cross-connection control/backflow prevention electronic test submittal western washington cross...

CROSS-CONNECTION CONTROL/BACKFLOW PREVENTION

ELECTRONIC TEST SUBMITTAL

Western Washington

Cross Connection Control

The Group

ByRandy Engle

XC2 Software, [email protected]

On-line Test Submittal by

Backflow Testing Contractors

• “It will work just great”

• “It will be completely paperless”

• “It will reduce your labor by 50%”

• “It will be a seamless

implementation”

• “This software will need virtually no

IT resources”

• “This software is completely user

friendly”

• “This software practically runs itself”

• “This software is completely bug free”

• “This software doesn’t require any

computer experience.

• “This software is totally intuitive”

• “Does this software send notices

automatically"

• “Does this software need to be

monitored?”

• “Does this software need to be backed

up?”

ELECTRONIC BACKFLOW TEST SUBMITTAL

Is it possible?

To Go from

This


Is it possible?

To This


What is it?

The ability to successfully submit specific

and accurate backflow test results data

via the Internet to water purveyors, or

their agents, using a desktop computer,

laptop, tablet or mobile

device/smartphone.


This includes validation of these results

prior to acceptance and confirmation of

receipt of these reports.

• Can’t you just make it work Automatically?

• I really don’t want to have to think about it.

• I’m a plumber! Not a computer expert!

“AUTOMATICALLY”

Let’s bring a little reality to the table.

It may not work the way you “Assumed” it would.

Who’s fault is that?

• What does “Automatic” Mean?

• It means the more “automatic” it is, the more IT and other staff it takes to keep things operational “behind” the scenes.

IT Staff

What Needs to be done

• Nobody is asking you to be a computer expert…

• But… if you are going to open up your system to outside, private contractors, there are several items to consider, to make sure that all is secure and will work the way that you need it to work.

• (Note: you could always hire someone to do this level of thinking for you… or get your IT folks involved.

Topics and Issues to Consider

• Why move away from handwritten test reports?

• What are the options for electronic test reporting?

• What are the benefits (and pitfalls) to the purveyor’s backflow program with electronic submittal?

• How do you control data integrity?

• How is security going to be managed?

• How is testing contractor access and customer access to the system controlled?

• Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe.

• Need to provide some training for testing contractors to use the system

• Need to provide instant feedback to the testing contractor that what they are doing is correct or not.

• What might some of the complaints be from contractors and customers. Need to be prepared to handle this.

• Need some type of “I do hereby certify that this is true”

Topics and Issues to Consider


• It takes too darn much time to enter them by hand!

• Can’t always read the tester’s writing

• Need to store the paper copies somewhere. They take up

a lot of space and take time to file.


• If test reports are not entered in a timely fashion, then the

customer may get sent an overdue notice that is not

correct. Hence, making the customer unhappy, which in

turn requires you to take the time to deal with the

problem.

What are the options for electronic test entry?

• Write your own web-based software

• Purchase a pre-fab web-based system

• Subscribe to a “cloud” service(Multiple Options Available)

• Write your own web based system

Write it from the ground up

Or

Write it as a part of another system, e.g. Utility Billing

You get exactly what you want (you hope)

You will need to work with the programmer to create

the specifications.

You will need to provide all of the testing.

Could take a long time to get up and running

You are in control

• Purchase a commercially packaged web based system

You will need to fit how you run your program into the

software.

It might be quite configurable to how you need to do

things or it could be customizable.

You are in complete control of your data

Your IT Dept needs to be involved

One time cost (with annual maintenance and support)

• Subscribe to a “cloud” service

This has the most options available:

Simple to Sophisticated:

A. The service runs your entire program

B. The service provides a web page for testers to

enter test reports, and makes a report available

to you.

C. The service provides a web interface for you to

run your program

• Subscribe to a “cloud” service

D. The service provides the web page for test entry, and

maybe you can automatically receive the information back

in your in-house database.

E. The service provides the web page for test entry, and

automatically “sends” the information back to your in-house

database…

• And provides a mechanism for you to automatically update

information on the website from your in-house system, e.g.

tester information, customer information, new backflow

locations and assembly information.

What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal?

Benefits:

• Takes away a huge amount of time from hand entering

tests and storing paper documents.

• Gets test reports entered in a timely fashion

• What else is there to say…

What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal?

Pitfalls:

• A certain degree of control is given up. 3rd parties are

entering the test results and unless you review each

entry, you need to trust that the system has enough

controls on it to ensure data integrity.

Some testers may not be happy about having to do this, or

they may have trouble entering on the web, and be calling

you a lot for assistance (or just to complain)


• Lots and Lots of Validations during time of entry:

• Test Report Values

• Tester Certifications and Licenses

• Date sensitive entry

• No dates in the “future”

• Tester must have been certified at time of test

• Special licenses and certifications must be met based

upon the type/hazard of backflow being tested.


• All of the above should be handled (by the web software)

at the time of entry, and the entry person (user) notified

immediately if all of the conditions are not met.

• Still, someone will come up with some “creative”

entries that the software developer hasn’t thought of

yet.

How is website security going to be managed?

• If you are going to have your organization be the

“Host” of the web server, the time is NOW to

contact your IT dept and get them on board!

• There are two kinds of “Web Security” as are being

discussed here.


1. Security to keep hackers away from your

servers and the data on them. These guys have little

interest in the actual data on your system. They just

want to hack in and cause havoc.

This is what your IT Dept needs to setup.You don’t do it.The software vendor doesn’t do it.


Security to keep unauthorized users from accessing

parts of the system or data on the system that you

don’t want them to access.

For example, testing contractors searching in the

database for potential new customers


Users/Password:• Everything on the web has unique user names and

passwords these days.• This needs to apply to your backflow program as

well.

• Weak:• User Name:abc• Password: 123

• Strong:• User Name:AceBackflow• Password: M785qm6$

• You probably need to decide on something in-between


The system needs to be configurable to require these levels of strength of user names and passwords:

Length of Usere.g. > 6 or 8 characters

Strength of Password:Strongest:Require length of 8 charactersRequire Uppercase letterRequire Lowercase letterRequire NumberRequire “Special Character” e.g. $%#!, etc.


Entering Test Results:

Need to be able to look up backflow assemblies so that test results can be entered.

How? So that testers can’t just lookup anything they want.

1. Provide a “Tester Access Code” for each customer, listing all associated backflow assemblies

2. Provide a PIN number for each backflow assembly that the tester must enter along with the backflow serial number

• Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe.

?• What the heck does “User Friendly” mean?

• Need to provide some training for testing contractors.

• Roll out the system by starting with 1 or 2 testing companies that are on-board with your new system.

• Work with them to find any bumps and pitfalls to your new system

• Need to provide some training for testing contractors.

• Set up 2 or 3 sessions at your location demonstrating how the new system will work.

• Demonstrate entering real world test reports

• Encourage the attendees to try it themselves at the training.

• Make it obvious what to do:

The address that the tester must enter to get to your site should be easy to remember

• Make it obvious what to do:

• The first screen they see needs to be self-explanatory:

• Make it obvious what to do.

• Not a lot of options, just follow the simple directions. Make sure it’s something familiar.

• Give them a way to sign in if they forget their password or user name.

• Special Note about recovering passwords if they are forgotten.

• In a secure system, existing passwords are not recoverable, they have been “hashed”

• You could probably live a lifetime without knowing this, but this is what a password looks like in a secure computer system.

9dec17c501f72e6955e40d277bdcf1144cb77bc8b639beef675b43b9cae49b8b53829606dc9e999b2fff36af1b53ba9be6961bc8f8f5e16ac5436e86704b4b64

The only people with the ability to decrypt something like this might be the NSA, CIA, etc.

• Special Note about recovering passwords if they are forgotten.

• So…

• This means if someone forgets their password, the system needs to be able generate a new one and send it to them.

• Then you give them the option to change it once they log on again.


• Secure but easy way to find the desired (and authorized) backflow assembly records

• Access Code is generated by the system.• You include this code on the notice you send to

the customer.

• Consider regenerating every year.


• Have the user select an item from the list.

• Make the entry screen look like a test form

• Don’t accept the entry unless they “Certify” that all information is true.

• Provide instant feedback if something is not correct or complete.

• Be sure to tell them if they did it correctly!

• Follow up with an automatic email that the test was entered! Send to the tester AND the customer (if you have their email)

• Someone needs to “Administer” your backflow program, including tester access to the system.


Do you think you are going to require

individual testers to be the ones to actually

submit their own test reports?

If so, remember that this is basically

unenforceable.

As stated earlier, with a Log-In and Password,

you can do just about anything.

Challenges/Advantages


It really comes down a basic premise:

Less Work for You

vs. Control of your Program

Decisions

In House (Self Hosted)

vs

Subscribing to a service (out-sourced)


Tester Considerations What about backflow testers that don’t

want to do submit my test results via the web?

You will need to decide what your policy is going to be.

Are you going to “REQUIRE” web entry


Tester Considerations

Maybe give testers a “grace” period to get

up to speed about entering test results via

the web.

Deal with the fallout from some testing

contractors who give you grief because

they don’t want to submit via the web.


Summary Decide if this is valuable for you

Explore available options (Get References!)

Get the backing you need, IT Dept., Upper Management, City Council, etc

Notify the Testing Contractors that this is what you are going to do. Have a meeting/training with them.

Document what your security considerations are.

Do some testing to see what issues might arise

Randy Engle

XC2 Software, LLC

[email protected]

Questions?

cross-connection control/backflow prevention electronic test submittal western washington cross...

Documents