Good morning. I am Harris Miller, president of the Information Technology Association of America, representing 11,000 direct and affiliate member companies in the information technology (IT) industry. ITAA members are the marketplace leaders in a host of critical IT areas, including product and custom software, telecommunications, Internet, systems integration, and outsourcing.
Chairman Bennett and other distinguished members of the Subcommittee, ITAA applauds your outstanding leadership on the Year 2000 issue. The challenge we face in rising to this issue is enormous--a challenge which hits the banking and financial services community particularly hard because of:
ITAA supports the efforts of this Subcommittee because this is where the rubber meets the road. It will be through the efforts of this Subcommittee and others focused on key industry sectors that Year 2000 will receive the attention it deserves. We encourage similar hearings in such areas as transportation, public health, energy, defense and other major facets of modern society.
ITAA is concerned about the Year 2000 status of both the national and international banking system. While some national banks have staked out the high ground on this issue, I am concerned that there are many banks and financial services firms which remain silent on their Y2K preparedness.
From an international banking perspective, our dealings with foreign bankers suggest a disturbing degree of inaction; we hear similar concerns voiced by other observers as well.
Today I have been asked to testify about ITAA's Year 2000 certification program, called ITAA*2000. I am delighted to do so, because we have a very positive story to tell. Let me begin with some brief background.
ITAA has been engaged for several years in educating governments at all levels, the private sector, and the international community about the actions necessary to address the Year 2000 and the very real risks of inaction. Last year, our Year 2000 Task Force approved the idea of a Year 2000 certification program. While the ITAA*2000 offers a substantive, rigorous technical evaluation of applicants, the program should be properly viewed from a strategic business vantage point. The topic of this hearing is liability; the focus of our program is to provide a mechanism by which organizations are able to mitigate the downstream risk associated with this work.
ITAA*2000 has grown to become the widely acknowledged industry certification program. I think it's fair to say that it has become something of a standard. Today 45 organizations have received Certification with another 12 in process. Several other companies have informed us they expect to submit completed applications shortly.
Let me talk briefly about one recent program graduate which is of particular interest to this body. Last month, BankBoston received ITAA*2000 certification. As you know, BankBoston has been one of the nation's leading financial institutions in working its way through the Year 2000 thicket. In gaining ITAA*2000 certification, BankBoston was able to demonstrate that it had a set of formal methods in place in eleven areas critical to success, from initial assessment to final testing. BankBoston is the first financial institution to gain this distinction. We hope that many others will follow suit.
Almost 350 companies have requested the questionnaire necessary to submit to become certified. We are somewhat perplexed why more completed questionnaires have not yet been submitted. Let me hazard some guesses. First, the application process is rigorous, perhaps more rigorous than some companies are willing to go through. Completed applications are often several inches thick. We do not issue these certifications lightly and some organizations fail the review. And perhaps some fail themselves, starting the process assuming it will be pro forma, and have second thoughts when they realize the challenge of becoming certified.
Let me talk for a moment about how the program works. Applicants such as BankBoston respond to an in-depth technical questionnaire, provide extensive documentation, and respond to follow-up questions. Our focus is on the processes and methods that organizations use to develop Year 2000 compliant software. To date, most of our program graduates have been information technology companies. But we have designed this program to apply to any company, government agency or other entity involved in Y2K conversion. The certification can involve organizations which sell products or services commercially; it can be of equal interest to those developing systems for internal use only. The certification process provides an independent, third-party review of Y2K processes and methods. Our thinking is that if you get the processes and methods right on the front end, you dramatically reduce the chances of failure down the road. This concept of reviewing processes and methods is similar to the ISO 9000 process, widely used in our industry.
ITAA*2000 certification does not offer guarantees, but it does mitigate the risks associated with this work. Organizations receiving certification demonstrate to customers, business partners, stockholders and other interested parties that, well in advance of the century rollover, they have understood the Year 2000 problem, taken reasonable steps to correct it, and, in so doing, met the industry's best practices for dealing with the issue.
Does that mean software will operate flawlessly in the years to come? Of course not. No single industry program could hold itself out as the ultimate arbiter of Year 2000 compliance. There are simply too many platforms, systems, languages, interfaces and other date dependent components to check--and not enough time. Every organization's computing environment is sui generis. Attempting to recreate such environments on a customer by customer basis is just a bridge too far.
The ITAA*2000 Certification Program should also not be considered a substitute for an organization's own verification program. For the reasons I just mentioned, we believe companies should tailor a Year 2000 verification program which is right for them incorporating company methods and approaches, identifying key interfaces, setting testing criteria, and putting the management practices in place to ensure compliance. Part of this internal program should include steps to assure the Year 2000 compliance of hardware and software vendors and others with products using microprocessors or programmable logic controllers. To this end, ITAA has developed a standard questionnaire for customer use in communicating with their suppliers. Our purpose is twofold: to help customers ask the right questions; and to help vendors deal with the many thousands of contacts they receive on this issue, all asking for the same basic information in multiple ways.
Speaking as an IT industry executive, I am proud that ITAA has stepped up to the Year 2000 certification challenge. We have been very active in trying to get other industries and industry groups informed about the Y2K challenge and to embrace the ITAA*2000 program.
And we offer ITAA*2000 overseas. I have given educational seminars around the world, including China, Singapore, Canada, France, Brazil, Mexico and Spain. Certification is always a topic of interest. I also serve as President of the World Information Technology and Services Alliance (WITSA), comprised of 29 IT associations from around the world. WITSA has adopted a policy paper calling for an increased global focus on the Year 2000 challenge. ITAA has signed several agreements with our global sister associations to offer the certification program in their countries.
The ITAA*2000 program continues to grow and to offer important benefits to certified
organizations. Today, the program enables commercial companies to set themselves apart
from the competition by making a strong positive statement about their Year 2000 readiness.
It allows customers to distinguish among the many vendors offering them products and
services. It permits organizations to validate their own internal Year 2000 conversion
processes. Tomorrow, ITAA*2000 certification program will help companies of all types
mitigate risk by conclusively demonstrating that they took appropriate steps to deal with this
unprecedented situation.
Good morning. I am Harris Miller, president of the Information Technology Association of America, representing 11,000 direct and affiliate member companies in the information technology (IT) industry. ITAA members are the marketplace leaders in a host of critical IT areas, including product and custom software, telecommunications, Internet, systems integration, and outsourcing.
Chairman Bennett and other distinguished members of the Subcommittee, ITAA applauds your outstanding leadership on the Year 2000 issue. The challenge we face in rising to this issue is enormous--a challenge which hits the banking and financial services community particularly hard because of:
ITAA supports the efforts of this Subcommittee because this is where the rubber meets the road. It will be through the efforts of this Subcommittee and others focused on key industry sectors that Year 2000 will receive the attention it deserves. We encourage similar hearings in such areas as transportation, public health, energy, defense and other major facets of modern society.
ITAA is concerned about the Year 2000 status of both the national and international banking system. While some national banks have staked out the high ground on this issue, I am concerned that there are many banks and financial services firms which remain silent on their Y2K preparedness. Even banks which have a Year 2000 program may be slow to translate plans into action. I am concerned that banks, like many other types of firms, are victims of analysis paralysis the disabling disease which inhibits the ability of organizations to admit that business survival is the real issue, that mistakes will inevitably happen, and that tough choices must be made now. It's time to make those choices and move on.
From an international banking perspective, our dealings with foreign bankers suggest a disturbing degree of inaction; we hear similar concerns voiced by other observers as well. Let me offer one example. In the U.S., much of the information about the Year 2000 situation travels on the Internet. The Internet plays a major role in spreading awareness, sharing comparative data, identifying candidate solutions and the like. At a recent presentation to a meeting of Greek banks, we learned that few households in Greece are likely to have a PC, much less access to the Internet. This is just a small example of a major structural barrier to solving this problem, no doubt replicated in many if not most--countries around the world.
Today I have been asked to testify about ITAA's Year 2000 certification program, called ITAA*2000. I am delighted to do so, because we have a very positive story to tell. Let me begin with some brief background.
ITAA has been engaged for several years in educating governments at all levels, the private sector, and the international community about the actions necessary to address the Year 2000 and the very real risks of inaction. Last year, our Year 2000 Task Force approved the idea of a Year 2000 certification program. While the ITAA*2000 offers a substantive, rigorous technical evaluation of applicants, the program should be properly viewed from a strategic business vantage point. The topic of this hearing is liability; the focus of our program is to provide a mechanism by which organizations are able to mitigate the downstream risk associated with this work.
Other goals behind ITAA*2000 are:
We developed the ITAA*2000 program in conjunction with the Software Productivity
Consortium (SPC) of Herndon, VA, an organization with great expertise in software process
improvement. The Consortium provides the technical manpower to staff the program. We
conducted a pilot to "get the bugs" out in August and September of last year, and publicly
announced the program on October 1, 1996.
The program has grown to become the widely acknowledged industry certification program. I think it's fair to say that it has become something of a standard. Today 45 organizations have received Certification with another 12 in process. Several other companies have informed us they expect to submit completed applications shortly.
Let me talk briefly about one recent program graduate which is of particular interest to this body. Last month, BankBoston received ITAA*2000 certification. As you know, BankBoston has been one of the nation's leading financial institutions in working its way through the Year 2000 thicket. As early as December 1996, we reported in our weekly Year 2000 Outlook publication on the impressive progress BankBoston was making with its 40- million-plus lines of code. As we said at the time, the heart of the bank's repeatable process is a sequence requiring an input, an activity, an output, a tool and a metric. The BankBoston team applies the process to all aspects of the conversion, using iteration and yardsticks to assure that results do not go out of bounds.
That is the kind of approach which, we believe, lowers the risks involved in achieving a successful conversion. In gaining ITAA*2000 certification, BankBoston was able to demonstrate that it had a set of formal methods in place in eleven areas critical to success, from initial assessment to final testing. BankBoston is the first financial institution to gain this distinction. We hope that many others will follow suit.
Almost 350 companies have requested the questionnaire necessary to submit to become certified. We are somewhat perplexed by why more completed questionnaires have not yet been submitted. Let me hazard some guesses. First, the application process is rigorous, perhaps more rigorous than some companies are willing to go through. Completed applications are often several inches thick. We do not issue these certifications lightly and some organizations fail the review. And perhaps some fail themselves, starting the process assuming it will be pro forma and having second thoughts when they realize the challenge of becoming certified.
There are other reasons for the relatively small response. Many companies are extremely busy talking with or servicing potential or actual Y2K customers or doing their own conversions. They simply may not have adequate staff and time to complete the questionnaire, or it may just inadvertently fall to the bottom of the "to do" list. We have talked with many companies which have assured us they are poised to submit their applications, yet have not done so, probably because of time pressure.
Let me talk for a moment about how the program works. Applicants such as BankBoston respond to an in-depth technical questionnaire, provide extensive documentation, and respond to follow-up questions. Our focus is on the processes and methods that organizations use to develop Year 2000 compliant software. To date, most of our program graduates have been information technology companies. But we have designed this program to apply to any company, government agency or other entity involved in Y2K conversion. The certification can involve organizations which sell products or services commercially; it can be of equal interest to those developing systems for internal use only. The certification process provides an independent, third-party review of Y2K processes and methods. Our thinking is that if you get the processes and methods right on the front end, you dramatically reduce the chances of failure down the road. This concept of reviewing processes and methods is similar to the ISO 9000 process, widely used in our industry.
We freely admit that this is not a perfect program. We have heard from some potential customers of Y2K services and products who say that because the ITAA*2000 program does not test software per se in every environment in which they use it, it fails to meet their needs. We understand their point of view, but we believe that there is still substantial value in a program which provides an independent analysis of processes and methods. ITAA*2000 certification does not offer guarantees, but it does mitigate the risks associated with this work. Organizations receiving certification demonstrate to customers, business partners, stockholders and other interested parties that, well in advance of the century rollover, they have understood the Year 2000 problem, taken reasonable steps to correct it, and, in so doing, met the industry's best practices for dealing with the issue.
Does that mean software will operate flawlessly in the years to come? Of course not. No single industry program could hold itself out as the ultimate arbiter of Year 2000 compliance. There are simply too many platforms, systems, languages, interfaces and other date-dependent components to check--and not enough time. Every organization's computing environment is sui generis. Attempting to recreate such environments on a customer-by-customer basis is just a bridge too far. The complexity and multiplicity of environments and interfaces is one reason we emphasize so strongly in our general presentations on the Year 2000 that the most time- consuming and important element of the conversion process is the testing phase. A Y2K "solution" that works very well in one computing environment may not work well at all in another environment. It simply would be impossible for us, or any organization, to test even a limited set of software products in all possible environments and interface situations.
The ITAA*2000 Certification Program should also not be considered a substitute for an organization's own verification program. For the reasons I just mentioned, we believe companies should tailor a Year 2000 verification program which is right for them incorporating company methods and approaches, identifying key interfaces, setting testing criteria, and putting the management practices in place to ensure compliance. Part of this internal program should include steps to assure the Year 2000 compliance of hardware and software vendors and others with products using microprocessors or programmable logic controllers. To this end, ITAA has developed a standard questionnaire for customer use in communicating with their suppliers. Our purpose is twofold: to help customers ask the right questions and to help vendors deal with the many thousands of contacts they receive on this issue, all asking for the same basic information in multiple ways.
Speaking as an IT industry executive, I am proud that ITAA has stepped up to the Year 2000 certification challenge. ITAA*2000 is one of several Year 2000 initiatives we have underway, including seminars, a Year 2000 directory, buyer's guide, and weekly Internet-based newsletter. We have been very active in trying to get other industries and industry groups informed about the Y2K challenge and to embrace the ITAA*2000 program. I am pleased to report that ITAA has built a collaborative Year 2000 program with the National Retail Federation. We have also briefed the Securities Industry Association, the Automotive Industry Action Council and other groups about the program. We have also been active conference presenters on this topic at cities across the country.
And we offer ITAA*2000 overseas. I have given educational seminars around the world, including China, Singapore, Canada, France, Brazil, Mexico and Spain. Certification is always a topic of interest. I also serve as President of the World Information Technology and Services Alliance (WITSA), comprised of 29 IT associations from around the world. WITSA has adopted a policy paper calling for an increased global focus on the Year 2000 challenge. ITAA has signed several agreements with our global sister associations to offer the certification program in their countries.
The ITAA*2000 program continues to grow and to offer important benefits to certified organizations. Today, the program enables commercial companies to set themselves apart from the competition by making a strong positive statement about their Year 2000 readiness. It allows customers to distinguish among the many vendors offering them products and services. It permits organizations to validate their own internal Year 2000 conversion processes. Tomorrow, ITAA*2000 certification program will help companies of all types mitigate risk by conclusively demonstrating that they took appropriate steps to deal with this unprecedented situation.
Thank you very much. I will be happy to respond to any questions you have about my
testimony.
Home | Menu | Links | Info | Chairman's Page