked not only about their [Y2K compliance], but also about the companies that provide components to them," he said. "It's the ones down the chain that keep you awake nights."

Large companies generally enforce deadlines stringently across their supply chains, Ross said. If smaller vendors don't get in line, they're out.

But in many industries, such as manufacturing, large companies frequently rely on specialized vendors for customized parts that cannot be easily replaced by another supplier. AG Communications, for instance, relies on manufacturers of one-of-a-kind electronic components.

"If the chain breaks there, there's nowhere else to go," Babler said.

In such cases, companies are asking for more than a simple Y2K compliance letter or status report. Some are asking partners to obtain independent validation and verification of their Y2K compliance, usually through a testing service. Cap Gemini's Y2K "factories," which have spent the last few years remediating code, are now doing more validation and verification than code correction, Ross said.

In other cases, organizations are sending their own people to suppliers' sites to confirm Y2K compliance of key systems.

The city of Orlando, for example, sent a representative to Motorola to view a Y2K test of the mobile communications system the city uses. "Our fire emergency people and our police officers may rely on those phones," said John Matelski, director of Orlando's Y2K task force.

Some companies are so reliant on certain suppliers that they're willing to provide money or staff to help those suppliers make their deadlines. "We've offered to help a few of them in any way we can," Babler said, declining to provide specifics.

Just a few weeks ago, the city of Washington asked the federal government for $75 million to help bail out its Y2K remediation effort, which has fallen behind schedule.

Federal agencies already have spent billions to fix their own Y2K bugs, but unless the federal government bails out the nation's capital, some agencies could be without key services, city government officials warned.

Most project managers complain that the threat of Y2K litigation is slowing their progress. Every Y2K move an IT department makes--fixing code, issuing status reports, building contingency plans--must be carefully documented and reviewed by company attorneys to ensure that it doesn't carry potential liability.

For instance, many companies require an attorney's approval before their IT department can issue a Y2K status report to a supplier. Others are carefully logging their exact remediation steps to prove due diligence in the event of a lawsuit.

Milliman & Robertson Inc., an actuarial firm, estimates that insurers could fork over between $15 billion and $35 billion for claims and legal costs related to Y2K computer problems, ranking the expenditures second in size only to asbestos and pollution cleanup claims.

"We know some companies are going to sue everybody they can, wherever they can," Orlando's Matelski said. "As a result, there are many organizations that are afraid the Y2K information they share with others will be used against them."

Matelski, who is also chairman of the Central Florida Y2K Users Group, said corporate IT staffers at the group's meetings were reluctant even to discuss their problems until attendees signed nondisclosure agreements.

This is despite a law President Bill Clinton signed in October, called the Y2K Information Readiness Disclosure Act (IRDA). The law prevents anyone from suing a company based on a Y2K status disclosure. IT managers say corporate lawyers still are antsy about allowing them to share information.

"I haven't really seen any change since IRDA was passed," said AG Communications' Babler. "The small shops still respond well and give you the data you need. The big companies, with lots of lawyers, are the slowest."

IRDA also has had an unintentional delaying effect on Y2K supply chain remediation efforts: It demands a paper trail. "Under IRDA, it's really to your advantage to document everything, because the information that you've documented can't be used against you later," Matelski said. That documentation process often takes time away from other, more substantive Y2K activities, he said.

Most companies already have worked closely with their most critical suppliers to find and fix Y2K problems. In some industries, such as securities trading, broad tests have been completed to demonstrate the Y2K readiness of all major trading partners.

But for many companies, links with less critical partners remain untested. "In some cases, we are going to store extra parts, because we know we may not be able to get them for a few days," Babler said. "In other cases, we'll just do without. We can last a few days if we don't get any copy paper."

Most IT managers and industry analysts say the weakest link in the U.S. supply chain is the small company that hasn't had the time or resources to work on the Y2K problem. Small companies are the least likely to have taken steps to confirm the Y2K compliance of their business partners, according to the InternetWeek survey.

Many IT managers also are concerned about the Y2K readiness of suppliers outside the United States. Some developed countries in Europe and Asia are more than a year behind the United States in their remediation efforts, and less developed countries may be even further behind, according to a recent Gartner Group report.

"It's pretty safe to say that the banking system in Russia has not undergone thorough Y2K testing," said Motley Fool's Gibbs.

"You could probably say the same about most of the countries in South America or Africa. Will that affect [U.S. companies]? Ask the people who lost money when the Asian markets went into a freefall," he said.

Then there's the question of the physical connections among business partners. Though most communications service providers say they're ready for the millennium, old communications gear might need to be replaced in public and private networks.

"Cisco says certain models of its routers won't get [Y2K] updates," Gibbs said. "When I heard that, I went 'ka-ching' in my mind, because that means throwing out old routers and bringing in new models. We've already got a few old machines that we're going to end up trashing."

Electronic transactions among business partners also are susceptible to Y2K problems. Many EDI service providers and their customers are in a mad dash to complete the transition to the American National Standards Institute's X.12 Version 4010 standard, which describes a method for replacing two-digit dates with four-digit dates in all EDI documents.

"There are a lot of companies telling their suppliers that they won't pay them until [the supplier] can send the invoice in 4010 format," said David Darnell, principal at SysTrends Inc., an EDI and e- commerce consulting firm. "But making the transition isn't easy. A company that does EDI might have 10 different transactions that have to be repaired."

Networked hardware and applications are a concern, but most IT managers aren't worried about the public network services or Internet connections that link them with their partners.

"We've talked to our carriers, and we're convinced that they will be available," said Orlando's Matelski. "A power outage is a lot more likely than losing phone service."

If the millennium bug is most likely to hit supply chains, you'd think most Y2K managers would involve their suppliers in their contingency plans and dress rehearsals for the date rollover. But many companies still haven't extended their contingency planning and recovery processes to suppliers, which no doubt will be experiencing problems of their own during the year-end frenzy.

"Our biggest initiatives for the rest of the year involve event planning--the what-if scenarios," said BankBoston's McManus.

"So far, all we can really do is ensure that the lines of communications are open. A business unit may have to schedule a call to a critical supplier for a specific date and time, because those calls will be coming fast and furious in both directions," he said.

Matelski agreed. "We've had plans for power outages and system failures for years. Y2K doesn't present any new problems," he said. "What's different is that it will all happen at once. It's really going to test us--and all the people we interact with."

----------------------------------------------------------------------



-- Linkmeister (link@librarian.edu), July 19, 1999.


[polly mode on]

What a pack of lies. That stupid reporter got hoodwinked. Y2K HAS BEEN FIXED. Well, it never really needed to be fixed in the first place, but it's been fixed anyway. So, there is not now, never was, and never will be any reason to "terminate" a supplier because they're not Y2K compliant. Stupid reporter.

[polly mode off]

-- Lane Core Jr. (elcore@sgi.net), July 19, 1999.


Remember the U.S. Naval War College preduiction of "leper lists"? We are there now. Leper lists.

-- Mara Wayne (MaraWayne@aol.com), July 19, 1999.

Banks compiling year 2000 'leper list'

http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=0014fQ

-- Linkmeister (link@librarian.edu), July 19, 1999.


Moderation questions? read the FAQ