Checklist on key issues related to the Y2K problem


Note :

  1. The questions are worked out to facilitate members' consideration of the subject matter and are by no means exhaustive. Individual Panels are at liberty to raise further questions.

  2. Individual Government Bureau will also oversee the Y2K-compliance exercise within other Non-Government Organizations (NGOs) under its policy portfolio.

  3. Whilst two sets of questions are drawn up for the Administration and NGOs separately, the majority of which are interchangeable as appropriate.

Questions put to the Administration

1. Extent of the Y2K problem

  1. What are the policy areas and related NGOs overseen by your Bureau? Which are the mission-critical computer and embedded systems?

  2. Has your Bureau conducted a Y2K awareness campaign?

  3. Has your Bureau defined and documented the potential impact of the Y2K problem?

  4. What are the potential risks of the Y2K computer failures to our daily lives/transactions?

2. Resources to tackle the problem

  1. What are the resources (in terms of funds and manpower) in your Bureau/departments devoted to the Y2K problem? What is the involvement of top management?

  2. Are you using internal or external resources?

  3. Are "business" as well as "information technology" staff involved in the project?

  4. Who is in charge of the project, a professional or a generalist?

  5. Can he communicate efficiently and effectively with parties concerned, both within and outside the Government? Does he have the necessary technical capability and authority to do so?

  6. How have you organized your Y2K work? (e.g. setting up a steering committee to oversee the progress of the exercise and to take follow-up actions as appropriate). Have you documented the related work plans and decisions?

3. Progress of Y2K rectification exercise

  1. When did the Bureau/department start to take up the Y2K-compliance exercise? What is the target timetable/schedule for completion of the project? Do you have a priority programme for different mission-critical computer and embedded systems? If so, please provide details? If not, why not?

  2. What percentage of the work of repairing or replacing mission-critical computer and embedded systems have you completed? Please provide details.

  3. Have you developed a Y2K supplier/customer chain management strategy?

    • Do other business partners/suppliers of your Bureau have Y2K-compliant plans in place? Will you interact with them or other clients through Internet or other remote systems?

    • Please provide information on interface and data exchange issues.

    • How are you going to test the reliability of the various mission-critical computer and embedded systems under your policy portfolio in an integrated manner to ensure that they are all Y2K-compliant?

    • What is your Bureau's involvement in the Y2K rectification exercise undertaken by related NGOs?

    • How can you ensure that NGOs will achieve Y2K-compliance within your schedule? How are you going to follow-up on the progress and slippage of the Y2K project as reported by NGOs?

4. Contingency plan

  1. Have you designed, tested, and put in place plans for internal and external contingencies?

    • What are the objectives of the contingency plans?

    • What are the criteria for invoking the contingency plans?

    • What are the expected duration of the contingency plans?

    • What are the procedures for invoking contingency mode?

    • What are the resource plan for operating in contingency mode?

    • How are you going to test the effectiveness of the contingency plans?

    • Will you involve different NGOs in the exercise, both at the testing and implementation stages? If not, why not?

    • What are the details of the related publicity programme?

Questions put to NGOs

1. Extent of the Y2K problem

  1. Which are the mission-critical computer and embedded systems?

  2. Has your organization conducted a Y2K awareness campaign?

  3. Has your organization defined and documented the potential impact of the Y2K problem?

  4. What are the potential risks of the Y2K computer failures to our daily lives/transactions?

2. Resources to tackle the problem

  1. What are the resources (in terms of funds and manpower) in your organization devoted to the Y2K problem? What is the involvement of top management

  2. Are you using internal or external resources?

  3. Are "business" as well as "information technology" staff involved in the project?

  4. Who is in charge of the project, a professional or a generalist?

  5. Can he communicate efficiently and effectively with parties concerned, both within and outside the organization? Does he have the necessary technical capability and authority to do so?

  6. How have you organized your Y2K work? (e.g. setting up of a steering committee to oversee the progress of the exercise and to take follow-up actions as appropriate). Have you documented the related work plans and decisions?

3. Progress of Y2K rectification exercise

  1. When did your organization start to take up the Y2K-compliance exercise? What is the target timetable/schedule for completion of the project? Do you have a priority programme for different mission-critical computer and embedded systems? If so, please provide details? If not, why not?

  2. What percentage of the work of repairing or replacing mission-critical computer and embedded systems have you completed? Please provide details.

  3. Has your organization developed a Y2K supplier/customer chain management strategy?

    • Do other business partners/suppliers of your organization have Y2K-compliant plans in place? Will you interact with your customers through Internet or other remote systems?

    • Please provide information on interface and data exchange issues.

  4. Does your organization have comprehensive testing strategies for both internal and external systems?

    • What are your plans for testing?

    • Do you have a documented plan?

4. Contingency plan

  1. Have you designed, tested, and put in place plans for internal and external contingencies?

    • What are the objectives of the contingency plans?

    • What are the criteria for invoking the contingency plans and who are responsible for activating and overseeing the contingency plans?

    • What are the expected duration of the contingency plans?

    • How are you going to test the effectiveness of the contingency plans?

    • How is your organization accountable to the respective Government Bureau for formulation and implementation of the contingency plans?

    • Will your organization launch a publicity programme to keep the public informed of the latest development of the Y2K-compliance exercise within your organization and the related contingency plan?

Legislative Council Secretariat
7 April 1999