from Evaluating Success of a Y2000 Project
by Howard Rubin and Brian Robbins
The Information Economics Press, 1998

Comments about Y2000 Test Certification by Paul Strassmann Policy-making executives must find new ways how to obtain trusted assurance about the reliability of measures taken by computer experts on their behalf to prevent year 2000 failures. Who will deliver assessments of the risks of business interruption and how can top management anticipate what could be charged against them as negligence if the systems organizations involved - whether they are vendors, consultants or company employees - may be neither liable nor accountable for errors of commission or omission? Who is trustworthy if everyone involved has a potential conflict of interest in the outcome of such a risk assessment that may surely lead to costly litigation? There are precedents for creating trusted and independent institutions that would offer expert certification attesting that what is alleged is indeed true. For instance, the concerns about the reliability of accounting records has led to the formation of auditing firms that will certify compliance of financial accounts with generally accepted standards. There are materials testing laboratories that attest the adherence of steel and concrete samples to industry-sanctioned specifications. The conformity of articles of commerce with generally accepted standards was seen to be of sufficient importance to merit a reference to standards for weights and measures in the Constitution of the United States. As the economy of advanced societies increasingly relies exclusively on transactions created, supported and conveyed by software it becomes imperative to find new ways to assure everyone involved of the reliability and trustworthiness of electronically transmitted data. That calls for standards that would define the criteria for judging what are trusted software-based processes. That makes it necessary to create institutions that would be accountable for delivering independently verifiable attestations about conformity of software with publicly promulgated and generally accepted testing standards. The assessors of Y2000 liabilities will need exceptional technological know-how and verification tools to come up with independent evaluations that can be backed by insurance. Amid the confusion about the soundness of conflicting technological claims, corporate executives will surely find it comforting to obtain independent checks of the validity of the vendors' claims as long as there is a public standard against which to compare facts against allegations. Information services assessment enterprises will become the growth sector of the consulting business. Such groups may end up as the underwriters of technology risks arising from poorly functioning software. The reliance on independent certification of software becomes especially critical for all firms that have divested themselves of an independent capacity to make judgments about their computer investments. Such a condition would be especially acute in cases where outsourcing of their information technologies to service companies or shifting total reliance on software designed and maintained by software firms increases the dependency on others. The new assessors may therefore evolve and become the risk insurers against technological and economic disasters that nowadays are endemic to the poor software management practices that are present in virtually all organizations. To limit the risks of Year 2000 failures the Software Testing Assurance Corporation engaged professionally recognized specialists in testing of software to draft a Y2000 Testing Certification Standard (see http://www.stacorp.com). At a meeting of some of the most renowned software experts held January 29, 1998 at the Software Productivity Consortium the proposed standard was discussed and transferred to the public domain for further processing as a proposed industry standard. These steps are seen as the start of a concerted long-term effort to establish an independent software certification capability in the USA.