What is Compliance? When Does Non-Compliance Occur?

What does "Year 2000 compliance" really mean? Some people would probably say, "a system would be compliant if it doesn't crash on January 1, 2000." Is this accurate? If so, precisely how would one determine assessing the risks of non-compliance? Unfortunately, Y2K compliance is not as well-understood as it might be and it takes considerable sleuthing to sort out all of the issues, although several do emerge as important when planning for it. In short, to be compliant, a system must:

correctly process dates before, during and after 01/01/2000;

recognize the year 2000 as a leap year;

accept and display dates unambiguously; and

correctly process dates that are used for non-date functions (e.g., archiving, naming conventions, passwords, hashing, and random number generators).

Century is determined incorrectly-Whenever the first two digits in a year are assumed (incorrectly) to be "19," and are either ignored during data entry or are hard-coded for output. This can also occur when dates are used as special values, for example using "00" to indicate no expiration date.

Field format is determined incorrectly-When a program determines the date-time format (MMDDYY and variations) by testing an appropriate part of the date field. For example, checking whether they are within an acceptable month, day, or year range.

Sequence is determined incorrectly-When only two digits are used to represent a year, data will sort out of sequence in some cases. For example, "00" will appear to be before "99" (if "00"=2000 it is actually after "99").

Data integrity is impaired-In programs where historical dates are used, events occurring in 1800, 1900, 2000 may be indistinguishable.

Calculations involving: Leap Years, Day-in-year, Day-of-the-week, Week-in-the-year,-These data could be incorrectly identified if programs do not register the fact that the year 2000 is a leap year, and therefore contains 366 days.

Date fields on hard copy forms are incorrect-Although not directly an exposure risk, these forms will require change since data is often input directly from forms.

Some Methods to Achieve Compliance

1. Expanding 2-digit years to 4-digit years.

2. Stuffing 4-digit years into 2 physical bytes.

3. Keeping 2-digit years but assigning specific semantics for two different ranges. For example, numbers 50-99 represent the years 1950 through 1999; numbers 00-49 represent years 2000 through 2049.

4. Using alternative methods to represent dates internally (i.e., representing dates as an offset from an arbritrary starting point).