It’s 2 a.m. A main transmission line just failed. Raw water is flooding a residential neighborhood. Your emergency response plan says to notify the state agency within two hours, coordinate with your operations team, and activate backup systems.
But your phone system runs on VoIP. The server that hosts your contact lists and notification templates is down. Your SCADA system — the one that controls valve positions and pump stations — can’t be accessed remotely because the VPN connection depends on a firewall that hasn’t been patched in eight months. And the digital copy of your ERP? It’s on a shared drive that nobody can reach.
The binder on the shelf in the operations manager’s office has a printed copy. But half the phone numbers are outdated, and the procedures reference systems that no longer exist.
Your ERP just failed. Not because of the pipe break. Because of IT.
The Problem Nobody Talks About
Under the America’s Water Infrastructure Act (AWIA), community water systems serving more than 3,300 people must complete a Risk and Resilience Assessment and develop or update an Emergency Response Plan. The EPA requires these plans to address physical security, cybersecurity, monitoring practices, chemical handling, and financial infrastructure.
Most engineering firms treat this as a facilities exercise. The ERP covers pump failures, contamination events, natural disasters, and power outages. It maps out who to call, what to shut down, and how to notify the public.
That’s all necessary. But it misses something fundamental.
Every one of those response actions depends on IT systems. Communication depends on email servers, phone systems, and mass notification platforms. Coordination depends on document access and shared systems. Monitoring depends on SCADA networks and remote sensors. Public notification depends on websites and automated alerting tools.
If your IT infrastructure fails during an emergency — or worse, if the emergency is a cyberattack — your carefully documented response procedures become unusable.
Why This Gap Matters
Three things happen when your ERP ignores IT dependencies.
You have a compliance exposure. The EPA’s guidance for AWIA ERPs explicitly includes cybersecurity and electronic communication systems. An ERP that doesn’t address IT system failures, backup communication methods, or data recovery procedures has a gap that an auditor can identify. Your Risk and Resilience Assessment is supposed to feed directly into your ERP. If the assessment identified cyber risks but the ERP doesn’t address them, that disconnect is a finding.
You can’t actually respond. An ERP is only useful if it can be executed under stress, by real people, during a real crisis. If your notification chain requires email and your email is down, you don’t have a notification chain. If your SCADA historian is the only place that stores pre-event baseline data, and you can’t access it, your operators are making decisions blind. Response effectiveness drops fast when the tools you planned around aren’t available.
You lose time you don’t have. Water emergencies move quickly. Contamination events, infrastructure failures, and cyberattacks all have tight windows for effective response. The GAO has reported that water utilities face escalating cyber threats and many lack adequate incident response capabilities. Every minute spent figuring out workarounds for failed IT systems is a minute not spent on the actual emergency.
What a Complete ERP Looks Like
An ERP that accounts for IT systems doesn’t need to be twice as long. It needs to answer a few additional questions.
Communication redundancy. If your primary communication method fails, what’s the backup? This means identifying your phone system, email platform, and mass notification tool — and then documenting an alternative for each. Cell phones with a printed call tree. A secondary email service. A text-based notification system that doesn’t depend on your primary network.
SCADA and operational technology continuity. Your ERP should acknowledge that SCADA systems can fail or be compromised. Document manual override procedures for critical controls. Identify which operations can continue without remote monitoring and which require on-site presence. If your SCADA network is separate from your business network, say so. If it isn’t, that’s a risk your assessment should have flagged.
Data backup and access. Your ERP itself, along with contact lists, system diagrams, chemical inventories, and regulatory notification templates, should be accessible even if your primary network is down. Cloud-based backup with offline copies. USB drives in a secure location. Printed essentials in a go-bag. Whatever works for your organization — but it has to be deliberate, not accidental.
IT incident as a trigger event. Most ERPs list trigger events like natural disasters, contamination, and equipment failure. A cyberattack or major IT outage should be on that list with its own response procedures. Who do you call? How do you isolate affected systems? How do you maintain water service while IT systems are being restored?
What You Can Do This Quarter
You don’t need to rewrite your entire ERP. Start with these steps.
1. Map your IT dependencies. Walk through each section of your current ERP and ask: what technology does this step require? List every system — phone, email, VPN, SCADA, document storage, notification platforms. You’ll probably find dependencies you didn’t realize existed.
2. Add a communication backup plan. For every primary communication channel in your ERP, document a backup that works on a completely separate infrastructure. If your VoIP phones and email both run through the same internet connection, your backup needs to be independent of that connection.
3. Put a copy of your ERP somewhere your network can’t touch. Cloud storage with offline sync. A printed copy that gets updated quarterly. A secure USB drive in the plant manager’s desk. The format matters less than the habit of keeping it current.
4. Run a tabletop exercise that starts with “IT is down.” Most tabletop exercises assume systems are working and test whether people know the procedures. Flip it. Start the scenario with a network outage or ransomware event and see whether your team can still execute the plan.
One More Thing
AWIA compliance isn’t a one-time checkbox. Your Risk and Resilience Assessment and ERP need to be reviewed and updated on a five-year cycle, and the EPA expects them to reflect your current infrastructure — including your current IT environment.
If your IT systems have changed since your last assessment — new phone system, new SCADA vendor, migration to cloud services, new remote access tools — your ERP should reflect those changes.
If your firm could use a hand evaluating whether your IT systems are properly accounted for in your emergency response planning, we’re happy to walk through it with you. No audit, no pressure — just a conversation about where the gaps might be. Get in touch whenever you’re ready.
