Year 2000 Issues and Requirements

The OCIO-USDA is coordinating and overseeing the progress and accomplishment of Year 2000
readiness for all USDA agencies.  This effort involves concerns regarding agency readiness for
Year 2000, the continuity of business, development of actions to mitigate those risks and
contingency plans to continue business if failure occurs.

The potential impact of the Year 2000 issue extends beyond USDA's internal information
systems.  USDA and its agencies depends on data provided by its business partners including
other Federal agencies, State agencies, third parties, vendors  and other private industry entities
who deliver services, telecommunications, software or delivery of program benefits.

There is, therefore, a very large effort to ensure the continuity of USDA core business processes
to avoid a crisis that could result if systems are unable to recognize Year 2000 dates.  This same
concern extends to those business partners involved in the delivery of services provided by
USDA programs.  As a result of this concern, USDA has requested that agencies prepared a Year
2000 Business Continuity (Contingency) Plan (BCP) to address business continuity issues.

"The BCP identifies risks and threats, establishes mitigation strategies for the identified risks and
threats; and provides contingencies in the event risk mitigation efforts fail."1/   Agencies are to
"coordinate efforts with all external public and private organizations to ensure business
continuity of services provided will continue with little or no disruption as a result of the Year
2000 problem for each Mission Area."1/  

It is with these directions that Risk Management Agency comes to the Reinsured companies who
work in concert with RMA in the delivery of the risk management tools for the American
producer.  The Year 2000 project that is well underway has been discussed with company
representatives at both Data Processing Managers meetings and Technology & Information
Processing (TIP) Committee meetings during the past year.  An awareness presentation was
given, information provided on the current status of this initiatives within RMA and discussions
held involving both companies and RMA staff on this issue.  The need for contingency planning
has been discussed during these times and reports requested from attendees

In addition, an R&D Bulletin, R&D98-016, has been issued providing companies with assurance
that RMA systems an facilities are Year 2000 compliant in response to company inquiries
resulting from State Board of Insurance inquiries.  RMA is well into the Year 2000 project and is
following USDA requests for contingency planning.  RMA must now ask that companies provide
reports showing contingency planning is being done or is completed in each company to ensure
that critical business processes related to the delivery of USDA-RMA programs will not suffer
any sustained or prolonged disruption.  USDA has published guidance on this issue as the Year
2000 Business Continuity (Contingency) Planning Guide, dated July 2, 1998 and identified as
USDA-98-002.  

Specifically for purposes of benefit delivery to American producers, RMA needs to show
business continuity in the area of ability to deliver payments, ability to show proof of benefit
delivery and ability to send and receive data from RMA.  Data exchange is critical to the
provision of product actuarial data and ability of companies to send and receive data for payment
purposes.

Critical processes may include assessment of potential system failure, including but not limited
to telecommunications, ability to pick up data from the RO server and ability to send data to RO
server for processing by RMA.  Critical relationships and processes will include identifying any
other entities a company may have involved in data processing in the delivery of risk
management products.

Other critical issues include telecommunications, telephone systems, facilities functions such as
utilities, elevators, security systems, fire alarms and so on. 

USDA's guidance document includes information on BCP development as a 5 phase process. 
These processes include:

1) Initiation: A Senior Executive is assigned responsibility for the Year 2000 project and begins
by organizing a work group team to develop a high-level business continuity planning strategy
consistent with core business processes.  The planning strategy includes key issues such as
identifying core business processes, define roles and assign responsibilities, develop master
schedule and milestones, implement a risk management process and reporting system; assess
existing business continuity, contingency and disaster recovery plans and capabilities and
implement independent reviews.

2) Analysis & Definition: Defining the essential business functions that must be performed to
continue providing the expected service; define and document information requirements,
methods and techniques to be used; define and document Year 2000 failure scenarios.

3) Risk and Impact Assessment: Perform risk and impact analyses of each core business
process; determine impact of internal and external information system failures and infrastructure
services on each core business process; assess and document infrastructure risks; define
minimum acceptable level of outputs and services for each core business process.
4) Contingency Planning: Integrates and acts on the results of business impact analysis; assess
benefits, costs, and risks of alternative contingency strategies; important factors in selection
process are functionality, deployment schedule and cost; identify and document contingency
plans and implementation modes; define and document triggers for activating contingency plans;
establish a business resumption team for each core business process; and develop and document
"zero day" strategy and procedures.  Zero Day is involving development of a risk-reduction
strategy and procedures for the period between Thursday, December 30, 1999, and Saturday,
January 1, 2000.  

5) Validation Testing: Evaluate whether individual contingency plans are capable of providing
the desired level for support to the mission area's core business processes and whether the plans
can be implemented within a specific time period; validate business continuity strategy; develop
and document contingency test plans; establish test teams and acquire contingency resources;
prepare for and execute tests; validate the capability of contingency plans; rehearse business
resumption teams; update the business continuity plan based upon lessons learned and re-test if
necessary and update disaster recovery plans and procedures.

A BCP matrices was provided by USDA in its guidance.  The document is included in the
Planning Guide as Appendix B with instructions for use found in Section 3.2 of the document.

The document follows:

5.1 Core Business Process: National Finance Center, Earnings Posting


No.
Risk/Threat
Event
Horizon
Time to
Failure)
Business Priority
Risk Mitigation


Contingency &
Triggers





Risk
Assessment


Impact


Score


Mitigation Strategy

Milestone
Date

Action
Agent



5.1.1
National Finance
Center (NFC) is
unable to post
earnings (W-2s),
make corrections to
Earnings records, or
access earnings data
due to Year 2000
related problems
with automated
systems.  Earning
processes are
supported by
automated systems
such as Annual
Wage reporting
(AWR), Detailed
Earnings Query
(DEQ), Summary
Earnings Query
(SEQ), and
Employer Earnings
System (EES). 
Interfacing systems
are: Individual
Income and Wage
Reporting (IIWR),
Treasury and
Summary Employee
Earnings Statement
(SEES) Social
Security
Administration.
Jan 3, 2999
.2
20
2.0
A) Complete renovation of all
Earnings software and related
systems.
B) Complete forward date,
system and integration testing
of all Earnings and related
systems.
C) Develop local Year 2000
contingency plans.
D) Provide refresher training
on related forms processing.
E) Develop plans to hire and
train on contingency basis
administrative staff from local
area.
F) Establish the Business
Resumption Team for the
Earnings process.

Oct 1998


Jan 1999


Feb 1999

March
1999
March
1999
NRS


NRS


NFC

NRS

NFC








1.  In the event that
PRS and other
systems are unable
to provide
automated support
to the Earnings
process due to
critical Year 2000
date problems, The
Business
Resumption team
for the Earning
Process will analyze
the problem, make
corrections and
retest immediately.
2) Automated
processing of
Earnings Process
will be suspended
until corrections are
made.
3) Operations
components will
implement the NFC
Year 2000
Contingency Plan.



5.1.2











5.1.3











This template should be completed for each core business process and all templates returned to RMA for
inclusion in Y2K reporting, document tracking and informational purposes.  

RMA is required to provide a monthly Y2K report to OCIO.  RMA would like to include periodic updates of
the contingency reporting from its private industry partners as well.  RMA requests that all companies
provide monthly to RMA on the status of Year 2000 compliancy efforts within the company as well as on
going contingency planning efforts.   

A copy of the USDA Year 2000 Business Continuity (Contingency) Planning Guide is available upon
request. 





    



1/ from USDA Year 2000 Business Continuity (Contingency) Planning Guide, July 2, 1998, USDA-98-002




rocontng.wpd
7/21/98