Security and Vulnerability Assessments for Water Utilities

Is your drinking water security plan adequate to protect the public?

Since an adequate vulnerability assessment makes up the foundation for any effective security program, a reassessment of the adequacy of the initial effort is critical for every community water system that is serious about safeguarding water. A board certified security professional should be involved in the process with preferably CPP, PSP or CSC and RAM-W experience. Security is not an end point, but a goal that can be achieved only through continued efforts to assess and upgrade your system. The vulnerability assessment report is a sensitive document. It should be stored separately in a secure place at your water system. Water systems should review their vulnerability assessments periodically to account for changing threats or additions to the system to ensure that security objectives are being met.

We urge CWS managers to take a hard look at their SVA to decide whether it was effectively done by the right people or whether it was simply an exercise to put another check in a regulatory box. An alternative strategy might also include bringing in an independent consultant to evaluate the implementation of vulnerability recommendations. There is currently numerous RfP's circulating meant to provide this third-party validation. The lives of community members, fire protection capability and consumer confidence hang in the balance. Doctors generally do not prescribe medications or other procedures without a qualified assessment. Your security program to safeguard a community's drinking water should enjoy the same qualified analysis.

About the author: Frank Pisciotta, CSC, is president of Business Protection Specialists, an international security consulting firm headquartered in New York. Business Protection Specialists Inc. has helped community water systems prevent criminal and terrorist attacks since 1990. Pisciotta was recently named by the IAPSC as its eighth Certified Security Consultant (CSC) in the United States. Frank serves on the Board of Directors for IAPSC. He is an ASIS member who achieved his Certified Protection Professional (CPP) designation in 1994 and currently serves on the ASIS Risk Assessment Guidelines Committee and Agriculture and Food Security Council. He can be reached via email at