Guidance for Small Community Water Systems on
Risk and Resilience Assessments under America’s Water Infrastructure Act
2
• June 30, 2021 for systems serving more than 3,300 but less than 50,000
NOTE: Water systems do not submit the actual assessment to EPA. Visit EPA’s informational page on How to
Certify Your Risk and Resilience Assessment or ERP for instructions. Every ve years, CWSs must review the
risk and resilience assessment, revise it as needed, and provide` a new certication to EPA.
What are Risk and Resilience in a Water System?
• Risk to critical infrastructure, including water systems, is a function of threat likelihood, vulnerability,
and consequence.
• Threat can be a malevolent act, like a cyber-attack or process sabotage, or a natural hazard, such as a
ood or hurricane.
• Threat likelihood is the probability that a malevolent act will be carried out against the water system
or that a natural hazard will occur.
• Vulnerability is a weakness that can be exploited by an adversary or impacted by a natural hazard. It is
the probability that if a malevolent act or a natural hazard occurred, then the water system would suer
signicant adverse impacts.
• Consequences are the magnitude of loss that would ensue if a threat had an adverse impact against a
water system. Consequences may include:
• Economic loss to the water system from damage to utility assets;
• Economic loss to the utility service area from a service disruption, and
• Severe illness or deaths that could result from water system contamination, a hazardous gas release,
or other hazard involving the water system.
• Resilience is the capability of a water system to maintain operations or recover when a malevolent act or a
natural hazard occurs.
• Countermeasures are steps that a water system implements to reduce risk and increase resilience. They
may include plans, equipment, procedures, and other measures.
How does a Community Water System Assess Risk and
Resilience Under AWIA?
Tables 1a – 10b in the Risk and Resilience Assessment Checklist (see llable checklist below on page 4) list the
categories of water system assets that you must assess under AWIA. In all tables (i.e., for all asset categories),
do the following:
1. Select only the malevolent acts from those listed in the table that pose a signicant risk to the asset
category at the CWS. You may write-in malevolent acts not listed in the table.
a. Focus the selection of malevolent acts on those that are prevalent in the United States (e.g., cyber-
attacks), can exploit vulnerabilities at the CWS (e.g., known security gaps), and have the potential for
signicant economic or public health consequences (e.g., contamination).
NOTE: EPA’s Baseline Information on Malevolent Acts Relevant to Community Water Systems assists
water systems with estimating the likelihood of these malevolent acts and provides resources for
additional information.