Operator Examinations - Be prepared before you apply!

As a friendly reminder, the operator examination eligibility period changed on March 1, 2024, from 180 days to 100 days. This means that upon examination application approval by CCWP, operators have 100 days to pass that exam. CCWP does not offer extensions or refunds to operators who do not pass the exam within that 100-day window and PSI requires 30 days between exam attempts. This means that if an operator does not pass an exam, while they may schedule a re-test at any time, the operator must wait 30 days to take the exam again. 

So, we recommend that operators study and prepare for an exam before submitting an exam application! 

Water Professionals International (WPI) provides various examination resources (including the Need-to-Know Criteria for each exam type), and you can also find other helpful links to study resources on CCWP’s website.  

For tips on managing testing anxiety, check out this Aqua Talk article on Equipping Operators with Skills to Manage and Overcome Testing Anxiety. 

Important things to keep in mind: 

• Use the CCWP Portal to submit an exam application.
• If you do not pass the exam within the 100-day eligibility period, do not re-apply on the CCWP Portal until at least 30 days after your unsuccessful exam attempt. 
• Schedule your exam with PSI, not CCWP. You can either go to a testing center (Find a Testing Center) or use PSI’s remote proctoring option (PSI Online Proctoring Compatibility Check) to take your certification exam. Be sure to know the rules and expectations before you choose which option is best for you. More information can be found on CCWP’s website or in PSI’s Candidate Handbook for Colorado. 
• Plan accordingly! Winter weather can greatly impact travel to test centers and PSI may not issue refunds due to inclement weather. Consider contacting PSI to verify your test center is open before you travel. 
• The CCWP exam application fee is $50; the PSI examination fee is $104 per exam attempt. 

If you have any questions about the examination process, feel free to contact CCWP (719-225-7339 or info@coloradocwp.com) or Jessica Morgan (cdphe.facilityoperator@state.co.us). 

➽ Jessica Morgan WWFOCB Liasson

Mobile Home Park Drinking Water Regulations

In a recent AquaTalk article, the following quiz question was proposed for readers:

If a mobile home park does not have a well or treatment system, but bills customers for water, what regulations apply?

1. The plumbing code alone
2. The plumbing code and the new Mobile Home Park Water Quality Act
3. The plumbing code, the new Mobile Home Park Water Quality Act, DOLA’s Mobile Home Park Oversight program, and Regulation 11 within the distribution system.
4. None of the above are fully correct; it’s complicated!

It is complicated! All of the above (and more) may apply, but the answer is 4 because it depends on some important variables that must be evaluated on a case by case basis. Hopefully after reading this, the statutory and regulatory frameworks that apply to mobile home park water quality regulations will be more clear. 

DOLA’s Mobile Home Park Oversight Program

The Department of Local Affairs (DOLA), Division of Housing’s Mobile Home Park Oversight Program (MHPOP) implements the Mobile Home Park Act. The program also conducts outreach, education and maintains an annual mobile home park registration system. DOLA has all of the applicable laws, rules, and policies located on their MHP rules website.

What is a mobile home park? MHPOP’s definition of MHPs is on their website. To summarize, a "mobile home park" is a parcel of land that accommodates five or more mobile homes. And the park operates for the monetary benefit of the land owner. Homes must be "designed for long-term residential occupancy". This language clarifies the difference between mobile home parks and recreational vehicle (RV) parks. Refer to MHPOP’s definition to understand the nuances between housing communities. To add, if a mobile home park does not have 5 or more manufactured homes, it is not considered a mobile home park. 

Mobile Home Park Water Quality Act

The Colorado Department of Public Health and Environment’s Water Quality Control Division implements the Mobile Home Park Water Quality Act (Act). This Act applies to all mobile home parks that meet the MHPOP definition. This Act was signed into law by Governor Polis in June 2023. This law establishes a water quality testing program for mobile home parks. The following occurs under the law:

• Mobile home parks are prioritized for testing based on criteria in the law.
• Site-specific testing plans are created for each mobile home park.
• The department’s contractor, Terracon, completes water quality testing.
• The analysis is completed at certified laboratories.
• All test results are submitted to the department.
• The department has 10 days to notify the mobile home park owner of test results. The wholesaler also receives a copy of the notice.
• Test results are posted online in English and Spanish.
• Mobile home park owners must provide residents with a notice of test results within five days.
• If a water quality issue is identified, the department will typically require the mobile home park to complete additional testing. Remediation or temporary measures necessary to address acute health risks may be required.

The purpose of the Act is to conduct water quality testing at all mobile home parks over a four year period. The law considers resident concerns about water quality. The Act also requires the department to create an Action Plan. The Action Plan will provide an overview of findings and offer longer term recommendations to improve water quality in parks across Colorado. 

In February, we posted an informative AquaTalk article about the new Mobile Home Park Water Quality Act.

Colorado Primary Drinking Water Regulations - Regulation 11

The Colorado Department of Public Health and Environment’s Water Quality Control Division implements Regulation 11. This Regulation is applicable to public water systems (PWS). A PWS is defined as:

• A system that provides the public water for human consumption through pipes or other constructed conveyances; 
• Has at least fifteen service connections; and/or
• Regularly serves an average of at least 25 individuals daily at least 60 days per year; and
• Includes either a source or treatment, or receives all of its water from a public water system and sells water to its customers.

Some mobile home parks treat their own water source, but a majority of mobile home parks in the state are connected to existing public water systems. Parks that get water from a public water system and bill customers for water based on usage are selling water. Any water billing structure that fluctuates based on water usage is considered selling. This includes submetering and splitting a bill amongst users. If water charges are included in rent, the mobile home park is not considered selling. Any mobile home park with 25 or more residents or 15 service connections that sells water is a public water system and subject to Regulation 11.

If a mobile home park meets the definition of a public water system but receives all of its water from another public water system, it is still required to monitor water quality in the distribution system (disinfection, disinfection byproducts, lead and copper, total coliform bacteria). The mobile home park must also comply with operator certification and backflow prevention requirements, storage tank inspections/maintenance requirements, recordkeeping requirements, and perform public notifications. The Department also performs sanitary surveys on a 3-5 year frequency.

Water and Wastewater Facility Operators Certification Requirements - Regulation 100

The Colorado Department of Public Health and Environment’s Water Quality Control Division and the Water and Wastewater Facility Operators Certification Board implement Regulation 100. Regulation 100 is applicable to the mobile home parks that meet the PWS definition. Regulation 100 ensures that people who operate water and wastewater facilities are properly trained and certified. If a mobile home park receives all of its water from another public water system, it is still required to have a certified operator for its distribution system.

Plumbing Code

Another critical requirement is the plumbing code. The State Plumbing Board licenses, registers, and regulates plumbers, apprentices, and plumbing contractors. Information is available at The Department of Regulatory Agencies' plumbing website. The Colorado Plumbing Rules and Regulations are an adoption of the International Plumbing Code and International Residential Code 2021 edition. These regulations and plumbing codes are applicable to mobile home parks. The terms Manufactured Home and Manufactured Housing is used throughout the plumbing code to refer to mobile home parks.

Hypothetical Examples

What rules and regulations apply to a mobile home park that has 13 mobile homes, 28 residents, is connected to a public water system and bills customers for water based on usage?

• DOLA’s Mobile Home Park Oversight Program
• CDPHE’s Mobile Home Park Water Quality Act
• Regulation 11
• Regulation 100
• Plumbing Code

What rules and regulations apply to a mobile home park that has 50 mobile homes, 100 residents, is connected to a public water system and includes water in resident’s rent without fluctuation based on usage.

• DOLA’s Mobile Home Park Oversight Program
• CDPHE’s Mobile Home Park Water Quality Act
• Plumbing Code

The number of mobile homes in the mobile home park, number of residents or service connections, and billing structure are important variables when identifying applicable rules and regulations. 

➽ Ian Ferguson, Drinking Water Compliance Specialist

Storage Tank Rule Guidance and Checklist Updates Underway

In 2020, the division worked with stakeholders to develop the updated Storage Tank Rule regulation and Policies DW-010, DW-012 and DW-015 that accompany the regulation updates. The Commission approved all proposed modifications in August 2020 and the regulation updates were effective on October 1, 2020. The Storage Tank Rule (Regulation 11, Section 28) protects public health and public water systems from potential contamination associated with unprotected storage tanks within the public water system’s drinking water distribution system. 

The Field Services Section is actively working on finalizing the Storage Tank Guidance and the periodic and comprehensive inspection checklists to reflect the 2020 Storage Tank Rule updates. The updates to the checklist will incorporate feedback inspectors have received from operators in the field during sanitary surveys. We hope that the updated checklist will be a clear, concise and useful tool for operators when conducting the periodic and comprehensive inspections that are key in ensuring safe drinking water.   

The goal for publishing the updated Storage Tank Rule guidance and checklists on our website is December 2024. If you have questions regarding implementation of the Storage Tank Rule, please email the Field Services Section at cdphe_wqcd_fss_questions@state.co.us. The department, operators and the supplier share the same goal – “Always Safe Drinking Water”.  

➽ Heather Young, PE, CWP, Field Services Section Manager

Be Prepared for Public Notice

This article originally ran in the Fall 2014 Aqua Talk newsletter. Remember getting hard copies in the mail? We thought running it again now would be a good idea because starting in Fall 2024 Lead Action Level Exceedances will require Tier 1 public notice. 

Is your water system ready to notify the public? 

You do an excellent job running your water system and it never has any violations. You do not need to be prepared to rapidly notify your customers of an acute health risk or other health-based violations. Right? Wrong! We believe that all systems need to be prepared for the possibility of issuing a system-wide public notice for a variety of situations.

Through no fault of your own, due to flooding and the associated damage or if routine and repeat samples in the distribution system come back positive for E. coli, your system may face a situation that represents an acute public health risk. According to the Colorado Primary Drinking Water Regulations, you would need to issue a Tier 1 public notice as soon as practical, but no later than 24 hours after becoming aware of the situation. Remember, that by the time the results come back positive on the repeat samples, a couple of days have gone by since the initial samples were collected. Will your customers be satisfied with waiting another 24 hours before being told not to drink their water without boiling it?

Are you ready to do this? On a weekend? On a major holiday? How will you do this, Reverse 911 or other methods? This kind of public notice has a huge impact in the community. Operations at restaurants, businesses, grocery stores, hotels, schools, daycares and more are all significantly impacted. Are you ready to be in touch with all of these entities? There could be media interest. They will ask what did you know? When did you know it? When is the situation going to be fixed? There could be an explosion of social media interest via Facebook and X. Are you ready to engage in these communication methods? What if the event overwhelms your available resources? Are you a member of CoWARN? If so, you may be able to get help from other water systems.

If there is uncertainty about how you will accomplish a rapid notice or about the answers to any of these questions, then we suggest that planning for this kind of event would be a very beneficial activity. While we do not offer specific training at this point in time about Tier 1 public notice, we would be happy to assist your water system with planning for such an event. Please contact Kyra Gregory at kyra.gregory@state.co.us. 

Now, let’s switch gears to a lesser crisis. Suppose that due to an equipment malfunction followed by an alarm breakdown that does not alert you, your filtration system does not meet turbidity limits for a short time period. The drinking water acute team will evaluate the situation, and if there is not an acute risk, then tier 1 public notice would not be needed. However, this situation likely still represents a health-based violation of the Colorado Primary Drinking Water Regulations and triggers a tier 2 public notice. Tier 2 public notice must be issued as soon as practical, but no later than 30 days after the event. Again, will your customer be satisfied with finding out about a violation a month later? Will this generate media interest along the lines of “Why did you wait so long to tell people?” Again, planning for these situations in advance can help you meet not only regulatory requirements but also customer expectations. 

Thank you.

➽ Ron Falco, P.E. Safe Drinking Water Program Manager

Coaches' Classroom: How to secure your remote SCADA access

On September 5, 2024 The Federal Bureau of Investigation (FBI), in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners, released a joint Cybersecurity Advisory: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures to protect critical infrastructure against the Russian military cyber actors and other international cyber criminals. This advisory highlights the increasing risk that cyberattacks pose to US critical infrastructure and, by extension, Colorado public drinking water systems and wastewater providers. 

Because of this continued rise in attacks, the department’s Drinking Water Coaches want to take a moment to discuss a crucial potential vulnerability in drinking water cybersecurity: remote SCADA. With the increasing reliance on operational technologies (OT) like smart phones, laptops, and tablets, it is crucial to ensure that these systems are protected from potential cybersecurity threats. 

What is remote SCADA?

Remote SCADA access allows operators to monitor and control water treatment and distribution systems even when they are not physically present at the plant. This tool provides real-time information on water quality, levels, pressure, and alarms, enabling quick action to be taken if needed.

How can you protect your remote SCADA?

To safeguard your drinking water systems, we recommend the following best management practices: 

1. Use a Separate Device and Minimal App Use: Utilize a dedicated device solely for accessing the SCADA system to minimize the risk of unauthorized access. Limit the installation of additional apps on this device to reduce vulnerabilities. 
2. Implement Multi-Factor Authentication (MFA): Enhance security by requiring multiple forms of verification before granting access. This additional layer of protection can prevent unauthorized entry even if one factor is compromised. A common example is to use text and email verification.
3. Granular Access Controls: Restrict users' access within the SCADA system based on their roles and responsibilities. This ensures that each user can only modify controls relevant to their job function. Establish a process for users to request permission changes, which should be approved by authorized personnel. This segmentation of your SCADA controls will ensure that if one user’s remote access is compromised, the damage will be minimized. 
4. Robust Remote Access Program: Regularly evaluate the strength of your remote access program by ensuring that software and infrastructure are updated with the latest security patches and protocols. Conduct security audits and penetration testing to identify and address vulnerabilities. Consider using encryption technologies like Virtual Private Networks (VPNs) to secure data transmission. 
5. Limit network connectivity: Utilize only cellular data or private Wi-Fi connections. Turn off auto-connect to avoid automatically connecting to public Wi-Fi networks. If using a private Wi-Fi connection, ensure a key must be entered for access and the connection is encrypted.

By following these strategies, water systems can enhance the resilience and integrity of their infrastructure against cyber threats. Remember, protecting our drinking water resources is a shared responsibility that requires ongoing vigilance and adaptability to evolving cybersecurity challenges. Safeguarding our drinking water systems is essential for maintaining public health and public trust. Thank you for your dedication to ensuring the safety and quality of our water supply. 

We want to know - How do you protect your remote SCADA OT?  

The department and our state and federal cybersecurity partners continue to create new resources and tools to help you as you protect your systems from cyber attacks. If you have a robust Remote SCADA protection plan please email kyra.gregory@state.co.us. We are hoping to gather information and produce a best management practices guidance document.  

How can your system become more cyber literate?

Please see the below list of cybersecurity resources to help your system to better protect your IT/OT from cyber attacks: 

• CDPHE Security Toolbox: The department gathered resources to help your system prepare for and respond to cyber and physical security incidents. 
• WQCD Guidance: Respond and Report Cyberattacks  can be used when your water/wastewater facility experiences a cybersecurity event. It outlines what steps to take, the required steps to report the event, and what to expect after reporting the event.
• Self-Assessment: EPA self assessment resources and Water Cybersecurity Assessment Tool (WCAT)
• Third-Party Assessment: EPA’s Water Sector Cybersecurity Evaluation Program and Colorado Information Analysis Center Cyber Assistance 
• EPA Cybersecurity Technical Assistance Program for the Water Sector
• EPA Cybersecurity Incident Action Checklist
• EPA collection and explanation of cybersecurity funding opportunities 

➽ Kyra Gregory Drinking Water Training Specialist

Program Manager Message: Water Sector Security and Resiliency Road Map

In January 2024 representatives from water and wastewater utilities and the professional organizations along with EPA and the Cybersecurity and Infrastructure Security Agency workgroup released an updated Roadmap to a Secure and Resilient Water and Wastewater Sector. The original roadmap was created in 2009 and then it was updated in 2013 and 2017. The workgroup identified key security threats and vulnerabilities to the water sector and assessed capability gaps in addressing them. The roadmap then identified a number of priority actions to help fill in those gaps. A key theme in this document related to physical, workforce and cyber security was the need to build the culture in the workplace to better understand and protect against threats. 

With respect to cybersecurity, some of the recommended actions include:

• Basic practices for responding to technology failures, being able to operate plants manually in times of need.
• Take basic cybersecurity steps and maintain them, such as password security including routines to change them periodically and removing credentials when employees leave or retire.
• Educate employees about cybersecurity and understand incident reporting requirements.
• Conduct training on how to spot ransomware emails.
• Hold cyber event exercises.
• Advocate for cybersecurity awareness and practices up and down and all across your water system.

We greatly encourage your utility and any associated technology resources that may be located in other agencies such as billing to take steps in these action areas. It’s important to assess the threats and vulnerabilities specific to your utility and its technology assets. After the vulnerabilities are identified and assessed for severity, it’s important to take action to close down those vulnerabilities. This is not necessarily easy, but we can connect you to resources for assistance. This threat is very serious. There have been successful cyberattacks on Colorado utilities over the last few years, including a successful ransomware attack in May 2024. At a minimum, a successful attack can create an immediate crisis at a utility that costs a great deal of time and money. But more serious problems that jeopardize drinking water quality and public health could happen too. We urge you to take steps now and into the future to both prevent attacks on your utility and be prepared to respond if an attack does occur.

Thank you.

➽ Ron Falco, P.E. Safe Drinking Water Program Manager

PFAS: Upcoming Stakeholder Information and Answers to Common Questions

Stakeholder meeting for regulating per- and polyfluoroalkyl substances (PFAS) in drinking water

The Water Quality Control Division will host our kickoff meeting on Thursday, Aug. 22, 2024, from 1 to 2:30 p.m to discuss the statewide adoption of the EPA’s PFAS National Primary Drinking Water Regulation under the Water Quality Control Commission’s Regulation No. 11. 

• Register for the PFAS kickoff meeting 

We invite all interested individuals to participate in the process but strongly encourage community and non-transient, non-community public water systems to attend. 

• Sign up through the PFAS drinking water rule engagement form if you would like to continue to receive email correspondence regarding this process.

PFAS Questions

What just happened with the PFAS rule?

On April 10, 2024 the Environmental Protection Agency (EPA) set maximum contaminant levels (MCLs) for five individual PFAS: PFOA, PFOS, PFNA, PFHxS, and HFPO-DA (known as GenX). The EPA is also setting a Hazard Index level for two or more of four PFAS as a mixture: PFNA, PFHxS, HFPO-DA, and PFBS.

Chemical	Maximum Contaminant Level Goal (MCLG)	Maximum Contaminant Level (MCL)
PFOA	0	4.0 ppt
PFOS	0	4.0 ppt
PFHxS	10 ppt	10 ppt
HFPO-DA (GenX Chemicals)	10 ppt	10 ppt
PFNA	10 ppt	10 ppt
Mixture of two or more: PFHxS, PFNA, HFPO-DA, and PFBS	Hazard Index of 1 (unitless)	Hazard Index of 1 (unitless)

Table 1. New federal PFAS Regulatory Levels

Definitions

Maximum Contaminant Level Goal (MCLG): The level of a contaminant in drinking water below which there is no known or expected risk to health and allows for an adequate margin of safety. MCLGs are non-enforceable public health goals.  

Maximum Contaminant Level (MCL): The highest level of a contaminant that is allowed in drinking water. MCLs are set as close to MCLGs as feasible using the best available treatment technology and taking cost into consideration. MCLs are enforceable standards.   

Parts per trillion (ppt):  A ppt is a measurement of the quantity of a substance in the air, water or soil. A concentration of one part per trillion means that there is one part of that substance for every one trillion parts of either air, water or soil in which it is contained. One part per trillion is equivalent to one nanogram per kilogram ng/L.

Hazard Index (HI): The Hazard Index is a long-established approach that EPA regularly uses to understand health risk from chemical mixture. The HI is made up of a sum of fractions. Each fraction compares the level of each PFAS measured in the water to the highest level determined not to have risk of health.

What is a Hazard Index?

Research shows that mixtures of PFAS can have additive health effects. This means that low levels of multiple PFAS that individually would not likely result in adverse health effects may pose health concerns when combined in a mixture. EPA’s Hazard Index MCL is set at 1 and applies to any mixture containing two or more of PFNA, PFHxS, PFBS, and GenX. The Hazard Index is made up of a sum of fractions. Each fraction compares the level of each PFAS measured in the water to the highest level below which there is no risk of health effects.

Is this going to impact my water system?

Community Water Systems and Non-Transient Non-Community Water Systems must comply with the PFAS drinking water MCLs. Consecutive community systems and NTNC systems must comply with the MCLs as well but the requirements are less extensive.

When will I see this on my Monitoring Schedule? When do I need to start sampling? Am I going to need to install treatment?

By the end of 2026: 

• Systems must conduct initial monitoring or obtain approval to use previously collected monitoring data
• States must adopt PFAS rule into state regs

Starting in 2027: 

• Systems must start their ongoing compliance monitoring
• There are opportunities for reduced monitoring depending on the system’s initial monitoring results
• Systems must include results of their monitoring for the regulated PFAS in their Consumer Confidence Reports
• Systems must start issuing public notification for any monitoring and testing procedure violations

By the end of 2028:

• Systems that detect PFAS above the new standards must implement solutions that reduce PFAS in their drinking water to below the MCLs to remain in compliance with the rule

Starting in 2029: 

• Systems must comply with all regulated PFAS MCLs
• Systems must provide public notification for violations of the PFAS MCLs

What treatment methods will remove PFAS?

• Granular activated carbon (GAC), ion exchange and reverse osmosis are the most common methods of removing PFAS from drinking water. 
• Most conventional drinking water treatment methods will not remove PFAS.
• Powdered activated carbon (PAC) may remove some PFAS but testing is required to confirm.
• PFAS is not removed by boiling.

How do I deal with PFAS treatment residuals?

The EPA released an interim disposal guidance for PFAS media, backwash water, and RO concentrate. Their current recommended methods are:

• Underground injection
• Landfill
• Thermal treatment/incineration - this is the best option but isn’t widely available yet. Note that exhausted GAC media can be thermally regenerated for non potable use. 
• Interim storage for high PFAS content materials.

Are there labs to do this testing? Is it expensive?

• Testing costs vary from lab to lab and typically range from about $300 to $600 per sample. Systems must use an approved test method (EPA 533 or EPA 537.1) Be aware that there are lower cost PFAS tests available and while these may be good for applications like testing a private well, they may not be acceptable for compliance purposes. 
• Systems can sign up for CDPHE’s grant program for initial PFAS monitoring or reach out to cdphe_wqcd_pfas_grant@state.co.us.
• All labs on the EPA’s list of labs certified for PFAS testing are acceptable for compliance purposes.

Where can I find more information?

• CDPHE's Water Quality PFAS website
• EPA’s Water Quality PFAS Website
• CDPHE's PFAS testing results in public water systems in Colorado

➽ Chelsea Cotton, Lead Drinking Water Engineer