SSA: Go ahead, borrow from our 2000 contingency plans May 18, 1998

WILLIAMSBURG, Va.—When the General Accounting Office in February 1997
advised the Social Security Administration to establish year 2000 contingency plans,
agency executives were skeptical. But not any more.


SSA, widely viewed as one of the agencies best prepared for the millennium
date change, is the first to have a plan for systems failure.


GAO is now recommending that agencies use SSA’s Business Continuity
and Contingency Plan (BCCP) as a basis for their own plans. And agencies should feel free
to do so, said Kathleen M. Adams, assistant deputy commissioner of SSA for systems.


“In this case, plagiarism is a best practice,” she told
attendees of the Trail Boss Roundup, an annual meeting of graduates of the General
Services Administration training program for information technology managers.


“Reality has set in that we’re not all going to be ready,”
said Joel C. Willemssen, director of GAO’s Civil Agencies Information Systems
Division.


GAO suggests that agencies’ base their contingency planning processes
on their year 2000 reviews and use a four-phase approach.


SSA’s 32-page contingency document includes a detailed plan for each
core task, many of which, Adams said, will be painful to implement.


Adams described herself as a convert to contingency planning.


“In 1997, that was not our focus,” she said. “Our
contingency plan was to be ready a year ahead of time. The likelihood was that everything
is going to be ready; it’s not.”


The BCCP focuses on keeping the agency’s key functions operating.


“The contingency plans describe the steps SSA would take to ensure
the continuity of the core business processes in the event of a year 2000-induced system
failure,” the plan notes.


A BCCP development team identified five core business processes: issuing
Social Security cards, posting earnings in Social Security accounts, paying claims,
handling post-entitlement claims and informing the public of SSA rule or policy changes.


The agency also set up teams to identify the major systems tied to each
core process and estimate how systems failure would affect the agency’s work.


“If you don’t have a part of, or all of those systems, how are
you going to do your job? We have people now who don’t know how to take a paper claim
anymore,” Adams said.


The teams then identified failure time lines, essentially the time frame
in which SSA would be able to continue its job. SSA anticipates most problems will arise
early, as early as Monday, Jan. 3, 2000, Adams said.


To further complicate matters, the first Monday in January is one of the
year’s busiest for SSA work, she said.


The team developed the contingency plan by considering each
function’s business priority, the chance of a systems failure and how a failure would
affect SSA’s ability to keep running.


In some cases, the impact might not be seen for a month, which could allow
time to fix the process in a worst-case scenario, Adams said.


The plan also helped SSA better organize its year 2000 fix-it work, she
said.


“It was a road map for a lot of plans that needed to be
developed,” Adams said.


The BCCP, which SSA will update quarterly, also includes plans for
regional offices to address potential failure in specific jurisdictions.


SSA has posted its plan on the Web at http://www.itpolicy.gsa.gov/.  GAO’s
recommendations are posted at http://www.gao.gov/special.pubs/bcpguide.pdf.


inside gcn

  • Pushing cybersecurity for counties

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group