Year 2000 Vendor Compliance Programs and Legal Audits
Publication year | 1998 |
Pages | 99 |
1998, October, Pg. 99. Year 2000 Vendor Compliance Programs and Legal Audits
Vol. 27, No. 10, Pg. 99
The Colorado Lawyer
October 1998
Vol. 27, No. 10 [Page 99]
October 1998
Vol. 27, No. 10 [Page 99]
Specialty Law Columns
Technology Law and Policy Review
Year 2000 Vendor Compliance Programs and Legal Audits
by Kelly Ann Breuer Weist
Technology Law and Policy Review
Year 2000 Vendor Compliance Programs and Legal Audits
by Kelly Ann Breuer Weist
Editor's Note: This is the first in a series of six
articles on Year 2000 topics that will appear in this column
through the August 1999 issue. Upcoming articles will cover
litigation, insurance issues, government contracts, class
actions, and legislative response. See also Patterson
"Advising Clients Regarding Year 2000 Compliance,"
27 The Colorado Lawyer 5 (Sept. 1998)
As the millennium approaches, business lawyers will be
confronted with one likely question from their clients: What
do I need to do to make sure that my business is not affected
by the Year 2000 ("Y2K") problem While most large
companies have initiated Year 2000 compliance programs and
legal audits, many small- to medium-size companies still have
not begun those efforts, perhaps because they do not know
where to begin. Although no one quite knows what the impact
of Y2K will be on business, counsel can assist clients in
minimizing the harm Y2K can cause. This article describes how
counsel can minimize the harm by encouraging clients to
implement Y2K compliance programs and legal audits
The "Millenium Bug"
The problem, or "bug," arises from a deliberate
design decision made by programmers in the early days of
computers. Due to the high cost of memory, programmers saved
space wherever they could. One common method was to designate
the prefix "19" in the digit field as the year.
These "legacy systems" were utilized as the basis
of other systems and programs. Therefore, myriad programs,
applications, hardware configurations and embedded chips may
have performance problems when the clock rolls around to
January 1, 2000.
All electronic systems need to be inventoried and reviewed.
Do not assume that the client's business is immune from a
Y2K failure. It was a faulty assumption that created this
mess in the first place.
Developing a Plan
The client's first step in conducting an audit is to
develop a Y2K plan. At a minimum, this plan should consist of
the following: (1) an inventory of programs, systems, and
dependent products that could be affected by Y2K; (2) a
determination of which systems and products are critical to
ongoing business operations; (3) a "compliance
program" in which client or counsel contacts vendors to
determine if their products or services are Y2K compliant (in
this process, the client will need to make an initial
determination of where and under what terms it acquired the
systems and products under consideration); and (4) a legal
audit to assess the client's rights of recovery against
vendors of products that are not Y2K compliant.
Y2K Inventory
Most businesses should start their inventory by listing all
the computers they have in operation. To do this, the client
could make a spreadsheet identifying the type of equipment,
the applications or programs that run on it, when it was
obtained, how it was obtained (such as through a contract or
purchase order), the vendor it was obtained from, and whether
any part of the equipment or applications were designed
specifically for the client or acquired with the advice of a
consultant.
In addition, an important consideration for certain
applications and databases is whether they are called on to
make projections. If the client uses a program that projects
out past December 31, 1999, such as those used for credit
card authorizations, loan amortization, or dates of service
for pension benefits, the client will need to know the
program's "time horizon to failure." From this,
the client can determine when the program is expected to
experience its first projection past December 31, 1999.
As with PCs or mainframes, clients must be careful to
identify anything that has an embedded chip, such as fax
machines, internal phone systems, microwaves, elevators, and
thermostats. Mass market computer chips are used in
everything from watches to cars to pacemakers. Generally,
embedded chips cannot be reprogrammed, so either the chip or
the item that contains the chip will need to be replaced. Few
of the mass-marketed chips will have Y2K bugs, but without
contacting the manufacturer, there is no way to know for
certain in advance of a failure.
The client also needs to identify any infrastructures or
outsourced business functions on which it is relying
including "smart" office buildings, transportation,
telecommunications, and electricity. This is a critical
consideration. Is it essential for the client to travel by
air to meet with customers Is the client's cell phone
crucial to the business Can the client live without data
transfer from suppliers of information Even if everything
in-house is shipshape, the client's...
To continue reading
Request your trial