UK Govt: 75% of companies that think they are ready are notgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
From UK government Y2K site, dated 17 March 1999:
Action 2000s latest wave of research findings gives a detailed account of the state of preparedness of UK SMEs. Action 2000 is the official body set up with government support to help you. Through research we have found that 75% of companies that think they are ready are not. Theyve checked their PCs and IT systems, but they havent checked all the other equipment containing embedded microchips. They havent checked that their customers and suppliers have done the same. If a business you rely on isnt ready, you arent ready!
Cut and pasted by
-- Old Git (firstname.lastname@example.org), March 17, 1999
Good morning Old Git,
Thanks for post.
-- Watchful (email@example.com), March 17, 1999.
This looks important.
How about a URL or link?
-- Rick (firstname.lastname@example.org), March 17, 1999.
Sorry, am very short of time these days, forgot in haste to post:
-- Addled Old Git (email@example.com), March 17, 1999.
Link, post haste
-- punny! (firstname.lastname@example.org), March 17, 1999.
Oh GOOD one!!!
-- Chuckling Old Git (email@example.com), March 17, 1999.
Well, I guess if the government said it, it must be true.
Or maybe bad news trumps an unreliable source?
C'mon now people, where are all the government haters when we need them? I can't believe everyone is swallowing a government press release just because they like what it says. Why, why, that would be ... hypocritical!
-- Flint (firstname.lastname@example.org), March 17, 1999.
Flint, unlike US government spokespersons, the British are pretty consistent over time with their private AND public pronouncements. You cannot say the same of the US spokespersons, whose estimates of the situation change as often as North Carolina spring weather, sometimes within 24 hours. (It was 76F in Durham on Tuesday, by the way.)
-- Old Git (email@example.com), March 18, 1999.
Flint. When a government or corporation is admitting that there are serious problems with systems that they are responsible for, then in all probability there are serious problems. When they deny that there are problems, then either there are no problems OR they are bullshitting us. So we investigate. Here, Action 2000 is admitting that they have drastically failed in their efforts to raise y2k awarenes, and to explain the details of the problem to those who have to fix it. Whyever would they be deceiving us?? To make themselves look like idiots? Are you saying that this article isn't bad news?
-- humpty (firstname.lastname@example.org), March 18, 1999.
I certainly can't claim this is good news, no. But the 'reason to lie' argument might cut both ways.
Elsewhere, I've see at least three theories put forward for this government statement: (1) The government is worried about complacency and is trying to raise the bar for due diligence; (2) The government is trying to spike the guns being leveled at them by Guenier's Taskforce 2000; (3) The government is laying the groundwork for a power grab!
If it's really true that an organization thinks they're done without having looked at embedded systems that bear directly on their operations, this is quite serious. If this is true of 75% of organizations that think they're ready, this is astounding. It implies a blind spot in British remediation that defies belief.
The idea that everyone should be responsible for everyone else's business really bothers me. How do you go about 'checking' that your suppliers are ready? Especially if your own definition of readiness has such gaping holes that you've forgotten about your equipment!
Gary North raises this point regularly, but doesn't recommend any method of implementation. So X Corporation is 'monitoring' their critical suppliers? What does this mean? If we move beyond North's sarcasm, we encounter some really tough questions.
If you were my supplier, would you welcome my active involvement in examining your code and data? Short of this, why should I believe your answers to my questionnaire? What if I asked the wrong questions? Is the y2k threat large enough to override otherwise valid reasons to protect proprietary information from your business partners? I don't know. I've written a lot of embedded code (containing NO date logic) that I wouldn't be happy letting anyone else examine and maybe steal. Should they trust me when I tell them that there's no date logic in there, don't worry? Are my customers dropping the ball if I don't let them look at it? Should you take my word for it that there's no problem, or is this just another hollow vendor assurance that Action2000 is properly concerned with. If you do take my word for it, do you fall in that 75%? I see no easy answers to these questions.
I'd love to see some workable definition of 'sufficient' attention to the efforts of businesses you depend on. But I can't imagine anything even close to agreement as to what that definition should cover.
Anyway, without some such standards, it's impossible to say that 75% of businesses haven't done enough. But I can understand the researchers' opinion that 75% of organizations declaring readiness have done so prematurely, if that's what they're really saying.
-- Flint (email@example.com), March 18, 1999.
ok. Good answer.
-- humpty (firstname.lastname@example.org), March 18, 1999.
Flint, you've inspired me to try to put a positive spin on a negative article! Here goes...
While it might seem bad that 75% of UK companies who think they're remediated have done such a half-arsed job, it really isn't SOOO bad because 75% of such a small number, i.e. the number Uk companies who report being finished, turns out to be a really small number of companies with this problem.
Do I feel better now??
-- humpty (email@example.com), March 19, 1999.
Good point. It isn't clear how many companies fall into this group. I don't have a good feel for the degree that British lawyers (or is that solicitors and barristers) have stifled compliance announcements.
In any case, we know that 100% of companies that think they're done can't prove it. You can never prove you have no bugs. You can reach a comfort level, and there can be legitimate disagreements as to where this level should be. And I still don't know quite what it means to 'check' your customers and suppliers. SMEs aren't known for having the resources to do much of this.
Would I declare compliance rather than accept government 'help'? I don't know what the rules are.
-- Flint (firstname.lastname@example.org), March 19, 1999.