by J. Fraser Mann and Alan Gahtan
The Lawyers Weekly - January 9, 1998 (p. 11)
It is important for any organization to establish a comprehensive program to address the Year 2000 problem and to reduce the possibility of claims being made by third parties.
One component of a Year 2000 compliance program is the establishment of a Year 2000 project management office. This office should establish effective project management with priorities, deadlines and appropriate follow-up action.
A senior executive should also be given primary responsibility to oversee responsibility for the company’s Year 2000 compliance. The leadership of a high level executive is required to ensure that the project is given the required priority and to obtain the necessary cooperation throughout the organization.
The first step in a Year 2000 compliance project is to conduct a technical audit to understand the scope of the problem. This would include an inventory and review of the software and systems utilized by the organization. Many organizations require the assistance of suppliers to assess whether certain products, such as software or equipment which contains embedded logic, are susceptible to a Year 2000 problem.
An important component of a Year 2000 compliance program is the implementation of an awareness program to ensure that the issue is addressed not just within the IT department but also for purposes of reviewing devices which incorporate microprocessors or embedded logic. The assistance of all staff, particularly those in the "user" areas, is required to help identify all such vulnerable products.
A legal audit should be performed following the technical audit to review the various agreements and to determine the company’s legal position. The determination of legal responsibilities for the correction of Year 2000 problems should be carried out at an early date. The results of such a review can provide the company with leverage in negotiating with its counter parties. The legal audit should include a review of IT-related contracts and even major non-IT contracts where a disruption could adversely affect the organization.
A Year 2000 compliance program should also include a review of applicable corporate policies. An explicit Year 2000 warranty should be considered for agreements to be made for new products and services. Important decisions will need to be made on how to handle existing contracts that are coming up for renewal and long term contracts where the issue has not been addressed.
Current insurance policies should also be reviewed by a company’s legal advisors to assess whether they will cover risks associated with the Year 2000 problem. Common exclusions contained in many types of insurance policies may preclude claims arising from the problem. Where appropriate, a Year 2000-specific policy should be considered.
An important aspect of a Year 2000 compliance program is to carry out an appropriate investigation of the Year 2000 compliance of key suppliers. Customers of critical products or services will generally require assurances that go beyond contractual warranties. There will not be much chance of recovery if a non-compliant supplier goes out of business or is sued by a large number of customers.
It is now a common practice for an organization to send inquiry letters to all key suppliers. One purpose of such a letter is to obtain information as to whether products supplied in the past are at risk of a Year 2000 problem. A company may rely on the information provided in the response to obtain additional legal protection.
Another purpose of the inquiry letter is to ensure that key suppliers are made aware of the customer’s expectations. Regardless of the strict contractual duties to which a supplier may be subject, a customer may expect its supplier to provide the necessary services or at least assistance in correcting any Year 2000 problems.
Inquiry letters should be addressed to various suppliers in addition to vendors of IT products. For example, they should be sent to vendors of telephone equipment, and other devices with "embedded" logic based on microprocessors (e.g., elevators and HVAC). An organization should also write to other key suppliers, even for non-technical products or services, that are critical to the organization. Any problem encountered by a key supplier could interfere with a company’s ability to meet its own obligations to its customers.
Responses to supplier inquiry letters should be reviewed by an appropriate representative of the company with a good understanding of year 2000 compliance issues. Letters with questionable responses can be reviewed by a larger committee or team. More difficult cases should be referred to legal counsel. Policies should be developed to deal with suppliers who fail to respond or who provide an unsatisfactory response.
In many cases, companies are asking their legal advisors to conduct a seminar on Year 2000 compliance to assist the company in understanding the problem and in mitigating any legal risks. Such seminars can also assist senior management to understand the importance of allocating sufficient resources to address the problem.
Related Sources: Canadian Legal Resources | Cyberlaw Encyclopedia | Entrepreneur Resources | Canadian Technology | Precedents | Alan Gahtan
© 2005 Alan M. Gahtan. All Rights
Reserved | Use is subject to these Legal
Terms
Disclaimer: Not all materials may be applicable in your jurisdiction. Not intended to be a
substitute for professional advice. No implied endorsement of, or affiliation with, any
linked sites. Path to individual pages may change - please link to home page only.
Linking Info