Planning for the worst may seem like a pessimistic view to hold but preparing for identified risks is essential to reduce potential disruption or, even worse, contamination of a public water supply. The Environmental Protection Agency (EPA) is requiring utilities to conduct risk and resiliency assessment (RRA) and prepare an Emergency Response Plan (ERP) in accordance with the America's Water Infrastructure Act (AWIA) passed into law in October 2018. (Discover more about the AWIA and upcoming regulations here.)

Both vital for a well-prepared utility, a risk assessment identifies and helps prioritize different vulnerabilities, while an ERP assigns actions to mitigate these risks as well as builds relationships and communication strategies through planned partnerships with other utility departments, law enforcement and public health officials. Resiliency assessments help the utility identify how long it could take to bounce back from hazard damage. If everyone knows the plan, any anticipated risks can be prepared for to potentially limit catastrophic damage.

Many utilities rely on only one source for its water supply, which makes any hazard especially dangerous. An ERP forces the utility to make step-by-step action plans in the event a major disaster takes out critical infrastructure. Potential hazards to the water supply may include earthquakes, floods or terrorism. Cyberattacks bring a whole new realm of potential disruptions to a utility’s digital infrastructure, billing systems and potentially even remote operations. 

Updated AWIA compliance regulations are vital for knowing how to prioritize damage affecting a water utility’s service. Critical consequences of major events can be ranked by the number of people impacted by infrastructure damage through a risk assessment. The greater the impact, the higher the prioritization of fixing the issue.

Once risks are identified, it’s important to prepare, detect and communicate the threat to all parties involved in the ERP. A utility’s first reaction may be to balk at the cost associated with the updated AWIA compliance regulations; however, what they may not realize is that past risk assessments and capital planning documents pave the way for emergency planning. It’s important to plan for hazards before an unfortunate situation forces the utility to spend money on damage control rather than prevention.

A water utility can also use its RRA as a starting point for incorporating security and cyber protection into future capital improvements. A community’s water supply depends on each utility taking such precautionary measures seriously.


AWIA sets into motion a timeline for risk and resiliency compliance requirements for community water systems. A cohesive, comprehensive approach that incorporates best practices for infrastructure resiliency, physical security and cybersecurity can keep you ahead of fast-approaching compliance deadlines.

Read the White Paper