AWIA Risk and Resilience Assessment Recertification

Inspection template for the five-year recertification of a community water system risk and resilience assessment, covering malevolent acts, natural hazards, cyber risk, and emergency response readiness.

Assessment Scope and Recertification Details

• System name, service area, and PWS identifier are documented
• Recertification due date and five-year cycle are verified
• Assessment scope includes all required facilities, assets, and interconnections
• Assessment team includes operations, engineering, cybersecurity, and emergency response stakeholders
• Prior assessment findings and open corrective actions were reviewed

Physical Assets and Critical Infrastructure

• Treatment and pumping facilities have controlled access and perimeter protection
• Critical assets are identified and prioritized by consequence of failure
• Backup power, fuel, and redundancy are available for critical operations
• Storage tanks, valves, and distribution nodes are inspected for physical vulnerability
• Hazardous chemical storage and handling controls are documented

Natural Hazard and Climate Resilience

• Natural hazard threats relevant to the service area are identified
• Flood elevation, drainage, and site protection controls are adequate for exposed assets
• Drought contingency and supply interruption planning is current
• Climate and weather-related vulnerabilities have been updated since the prior assessment

Malevolent Acts and Security Controls

• Threats from malevolent acts are evaluated for all critical facilities
• Access control, surveillance, and intrusion detection measures are in place and functioning
• Employee screening, visitor management, and contractor controls are documented
• Contamination response and isolation procedures are available for intentional contamination events

Cybersecurity and Control Systems

• SCADA and OT assets are inventoried and included in the assessment
• Remote access, authentication, and account management controls are documented
• Backups, patching, and recovery procedures for critical systems are current
• Cyber incidents are included in emergency response and business continuity planning

Emergency Response, Documentation, and Sign-Off

• Emergency response plan is aligned with current assessment findings
• Required documentation, evidence, and version history are complete
• Inspector sign-off