Effective - 28 Aug 2020
640.142. Plan for identifying and mitigating cyber risk — exemption, when — inapplicability, when. — 1. Within twelve months of August 28, 2020, each community water system shall create a plan that establishes policies and procedures for identifying and mitigating cyber risk. The plan shall include risk assessments and implementation of appropriate controls to mitigate identified cyber risks.
2. Community water systems that do not use an internet-connected control system are exempt from the provisions of this section.
3. The provisions of this section shall not apply to any state parks, cities with a population of more than thirty thousand inhabitants, a county with a charter form of government and with more than six hundred thousand but fewer than seven hundred thousand inhabitants, a county with a charter form of government and with more than nine hundred fifty thousand inhabitants, or a public service commission regulated utility with more than thirty thousand customers.
--------
(L. 2020 H.B. 2120)