July 1998 - O.K., yes, this IS yet another article about the Year 2000.  But this is serious stuff.  It�s shaping up to be the most significant business challenge that companies in all industries have faced, not to mention a financial bonanza for the legal profession.  Given the continuing lack of real data about how many systems and chips will react, it gives everyone their biggest opportunity yet to practice realistic risk-assessment and contingency planning. 

Are you ready? 

As is widely known by now, this is a relatively trivial technical issue in its origins, yet its operational implications grow wider and wider the more you look at it.  Technically speaking, replacing all your computers in 1999 with new models and new software would take care of that aspect, but what about the elevators?  Fire alarm systems?  How do you respond to customers who want details of your progress, and promise to stay elsewhere if you can�t give them a good answer?  How sure are you that your suppliers will still be in business for you?  And then there are the demands of the SEC, which requires disclosure of Year 2000 compliance measures (and their cost) for all publicly traded companies, and of your auditors, who will require verification of these plans and evidence of action against them before signing off on your books. You can�t put off taking action. 

Recent surveys are showing that both the extent and the awareness of the problem are growing.  A Cap Gemini America survey of 128 US companies (reported in the April 13 issue of InformationWeek) showed that in just three months, from December 1997 to March 1998, the proportion of companies polled that had experienced a Year-2000-related failure rose five-fold, from 7 percent to 37 percent.  And despite the banks and credit card companies� continued efforts to update all their equipment we still hear of people being refused credit for having cards that expire in 2000. 

The issues fall into three categories: 
 

Technology 

The technology issues can be sub-divided into three areas: computer systems, building systems, and equipment with embedded chips.  Computers are, of course, where the focus of attention has been up to now, and where most corrective effort has been directed.  Building systems � fire alarm systems, elevators, energy control, security systems - were originally thought to be fairly straightforward, being mostly electro-mechanical, although needing especially careful evaluation because of their fire/life/safety implications. 

The big unknown has turned out to be the embedded chip issue, as the enormous variety and number of control chips integrated within modern equipment � including building systems, printers, fax machines, kitchen equipment, etc. - has become apparent.  Some of these chips may be running internal date/time routines whether or not their host equipment requires them.  With no means of checking or changing such settings, it�s very difficult to find out whether the equipment will ignore the century date change, start acting strangely, or simply shut down completely. 

On the computer front, companies with older, mainframe-based systems have the biggest headaches, just from the sheer volume of code that must be reviewed and corrected.  Help is available from many sources for this, but it is still a long, tedious job, and testing the corrected code takes at least as long as fixing it.  Regression testing is essential to make sure that nothing that worked for this century was broken by the fix.  Testing for future cases needs to be especially thorough and detailed since (by definition) Year2000+ dates can�t be entered to create a �before� baseline.  All in all, a major � and costly � labor effort. 

But if, like most hotels, you have no mainframe computers, and if you�re planning to replace all your obsolete PCs and upgrade all your software in 1999, are you off the hook?  Not by a long way, unfortunately. 

Suppliers and Customers 

It�s not just your own operation.  You may have taken advance steps to ensure your own systems will be running perfectly, but if your main vendors suddenly stop deliveries because their systems (or their suppliers� systems) are having problems, you still have an issue to face.  The computer and embedded-chip issues affect everything from elevators and energy management equipment to industrial and chemical production line machinery.  The potential for disruption of all kinds of modern production processes could impact the whole supply chain, and every product and service you get from an outside vendor.  You need reassurance that they�re still going to be in business in 2000.  And if your systems interact directly with theirs, coordination of any interface upgrades becomes essential if their problems are not to become yours. 

Equally, your customers need to be able to rely on you to continue to meet their needs.  You�ve probably already received many letters from major customers asking for (or in some cases demanding) information about your state of readiness, plans and budget, so that they can assess whether they want to risk continuing to give their business to you.  Some you can ignore; some you must not.  It all depends on your situation, and on your relationship with them.  Everyone is both a supplier and a customer, and everyone�s looking for reassurances in an increasingly complex and interrelated situation. 

Document Everything 

The sensitivities of our litigious society add enormously to the whole identification and remediation process.  This is the real world; it�s messy, things occasionally go wrong and guests are upset.  And if they try to pin the cause of their dissatisfaction on your lack of readiness for Year 2000, you need to be able to prove, in court, that you took all reasonable steps to prevent disruption. 
But getting hard proof of readiness is difficult, because this is such a tremendously complex, inter-related environment.  Each computer system runs on a specific piece of hardware, with a specific operating system, and may interact with any number of other systems.  No vendor makes every component of the products it sells; chips, boards, drives, operating systems may all come from different suppliers.  For any company to come out and state unequivocally that the products it sells will not cause or suffer any disruption when the century date changes, in any installation or when interfaced to any other system, is therefore extremely difficult. 

There are no absolute guarantees.  Given that, every step you take to identify the risks, to implement corrective action where possible and to obtain appropriate, believable reassurances from vendors must be documented.  Even your internal policies and communications procedures must be covered; if a guest riding up the elevator with a bellman asks casually, �So what about these elevators?  Are they going to fall out of the sky in January 2000?� the bellman�s response could have far wider implications than you might expect.  Many lawyers believe that it�s just a matter of when, not if, most hotel companies end up in court over some Y2K-related guest-dissatisfaction or breach-of-contract issue.  You have to be able to prove your case. 

�Silver lining� department 

A lot of good does actually come out of all this, of course.  Opening discussions with your important customers about the timely and appropriate precautions you are making is a great excuse for a sales call.  Reviewing the support capabilities of your key suppliers and defining contingency plans in case of failure is invaluable; just ask hoteliers in Quebec after last winter�s ice storm.  Looking at the status of your own internal equipment and procedures will highlight obsolete items that should be replaced in any event.  And what a wonderful opportunity to catch up on the inventory details, network diagrams, back-up and emergency procedures and all the other internal support functions you�ve been meaning to get around to for years! 

A Game Plan 

So what steps should you be taking to ensure that you�re as ready as you can be? Taken individually, the tasks aren�t difficult; 
 

The absolute priority is executive sponsorship from the highest levels.  Awareness of the importance of the issues, the essential need to address them and the need for consistency in the messages given to the outside world must all be spread throughout the organization, and they have to start at the top.  If your CEO hasn�t put himself at the head of your Y2K effort, you need to do some serious talking and selling � see the sidebar.  Without total, fully-committed support at all levels, the task becomes impossible.  Yes, you still have a hotel to run, and guests to satisfy � but you must also, absolutely, devote time and resources to being Y2K ready. 

Teamwork 

The best approaches use multi-departmental project teams, one at your corporate office and one at each property.  The make-up of each team is the same; members representing: technology; building systems: elevators, fire/life/safety, energy management, etc.; sales & marketing, to address customer concerns;  purchasing, to coordinate supplier issues; and, communications, to ensure that media issues are addressed consistently and without endangering the company�s legal position, and to ensure that all members of the organization are aware of the project, its progress and how to deal with outside inquiries. 

One member of each team should be designated as Project Manager.  This should not be the Systems Manager, who�ll have enough to do without dealing with any misplaced assumptions that the whole thing is a purely computer problem.  Each hotel team should report to the property GM, who, after all, continues to have overall responsibility for the property�s profitable operation, and thus for its Year 2000 readiness.  It must also keep the Controller informed; this does all take money, after all.  At the Corporate level, the overall team should report to the top executives of the company.  Each property takes responsibility for the compliance of its own operations; the corporate team handles company-wide issues and standards, coordinates all resources and acts as an information resource. 

Inventory 

Let�s start with the technology.  Take a detailed inventory of both IT and building systems, and keep the documentation.  Rank everything according to its risk factor, starting with fire/life/safety systems, then running through critical operational systems (PMS, S&C, PBX, Accounting), then moving down to those with the least impact.  Identify what needs to be done to correct every system � and document it.  Even if nothing needs to be done, document why not.  Set a project schedule for each, document it, and then carry it out. 

For equipment with embedded chips, the only way to determine the potential impact is to check with the equipment vendors on which chips were included in their products, what they know about their behavior and what they recommend.  Then make your own decisions on the need to replace the equipment, based on your comfort level with the vendors� responses and your assessment of the risks involved in equipment failure.  If in doubt, hire a consulting engineer to inventory your systems, determine what chips are included, and check them against a database of chips known to have problems. 

Don�t hold off until every last piece of information is in before starting corrective action; you already know what your top-priority, high-risk systems are.  Find out what their status is and, if necessary, do something about it right now.  The team can continue to identify all the more peripheral issues, but you cannot afford to delay on such things as fire/life/safety issues.  The self-scheduling extractor-hood scrubbing system in the kitchen can wait till later. 

Make the choice between those systems you must test, and those for which you will accept the vendor�s advice as to readiness.  Set up a test lab to confirm for yourselves what the vendors are telling you about your most critical systems.  After all, they may not have had the time or resources to test your particular combination of interfaced systems and hardware/ network parameters.  Run some tests on your PC-based applications, but always in isolation; do NOT attempt to run tests on your live, operational systems.  There is too much to back up, too much to lose if you have a back-up program that automatically deletes archives when they pass a certain age�. 

On office-automation PC applications � especially spreadsheets (and their macros) and databases � you�re pretty much on your own.  You need to make sure your base, default date formats are set to use four-digit years, you need to check that your reports and macros use them properly and report and sort data accurately and in the right order.  Macros?  Departments tend to write their own as the need arises; if you upgrade or change the systems they interact with, the same departments will have to fix them.  Again, not technically difficult, but tedious and painstaking.  Run some tests on a stand-alone PC, come up with guidelines for each application, and then monitor their implementation by the departments that use them. 
 
A Plea for Cooperation 

One of the sad things about the current situation is the huge amount of duplicated effort going on.  Everyone�s taking stock of their systems, trying to find out just which versions they�re running, checking their readiness status with the vendors, asking the same questions over and over.  Most, however, are unwilling to share the results of their research, both from seeing it as a competitive advantage to be ahead of others, and from fear of legal liability if information shared turns out to be incorrect, however much good faith was involved in obtaining or sharing it. 

What would really help is for an independent body � AH&MA, HFTP, perhaps one of the trade publications � to step up to the mark and compile an industry clearing house of vendor information, with all responsibility remaining with the vendors who supply the information.  This information should be as detailed and comprehensive as possible.  It�s pretty unhelpful for a vendor merely to state that �all our products are Y2K compliant, but whether the applications you build with them are, or whether the equipment they run on or interact with is, is your problem, not ours.�  While this may have some legal rationale, vendors who rely on such weasel words should expect their customers to remember the attitude when the madness is over and it�s time to order new equipment. 
What�s needed is a clear statement of which versions of what equipment or software have been tested to be Y2K-ready, running in what environment and interacting with which versions of other systems.  Each vendor must obviously concentrate first on its most widely-used configurations, but it could also act as a central information coordinator for those users of its less common options who do have the incentive to evaluate them and are willing to share the results. 

Customers/suppliers 

Involve the lawyers in preparing responses in both areas.  You�ll need to respond in good faith to your customers who are looking for re-assurance, but you can�t make impossible promises.  You need to ask for re-assurance yourself from your suppliers, both in general and when you sign purchasing contracts, but you can�t make impossible demands on them, either.  And in both cases, you need to safeguard your own position should you be challenged in court.  Get legal advice on how to phrase your letters, while keeping in mind that you�ll continue to do business with these companies into the new millennium � so don�t just send a belligerent, demanding form letter to them and expect everything to be fine.  Some companies have claimed, as evidence of their in-depth focus on readiness, the sheer volume of letters they�ve sent out.  But 400,000 letters that are all alike �and which ask for full details of the supplier�s complete inventory and Y2K budget � are both ineffective and counter-productive, because they�ll just get ignored and lead to soured relationships. 

Should you respond to customers� letters or not?  Take it case by case.  Any response must be appropriate; important customers deserve some response that should be as reassuring as possible.  But few companies will respond to anything that requires them to guarantee compliance; there are just too many dependencies in the supply chain.  You do need to let your suppliers know that you expect them to be ready, and to advise you of what approach they�re taking to ensure that.  You�ll have to exercise your usual fine business judgement to balance the conflicting advice of the Lawyers � �don�t say anything, anything can be misconstrued� - and Marketing � �we�re ahead of the game, tell everyone we�ll be fine, come and stay with us!� 

And in all this, don�t forget communications, internal and external.  Year-2000 horror stories make great �doom-and-gloom� newspaper copy; everyone can grasp the issue, everyone likes to speculate about the outcome, and in the absence of real, accurate data imaginations run riot far too easily.  The press will come looking for stories, playing up the �helpless consumer� angles.  That innocently-posed guest question about the elevators failing may not be so casual after all. 

You must have a documented communications policy, clearly known to your staff.  Be prepared with a calm, reasonable response, with clear statements but no guarantees, and make absolutely sure that everyone in your organization knows to funnel media inquiries through your PR department.  Internally, keep up the awareness all the time.  If everyone knows what the issues are, everyone will have it on their minds and can report back situations that may have been overlooked at first.  And a well-informed and well-trained staff will know how to respond to casual remarks by guests, and can avoid being drawn into off-hand responses. 

Priorities & Contingencies 

When defining priorities, keep in mind what you can reasonably handle, and what is beyond your control.  You can certainly make sure that your reservations and accounting systems are ready; the naturally-competitive business world will make sure that vendors whose systems lag in the readiness stakes fall out of the market.  The same applies to hotels, of course, as suppliers to the traveling public; those that fall behind in their readiness plans can expect their customers to migrate to properties that have already addressed the problem. 

The scary part has to do with the big monopolies and government, where the laws of competition just don�t apply.  There�s nothing you can do to find alternative suppliers for their services, but you still need to consider their impact.  Your action plans are probably limited to constant communication with them to monitor their status, and to the careful and realistic preparation of contingency plans.  If your local utility fails to supply you with electricity, how long can you keep your generators running?  If the FAA doesn�t upgrade its systems � its track record to date isn�t exactly encouraging � and all airline schedules are disrupted, how are you going to cater for the guests who can�t leave? 

Assume nothing.  While most law firms are focusing on providing advice to their clients on how to avoid legal problems, seminars are nonetheless being held across the country to advise others on how to go mining for potentially lucrative Year-2000-related situations.  You may already have received one of the several �set-up� letters currently circulating, often taken from templates on the Internet.  These come from people who claim that they�re thinking of staying at your property and request that you send them absolute reassurances that there will be no disruption whatsoever.  The letters are riddled with key phrases that, if responded to, could lay you wide open to later prosecution on the flimsiest of grounds � and that is their sole intent and purpose.  There�s also been some discussion on whether it�s possible to sue companies now for failure to make adequate preparations for Y2K, in other words before any actual disruption has occurred.   Consult your attorneys, come up with appropriately worded responses, take action on a reasonable plan, and stay alert. 

It�s Just Another Business Issue 

In all of this, keep in mind that we�ve been down this road already.  Business disruptions already happen, clients are disappointed that their stay was less than anticipated, and they want compensation.  Hotels have received letters stating that certain equipment standards (e.g. for fire alarms, sprinklers, etc.) must be met before they will be considered for government business, and so on.  In essence, Year-2000 readiness is just another conduct-of-business issue, albeit one with wider implications than usual. 

We may be  - and I hope we are - at the worst point of the whole problem, where enough people have become aware of its enormous complexities and implications to be very concerned, and yet not enough real information has become available to assuage these fears.  As more testing is done by system manufacturers, and as more hoteliers gain clarity about the status of their systems and suppliers, sensible risk assessment and contingency planning can take precedence and business can continue, albeit warily. 

But unless you�re already taking action on this, and if a continuing fear of litigation prevents manufacturers from releasing information about their chipsets � or their lack of knowledge about them � or if a misplaced sense of a marketing advantage prevents hoteliers from sharing what information they�ve gathered and jointly considering how to handle potential problems, it could get awfully quiet after New Years Eve, 1999� 

Jon Inge is an independent consultant specializing in property level technology. He can be reached at [email protected] or at 206.546.0966.