Big Ooooops!!! (But then again some of us knew this didn't we?)
March 10, 1999
Y2K Validation: Vital and
Misunderstood
After spending a great deal of time,
energy and money, many companies are
nearing the end of their Year 2000
remediation process. But testing, the
final and most important stage of Year
2000 compliance may be getting short
shrift.
According to the Gartner Group, testing
should represent at least half of the total
effort and expense of a Year 2000
compliance program. But research
suggests that many companies and
government agencies will not be able to
adequately validate their remediated
systems before Jan. 1, 2000. As recently
as the spring of 1998, the Software
Engineering Institute at Carnegie
Mellon University estimated that 67
percent of organizations had no formal
Year 2000 testing program in place. And
a recent report in the New York Times
found that most states were behind in
their Y2K efforts and thus will have little
or no time for testing.
"A lot of organizations try to boil Year
2000 testing down to one simple
process," said H. Husmann, an
independent consultant who specializes
in data processing and re-engineering.
"But it's much more complicated than
that."
Once their date-sensitive code has been
fixed, many businesses send it to an
independent vendor to have it
double-checked for problems. This
process is known as Independent
Verification and Validation (IV&V).
"The IV&V vendor is looking for two
things: non-compliant code that was
missed the first time around, and code
that was fixed incorrectly," said Leland
Freeman, vice-president of the Source
Recovery Company. IV&V often does
catch coding errors, said Freeman.
However, "this process can produce a
false sense of security." Systems face
other Year 2000 risks (such as interfaces
and operating environments) that IV&V
can't detect. "Until a system is actually
placed back into production," stressed
Freeman, "you can't be sure all the
problems have been fixed."
To verify the success of Year 2000
remediation, companies must thoroughly
test all of their internal systems,
including third-party software,
embedded systems, PCs, custom-written
software and mainframe operating
systems and hardware. It is equally
important to test new software packages
-- even those that claim to be
Y2K-compliant. "A very good software
manufacturer may be able to test 80
percent of an application's system
functionality," explained Husmann.
"There's just no substitute for testing an
application in the environment where it
will be used."
A company's most mission-critical
systems should also undergo regression
testing. Every time a new system is
validated, all the others need to be
tested as well to make sure no errors
have been introduced.
An effective Year 2000 testing program
must do more than just examine systems
in isolation; it must also analyze the
components of each program (unit
testing), make sure that the units in a
system work together (system testing)
and verify that all systems interact
correctly (integration testing).
An organization must also make sure
that its systems will work correctly with
those of its business partners, regulators
and customers -- a process known as
external testing. All remediated
programs must be tested for
functionality in the present as well as on
key dates in the Year 2000.
To complicate matters further, said
Husmann, there is no single industry
standard for what constitutes an
adequate Year 2000 testing program.
And as costs increase, many
organizations are working under tight
deadlines. Only half are doing real-time
testing before the Year 2000, said Geoff
Unwin, vice-chairman of the executive
board of the Cap Gemini Group.
The key is to get started as soon as
possible -- and to prioritize.
"Year 2000 testing is like trying to fight
twelve fires with a single bucket of
water," said Husmann. "You can't put
out all of them. So you use what you
have as effectively as possible -- and
then deal with the damage as best you
can."
(posted to csy2k this morning. No url.) |
