Plan for identifying and mitigating cyber risk — exemption, when — inapplicability, when
Effective Aug 28, 2020(L. 2020 H.B. 2120)
- 1. Within twelve months of August 28, 2020, each community water system shall create a plan that establishes policies and procedures for identifying and mitigating cyber risk. The plan shall include risk assessments and implementation of appropriate controls to mitigate identified cyber risks.
- 2. Community water systems that do not use an internet-connected control system are exempt from the provisions of this section.
- 3. The provisions of this section shall not apply to any state parks, cities with a population of more than thirty thousand inhabitants, a county with a charter form of government and with more than six hundred thousand but fewer than seven hundred thousand inhabitants, a county with a charter form of government and with more than nine hundred fifty thousand inhabitants, or a public service commission regulated utility with more than thirty thousand customers.
(L. 2020 H.B. 2120)