ML20237D000
| ML20237D000 | |
| Person / Time | |
|---|---|
| Issue date: | 08/12/1998 |
| From: | Shirley Ann Jackson, The Chairman NRC COMMISSION (OCM) |
| To: | Horn S, Kucinich D HOUSE OF REP. |
| References | |
| NUDOCS 9808240295 | |
| Download: ML20237D000 (13) | |
Text
-
3 P--
- M# pat
- %>k UNITED STATES NUCLEAR REGULATORY COMMISSION p-WASHINGTON, D.C. 20665-0001 g
%...../
August 12, 1998 CHAIRMAN The Honorable Stephen Horn, Chairman Subcommittee on Government Management, Information and Technology
' Committee on Govemment Reform and Oversight United States House of Representatives Washington, D.C. 20515-6143
Dear Mr. Chairman:
I In response to your request of May 20,1997, I am enclosing the U.S. Nuclear Regulatory Commission's (NRC's) August 1998 quarterly report on the Year 2000 problem as submitted to the Office of Management and Budget (OMB).
. We continue to make considerable progress in addressing our Year 2000 problem according to plan. One additional mission-critical system in the " repair" category has been renovated since the last reporting period. No other mission-critical milestones were due during this time period.
Parallel work is being completed on four of the five remaining mission-critical systems that still need repair or replacement,. and they are on target to meet the Office of Management and Budget schedule. Progress on the one remaining system is dependent on receiving Year 2000-
. compliant software from a commercial source. Contingency plans are in place in the unlikely event that the scheduled implementation on October 31,1998, is not met because the vendor fails to supply the Year 2000-compliant products.
We have also made significant progress on other systems that are not mission-critical. In our last report, we informed you that.we had further classified our non-miselon-critical systems into two categories, business-essential and non-critical, in order to make explicit decisions about establishing priorities (triage).
l Since our last report, we have renovated an additional six business-essential systems. Our current status is as follows:
58%
of our business-essential systems have been renovated
-40%
are being renovated 2%
are scheduled for renovation More than three-quarters of our renovated systems in the business-essential category have also been validated and implemented.
gd,
'7 9808240295 980812 PDR COPMS NRCC
__ CORRESPONDENCE PDR 1
2 We have progressed in the non-critical systems category. We have renovated an additional system since our last report, and the current status is as follows:
38 %
of our non-critical systems have been renovated 13%
are being renovated 49%
are scheduled for renovation
=
More than 85 percent of our renovated systems in the non-critical category have also been validated cnd implemented.
Our Chief Information Officer (CIO) continues to coordinate weekly with NRC senior executives and staff at all levels to ensure that they continue to maintain a high level of awareness of Year 2000 issues and that progress in meeting our renovation, validation, and implementation deadlines does not slip. Monthly Year 2000 status reports from agency offices and weekly status reports from the CIO's Year 2000 Program staff show that we are currently ahead of our established schedule for addressing Year 2000 systems problems.
If you would like a more in-depth discussion of our continued progress with the Year 2000 Program, the agency's CIO and our Year 2000 Program Manager are available to meet with you and members of your staff at your convenience.
Sincerely, b
Enclosure:
Quarterly Report for August 1998 i
i i
r J
1 UNITED STATES g
NUCLEAR REGULATORY COMMISSION
)
WASHINGTON, D.C. 20565-0001 e
1
\\..... p August 12, 1998
)
8 CHAMMAN l
)
l l
1 1
The Honorable Dennis J. Kucinich Ranking Member, Subcommittee on Government l
Management, Information and Technology J
Committee on Government Reform and Oversight j
United States House of Representatives l
Washington, D.C. 20515 6143 j
Dear Congressman Kucinich-In response to your request of May 20,1997, I am enclosing the U.S. Nuclear Regulatory 4
Commission's (NRC's) August 1998 quarterly report on the Year 2000 problem as submitted to the Office of Management and Budget (OMB).
We continue to make considerable progress in addressing our Year 2000 problem according to plan. One additional mission-critical system in the " repair" category has been renovated since the last reporting period. No other mission-critical milestones were due during this time period.
Parallel work is being completed on four of the five remaining mission-critical systems that still need repair or replacement, and they are on target to meet the Office of Management and Budget schedule. Progress on the one remaining system is dependent on receiving Year 2000-compliant software from a commercial source. Contingency plans are in place in the unlikely event that the scheduled implementation on October 31,1998, is not met because the vendor fails to supply the Year 2000-compliant products.
We have also made significant progress on other systems that are not mission-critical. In our last report, we informed you that we had further classified our non-mission-critical systems into two categories, business-essential and non-critical, in order to make explicit decisions about l
establishing priorities (triage).
l Since our last report, we have renovated an additional six business-essential systems. Our current status is as follows:
58 %
of our business-essential systems have been renovated 40%
are being renovated 2%
are scheduled for renovation j
More than three-quarters of our renovated systems in the business-essential category have also been validated and implemented.
l
i 2
We have progressed in the non-critical systems category. We have renovated an additional system since our last report, and the current status is as follows:
38 %
of our non-critical systems have been renovated
+
13%
are being renovated
+
49%
are scheduled for renovation
+
More than 85 percent of our renovated systems in the non-critical category have also been validated and implemented.
Our Chief Information Officer (ClO) continues to coordinate weekly with NRC senior executives and staff at alllevels to ensure that they continue to maintain a high level of awareness of Year 2000 issues and that progress in meeting our renovation, validation, and implementation deadlines does not slip. Monthly Year 2000 status reports from agency offices and weekly status reports from the ClO's Year 2000 Program staff show that we are currently ahead of our established schedule for u Jressing Year 2000 systems problems.
If you would like a more in-depth discussion of our continued progress with the Year 2000 Program, the agency's ClO and our Year 2000 Program Manager are available to meet with you and members of your staff at your convenience.
l Sincerely,
- LJ_,
Enclosure:
Quarterly Repod for August 1998 l
L_.._____________.__________.______.____._._______.
1 Status of the Nuclear Reaulatory Commission's Year 2000 Efforts l
Quarterly Report for Auaust 1998 l.
Overall Proaress. Provide a report of the status of agency efforts to address the Year 2000 problem, which includes an agency-wide status of the total number of mission-critical systems.
Total Number of Number Number To Number To Number To Mission-Critical Systems Compliant Be Replaced Be Repaired Be Retired 7
2 2
3 0
11.
Proaress of Systems Under Repair. Provide a report of the status of agency efforts to address the Year 2000 problem, which includes the status of systems under repair.
1 a.
Status of mission-critical systr ms being repaired.
Number of Mission Assessment Renovation Validation implementation Critical Systems Milestones Sep 1997 Sep 1998 Jan 1999 Mar 1999 Cunent Number 4
4 2
1 1
Complete b.
Provide a description of progress for fixing or replacing mission-critical systems.
Parallel work efforts are addressing all systems still needing repair, and the o
Office of Management and Budget (OMB) schedule will be met.
No deadlines for mission-critical systems being replaced were scheduled for o
this reporting period. Two mission-critical systems are currently being replaced. The first is now 76 percent complete and is on schedule for implementation on December 31,1998. Coding has been completed for the second system, which is currently being tested and will be implemented by October 1998.
j One mission-critical system was renovated during this reporting period. Work e
continues on the following schedule for our three remaining systems being i
repaired:
l l
Enclosure
2 Renovate Validate implement OMB Milestone Dates Sep 1998 Jan 1999 Mar 1999 l Emergency Response Data Sys l 08/13/1998c'-01/31/1999 03/04/1999 l Emergency Telecom Sys l 08/31/1998 09/30/1998 10/31/1998 l Ops Ctr information Mgmt Sys l 09/30/1998 12/31/1998 01/01/1999 c = completed
)
l
- c. Provide a description of progress in fixing non-mission-critical systems.
l 1
Our non-mission-critical systems are assigned to one of two categories in order to make explicit decisions about establishing their priority for repair:
Business-essential Systems: Any system that is integral to agency processes that are required for meeting agency statutory, programmatic, legal, or financial obligations. Typically, the agency could function without any major impact on its operations if any of these systems malfunctioned and was unavailable for up to 3 or 4 weeks while being repaired.
Non-critical Systems: Any system that is not mission-critical or business-essential and whose unavailability would therefore represent only an inconvenience to the agency. Typically, these systems can be unavailable for extended periods (1 to 2 months or more) while they are being rcpaired and manual processes can be readily used in their place, if necessary.
The following progress has been made since the May report (May 1998):
Of 62 business-essential systems-Six systems were repaired, bringing the total to date to 36.
- Of the 36 systems,12 reported as repaired in the last report were validated in this quarter as repaired, bringing the total to date to 30.
- Of the 36 systems,11 were implemented, bringing the total to date to 27.
Renovation has begun on nine additional systems, bringing the total to date to 25.
One system is scheduled for repair, but work on it has not yet begun.
The business-essential system total was reduced by one, reflecting a decision to retire a system previously scheduled for repair.
I 1
l Enclosure l
3 Of 39 non-critical systems-One system was repaired, bringing the total to date to 15.
- Six systems reported as repaired in the last report were validated as repaired, bringing the total to date to 13.
- Six systems were implemented, bringing the total to date to 13.
No new renovations were begun; five systems are currently being repaired.
Nineteen systems are scheduled for repair, but work on them has not yet begun.
l The non-critical system total was reduced by 10, reflecting a decision to retire systems previously scheduled for repair,
- d. Provide a description of the status of efforts to inventory all data exchanges with outside entities.
We have assessed all areas of the agency that have the potential to exchange data with other Federal, State, and local governments, as well as with international and commercial entities. Three systems were identified that exchange data with NRC.
Two of these systems exchange data with one source, and one system exchanges data with six sources.
Discussions with NRC data exchange partners reveal that two exchanges are already Year 2000 compliant and five exchanges do not require NRC to make any changes.
The final data exchange is contained in one of NRC's mission-critical systems. This system was previously reported herein as renovated during this reporting period and is on schedule for implementation in March 1999.
- e. Provide a description of efforts to address the Year 2000 problem in other areas.
Reaulatorv Issues.
On May 11,1998, NRC issued Generic Letter (GL) 98-01 to all licensed utilities with operational nuclear power plants requiring them to inform the NRC of steps they have taken or will take to ensure that their computers have no problems adjusting to the Year 2000.
On June 22,1998, NRC issued GL 98-03 to fuel cycle licensees and certificate 1
holders. GL 98-03 requires addressees to provide (1) written confirmation of implementation of their Year 2000 Readiness Programs, (2) written confirmation that the facilities are Year 2000 ready and in compliance with the terms and conditions of their license or certificate and NRC regulatlons, and (3) updates in late 1998 and mid-1999 on implementation of their Year 2000 Readiness Programs.
NRC intends to send a third information notice regarding the Year 2000 computer problem to materials licensees reminding them of the Year 2000 problem.
Enclosure
)
4 Both generic letters have been placed on the NRC external Web site.
)
I Embedded Chios.
We have analyzed and identified embedded chip systems at the NRC. Forward date testing of some embedded chip systems is problematic since access is limited to embedded chip system control programs. As a result, both industry and NRC rely on l
the manufacturer's certification to establish compliance and, where possible and i
appropriate, in-house testing to confirm compliance.
{
in the area of microcomputers and laser printers, we have successfully tested our l
hardware with available testing software to determine compliance. NRC has a program underway to replace all microcomputers that have non-compliant chips by December 1998.
In the area of local and wide area network computer components, one of our mission-critical systems being replaced covers all of this infrastructure. We previously reported herein that this mission-critical systern is now 76 percent complete, f.
Provide a description of efforts to address the Year 2000 problem for agency buildings.
l
)
All agency building systems have been assessed. We have determined that there are four building system categories that could have Year 2000 issues: Environmental, Fire Protection, Security Access Control and Alarms, and Elevator.
Vendors for these systems have been contacted and written responses have been received.
Environmental Systems Vendor response indicates that these systems are not Year 2000 compliant. We continue to work with the vendor to ensure that compliance is achieved by the OMB implementation milestone date of March 1999.
l Fire Protection Systems Vendor response indicates that the safe operation of our fire protection systems will not be affected by the Year 2000 date rollover.
t Enclosure
5 Security Access Control and Alarms System We have received written certificates of Year 2000 compliance from the vendor.
l Elevator Systems We have written certification that our elevators do not operate on a date-oriented time clock and, therefore, have no Year 2000 issue.
- g. Provide a description of efforts to address the Year 2000 problem in your telecommunications systems.
Telecommunications Eauipment NRC sent letters to its various telecommunications equipment vendors nationwide in order to determine their progress in addressing the Year 2000 problem as it relates to their products. All of the vendors have responded, been contacted by telephone, or had their Internet site accessed to determine status.
Responses and research indicate that 94 percent of our inventory is Year 2000 compliant or is not affected by Year 2000 issues. A small number (6 percent) have been identified as non-compliant and will be retired or replaced.
t We have also contacted our telecommunications service providers to determine their plans to achieve Year 2000 compliance. All of our service providers have responded i
that they are compliant or will be compliant by mid-1999.
1 Finally, during this reporting period, NRC established a laboratory for testing telecommunications and wide area networking products and cervices.
Secure Telecommunications Eauipment We have determined that 100 percent of our secure telecommunications equipment is compliant or are not affected by Year 2000 issues.
j Wide Area Network Telecommunications Eauionunt We have contacted all of the vendors whose equipment is used in our wide area networking infrastructure. We have determined that 80 percent of this equipment is either Year 2000 compliant or is not affected by Year 2000 issues. Another 16 percent of this equipment has been determined to be non-compliant and will be replaced. We continue to actively research the remaining 4 percent to determine its status.
l l
I Enclosure j
l l
l l
6
- h. Provide a description of the status of the Year 2000 readiness of each government-wide system operated by the agency.
NRC has no systems in this category.
- i. Other information demonstrating agency progress.
1 No other information is available.
Ill.
Independent Verification and Validation /Anency Overslaht
- a. Describe your independent validation and verification program.
I Systems repaired by (Year 2000 Program contractors) are being independently verified and validated by a three-level approach. The first level, unit testing, is performed by contract personnel who actually repair the system code. The second and third levels are performed by personnel who are not involved with system repairs.
I The second level of testing is performed by contractor personnel assigned to a permanent quality assurance group, using an established test plan Third-level testing is performed by the system's NRC user. Only when written approvalis received from all three testing levels do we consider the system validated and report it as such.
Systems repaired by NRC program offices (and their contractors) undergo a i
comparable validation process. We report these systems as validated only when the Senior Executive Service director of the responsible office has certified as such in writing.
I
- b. Describe how your Department / Agency is organized to track progress in addressing the Year 2000 problem.
4
- 1. Describe responsible organizations for addressing tha Year 2000 problem and provide an organization chart if organizations have changed from the previous report.
Arnold Levin continues as the agency's Year 2000 Program Manager. His title is l
I
" Director, Applications Development Division." The Year 2000 Program Manager has day-to-day responsibility for NRC's Year 2000 Program and reports directly to the NRC Chief Information Officer (CIO). The CIO has overall responsibility for the NRC's Year 2000 Program and reports to the Chairman.
I Enclosure w____-__-_-______-
a
7
- 2. Describe prccesses for assuring internal accountability of responsible organizations. Include any quantitative measures used to track performance and other methods to determine whether the responsible organizations are performing according to plan.
Internal accountability for performance of Year 2000 activities is assured through continuous monitoring of progress against established milestones. To ensure proper accountability for Year 2000 activities, we require that Senior Executive Service directors of agency offices submit monthly progress reports to the CIO on their efforts to repair or replace systems that have the Year 2000 problem.
The Chief Information Officer (ClO) and other senior managers meet with the Chairman daily to discuss events that have transpired in the last 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.
Depending on need, the CIO mentions significant changes that have occurred in his programs, which includes the Year 2000 program.
On a more formal basis the CIO and the Year 2000 Program manager have briefed the Chairman on Year 2000 status, on average, every three months.
The CIO also briefs the agency Executive Council, consisting of the Executive Director for Operations, Chief Financial Officer and the Chief Information Officer on a monthly basis to discuss Year 2000 issues or any other issues needing the attention of the most senior agency managers.
Additionally, Year 2000 Program staff meet with contractor management weekly to review milestones for system repairs and replacements. Information received from reports described herein are used to update a central Year 2000 system inventory database. Reports from the database are prepared weekly to show the status of Year 2000 system repairs and replacements as measured against established milestone dates. These reports are analyzed and reviewed with the I
CIO every week. To date, data indicate that we are ahead of schedule in l
addressing Year 2000 issues.
- 3. Describe the management actions taken and by whom when a responsible organization falls behind schedule.
The Year 2000 Program Manager reviews progress reports on an ongoing basis and reports deviations from established schedules to the CIO. If any deviations are reported, the CIO will discuss them with managers who are responsible for the systems. As part of this discussion, the CIO will determine remedial actions to be taken. The CIO will periodically brief the Chairman, the Executive Director for Operations, and the Chief Financial Officer of the NRC on any schedule deviations I
and the status of remedial actions taken. No deviations have occurred to date.
Enclosure l
l l
8 IV.
Continuity of Business Plans.
Describe your agency's approach to ensure continuity of your core business functions.
NRC has an established program that develops, maintains, and updates the agency's business continuity plans in accordance with Federal guidance, including OMB Circular A-130, Appendix Ill," Security of Federal Automated Information Resources." The objective of this program is to ensure that appropriate business continuity plans are put in place for all of the NRC's general purpose systems and major applications, which include the mission-critical applications identified under the Year 2000 program. The process of developing the plans entails several steps:
Conduct a business impact analysis and risk assessment.
Develop a security plan.
Test the security plan.
Certify and accredit the system.
Develop a disaster / business continuity plan.
Train personnel and test the disaster / business continuity plan.
The Office of the Chief Information Officer uses contractor resources, obtained through the General Services Administration's multiple award contract for computer security services, to assist with its efforts in this area, including the conduct of facilitated risk assessments and development of plans.
NRC's business continuity plans cover a wide range of possible events, ranging from I
routine software and hardware problems to major natural disasters. One such event s
would be a software failure stemming from an undetected Year 2000 problem. NRC has made a special effort to ensure that contingency plans for its mission-critical systems I
contain elements that specifically address failures resulting from the Year 2000 problem.
Compared to large, complex applications dealing with millions of records and complex l
real-time processes, NRC mission-critical systems are relatively simple and deal with a volume of information that is small enough to manage by manual means, if necessary or if automation is temporarily unavailable. Our contingency plans are commensurate with the nature of our mission-critical systems. We are confident that the plans we currently have in place are sufficient to address Year 2000 issues.
NRC's seven mission-critical systems support three core functions. One system supports the interchange of information agencywide and is integral to all agency operations. Three interrelated systems support our response capability in the event of a nuclear emergency. The remaining three systems support the tracking and inspection of nuclear materials. These three groups of systems are independent of each other and have no complex interrelationships with any other systems except for dependencies on the U.S. telecommunications infrastructure.
\\
Enclosure o
9 l
V.
Exception Report on Systems There are no exceptions to report.
VI.
Systems Scheduled for Implementation After March 1999. Include a list of those mission-critical systems where repair or replacement cannot be implemented by the March 1999 deadline.
All mission-critical systems will be implemented by the March 1999 deadline.
Vll.
Other Manaaement Information.
- a. Costs.
Fiscal Year 1996 1997 1998 1999 2000 Total Current Cost 0.0*
2.4 4.0 3.9
.6 10.9 Item is $45,000.
- b. Explain dramatic channes in cost.
There are no changes in cost.
)
- c. Chanaes to schedule number of mission-critical systems. number of systems behind schedule. or number of systems scheduled to be implemented after March 1999.
There are no changes to our schedule or to the number of mission-critical systems.
We have no mission-critical systems scheduled for implementation after March 1999.
- d. Concerns with the availability of key personnel No concerns exist about the availability of key personnel.
- e. Problems affectina proaress?
In some instances, the pace of our work depends on the schedule that commercial vendors have established for releasing either updates to existing products to bring them into Year 2000 compliance or entirely new releases that are Year 2000 compliant. We are in constant communication with these vendors in order to work with them to ensure that the products we need are available on time. The failure of these vendors to provide Year 2000 compliant products on time may adversely affect the schedule for some of our systems.
If you have any questions, please contact Arnold E. (Moe) Levin at 301-415-7458 or via electronic mail at AEL1@NRC. gov.
Enclosure 1
l i
.j