Getting the Daylight Savings Monkey Off Your Back
On the list of forthcoming projects for CIOs is updating their systems to handle the changes in daylight savings time (DST) (DST). The Energy Policy Act of 2005 will cause DST to fall weeks earlier this year than in years past. With that in mind, industry analyst TowerGroup has issued recommendations on how financial institutions can deal with what they are calling "more a nuisance than the cause of any significant business outage."
-- Institutions should preview automated transactions that may be affected by timing, adjust as needed, and conduct a close follow up review after the fact. Information on any mis-recorded transactions must be quickly relayed to all appropriate parties.
-- Because fraudsters are always looking for a weakness in financial transaction systems, due diligence and care in reviewing system reports -- while always important -- warrant special care during and after the time change.
-- Call center activity should be monitored for any social engineering attempts regarding transaction adjustments.
-- Of special interest are older legacy systems where hard-coded programs may be tied to fixed times. These systems should be subject to regression testing and monitored for unusual results.
-- Financial institutions should proactively contact key business partners and customers, to coordinate and verify that all parties have factored time changes as they occur.
-- Institutions must ensure that vendor-created patches to commercial programs correcting the time change are properly installed and tested. Regression testing again is critical here. It may be a requirement for the institution to first upgrade to a current version before patches will work. Additionally, after the application of a patch, some manual adjustments to calendars are likely depending on the sophistication of the vendor's solution.
-- Institutions should implement a proactive communication program targeting all employees - given that it is not only the responsibility of the business to prepare for such changes, but also that of each individual within the organization.
-- Finally, institutions should also monitor the event weekend for any system level or security related abnormalities.
Seems to be pretty sound advice. TowerGroup estimates that the cost of ensuring system resiliency should fit into most firms' standard maintenance budgets, and will not have implications anywhere near the scale of Y2K.