Business Impact Analysis--Assess the potential impact of mission-critical systems failures on core business processes. Define Y2K failure scenarios and perform risk and impact analyses of each core business process. Assess infrastructure risk and define the minimum acceptable levels of output for each core business process.

Contingency Planning--Identify and document contingency plans and implementation modes. Define triggers for activating contingency plans and establish a business resumption team for each core process.

Testing--Validate the business contingency strategy. Develop and document contingency test plans. Prepare and execute tests. Update disaster recovery plans and procedures.

These procedures can help an organization determine its risks and develop contingency plans if critical systems fail. But you cannot control what other businesses do or fail to do. For this reason, it is vital that businesses judiciously attend to their own problems and monitor the status of their trading partners. As Webster stated in his congressional testimony, "industry and society must realize that the federal government is not going to solve their problems--indeed the federal government will be hard pressed to solve its own." Therefore, take responsibility for your business now, before it is too late.

It is equally important to recognize that you as a business owner may be at risk to your trading partners and that they may be at risk to you, depending upon your relationship and position in the market place. Manufacturers, for example, are at the mercy of their suppliers as graphically illustrated by the United Auto Workers' strike against a GM parts supplier during the summer of 1998. The failure of a supplier's systems, leading to its inability to deliver supplies on time or in quantify, renders the manufacturer just as vulnerable as if its own systems failed.

In this regard, it is important to discuss your specific situation with your business advisors, including your attorney. At a minimum, you should consider these actions as part of your Y2K risk management strategy:

"Be in contact with software and hardware manufacturers and suppliers with regard to the status of your own Y2K situation. In addition, there are a number of qualified private software consultants who can perform analysis and correction of your Y2K problems."

1, Obtain continuing updates from your critical trading partners as to their Y2K readiness and contingency plans. Try to obtain written certification that these partners are Y2K compliant and that their business promises will not be interrupted by Y2K problems. Find out what they intend to do to maintain continuity if their core systems fail. Use the reports you obtain to update and revise your own contingency plans as necessary. Be aware, however, that it is difficult to define exactly what constitutes being Y2K compliant and companies are reluctant to give assurances given the tremendous uncertainty and legal risk.

2. Give consideration to including a Y2K clause in all future business contracts. The contract should define the Y2K problem and impose specific duties and responsibilities on the various parties if Y2K interrupts the orderly and timely fulfillment of the contract. If possible, define who bears the risks or costs associated with Y2K-related failures. You should also attempt to limit what constitutes a genuine Y2K failure. One very real potential is that aggressive attorneys may attempt to blame every failure on Y2K whether or not such is legitimate.

3. Be in contact with software and hardware and hardware manufacturers and suppliers with regard to the status of your own Y2K situation. In addition, there are a number of qualified private software consultants who can perform analysis and correction of your Y2K problems. You might consider hiring one. Understand the risks you face vis-a-vis your own operations and what kind of problems you might export to your trading partners. Begin immediately to develop plans to correct your own problems and minimize the effects of exporting your problem to others. The sooner you assess your Y2K situation, the better chance you have of getting problems solved in time. Depending upon the magnitude of your problem, every day could very important. If you cannot get equipment or software corrected in time, you may have to consider scrapping it. The cost of new equipment may not be as great as the cost of failed operations or liability come January 1, 2000.

4. If you are buying new hardware or software, be sure to have written assurances and other adequate proof that the equipment is Y2K compliant and will operate as intended in the environment in which you place it. The claims should be warranted. In any future purchase or lease contracts, try to place liability for Y2K failures on the manufacturer.