Presentation on theme: "Cross-Connection Control/Backflow Prevention ELECTRONIC TEST SUBMITTAL"— Presentation transcript:
1Cross-Connection Control/Backflow Prevention ELECTRONIC TEST SUBMITTAL On-line Test Submittal byBackflow Testing ContractorsWestern WashingtonCross Connection ControlThe GroupByRandy EngleXC2 Software, LLC
2“It will work just great” “It will be completely paperless”“It will reduce your labor by 50%”“It will be a seamless implementation”“This software will need virtually no IT resources”
3“This software is completely user friendly” “This software practically runs itself”“This software is completely bug free”“This software doesn’t require any computer experience.“This software is totally intuitive”
4“Does this software send notices automatically" “Does this software need to be monitored?”“Does this software need to be backed up?”
5Electronic Backflow Test Submittal Is it possible?To Go fromThis
6Electronic Backflow Test Submittal Is it possible?To This
7Electronic Backflow Test Submittal What is it?The ability to successfully submit specific and accurate backflow test results data via the Internet to water purveyors, or their agents, using a desktop computer, laptop, tablet or mobile device/smartphone.
8Electronic Backflow Test Submittal This includes validation of these results prior to acceptance and confirmation of receipt of these reports.
9Can’t you just make it work Automatically? I really don’t want to have to think about it.I’m a plumber! Not a computer expert!
10Let’s bring a little reality to the table. “AutomaticAlly”Let’s bring a little reality to the table.It may not work the way you “Assumed” it would.Who’s fault is that?
11What Needs to be done What does “Automatic” Mean? IT StaffWhat does “Automatic” Mean?It means the more “automatic” it is, the more IT and other staff it takes to keep things operational “behind” the scenes.
12Nobody is asking you to be a computer expert… But… if you are going to open up your system to outside, private contractors, there are several items to consider, to make sure that all is secure and will work the way that you need it to work.(Note: you could always hire someone to do this level of thinking for you… or get your IT folks involved.
13Topics and Issues to Consider Why move away from handwritten test reports?What are the options for electronic test reporting?What are the benefits (and pitfalls) to the purveyor’s backflow program with electronic submittal?How do you control data integrity?How is security going to be managed?
14Topics and Issues to Consider How is testing contractor access and customer access to the system controlled?Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe.Need to provide some training for testing contractors to use the systemNeed to provide instant feedback to the testing contractor that what they are doing is correct or not.What might some of the complaints be from contractors and customers. Need to be prepared to handle this.Need some type of “I do hereby certify that this is true”
15Why move away from handwritten test reports? It takes too darn much time to enter them by hand!Can’t always read the tester’s writingNeed to store the paper copies somewhere. They take up a lot of space and take time to file.
16Why move away from handwritten test reports? If test reports are not entered in a timely fashion, then the customer may get sent an overdue notice that is not correct. Hence, making the customer unhappy, which in turn requires you to take the time to deal with the problem.
17Write your own web-based software What are the options for electronic test entry?Write your own web-based softwarePurchase a pre-fab web-based systemSubscribe to a “cloud” service(Multiple Options Available)
18Write your own web based system Write it from the ground upOrWrite it as a part of another system, e.g. Utility BillingYou get exactly what you want (you hope)You will need to work with the programmer to create the specifications.You will need to provide all of the testing.Could take a long time to get up and runningYou are in control
19Purchase a commercially packaged web based system You will need to fit how you run your program into the software.It might be quite configurable to how you need to do things or it could be customizable.You are in complete control of your dataYour IT Dept needs to be involvedOne time cost (with annual maintenance and support)
20Subscribe to a “cloud” service This has the most options available:Simple to Sophisticated:A. The service runs your entire programB. The service provides a web page for testers to enter test reports, and makes a report available to you.The service provides a web interface for you to run your program
21Subscribe to a “cloud” service The service provides the web page for test entry, and maybe you can automatically receive the information back in your in-house database.E. The service provides the web page for test entry, and automatically “sends” the information back to your in- house database…And provides a mechanism for you to automatically update information on the website from your in-house system, e.g. tester information, customer information, new backflow locations and assembly information.
22What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal? Takes away a huge amount of time from hand entering tests and storing paper documents.Gets test reports entered in a timely fashionWhat else is there to say…
23What are the benefits (and downsides) to the purveyor’s backflow program with electronic submittal? Pitfalls:A certain degree of control is given up. 3rd parties are entering the test results and unless you review each entry, you need to trust that the system has enough controls on it to ensure data integrity.Some testers may not be happy about having to do this, or they may have trouble entering on the web, and be calling you a lot for assistance (or just to complain)
24How do you control data integrity? Lots and Lots of Validations during time of entry:Test Report ValuesTester Certifications and LicensesDate sensitive entryNo dates in the “future”Tester must have been certified at time of testSpecial licenses and certifications must be met based upon the type/hazard of backflow being tested.
25How do you control data integrity? All of the above should be handled (by the web software) at the time of entry, and the entry person (user) notified immediately if all of the conditions are not met.Still, someone will come up with some “creative” entries that the software developer hasn’t thought of yet.
26How is website security going to be managed? If you are going to have your organization be the “Host” of the web server, the time is NOW to contact your IT dept and get them on board!There are two kinds of “Web Security” as are being discussed here.
27How is website security going to be managed? 1. Security to keep hackers away from your servers and the data on them. These guys have little interest in the actual data on your system. They just want to hack in and cause havoc.
28This is what your IT Dept needs to setup. You don’t do it.The software vendor doesn’t do it.
29How is website security going to be managed? Security to keep unauthorized users from accessing parts of the system or data on the system that you don’t want them to access.For example, testing contractors searching in the database for potential new customers
30Everything on the web has unique user names and passwords these days. How is testing contractor access and customer access to the system controlled?Users/Password:Everything on the web has unique user names and passwords these days.This needs to apply to your backflow program as well.Weak:User Name: abcPassword:Strong:User Name: AceBackflowPassword: M785qm6$You probably need to decide on something in-between
31How is testing contractor access and customer access to the system controlled? The system needs to be configurable to require these levels of strength of user names and passwords:Length of Usere.g. > 6 or 8 charactersStrength of Password:Strongest:Require length of 8 charactersRequire Uppercase letterRequire Lowercase letterRequire NumberRequire “Special Character” e.g. $%#!, etc.
32How is testing contractor access and customer access to the system controlled? Entering Test Results:Need to be able to look up backflow assemblies so that test results can be entered.How? So that testers can’t just lookup anything they want.Provide a “Tester Access Code” for each customer, listing all associated backflow assemblies2. Provide a PIN number for each backflow assembly that the tester must enter along with the backflow serial number
33Need to make it “user friendly” so testing contractors will accept it in a reasonable timeframe. ?What the heck does “User Friendly” mean?
34Need to provide some training for testing contractors. Roll out the system by starting with 1 or 2 testing companies that are on-board with your new system.Work with them to find any bumps and pitfalls to your new system
35Need to provide some training for testing contractors. Set up 2 or 3 sessions at your location demonstrating how the new system will work.Demonstrate entering real world test reportsEncourage the attendees to try it themselves at the training.
36Make it obvious what to do: The address that the tester must enter to get to your site should be easy to remember
37Make it obvious what to do: The first screen they see needs to be self-explanatory:
38Make it obvious what to do. Not a lot of options, just follow the simple directions. Make sure it’s something familiar.Give them a way to sign in if they forget their password or user name.
39Special Note about recovering passwords if they are forgotten. In a secure system, existing passwords are not recoverable, they have been “hashed”You could probably live a lifetime without knowing this, but this is what a password looks like in a secure computer system.9dec17c501f72e6955e40d277bdcf1144cb77bc8b639beef675b43b9cae49b8b dc9e999b2fff36af1b53ba9be6961bc8f8f5e16ac5436e86704b4b64The only people with the ability to decrypt something like this might be the NSA, CIA, etc.
40Then you give them the option to change it once they log on again. Special Note about recovering passwords if they are forgotten.So…This means if someone forgets their password, the system needs to be able generate a new one and send it to them.Then you give them the option to change it once they log on again.
41Make it obvious what to do. Secure but easy way to find the desired (and authorized) backflow assembly recordsAccess Code is generated by the system.You include this code on the notice you send to the customer.Consider regenerating every year.
42Make it obvious what to do. Have the user select an item from the list.
43Make the entry screen look like a test form Don’t accept the entry unless they “Certify” that all information is true.
44Provide instant feedback if something is not correct or complete.
46Follow up with an automatic email that the test was entered Follow up with an automatic that the test was entered! Send to the tester AND the customer (if you have their )
47Someone needs to “Administer” your backflow program, including tester access to the system.
48Electronic Backflow Test Submittal Challenges/AdvantagesDo you think you are going to require individual testers to be the ones to actually submit their own test reports?If so, remember that this is basically unenforceable.As stated earlier, with a Log-In and Password, you can do just about anything.
49Electronic Backflow Test Submittal DecisionsIn House (Self Hosted)vsSubscribing to a service (out-sourced)It really comes down a basic premise:Less Work for Youvs. Control of your Program
50Electronic Backflow Test Submittal Tester ConsiderationsWhat about backflow testers that don’t want to do submit my test results via the web?You will need to decide what your policy is going to be.Are you going to “REQUIRE” web entry
51Electronic Backflow Test Submittal Tester ConsiderationsMaybe give testers a “grace” period to get up to speed about entering test results via the web.Deal with the fallout from some testing contractors who give you grief because they don’t want to submit via the web.
52Electronic Backflow Test Submittal SummaryDecide if this is valuable for youExplore available options (Get References!)Get the backing you need, IT Dept., Upper Management, City Council, etcNotify the Testing Contractors that this is what you are going to do. Have a meeting/training with them.Document what your security considerations are.Do some testing to see what issues might arise