Questions from Public Consultation Attendees



INDEX
 Management
Technical
Fees

A MANAGEMENT

AQ1
Y2K Government Legislation

AQ1
Is the Federal Government legislation in already?

AA1
Not yet but we have been informed that the Act will be legislated when parliament resumes in February. Here is a copy of the notice

AQ2
Government Funding of OICY2KRAMP

AQ2
Have you approached Federal Government with OICY2KRAMP for any endorsement?

AA2
No, as yet not for endorsement, but we have submitted an application for funding with the Senator ALSTON's Department of Communications Information Technology and the Arts (DCITA) as part of the On-line Information Technology On-line (ITOL) programme

AQ3
Definition of Y2K Compliance

AQ3
Do you have a definition of Y2K compliance ?

AA3
We use the definition as provided by the Standards Australia http://www.y2kregister.com.au

AQ4
Liability for actions

AQ4
Is the OIC going to be liable (responsible) for its actions ?

AA4
OICY2KRAMP PTY LTD is licensing a process to administer Y2K Compliance checking and remediation. Included in this process is access to the list of Y2K products 14/01/99 that can be selected from a list of the products on the Standards Australia Y2K Compliancy Tools Web site. According to the Federal Government media release dated 17/12/98 on the pending legislation "Under the legislation, which will closely parallel the recent US "Good Samaritan" legislation, liability will not be generally removed if a product or service fails as a result of Y2K service failure, but the disclosure statement could not be used as evidence in any subsequent action".

AQ5
Legal Implications

AQ5
What are the legal implications ?

AA5
OICY2KRAMP is a process to record Due Diligence for Y2K checking and remediation has been initiated and is continuing. It is not a product to check or remediate Y2K problems. As we understand the pending Y2K Good Samaritan legislation will require organisations to show their trading partners that some form of Y2K checking and remediation has taken place and is continuing to take place. This Public Consultation and Review is for you to inform OICY2KCC if you consider the process satisfactory or if requires enhancements.

AQ6
Liability for endorsing 3rd party products

AQ6
Are we going to be liable for any endorsement of a third party product ?

AA6
The OIC, OICY2KCC and the OICY2KRAMP project team are not and will not be endorsing any third party products. OICY2KRAMP is a process that records the results of third party products. The OICY2KCC is negotiating with Y2K check and remediation software suppliers special rates for OIC members. (see OIC Software Supplier Form )

AQ7
Viewing information as non-member OICY2KRAMP

AQ7
Can you see the system on the site without subscribing as a member of the OIC (i.e. will there be a dummy model) ?

AA7
OICY2KRAMP is a process that includes a software system that monitors Y2K Checking and Remediation progress. This software system automatically updates a Web site which can be viewed electronically. This process can only be licensed by members of the OIC. This is because it is an evolving process that will be continually refined as Y2K on-going compliancy issues for Desktop Computing become better understood. However a non-member will be able to view the information provided a trading partner provides them with the access password.

AQ8
Viewing activities of trading partner

AQ8
Would we be able to view the activities of a trading partner of ours if we are not OIC members ?

AA8
Yes if your trading partner who uses OICY2KRAMP provides you with the password to view its OICY2KRAMP web page

AQ9
Current Users OICY2KRAMP.

AQ9
How many people are using RAMP at present ?

AA9
OICY2KRAMP has been developed as a result with working with 5 organisations who are members of the OIC. As at 20/01/99 OICY2KRAMP has not been installed in its entirety with a Web-site. This is a public consultation and review to evaluate the process before it is released via a seminar, workshop and training programme.

AQ10
Are you too late ?

AQ10
Why did you start the RAMP process now (aren't you too late) ?

AA10
We developed the process as a result of carrying out Y2K Checking and Remediation among members of the OIC. OICY2KRAMP as a process has taken about 12 months to develop and specify. Although many may consider it is too late, we do not believe it is too late for the SME sector. Many SMEs are not aware yet of the importance of Y2K compliance for business trading partners. We consider a process is better than no process even at this very late stage. We agree that this is a critical time for action.

C TECHNICAL

CQ1
Will SMEs require compliant systems

CQ1
Some SME's will not require compliant systems, eg they have Excel but do not use it so what are you going to do about them ?

CA1
Who is going to go through each file and decide what is being used and what is not being used ? We are providing the process for any SME to be able to provide evidence that, whatever they use, a due diligence process has been followed to check and remediate the Y2K problem. The process uses checking software to check application and custom-written software.

CQ2
Adverse comments about Y2K products.

CQ2
Are you going to criticise any `ineffective' Y2K tools ?

CA2
No we may point out the management issues that have to be considered with any Y2K checking and remediation product

CQ3
How effective is the process.

CQ3
How effective is the process going to be ?

CA3
This is what we are asking you to evaluate at this Public Consultation with the understanding that submitted comments and feedback will enhance the process. This process has been developed to endeavour to ensure that every level of Y2K Checking has taken place. As a result of this Public Consultations we believe this process will be recognised as very effective.

CQ4
False information.

CQ4
What's to stop the end-user submitting false information ?

CA4
There are 3 safeguards:

  1. OICY2KRAMP is monthly an on-going process - hence information would be checked and validated each month - any anomalies will be highlighted in the Host reports

  2. An OICY2KRAMP consultant is allocated to each OICY2KRAMP member. The consultants responsibility will include ensuring that the information entered into the system is accurate. These consultants will visit each member as a mentor at least once. The OICY2KRAMP consultant will be responsible for the accuracy of the data input.

  3. It has been proposed that part of the licence agreement will include a section that states a phrase along the lines "The input of false information to obtain a OICY2K Due Diligence Certificate will render you as the OICY2KRAMP licencee liable in the event that your systems fail after 01/01/2000".

CQ5
Will asset register be effective without embedded chip assets ?

CQ5
how is an asset register going to be effective if it does not include embedded systems (which are deemed to be assets) ?

CA5
The current members of OICY2KCC have focused on the Y2K issue for Desktop Computing not on embedded chip problems. We would welcome other members who wish to tackle the embedded chip problem. It only requires 3 members to establish a Specific Interest Group who wish to research and develop a solutions to problems like an effective asset register for the embedded chip problem. I am sure the OICY2KRAMP system could be adapted once someone has funded that phase of the project.

CQ6
What levels of date checking

CQ6
To what level does checking reach, i.e. multi-date ?

CA6
At the moment it is envisaged that there will be multiple dates for many of the compliancy checking levels particularly User-Data remediation. The area of User Data Remediation requires further research over the next 2 months to cover most of the issues. This is part of the on-going research with this project hence the need to share experiences electronically.

CQ7
Is OICY2KRAMP usable in a network

CQ7
Is OICY2KRAMP networkable (i.e. could it be adapted as an asset register for an organisation with multi-server applications) ?

CA7
No the software is a single user application which would be licensed to each site. The key issue is the input of the data at a single location. The results would be available on the Internet.

CQ8
Sufficient options to cover all circumstances.

CQ8
How do you know you have enough options for feedback ?

CA8
That is the purpose of this public consultation to determine what other options may be required. More detailed research on this will be carried out during Workshop sessions planned during March 1999 and with beta-test site participants.

CQ9
Where is the identity of end user stored

CQ9
Where is the identity of the end user stored ?

CA9
Each OICY2KRAMP licence is allocated an identify code. This code is embedded in the licence number and each file that is upload for Y2K check and remediation reports. Hence the identity is at the local user end and at the OIC host site as part of the licence code.

CQ10
How effective is the asset register

CQ10
How effective will the asset register be and where will it be stored ?

CA10
These Public Consultations are to determine how effective the asset register is considered to be by organisations that are familiar with Y2K problems. The asset register will be stored at the end-user system and coded on the OIC Host system for billing on a per seat basis.

CQ11
Why should I show my position with Y2K Compliance

CQ11
Why should I show what my position is ?

CA11
Because we understand the legislation will encourage companies to reveal their position.

CQ12
How does OICY2KRAMP accommodate check and remediation slippage

CQ12
How does RAMP accommodate slippage in the remediation ?

CA12
The system does not need to cater for dates to complete projects. It is considered that the end- user has the incentive to carry out the remediation as fast as possible without the need for a date. As the reports will be uploaded automatically each month these reports will identify if there is a problem attaining certain levels of remediation. This is when the OICY2KRAMP consultant will call the member to see if they need any assistance.

CQ13
Input of data into OICY2KRAMP

CQ13
How do you input the data into OICY2KRAMP ?

CA13
There are 3 aspects of data input:

1 Creation of Asset Register
2 Recording output of Y2K checking software
3 Monitoring Remediation process

  1. Creation of Asset Register
    At the moment this information has to be keyed after the survey has taken place. There are proposals to transfer data from Asset Registers like MYOB but these are still under investigation

  2. Recording output of Y2K checking software
    The OICY2KCC is currently investigating how many different Y2K Checking and Remediation software packages there are. Although there are 60 or more contact names on Standards Australia Compliancy Tools register, the majority are distributors for products and not developers of Y2K products. During February discussions will be taking place with the developers to work out how the software output files can be linked into OICY2KRAMP. There will be time saving and accuracy benefits if this part of the process can be automated

  3. Monitoring Remediation process
    We believe that the key issue for the Remediation process will be monitoring User Data that is not created by the end user ie Network Data Exchange (NDE) files. These files may be downloaded from the Internet, delivered by Electronic Commerce Value Added Networks (VANS), transfered by LANS or WANS, uploaded from laptops or even from floppy disks. This area will identify which business trading partners and others who do not have Y2K Compliant software. As indicated before, NDE requires further monitoring to refine the process.

CQ14
Dependency on other reporting tools

CQ14
Are you dependant upon another report tool to analyse the checking ?

CA14
There are over 60 Checking and remediation contacts listed on the Standards Australia Y2K site. OICY2KRAMP is not a checking or remediation suite of software. It is an administration system that has been designed to record the Y2K checking and remediation reports for all those and any other product.

CQ15
Timeframe for operational process

CQ15
What time frame are you looking at before the project becomes operational ?

CA15
The plan is to have the full system with the Web site stage for on-going compliance completed by 31/01/99. The OICY2KRAMP member system is now completed and we are seeking beta test partners during February 1999 to evaluate that module. If you are interested please contact Stevan GILLMORE (612) 9448-0390 or e-mail him.

CQ16
Validity of Y2K Due Diligence Compliance Certificate

CQ16
How valid is the certification ?

CA16
That is the question we are asking you to answer. If the process is complete and the messages for Y2K failure sufficient, would you accept an OICY2KRAMP Due Diligence Certificate ?

CQ17
Letters from suppliers

CQ17
`Supply chain comments' box - what will happen in the case of 'ambiguous response'. What are the next steps ?

CA17
Some areas require further in-depth evaluation. This is why we require more members on the technical committees to refine these areas. In addition, a major issue that has to be considered is Custom Written software products. If the supplier has gone out of business and there are a number of clients that use that software but do not have access to the source code, what action will the end-user take ? This is where the OIC can be of assistance by providing programming expertise that may be able to assist remediate this software for all the users.

CQ18
What is the OICY2KRAMP engine

CQ18
What is the OICY2KRAMP database engine ?

CA18
There are 2 aspects to consider, namely: 1 the licensed system 2 the Web site system. The prototype has been developed under Delphi 3 and the Web site system will be Oracle based

CQ19
What happens with custom-built software

CQ19
What happens with a custom-built database ?

CA19
You need to contact the developer and send a series of letters to confirm that the product is compliant or will be made compliant in plenty of time. If the developer has gone out of business then you will find it beneficial to be a member of the OIC

CQ20
Can custom-written software be remediated

Q20
Can that be remedied ?

A20
There is remediation software available for fixing custom-built applications. However OICY2KRAMP Consultants are still evaluating several aspects of this remediation software including the auditing process.

EQ FEES

EQ1
What is the cost of OICY2KRAMP

EQ1
What is the cost going to be ?

A1
The Management Committee is considering a fee of $ 3.00-$ 10.00 per seat per month depending on the function of that seat. This will be for a 3 year contract. This will include telephone support from OICY2KRAMP Consultants. It does not include visits from the OICY2KRAMP member mentor. The fees for these visits will depend on the level of support required.

EQ2
Will the cost be sufficient to support all SMEs

EQ2
Is $10 per SEAT going to generate enough revenue, as most SMEs will only have 1-2 PCs ?

EA2
We may have to set a minimum fee perhaps $ 1,000 to cover the telephone support infrastructure. The OICY2KCC will monitor the costs of support and usage. There will be circumstances which will require special consideration. However all users of OICY2KRAMP will be considered as members of the OIC. This may not include full member benefits see http://www.oic.org/1b.htm).