MARCH 25, 2024 - ADMINISTRATIVE COMPLIANCE ORDER
On January 9, 2024, EPA completed an onsite inspection of Respondent's public water system. During the inspection, the EPA inspection team requested that the Respondent produce its RRA and ERP, which it is required to maintain onsite pursuant to Section 1433(d) of the SDWA.
During the review of the RRA, the EPA inspection team determined that the RRA did not contain an assessment of the risks to, and resilience of, the financial infrastructure of the System as required by Section 1433(a) of the SDWA.
During the review of the ERP, the EPA inspection team determined that the System?s ERP was last updated in 2019, which predates the System?s certification of the RRA in June 2021. The ERP therefore did not incorporate the findings of the RRA as required by Section 1433(b) of the SDWA.
The EPA inspection team also determined that the ERP did not include strategies and resources to improve the resilience of the system, including the physical security of cybersecurity of the system, nor strategies that can be used to aid in the detection of malevolent acts or natural hazards that threaten the security or resilience of the system as required by Sections 1433(b)(1) and (4) of the SDWA.
Therefore, the EPA alleges that Respondent failed to comply with Sections 1433(a) and (b) of the SDWA, 42 U.S.C. ? 300i-2(a) and (b), by certifying an incomplete RRA and ERP to the EPA.
Based on the foregoing FINDINGS, and pursuant to th