Y2K: Why firms should take the real-time test

Two weeks ago, a Los Angeles suburb experienced one of the first major Y2K incidents publicly reported. Four million gallons of raw sewage flooded into Van Nuys following a test of the city's Y2K contingency plans.

The problem wasn't directly Y2K-related. It was traced to bad code written in 1985, which caused a gate to close incorrectly and directed the sewage into the streets when a power outage scenario was tested.

After the clean-up, city officials responded that the incident underlines the importance of not only having contingency plans, but of testing those plans in real time.

As the deadline draws near and companies realise that they can't do everything, the importance of business continuity plans increases.

Unfortunately, the testing of these plans is way down the priority list. According to Martyn Emery, director of Y2K consultancy, Corporation 2000, people aren't taking contingency planning seriously enough. "This incident should give people a jolt," he said. "We've become too complacent over the last couple of months. We must look at systems testing because we haven't put enough effort into discovering how the technology hangs together. These tests need to be carried out in real-time," he said.

Ian Hugo, assistant director at Taskforce 2000, agreed, stating that system-wide testing needs to occur at several levels.

First, companies need to test remediation on 20th century dates, then on 21th century dates, and finally on various contingencies. "Companies are saying that they simply don't have the time or resources to do all of the testing that best practice dictates," he claimed.

The Los Angeles incident begs the question of how seriously all levels of Y2K testing are being taken. An Ofwat spokeswoman said: "Where it's practical for companies to have done so, they have carried out real-time testing."

All of the UK's water companies have been awarded a "blue status" from Action 2000 - defined as an assessment finding no risk of material disruption - but that does not necessarily mean that those companies have conducted real-time tests of their contingency plans - as an independent audit of water companies confirmed.

In fact, there is no single definition of a "blue". According to an Action 2000 spokeswoman, each assessment body awards the "blue" status based on its own criteria.

Duncan Thomas, director of public confidence at Action 2000, puts it this way: "As Don Cruickshank has said, blue is not enough. It's a continuous process. Blue means we haven't found anything to give us cause for concern. Blue should give you confidence."

Y2K consultant Richard Coppel, chairman of Rooftop Communications, argues that this testing is the only way to know if your system is secure. "You must take the whole infrastructure and roll it over into the 21st century. It is that process that shows up the problems," he said.

"This is the first genuine proof that a major Y2K disaster is possible," Coppel added, noting that it could well have been a chemical plant spilling acid into the city's streets. "This problem is beyond our ability to get 100 per cent right."

That's a sobering thought in light of the recent UN conference on Y2K issues. The Russians announced that they plan to complete all testing of nuclear infrastructure between now and September. The speeded-up timeline can be risky, said Emery. "There's an increased risk of things going wrong over the next couple of months," he noted. And with time running out, it's a procedure being repeated the world over.

The bottom line is this: the officials at the Los Angeles Bureau of Sanitation spent years on a comprehensive Y2K programme and made it so far that they were actually real-time testing their contingency plans. A major - albeit hardly catastrophic - problem still occurred.

Emery concluded: "There might have been hundreds of date-forwarding tests going on at the same time, and a lot of those tests don't fail, or fail and are covered up. This was a very public failure. But there hasn't been enough systems testing, so we really are just paying lip service to contingency planning."