FCA Info Memo - FCA's Year 2000 Compliance Progress Report

Informational Memorandum
Subject:	FCA's Year 2000 Compliance Progress Report
Date of Memorandum:	05/28/1998
Expiration Date:
Office:	Information Resources Division
Signed By:	Smith, Stephen
FCA Contact Person:	Wooten, Tim
Contact Phone:	703-883-4341
List of Attachments:	None

INFORMATIONAL MEMORANDUM

May 28, 1998

To: Chairman, Board of Directors
Chief Executive Officer
Chief Information Officer
All Farm Credit System Institutions

From: Stephen G. Smith, Chief Information Officer /s/
Information Resources Division

Subject: Farm Credit Administration’s Year 2000 Compliance Progress Report

A number of institutions within the Farm Credit System (FCS) have inquired about the Farm Credit Administration’s (FCA or Agency) progress in achieving Year 2000 (Y2K) compliance. Such inquiries are entirely appropriate. Therefore, in order to keep you fully informed, we will send you periodic reports on the Agency’s progress. FCA has set the same Y2K requirements for itself that have been communicated to the institutions it examines and regulates.

From our internal perspective, the Y2K issue involves much more than technology and our computer specialists. It is a challenge for the entire Agency. As a result, the Agency's Information Resources Management Operations Committee (IRMOC) has been charged with overseeing Agencywide internal efforts and monitoring the business risks posed by vendors, business partners, and customers.

The IRMOC is chaired by the Chief Information Officer (CIO) who serves with the Director of Operations, Office of Examination; the Deputy Chief Financial Officer; an Associate General Counsel; the Chief Economist; and a Public Affairs Specialist. The committee represents all Agency disciplines and provides a broad perspective to the Agency's compliance efforts. The CIO reports to the Chairman of the Board and Chief Executive Officer, and has the authority necessary to ensure that the FCA takes appropriate action on its systems.

The Agency has made substantial progress internally toward achieving Y2K compliance. As called for in our Information Resources Management Strategic Plan, we have completed our scheduled replacement cycle for computer hardware that resulted in the purchase of new computers that are Y2K compatible. Consequently, FCA has addressed a number of compliance issues in the normal course of business. Over the past 3 years, the Information Resources Division (IRD) has completed implementing the Windows NT-based network operating system, including hardware that is warranted to be compliant with the Y2K transition. In addition, the complete suite of workplace productivity tools has been replaced with applications that are also represented by the manufacturers to be capable of making date and related calculations associated with the transition into the next millenium.

At Chairman Martin’s direction, a detailed action plan to address internal Y2K issues was prepared and approved by the FCA Board. One of the first steps in the plan was to inventory all systems and applications used by the Agency and assess their relative importance. Through the inventory, the FCA identified and evaluated all mission-critical systems necessary to fulfill the Agency's responsibilities as the safety and soundness regulator of the FCS. We also identified mission-critical systems supporting administrative needs, such as the payroll system. Twenty-five out of 309 of our information systems were identified as mission-critical. Within this category of mission-critical, 20 relate to FCA's safety and soundness mission. The remaining 5 are administrative systems.

The inventory process calls for certification from vendors and other third parties regarding the level of Y2K compliance of the products and services provided to FCA. We recognize that formal certification alone is not sufficient to ensure that a product or service will operate properly in FCA's unique environment. Therefore, we are implementing our own internal testing and verification processes to ensure that all significant applications, systems, and data function properly together. We control 22 of the 25 mission-critical information systems. The remaining 3 rely on other Federal government agencies for renovation, or are third-party vendor software. We will effect contingency replacements for these mission-critical systems if compliance cannot be demonstrated by the first quarter of fiscal year (FY) 1999.

Of the 22 mission-critical information systems that are under FCA’s direct control, 17 comply, 1 will be replaced, and 1 will be retired. The remaining 3 will be made compliant and will not require a major expenditure of staff time or financial resources.

In addition to the 25 mission-critical information systems, the FCA has identified 3 physical plant and facility systems that are also mission-critical. These systems, which support the telephone, sprinkler, and electric services, are outside of our control because they rely on third party vendors. We will effect contingency replacements for these systems, as well, if compliance cannot be demonstrated by the first quarter of FY 1999. The remaining 284 systems identified during this inventory are not mission-critical.

We believe that the Agency is well on the way to Y2K compliance; however, we will not take external factors for granted. The compliance certifications of FCA's essential internal systems, hardware, software, vendors, customers, and interfaces should be completed by September 30, 1998. We are now in the process of conducting these tests to confirm that FCA’s essential computer systems and applications will transition into the next century without adverse impact on their availability, integrity, or confidentiality.

Since January 1, 1998, the following milestones have been accomplished under the Y2K action plan.

The migration of VAX/VMS systems was completed on January 30, 1998. This was a very significant accomplishment that eliminated a major Y2K vulnerability for the FCA. The VAX cluster, due to its outdated and obsolete firmware and software, would have represented a problematic platform to both test and repair. The replacement made it unnecessary to complete an assessment of Y2K on the VAX and related systems.

The conversion of all information system (IS) applications to the 4-digit date system in Oracle was also completed on January 30, 1998. A basic prerequisite to addressing Y2K is the need to require the use of 4-digit date formats in all IS applications. Concurrent with the migration of VAX Cluster “legacy” systems, IRD has incorporated the implementation of the required 4-digit date discipline.

The replacement of all cobol-based applications was accomplished prior to January 30, 1998, as scheduled. Maintenance of IS systems based on this programming language is one of the major stumbling blocks to organizations achieving Y2K compliance. In fact, it is the vast effort to test and correct cobol code that has proven to be the most costly and time-consuming step. With the total elimination of cobol-based applications, FCA has avoided one of the most difficult of all the Y2K compliance obstacles.

The Y2K action plan required all information and support systems in use by the Agency to be cataloged. To accomplish this objective, a comprehensive survey was sent to each FCA Office. This step was completed on February 27, 1998, and resulted in cataloging and classifying all information, and administrative applications, and support systems, in current use by Agency staff.

FCA has conducted stand-alone hardware testing of almost every personal computer, laptop, and server in use by the FCA. All hardware that has been tested to date has passed, and has been certified as Y2K compliant.

Training of application testers and test plan development is now in process. Test plans are being developed for unit testing of every application or support service in use by FCA that is considered to be mission-critical or significant to operations.

I hope that this information is useful in your efforts to achieve Y2K compliance. The next Y2K informational memorandum on FCA’s internal efforts will be issued in July 1998. More information about FCA’s Y2K Plan may be found at our Internet web site, www.fca.gov, under the headings “Y2K Issues” and “News Releases” (Feb. 1998 – “FCA Board Adopts Plan to Assure Y2K Compliance”). If you have any questions regarding this memorandum, please call me at 703 883 4300 or e-mail me at smiths@fca.gov.