Happy 50th Anniversary to the Safe Drinking Water Act

Water is a precious resource. Water is life, and we need to continue protecting it. On December 16, 2024 we will celebrate the 50th anniversary of the Safe Drinking Water Act. President Ford  (a part-time Vail, Colorado resident) signed it in 1974. This landmark legislation set unified standards for water systems across the United States to protect public health. The act set national health-based standards to protect against naturally occurring and human-made contaminants. 

That work continues today. In April 2024, the EPA set standards for the group of chemicals known as PFAS. That made headlines. It was the first new standard to be set since 2000. However, the typical water consumer probably never sees all the routine things that happen under the act. The Water Quality Control Division (division)  works every day to assist and educate our water partners across the state to ensure that water is properly treated and tested. Since 1974, the risk of waterborne disease and children’s lead exposure from drinking water has been dramatically reduced. The Safe Drinking Water Act also gives people the right to information about tap water from their community systems. This occurs annually in Consumer Confidence Reports (CCRs), another rule EPA updated in 2024, and via the Public Notice Rule when violations occur. This transparency helps people trust that their tap water is safe.

Moreover, the Safe Drinking Water Act provides federal money to help communities improve their drinking water systems, often costing millions of dollars. That benefit comes from the Drinking Water State Revolving Fund (DWSRF). South Fork, Colorado is a prime example of how well it can work. The town of about 600 people in Rio Grande County is located on the west side of the San Luis Valley. Two years ago, the town built a new water system to replace a patchwork of private wells. Now, there is enough treated water to supply 158 houses and to fight fires if needed. Town officials have stated that they would never have been able to achieve this project without the Water Quality Control Division's guidance and the Safe Drinking Water Act. 

We’ve made tremendous strides in the last 50 years improving drinking water quality. And we’re not done. Today, the division supports innovative ways to combat current and future challenges like new and emerging contaminants, wildfires, and more. We’re assisting dozens of communities helping them to replace aging water infrastructure, and that need will only expand as we head into the future. We’re also working with communities across the state to protect people from drinking water pipes that may contain lead. Water providers are looking for them. In several communities like Denver, the removal of lead pipes is already underway. 

The Safe Drinking Water Act provides our direction. The bottom line: we want people to have the water they deserve. The division will continue to do that here in Colorado, with guidance from the Safe Drinking Water Act, for years to come. Together with our water utilities, we’ve been safeguarding drinking water for the past 50 years via the Safe Drinking Water Act. 

Thank you for all the progress over the last half a century!

➽ John Michael Marketing and Communications Specialist

➽ Ron Falco, P.E. Safe Drinking Water Program Manager

Record of Approved Waterworks and Sanitary Survey Significant Deficiencies

The Field Services Section (FSS) just wrapped up the 2024 inspection year (IY24) in September 2024 and the new IY25 inspection year started in October 2024! We appreciate all the assistance from public water systems in completing 497 sanitary surveys in 2024. In this article we will discuss one of the most frequently cited significant deficiencies from IY24: T119 Proper treatment operation of surface water or groundwater under the direct influence (GWUDI) systems. 

Many suppliers of surface water or groundwater under the direct influence (GWUDI) have participated in the Disinfection Outreach and Verification Effort (DOVE) led by the Engineering Section. DOVE reviews typically include a detailed  assessment of the disinfection process and thorough documentation of all other unit processes at all active surface water treatment plants. The two end results of the DOVE review are 1) a facility-specific Monthly Operating Report (MOR)  and 2) a Record of Approved Waterworks (RAW). The RAW is issued by the Engineering Section and it covers all the supplier’s approved treatment and storage facilities and water sources. To find you facility's RAW please visit this website and type in your PWSID or the name of your facility. 

The RAW includes conditions of approval specific to the treatment plant that are evaluated during the sanitary survey. These conditions of approval are important operational requirements specific to each facility that are in place to ensure the production of safe drinking water and protection of public health. All suppliers are encouraged to be familiar with their RAW; especially the “conditions of approval” for each facility. 

Frequently seen RAW conditions of approval that are evaluated during the sanitary surveys include but are not limited to:

1. For suppliers reporting the log inactivation ratio achieved in their MOR:
• Clearwell levels and flow rate must be measured and recorded at least as often as each disinfectant residual monitoring event as defined in Section 11.8(3)(c) of Regulation 11. The records of clearwell volume and flow rate are subject to Division review during sanitary surveys.
• Water temperature and pH must be measured and recorded as often as necessary given source water quality conditions but at least as often as once every week. These records are subject to Division review during sanitary surveys.
2. For suppliers reporting the lowest daily chlorine residual value in their MOR:
• The minimum contact time volume must be measured and recorded at least as often as each disinfectant residual monitoring event as defined in Section 11.8(3)(c) of Regulation 11. The records of contact time volume is subject to Department review during sanitary surveys.
• Tank level sensors typically are required to be verified at least annually to ensure measurements are calibrated and accurate. Records of level sensor measurement confirmation must be kept and  are subject to review during sanitary surveys.
3. Any contact tank bypass valves (if present) must be confirmed as being operationally closed at least once per year by appropriately actuating the valve. If the bypass is operated at any time, the supplier must notify the Division prior to use. Records of bypass valve annual actuating and maintenance must be maintained and are subject to Division review during sanitary surveys. A common method for verifying valve closure and valve actuator integrity is to count, and keep a record of the number of actuator turns from open to closed and verify that the number of turns counted is correct for the valve type and size.
4. Suppliers using alternative filtration technology must continuously meet the design, performance, and operation and maintenance requirements established in Sections 4.3.9.6 – 4.3.9.8 of the Design Criteria and in the Department’s Acceptance letter for the specific filtration technology/vendor. 

• For bag and cartridge filtration systems, this includes the requirements to not exceed the maximum specified pressure differential and keep a record of daily routine pressure differential readings and filter change outs and these records will be reviewed during the sanitary survey. Specific spare parts may also be required to be on hand and will be checked during the sanitary survey. 
• For membrane systems, suppliers must maintain an operation and maintenance manual for the filtration system. All integrity tests and Clean In Place (CIP) procedures must follow manufacturers prescribed procedures. The supplier must also keep records of the following operational parameters and the records will be reviewed during the sanitary survey:
• Integrity test date, results (pass or fail), and initials of person performing the test
• Clean in place dates with clean water permeability and integrity test results.
• Filter maintenance and fiber repair results
• Filter replacement date and reason for replacement.

Please review your RAW and make sure you are aware of the requirements established by any conditions of approval and keeping the required records. The RAW conditions of approval and site-specific records will be reviewed during the sanitary survey and if there is an issue, a T119 Significant Deficiency may be issued. According to Regulation 11, Section 11.3(72), a significant deficiency means: any situation, practice, or condition in a public water system with respect to design, operation, maintenance, or administration, that the state determines may result in or have the potential to result in production of finished drinking water that poses an unacceptable risk to health and welfare of the public served by the water system. Significant deficiencies must be addressed in writing within 45 days after the sanitary survey letter and any significant deficiencies that remain unresolved after 120 days or past an department approved schedule will be referred to compliance for a type 45-violation that requires Tier 2 public notice (30 day public notice with health effects language). 

Please check the conditions of approval in your RAW to protect public health and avoid significant deficiencies during your next sanitary survey. If you have any questions regarding your RAW, please contact the Engineering Section. If you would like additional assistance on technical issues or sanitary survey preparation, please sign up for individualized coaching here.  For any questions or concerns about sanitary surveys please email our Field Services team at cdphe_wqcd_fss_questions@state.co.us. 

Thank you for all your efforts to protect public health!

➽ Heather Young, PE, CWP, Field Services Section Manager

➽ Andrew Rice, PE, Engineering Section

Operator Examinations - Be prepared before you apply!

As a friendly reminder, the operator examination eligibility period changed on March 1, 2024, from 180 days to 100 days. This means that upon examination application approval by CCWP, operators have 100 days to pass that exam. CCWP does not offer extensions or refunds to operators who do not pass the exam within that 100-day window and PSI requires 30 days between exam attempts. This means that if an operator does not pass an exam, while they may schedule a re-test at any time, the operator must wait 30 days to take the exam again. 

So, we recommend that operators study and prepare for an exam before submitting an exam application! 

Water Professionals International (WPI) provides various examination resources (including the Need-to-Know Criteria for each exam type), and you can also find other helpful links to study resources on CCWP’s website.  

For tips on managing testing anxiety, check out this Aqua Talk article on Equipping Operators with Skills to Manage and Overcome Testing Anxiety. 

Important things to keep in mind: 

• Use the CCWP Portal to submit an exam application.
• If you do not pass the exam within the 100-day eligibility period, do not re-apply on the CCWP Portal until at least 30 days after your unsuccessful exam attempt. 
• Schedule your exam with PSI, not CCWP. You can either go to a testing center (Find a Testing Center) or use PSI’s remote proctoring option (PSI Online Proctoring Compatibility Check) to take your certification exam. Be sure to know the rules and expectations before you choose which option is best for you. More information can be found on CCWP’s website or in PSI’s Candidate Handbook for Colorado. 
• Plan accordingly! Winter weather can greatly impact travel to test centers and PSI may not issue refunds due to inclement weather. Consider contacting PSI to verify your test center is open before you travel. 
• The CCWP exam application fee is $50; the PSI examination fee is $104 per exam attempt. 

If you have any questions about the examination process, feel free to contact CCWP (719-225-7339 or info@coloradocwp.com) or Jessica Morgan (cdphe.facilityoperator@state.co.us). 

➽ Jessica Morgan WWFOCB Liasson

Mobile Home Park Drinking Water Regulations

In a recent AquaTalk article, the following quiz question was proposed for readers:

If a mobile home park does not have a well or treatment system, but bills customers for water, what regulations apply?

1. The plumbing code alone
2. The plumbing code and the new Mobile Home Park Water Quality Act
3. The plumbing code, the new Mobile Home Park Water Quality Act, DOLA’s Mobile Home Park Oversight program, and Regulation 11 within the distribution system.
4. None of the above are fully correct; it’s complicated!

It is complicated! All of the above (and more) may apply, but the answer is 4 because it depends on some important variables that must be evaluated on a case by case basis. Hopefully after reading this, the statutory and regulatory frameworks that apply to mobile home park water quality regulations will be more clear. 

DOLA’s Mobile Home Park Oversight Program

The Department of Local Affairs (DOLA), Division of Housing’s Mobile Home Park Oversight Program (MHPOP) implements the Mobile Home Park Act. The program also conducts outreach, education and maintains an annual mobile home park registration system. DOLA has all of the applicable laws, rules, and policies located on their MHP rules website.

What is a mobile home park? MHPOP’s definition of MHPs is on their website. To summarize, a "mobile home park" is a parcel of land that accommodates five or more mobile homes. And the park operates for the monetary benefit of the land owner. Homes must be "designed for long-term residential occupancy". This language clarifies the difference between mobile home parks and recreational vehicle (RV) parks. Refer to MHPOP’s definition to understand the nuances between housing communities. To add, if a mobile home park does not have 5 or more manufactured homes, it is not considered a mobile home park. 

Mobile Home Park Water Quality Act

The Colorado Department of Public Health and Environment’s Water Quality Control Division implements the Mobile Home Park Water Quality Act (Act). This Act applies to all mobile home parks that meet the MHPOP definition. This Act was signed into law by Governor Polis in June 2023. This law establishes a water quality testing program for mobile home parks. The following occurs under the law:

• Mobile home parks are prioritized for testing based on criteria in the law.
• Site-specific testing plans are created for each mobile home park.
• The department’s contractor, Terracon, completes water quality testing.
• The analysis is completed at certified laboratories.
• All test results are submitted to the department.
• The department has 10 days to notify the mobile home park owner of test results. The wholesaler also receives a copy of the notice.
• Test results are posted online in English and Spanish.
• Mobile home park owners must provide residents with a notice of test results within five days.
• If a water quality issue is identified, the department will typically require the mobile home park to complete additional testing. Remediation or temporary measures necessary to address acute health risks may be required.

The purpose of the Act is to conduct water quality testing at all mobile home parks over a four year period. The law considers resident concerns about water quality. The Act also requires the department to create an Action Plan. The Action Plan will provide an overview of findings and offer longer term recommendations to improve water quality in parks across Colorado. 

In February, we posted an informative AquaTalk article about the new Mobile Home Park Water Quality Act.

Colorado Primary Drinking Water Regulations - Regulation 11

The Colorado Department of Public Health and Environment’s Water Quality Control Division implements Regulation 11. This Regulation is applicable to public water systems (PWS). A PWS is defined as:

• A system that provides the public water for human consumption through pipes or other constructed conveyances; 
• Has at least fifteen service connections; and/or
• Regularly serves an average of at least 25 individuals daily at least 60 days per year; and
• Includes either a source or treatment, or receives all of its water from a public water system and sells water to its customers.

Some mobile home parks treat their own water source, but a majority of mobile home parks in the state are connected to existing public water systems. Parks that get water from a public water system and bill customers for water based on usage are selling water. Any water billing structure that fluctuates based on water usage is considered selling. This includes submetering and splitting a bill amongst users. If water charges are included in rent, the mobile home park is not considered selling. Any mobile home park with 25 or more residents or 15 service connections that sells water is a public water system and subject to Regulation 11.

If a mobile home park meets the definition of a public water system but receives all of its water from another public water system, it is still required to monitor water quality in the distribution system (disinfection, disinfection byproducts, lead and copper, total coliform bacteria). The mobile home park must also comply with operator certification and backflow prevention requirements, storage tank inspections/maintenance requirements, recordkeeping requirements, and perform public notifications. The Department also performs sanitary surveys on a 3-5 year frequency.

Water and Wastewater Facility Operators Certification Requirements - Regulation 100

The Colorado Department of Public Health and Environment’s Water Quality Control Division and the Water and Wastewater Facility Operators Certification Board implement Regulation 100. Regulation 100 is applicable to the mobile home parks that meet the PWS definition. Regulation 100 ensures that people who operate water and wastewater facilities are properly trained and certified. If a mobile home park receives all of its water from another public water system, it is still required to have a certified operator for its distribution system.

Plumbing Code

Another critical requirement is the plumbing code. The State Plumbing Board licenses, registers, and regulates plumbers, apprentices, and plumbing contractors. Information is available at The Department of Regulatory Agencies' plumbing website. The Colorado Plumbing Rules and Regulations are an adoption of the International Plumbing Code and International Residential Code 2021 edition. These regulations and plumbing codes are applicable to mobile home parks. The terms Manufactured Home and Manufactured Housing is used throughout the plumbing code to refer to mobile home parks.

Hypothetical Examples

What rules and regulations apply to a mobile home park that has 13 mobile homes, 28 residents, is connected to a public water system and bills customers for water based on usage?

• DOLA’s Mobile Home Park Oversight Program
• CDPHE’s Mobile Home Park Water Quality Act
• Regulation 11
• Regulation 100
• Plumbing Code

What rules and regulations apply to a mobile home park that has 50 mobile homes, 100 residents, is connected to a public water system and includes water in resident’s rent without fluctuation based on usage.

• DOLA’s Mobile Home Park Oversight Program
• CDPHE’s Mobile Home Park Water Quality Act
• Plumbing Code

The number of mobile homes in the mobile home park, number of residents or service connections, and billing structure are important variables when identifying applicable rules and regulations. 

➽ Ian Ferguson, Drinking Water Compliance Specialist

Storage Tank Rule Guidance and Checklist Updates Underway

In 2020, the division worked with stakeholders to develop the updated Storage Tank Rule regulation and Policies DW-010, DW-012 and DW-015 that accompany the regulation updates. The Commission approved all proposed modifications in August 2020 and the regulation updates were effective on October 1, 2020. The Storage Tank Rule (Regulation 11, Section 28) protects public health and public water systems from potential contamination associated with unprotected storage tanks within the public water system’s drinking water distribution system. 

The Field Services Section is actively working on finalizing the Storage Tank Guidance and the periodic and comprehensive inspection checklists to reflect the 2020 Storage Tank Rule updates. The updates to the checklist will incorporate feedback inspectors have received from operators in the field during sanitary surveys. We hope that the updated checklist will be a clear, concise and useful tool for operators when conducting the periodic and comprehensive inspections that are key in ensuring safe drinking water.   

The goal for publishing the updated Storage Tank Rule guidance and checklists on our website is December 2024. If you have questions regarding implementation of the Storage Tank Rule, please email the Field Services Section at cdphe_wqcd_fss_questions@state.co.us. The department, operators and the supplier share the same goal – “Always Safe Drinking Water”.  

➽ Heather Young, PE, CWP, Field Services Section Manager

Be Prepared for Public Notice

This article originally ran in the Fall 2014 Aqua Talk newsletter. Remember getting hard copies in the mail? We thought running it again now would be a good idea because starting in Fall 2024 Lead Action Level Exceedances will require Tier 1 public notice. 

Is your water system ready to notify the public? 

You do an excellent job running your water system and it never has any violations. You do not need to be prepared to rapidly notify your customers of an acute health risk or other health-based violations. Right? Wrong! We believe that all systems need to be prepared for the possibility of issuing a system-wide public notice for a variety of situations.

Through no fault of your own, due to flooding and the associated damage or if routine and repeat samples in the distribution system come back positive for E. coli, your system may face a situation that represents an acute public health risk. According to the Colorado Primary Drinking Water Regulations, you would need to issue a Tier 1 public notice as soon as practical, but no later than 24 hours after becoming aware of the situation. Remember, that by the time the results come back positive on the repeat samples, a couple of days have gone by since the initial samples were collected. Will your customers be satisfied with waiting another 24 hours before being told not to drink their water without boiling it?

Are you ready to do this? On a weekend? On a major holiday? How will you do this, Reverse 911 or other methods? This kind of public notice has a huge impact in the community. Operations at restaurants, businesses, grocery stores, hotels, schools, daycares and more are all significantly impacted. Are you ready to be in touch with all of these entities? There could be media interest. They will ask what did you know? When did you know it? When is the situation going to be fixed? There could be an explosion of social media interest via Facebook and X. Are you ready to engage in these communication methods? What if the event overwhelms your available resources? Are you a member of CoWARN? If so, you may be able to get help from other water systems.

If there is uncertainty about how you will accomplish a rapid notice or about the answers to any of these questions, then we suggest that planning for this kind of event would be a very beneficial activity. While we do not offer specific training at this point in time about Tier 1 public notice, we would be happy to assist your water system with planning for such an event. Please contact Kyra Gregory at kyra.gregory@state.co.us. 

Now, let’s switch gears to a lesser crisis. Suppose that due to an equipment malfunction followed by an alarm breakdown that does not alert you, your filtration system does not meet turbidity limits for a short time period. The drinking water acute team will evaluate the situation, and if there is not an acute risk, then tier 1 public notice would not be needed. However, this situation likely still represents a health-based violation of the Colorado Primary Drinking Water Regulations and triggers a tier 2 public notice. Tier 2 public notice must be issued as soon as practical, but no later than 30 days after the event. Again, will your customer be satisfied with finding out about a violation a month later? Will this generate media interest along the lines of “Why did you wait so long to tell people?” Again, planning for these situations in advance can help you meet not only regulatory requirements but also customer expectations. 

Thank you.

➽ Ron Falco, P.E. Safe Drinking Water Program Manager

Coaches' Classroom: How to secure your remote SCADA access

On September 5, 2024 The Federal Bureau of Investigation (FBI), in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners, released a joint Cybersecurity Advisory: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures to protect critical infrastructure against the Russian military cyber actors and other international cyber criminals. This advisory highlights the increasing risk that cyberattacks pose to US critical infrastructure and, by extension, Colorado public drinking water systems and wastewater providers. 

Because of this continued rise in attacks, the department’s Drinking Water Coaches want to take a moment to discuss a crucial potential vulnerability in drinking water cybersecurity: remote SCADA. With the increasing reliance on operational technologies (OT) like smart phones, laptops, and tablets, it is crucial to ensure that these systems are protected from potential cybersecurity threats. 

What is remote SCADA?

Remote SCADA access allows operators to monitor and control water treatment and distribution systems even when they are not physically present at the plant. This tool provides real-time information on water quality, levels, pressure, and alarms, enabling quick action to be taken if needed.

How can you protect your remote SCADA?

To safeguard your drinking water systems, we recommend the following best management practices: 

1. Use a Separate Device and Minimal App Use: Utilize a dedicated device solely for accessing the SCADA system to minimize the risk of unauthorized access. Limit the installation of additional apps on this device to reduce vulnerabilities. 
2. Implement Multi-Factor Authentication (MFA): Enhance security by requiring multiple forms of verification before granting access. This additional layer of protection can prevent unauthorized entry even if one factor is compromised. A common example is to use text and email verification.
3. Granular Access Controls: Restrict users' access within the SCADA system based on their roles and responsibilities. This ensures that each user can only modify controls relevant to their job function. Establish a process for users to request permission changes, which should be approved by authorized personnel. This segmentation of your SCADA controls will ensure that if one user’s remote access is compromised, the damage will be minimized. 
4. Robust Remote Access Program: Regularly evaluate the strength of your remote access program by ensuring that software and infrastructure are updated with the latest security patches and protocols. Conduct security audits and penetration testing to identify and address vulnerabilities. Consider using encryption technologies like Virtual Private Networks (VPNs) to secure data transmission. 
5. Limit network connectivity: Utilize only cellular data or private Wi-Fi connections. Turn off auto-connect to avoid automatically connecting to public Wi-Fi networks. If using a private Wi-Fi connection, ensure a key must be entered for access and the connection is encrypted.

By following these strategies, water systems can enhance the resilience and integrity of their infrastructure against cyber threats. Remember, protecting our drinking water resources is a shared responsibility that requires ongoing vigilance and adaptability to evolving cybersecurity challenges. Safeguarding our drinking water systems is essential for maintaining public health and public trust. Thank you for your dedication to ensuring the safety and quality of our water supply. 

We want to know - How do you protect your remote SCADA OT?  

The department and our state and federal cybersecurity partners continue to create new resources and tools to help you as you protect your systems from cyber attacks. If you have a robust Remote SCADA protection plan please email kyra.gregory@state.co.us. We are hoping to gather information and produce a best management practices guidance document.  

How can your system become more cyber literate?

Please see the below list of cybersecurity resources to help your system to better protect your IT/OT from cyber attacks: 

• CDPHE Security Toolbox: The department gathered resources to help your system prepare for and respond to cyber and physical security incidents. 
• WQCD Guidance: Respond and Report Cyberattacks  can be used when your water/wastewater facility experiences a cybersecurity event. It outlines what steps to take, the required steps to report the event, and what to expect after reporting the event.
• Self-Assessment: EPA self assessment resources and Water Cybersecurity Assessment Tool (WCAT)
• Third-Party Assessment: EPA’s Water Sector Cybersecurity Evaluation Program and Colorado Information Analysis Center Cyber Assistance 
• EPA Cybersecurity Technical Assistance Program for the Water Sector
• EPA Cybersecurity Incident Action Checklist
• EPA collection and explanation of cybersecurity funding opportunities 

➽ Kyra Gregory Drinking Water Training Specialist