What every company needs is written assurance that its suppliers will be Year 2000-compliant. But written assurance is not enough. The question is: Does each supplier know that its y2k repair staff is on schedule? How can managers know this? Nothing this big has ever been attempted before.
In any case, fears of future lawsuits may restrict a company's decision to send out written responses.
The Institution of Electrical Engineers has posted a list of questions. I think it is unlikely that many companies have sent out such a form. It is also safe to say that those that have did have not received a 100% response rate.
* * * * * * * *
6.3 SUPPLIER’S ASSURANCE / STATEMENT OF COMPLIANCE
6.3.1 In many cases it is not be practical, possible or cost effective to carry out the compliance checks within the company. In such cases, the supplier is requested to provide the following in writing:
(a) a statement of compliance, stating whether the supplied product is date-sensitive, including Year 2000 compliance
(b) a description of the compliance-checking method used (e.g. static code walkthroughs, checking tools, physical tests, factory acceptance test logs and site acceptance test logs)
(c) a description of the checks carried out (such as those described below and in Appendix C).
6.3.2 An outline initial enquiry letter is discussed in Section 13.5.
6.3.3 Suppliers’ assurances may relate to services and their continuing availability, rather than to products. This may require some differences in approach.
6.3.4 It may not be practical or reliable to obtain assurance from suppliers because:
(a) the supplier may have gone out of business, or not be contactable
(b) the supplier may fail to reply, or may reply in such a way as to cast doubts on the value of any assurance given, or may reply that assurance cannot be given.
6.3.5 It may be possible to ascertain details of, and to contact the supplier of the date-sensitive component in a date-sensitive device and obtain assurance in that way. This however depends on an understanding as to how the component is incorporated into the device and its function in it. The supplier who supplied the component to the supplier of the device may not be able to give this information.
6.3.6 Obtaining assurance from suppliers is also part of the legal audit process. Attention may need to be given to ensuring that efforts are not duplicated and that technical enquiries and information received do not reduce suppliers' legal obligations. See Section 13.5.
6.3.7 Care needs to be taken in placing reliance on statements from suppliers. Points to consider include:
(a) has your enquiry been answered or have you received a standard reply
(b) are any of the commitments conditional and are there phrases which, for example, indicate that the reply is not offered as a statement on which reliance is to be placed
(c) whether the supplier will be in business after the Year 2000
(d) does the statement relate only to standard applications and uses, and if so has your version been modified by you or the supplier in any way
(e) does the statement cover interfaces with other systems or devices and do you systems require such coverage
(f) is the demonstration/proof of compliance adequate
|