U.S. DEPARTMENT OF LABOR Employment and Training Administration Washington, D. C. 20210 |
CLASSIFICATION
UI/Y2K |
CORRESPONDENCE
SYMBOL
TEUT | |
ISSUE
DATE
September 16, 1998 | |
RESCISSIONS
None | EXPIRATION
DATE
September 30, 1999 |
DIRECTIVE |
: |
UNEMPLOYMENT INSURANCE PROGRAM LETTER NO. 46-98 |
TO |
: |
ALL STATE EMPLOYMENT SECURITY AGENCIES |
FROM |
: |
GRACE A. KILBANE |
SUBJECT |
: |
Year 2000 (Y2K) Business Continuity and Contingency Plans for State Employment Security Agencies (SESAs) |
Purpose. To advise State Employment Security Agencies (SESAs) of the Department of Labor's (DOL) policy concerning Y2K Business Continuity and Contingency Plans; to provide guidance for developing business continuity and contingency plans; and to require the submission of plans for unemployment insurance (UI) critical business functions.
References. Employment and Training Administration (ETA) Handbook 336, 15th Edition, State Agency UI Program and Budget Plans (PBP) Planning and Reporting Guidelines; U.S. General Accounting Office (GAO) Year 2000 Computing Crisis: Business Continuity and Contingency Planning document, published August, 1998; and UI Information Technology Support Center's Planning Guidance Document for Year 2000 Contingency Planning, published August 1998.
Background. Federal agencies are required to submit Y2K quarterly progress reports on mission critical systems to the Office of Management and Budget (OMB) which has Federal oversight responsibility for Y2K matters. For the purpose of these reports, all benefit systems, including the UI programs operated by SESAs, have been defined as mission critical systems. OMB has further required that contingency plans be developed for all mission critical business functions that might be impacted by Y2K failures. This requirement means that all SESAs must develop individual Y2K Business Continuity and Contingency Plans for critical business functions associated with the operation of their UI Benefits and Tax programs. SESAs' progress in developing these plans will be reported in the OMB quarterly reports.
It is important to note that Y2K contingency planning is not an IT function, but represents a business function and should be developed by program personnel in conjunction with IT staff. Deciding what to do in case of automation failures requires an understanding of current business processes and day-to-day operations. The development of alternative processes that circumvent current automation support relies on expertise and program knowledge that primarily resides in the program operations areas of SESAs rather than in IT organizations. Additionally, assigning key Y2K staff the lead role in contingency planning might detract from crucial remediation efforts and may result in project failures.
Use and Scope of Plans. SESAs will activate contingency plans as necessary to ensure that critical UI business functions and key support processes are maintained in the event of Y2K failures. A SESA's plan must be coordinated with its Information Technology (IT) support teams responsible for Y2K compliance efforts and must be developed in concert with its risk management program. This will help assure an agency-wide approach to UI business continuity and reduce the potential need to implement these plans.
Contingency plans will help ensure that SESAs continue to provide at least a minimally acceptable level of support in case of Y2K-related system failures. By identifying risks, developing mitigation strategies, and defining contingency processes that are independent of failed systems or interfaces, SESAs will be able to continue to take claims, pay claimants and collect employer UI taxes until systems are fixed and normal business operations are resumed.
Y2K failures can occur internally within the SESA automation environment or can occur due to a host of external forces which are unpredictable and outside the control of the SESA. Internal system failures could occur due to delays in the SESA's Y2K remediation efforts or sudden loss of key agency or contractor staff. External failures could occur due to data-trading partners, e.g., banks, Y2K problems and/or unanticipated problems with vendor provided software.
Planning Methodology. A two-phase planning process, developed by the UI Information Technology Support Center (ITSC) in conjunction with their recently conducted "Year 2000 Contingency Planning Workshops," is the approach recommended by ETA. Phase I covers planning, business process evaluation, risk assessment (including both internal and external risks and threats) and strategy development. Phase II provides business continuity assurances by defining alternative solutions, performing trade-off analysis, selecting a contingency solution, establishing trigger points, developing a deployment and implementation plan to move to contingency operations, and developing a reinstatement and reconciliation plan to stop contingency operations and restart automated operations using the repaired systems or interfaces.
Additional guidance on business continuity and contingency planning is contained in the UI ITSC's Planning Guidance Document for Year 2000 Contingency Planning and in GAO's Year 2000 Computing Crisis: Business Continuity and Contingency Planning document. These publications may be obtained from the UI ITSC's web site, located at http://www.itsc.state.md.us.
Plan Format and Instructions. SESAs will prepare two Y2K Business Continuity and Contingency Plans--one for UI Benefits and one for UI Tax. Each plan should identify critical functions, risks and threats, strategies to mitigate the identified risks and threats and the selected contingency solutions designed to support continued operations in the event of Y2K-related failures. At a minimum, each plan should contain three sections: (1) a list of core business functions, (2) a completed Business Continuity Planning Matrix, and (3) a detailed description of the selected contingency solutions as listed in the Business Continuity Planning Matrix. Comprehensive implementation plans should be developed by SESAs for those business functions most at risk from internal and/or external Y2K related failures.
A list of Core UI Business Functions, developed by a National Office UI program team, is provided in Attachment 1 and represents a generic identification and prioritization of functions. The list is not inclusive and may vary from SESA-to-SESA. A sample Business Continuity Matrix is also included in Attachment 2.
Contingency Planning Workshops. The UI ITSC conducted three "Year 2000 Contingency Planning" workshops for SESA staff during June, July, and August. All SESAs, including those that have not sent staff to these seminars, are encouraged to have the contingency planning team members review and use the ITSC planning process and methodology materials presented at the seminars. Supporting documents and materials are available on-line at the UI ITSC web site.
Action Required. Administrators are to:
Develop plans addressing the UI benefits program and submit a copy to the appropriate Regional Office for approval.
For the six SESAs already notified of being "at risk, " plans are due by October 1, 1998.
For all other SESAs plans are due by November 20, 1998.
Develop plans addressing the UI tax program and submit a copy to the appropriate Regional Office for approval by June 4, 1999.
Inquiries. Direct inquiries to the appropriate Regional Office.
Attachments: