Presentation on theme: "CROSS-CONNECTION CONTROL/BACKFLOW PREVENTION ELECTRONIC TEST SUBMITTAL Western Washington Cross Connection Control The Group By Randy Engle XC2 Software,"— Presentation transcript:
CROSS-CONNECTION CONTROL/BACKFLOW PREVENTION ELECTRONIC TEST SUBMITTAL Western Washington Cross Connection Control The Group By Randy Engle XC2 Software, LLC firstname.lastname@example.org On-line Test Submittal by Backflow Testing Contractors
“It will work just great” “It will be completely paperless” “It will reduce your labor by 50%” “It will be a seamless implementation” “This software will need virtually no IT resources”
“This software is completely user friendly” “This software practically runs itself” “This software is completely bug free” “This software doesn’t require any computer experience. “This software is totally intuitive”
“Does this software send notices automatically" “Does this software need to be monitored?” “Does this software need to be backed up?”
ELECTRONIC BACKFLOW TEST SUBMITTAL Is it possible? To Go from This
ELECTRONIC BACKFLOW TEST SUBMITTAL Is it possible? To This
ELECTRONIC BACKFLOW TEST SUBMITTAL What is it? The ability to successfully submit specific and accurate backflow test results data via the Internet to water purveyors, or their agents, using a desktop computer, laptop, tablet or mobile device/smartphone.
ELECTRONIC BACKFLOW TEST SUBMITTAL This includes validation of these results prior to acceptance and confirmation of receipt of these reports.
Can’t you just make it work Automatically? I really don’t want to have to think about it. I’m a plumber! Not a computer expert!
“AUTOMATICALLY” Let’s bring a little reality to the table. It may not work the way you “Assumed” it would. Who’s fault is that?
What does “Automatic” Mean? It means the more “automatic” it is, the more IT and other staff it takes to keep things operational “behind” the scenes. IT Staff What Needs to be done
Nobody is asking you to be a computer expert… But… if you are going to open up your system to outside, private contractors, there are several items to consider, to make sure that all is secure and will work the way that you need it to work. (Note: you could always hire someone to do this level of thinking for you… or get your IT folks involved.
Topics and Issues to Consider Why move away from handwritten test reports? What are the options for electronic test reporting? What are the benefits (and pitfalls) to the purveyor’s backflow program with electronic submittal? How do you control data integrity? How is security going to be managed?
How is testing contractor access and customer access to the system controlled? Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe. Need to provide some training for testing contractors to use the system Need to provide instant feedback to the testing contractor that what they are doing is correct or not. What might some of the complaints be from contractors and customers. Need to be prepared to handle this. Need some type of “I do hereby certify that this is true” Topics and Issues to Consider
Why move away from handwritten test reports? It takes too darn much time to enter them by hand! Can’t always read the tester’s writing Need to store the paper copies somewhere. They take up a lot of space and take time to file.
Why move away from handwritten test reports? If test reports are not entered in a timely fashion, then the customer may get sent an overdue notice that is not correct. Hence, making the customer unhappy, which in turn requires you to take the time to deal with the problem.
What are the options for electronic test entry? Write your own web-based software Purchase a pre-fab web-based system Subscribe to a “cloud” service (Multiple Options Available)
Write your own web based system Write it from the ground up Or Write it as a part of another system, e.g. Utility Billing You get exactly what you want (you hope) You will need to work with the programmer to create the specifications. You will need to provide all of the testing. Could take a long time to get up and running You are in control
Purchase a commercially packaged web based system You will need to fit how you run your program into the software. It might be quite configurable to how you need to do things or it could be customizable. You are in complete control of your data Your IT Dept needs to be involved One time cost (with annual maintenance and support)
Subscribe to a “cloud” service This has the most options available: Simple to Sophisticated: A.The service runs your entire program B.The service provides a web page for testers to enter test reports, and makes a report available to you. C.The service provides a web interface for you to run your program
Subscribe to a “cloud” service D.The service provides the web page for test entry, and maybe you can automatically receive the information back in your in-house database. E.The service provides the web page for test entry, and automatically “sends” the information back to your in- house database… And provides a mechanism for you to automatically update information on the website from your in-house system, e.g. tester information, customer information, new backflow locations and assembly information.
What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal? Benefits: Takes away a huge amount of time from hand entering tests and storing paper documents. Gets test reports entered in a timely fashion What else is there to say…
What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal? Pitfalls: A certain degree of control is given up. 3 rd parties are entering the test results and unless you review each entry, you need to trust that the system has enough controls on it to ensure data integrity. Some testers may not be happy about having to do this, or they may have trouble entering on the web, and be calling you a lot for assistance (or just to complain)
How do you control data integrity? Lots and Lots of Validations during time of entry: Test Report Values Tester Certifications and Licenses Date sensitive entry No dates in the “future” Tester must have been certified at time of test Special licenses and certifications must be met based upon the type/hazard of backflow being tested.
How do you control data integrity? All of the above should be handled (by the web software) at the time of entry, and the entry person (user) notified immediately if all of the conditions are not met. Still, someone will come up with some “creative” entries that the software developer hasn’t thought of yet.
How is website security going to be managed? If you are going to have your organization be the “Host” of the web server, the time is NOW to contact your IT dept and get them on board! There are two kinds of “Web Security” as are being discussed here.
How is website security going to be managed? 1.Security to keep hackers away from your servers and the data on them. These guys have little interest in the actual data on your system. They just want to hack in and cause havoc.
This is what your IT Dept needs to setup. You don’t do it. The software vendor doesn’t do it.
How is website security going to be managed? Security to keep unauthorized users from accessing parts of the system or data on the system that you don’t want them to access. For example, testing contractors searching in the database for potential new customers
How is testing contractor access and customer access to the system controlled? Users/Password: Everything on the web has unique user names and passwords these days. This needs to apply to your backflow program as well. Weak: User Name:abc Password: 123 Strong: User Name:AceBackflow Password: M785qm6$ You probably need to decide on something in-between
How is testing contractor access and customer access to the system controlled? The system needs to be configurable to require these levels of strength of user names and passwords: Length of User e.g. > 6 or 8 characters Strength of Password: Strongest: Require length of 8 characters Require Uppercase letter Require Lowercase letter Require Number Require “Special Character” e.g. $%#!, etc.
How is testing contractor access and customer access to the system controlled? Entering Test Results: Need to be able to look up backflow assemblies so that test results can be entered. How? So that testers can’t just lookup anything they want. 1.Provide a “Tester Access Code” for each customer, listing all associated backflow assemblies 2.Provide a PIN number for each backflow assembly that the tester must enter along with the backflow serial number
Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe. ? What the heck does “User Friendly” mean?
Need to provide some training for testing contractors. Roll out the system by starting with 1 or 2 testing companies that are on-board with your new system. Work with them to find any bumps and pitfalls to your new system
Need to provide some training for testing contractors. Set up 2 or 3 sessions at your location demonstrating how the new system will work. Demonstrate entering real world test reports Encourage the attendees to try it themselves at the training.
Make it obvious what to do: The address that the tester must enter to get to your site should be easy to remember
Make it obvious what to do: The first screen they see needs to be self- explanatory:
Make it obvious what to do. Not a lot of options, just follow the simple directions. Make sure it’s something familiar. Give them a way to sign in if they forget their password or user name.
Special Note about recovering passwords if they are forgotten. In a secure system, existing passwords are not recoverable, they have been “hashed” You could probably live a lifetime without knowing this, but this is what a password looks like in a secure computer system. 9dec17c501f72e6955e40d277bdcf1144cb77bc8b63 9beef675b43b9cae49b8b53829606dc9e999b2fff36a f1b53ba9be6961bc8f8f5e16ac5436e86704b4b64 The only people with the ability to decrypt something like this might be the NSA, CIA, etc.
Special Note about recovering passwords if they are forgotten. So… This means if someone forgets their password, the system needs to be able generate a new one and send it to them. Then you give them the option to change it once they log on again.
Make it obvious what to do. Secure but easy way to find the desired (and authorized) backflow assembly records Access Code is generated by the system. You include this code on the notice you send to the customer. Consider regenerating every year.
Make it obvious what to do. Have the user select an item from the list.
Make the entry screen look like a test form Don’t accept the entry unless they “Certify” that all information is true.
Provide instant feedback if something is not correct or complete.
Be sure to tell them if they did it correctly!
Follow up with an automatic email that the test was entered! Send to the tester AND the customer (if you have their email)
Someone needs to “Administer” your backflow program, including tester access to the system.
ELECTRONIC BACKFLOW TEST SUBMITTAL Do you think you are going to require individual testers to be the ones to actually submit their own test reports? If so, remember that this is basically unenforceable. As stated earlier, with a Log-In and Password, you can do just about anything. Challenges/Advantages
ELECTRONIC BACKFLOW TEST SUBMITTAL It really comes down a basic premise: Less Work for You vs. Control of your Program Decisions In House (Self Hosted) vs Subscribing to a service (out-sourced)
ELECTRONIC BACKFLOW TEST SUBMITTAL Tester Considerations What about backflow testers that don’t want to do submit my test results via the web? You will need to decide what your policy is going to be. Are you going to “REQUIRE” web entry
ELECTRONIC BACKFLOW TEST SUBMITTAL Tester Considerations Maybe give testers a “grace” period to get up to speed about entering test results via the web. Deal with the fallout from some testing contractors who give you grief because they don’t want to submit via the web.
ELECTRONIC BACKFLOW TEST SUBMITTAL Summary Decide if this is valuable for you Explore available options (Get References!) Get the backing you need, IT Dept., Upper Management, City Council, etc Notify the Testing Contractors that this is what you are going to do. Have a meeting/training with them. Document what your security considerations are. Do some testing to see what issues might arise
Randy Engle XC2 Software, LLC email@example.com Questions ?