Computer Professionals for Social Responsibility
Y2K CHECKLIST

Y2K CHECKLIST

About CPSR
Y2K Home
FAQ
Y2K Policy
Rumor Central
Speakers Bureau
Survival Guide
W.G. Members
Volunteer
Y2K Forum
Privacy Policy
Disclaimer
Further Reading
Webmaster

The following table shows a number of risks in no particular order.
Each of these things might happen to your business at any time. 
They are not all year 2000 related. Many of the risks listed include
two levels of severity.   The consequences and the remedies may
very well be different for medium or high severity scenarios.  For
example if the electricity is going to be out for a day or two, you
might decide to close your store and take a holiday.  If it could be
out for several weeks, you may want to invest in a backup generator. 

This is only the initial draft. The checklist should be much longer.
Volunteers are needed to add real life substance to the table.

Some of the entries in the severity column are also color coded.  See the color key to the right.  The colors reflect the judgement of the CPSR Year 2000 working group.  Be aware, that opinions are only opinions, and there is little unanimity even within the working group. Whether a risk exists may be a fact, but an estimate of its likelihood is merely a prediction.  It is your responsibility to make the final judgements of the risk items that challenge your business, their severity and their likelihood

How to use the risks table.

1. Consider each risk at each given severity level and visualize applying it to your business.

2. You may want to consider less severe or more severe scenarios than shown in our table.  Cross out the text and write in your own if you want to.

3. There may be risks that we did not include, or that are specific to your business.  Do add them to the table from your own knowledge and judgement.

4. Consider variations on the theme.  For example you might have a fire that destroys any one of your buildings, or there may be a fire that destroys all your buildings, or a fire that destroys the town. Use your own common sense to expand the CPSR table to make one of your own.

5. Put a check mark beside those scenarios that are critical to the mission of your business.  This is the triage process.

6. Review the list for redundancies and common sense.  For example, if the town is wiped out because of a flood, it really doesn't matter if the electricity is on or not, and "No Electricity" may  not deserve separate consideration as a risk.

1. Now make your own list of only the critical items and severities.   Hopefully, it is very short.  These are the items for which you need a disaster recovery plan.  You must find a way to avoid or mitigate the consequenses of these things.

2. You may wish to color code your mission critical list.  For example, highlight those risks which are insurable, those which can be remedied with little or no cost, and those which might require a capital investment. 

3. The worst case risks are which you are unable to do anything about. Even if you can not avoid these risks, your plan can help put perspective on the problem and help you judge just how risky your business is.  Higher risks should earn higher returns.