SSA: Go ahead, borrow from our 2000 contingency plans May 18, 1998
Connecting state and local government leaders
WILLIAMSBURG, Va.—When the General Accounting Office in February 1997 advised the Social Security Administration to establish year 2000 contingency plans, agency executives were skeptical. But not any more. SSA, widely viewed as one of the agencies best prepared for the millennium date change, is the first to have a plan for systems failure.
WILLIAMSBURG, Va.When the General Accounting Office in February 1997
advised the Social Security Administration to establish year 2000 contingency plans,
agency executives were skeptical. But not any more.
SSA, widely viewed as one of the agencies best prepared for the millennium
date change, is the first to have a plan for systems failure.
GAO is now recommending that agencies use SSAs Business Continuity
and Contingency Plan (BCCP) as a basis for their own plans. And agencies should feel free
to do so, said Kathleen M. Adams, assistant deputy commissioner of SSA for systems.
In this case, plagiarism is a best practice, she told
attendees of the Trail Boss Roundup, an annual meeting of graduates of the General
Services Administration training program for information technology managers.
Reality has set in that were not all going to be ready,
said Joel C. Willemssen, director of GAOs Civil Agencies Information Systems
Division.
GAO suggests that agencies base their contingency planning processes
on their year 2000 reviews and use a four-phase approach.
SSAs 32-page contingency document includes a detailed plan for each
core task, many of which, Adams said, will be painful to implement.
Adams described herself as a convert to contingency planning.
In 1997, that was not our focus, she said. Our
contingency plan was to be ready a year ahead of time. The likelihood was that everything
is going to be ready; its not.
The BCCP focuses on keeping the agencys key functions operating.
The contingency plans describe the steps SSA would take to ensure
the continuity of the core business processes in the event of a year 2000-induced system
failure, the plan notes.
A BCCP development team identified five core business processes: issuing
Social Security cards, posting earnings in Social Security accounts, paying claims,
handling post-entitlement claims and informing the public of SSA rule or policy changes.
The agency also set up teams to identify the major systems tied to each
core process and estimate how systems failure would affect the agencys work.
If you dont have a part of, or all of those systems, how are
you going to do your job? We have people now who dont know how to take a paper claim
anymore, Adams said.
The teams then identified failure time lines, essentially the time frame
in which SSA would be able to continue its job. SSA anticipates most problems will arise
early, as early as Monday, Jan. 3, 2000, Adams said.
To further complicate matters, the first Monday in January is one of the
years busiest for SSA work, she said.
The team developed the contingency plan by considering each
functions business priority, the chance of a systems failure and how a failure would
affect SSAs ability to keep running.
In some cases, the impact might not be seen for a month, which could allow
time to fix the process in a worst-case scenario, Adams said.
The plan also helped SSA better organize its year 2000 fix-it work, she
said.
It was a road map for a lot of plans that needed to be
developed, Adams said.
The BCCP, which SSA will update quarterly, also includes plans for
regional offices to address potential failure in specific jurisdictions.
SSA has posted its plan on the Web at http://www.itpolicy.gsa.gov/. GAOs
recommendations are posted at http://www.gao.gov/special.pubs/bcpguide.pdf.
NEXT STORY: Put everyone on the same page