The URL can be used to link to this page

R03-063 RESOLUTION NO. R03- 0(0'3 A RESOLUTION OF THE CITY COMMISSION OF THE CITY OF BOYNTON BEACH, FLORIDA, AUTHORIZING EXECUTION OF A TASK ORDER NO. 01-07 FOR METCALF & EDDY, IN THE AMOUNT NOT TO EXCEED $70,092.00 FOR ENGINEERING SERVICES FOR THE PREPARATION OF THE UTILITIES DEPARTMENT VULNERABILITY ASSESSMENT (VA) TO COMPLY WITH REQUIREMENTS OF THE UNITED STATES ENVIRONMENTAL PROTECTION AGENCY (EPA); AND PROVIDING AN EFFECTIVE DATE. WHEREAS, the purpose of conducting a VA is to identify components of our utility system that may be vulnerable to acts of vandalism or terrorism that can lead to a loss of atility service, which is a recent mandate of the EPA; and WHEREAS, the City Commission upon recommendation of staff, deems it appropriate to approve Task Order 01-07 with Utilities General Engineering consultants Metcalf & Eddy, Inc., in an mount not to exceed $70,092, for the preparation of the Utilities Department Vulnerability Assessment (VA) to comply with requirements of the United States Environmental Protection Agency (EPA). NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF THE CITY OF BOYNTON BEACH, FLORIDA, THAT: Section 1. The foregoing "Whereas" clauses are hereby ratified and confirmed as ~eing true and correct and are hereby made a specific part of this Resolution upon adoption hereof. Section 2. hereby authorize and direct execution of Task Order No. 01-07 amount not to exceed $70,092.00. Section 3. The City Commission of the City of Boynton Beach, Florida does for Metcalf & Eddy, in an This Resolution shall become effective immediately upon passage. S:\CA\RESO~Agreements\Task - Change Orders\Task Order - Metcalf & Eddy - 01-07.doc PASSED AND ADOPTED this I~' day of April, 2003. j~21erk Vice ~:\CA\RESO~Agreements\Task - Change Orders\Task Order - Metcalf & Eddy - 01-07.doc TASK ORDER #01-07 March 19, 2003 FEE PROPOSAL AND SCOPE OF SERVICES CITY OF BOYNTON BEACH UTILITIES SYSTEM VULNERABILITY ASSESSMENT Introduction The proposed work will be conducted based on the Risk Assessment Methodology for Water Utilities developed at Sandia National Laboratories, to meet the requirements of the American Water Works Association Research Foundation (AWWARF) and the United States Environmental Protection Agency (EPA). The Sandia Methodology addresses the various tasks and subtasks identified in the program established by the EPA for large drinking water vulnerability assessment (VA) grants, and is likely to become the standard for the water works industry. Concurrent to the facility characterization process for the water system, representative facilities in the wastewater collection and pumping system will also be evaluated. The representative facilities consist of those identified as 'critical' during City interviews. Back~round Following the events of September 11, 2001 the EPA received a supplemental appropriation to improve the safety and security of the Nation's water supply. The funding is intended to reduce the vulnerability of water utilities to terrorists attacks and to enhance their security and ability to respond to emergency situations. The EPA solicited grant applications to encourage and assist large, publicly-owned drinking water systems to perform VAs of their facilities. The EPA's objective is to help make drinking water systems across the United States as safe as possible within the shortest possible time frame. All grant applications from public water utilities that serve populations over 100,000 were considered for award. The Public Health, Security, and Bioterrorism Preparedness and Response Act ("Bioterrorism Act"), signed into law in June of 2002, includes provisions to help safeguard the nation's public drinking water systems against terrorist and other intentional acts. This new legislation delineates community drinking water systems according to population served, and lists deadlines for vulnerability assessments and emergency response plans. The completion deadlines for systems serving between 50,000 and 99,999 people are December 31, 2003 for the vulnerability assessment and June 30, 2004 for the 1 emergency response plan. The City of Boynton Beach's (City) public water system serves approximately 90,000 people. As part of the work proposed herein, M&E will continue to monitor developments with respect to EPA funding, and inform the City of these developments. An optional task has been included to assist the City in the preparation of the grant application. Overview The City has proposed to conduct a VA, evaluate various levels of security enhancements, and assess alternatives for implementation of cost effective security improvements and/or consequence mitigation measures for the utilities system - with a primary focus on the water system. The overall approach to the VA is as follows. · Planning. Review the City's overall utility mission and develop and evaluate critical mission objectives. Mission objectives are then ranked and used to prioritize the City's facilities. Threat assessment. Identify what and who the City is protecting against. · Facility characterization. Identify the critical assets in the prioritized facilities. Create a consequence table that allows the most critical assets to be identified. · System effectiveness evaluation. Consider adversary strategies and worst-case scenarios to evaluate the current system of asset protection. · Risk management. Calculate the current level of risk, and if the risk is considered too high, propose measures to reduce the risk. The calculated risk level varies in direct proportion to the probability of attack and the consequences of an attack, and in inverse proportion to the effectiveness of existing asset protection systems. Since the City cannot control the probability of attack, it will ultimately focus its efforts on the factors it can control - the effectiveness of protection systems, and the mitigation of consequences. Each phase of the work is outlined in further detail below and is based on Sandia Methodology. Note that the evaluation of the wastewater facilities will be conducted during the facility characterization phase, with the intent of generating security-related recommendations for representative facilities, and will not follow the overall Sandia process used for water facilities. It is expected that findings with respect to wastewater may be helpful in addressing probable future regulatory requirements in this area, although the final form of such requirements is not yet known. It is emphasized that the process must be conducted in a highly sequential manner, since the later phases cannot be properly performed unless prior phases have been completed and consensus developed with respect to findings. Moreover, the active and sustained participation on the City side of both "decision-makers" such as utility directors, and "subject matter experts" such as key operations and maintenance staff, is essential to the process. As evident from the outline provided above, such individuals are needed as part 2 of the Project Team to prioritize and decide key issues involving the mission and assets of the water utility. Prior to initiating the first phase of the project, the list of Project Team participants from the City will need to be defined. Concerning the participation of City personnel from outside the utility, representatives of fire and police departments will be consulted briefly with respect to response-related issues. The participation of other non-utility personnel is not needed for successful execution of the work. SCOPE OF SERVICES 1.0 Project Management Project Management activities comprise contract administration, coordination of project staff, monitoring of progress and project costs throughout the project duration. 2.0 Planning and Threat Assessment 2.1 Phase 1 - Planning Planning is the first phase in the VA process, and will consist of the following subtasks. 2.1.1 Define mission objectives The first part of planning is to understand the City's overall utility mission and mission objectives. For example, a prioritized list of mission objectives may be to maintain adequate pressure for fire protection and other public safety uses, maintain adequate volumetric water supply, maintain reasonable costs for water supply, serve critical customers such as hospitals, and maintain potable-quality water. 2.1.2 Define and rank criteria Based on the mission objectives, criteria will be defined such as capacity, geographic extent, critical customers, and quality. The criteria will then be ranked using a process of pair-wise comparison. 2.1.3 Rank facilities The City's water utility facilities will then be ranked using the criteria from the previous subtask, and the result will be a facility that will stand out as most important when all mission areas are considered. 3 2.1.4 Prepare Summary Memorandum No. 1 The product of this subtask will be a concise memorandum to summarize the work conducted under the planning phase. This memorandum will address the team selection and the agreed-upon mission objectives, prioritized criteria, and prioritized facilities. The memorandum will also identify the facilities selected for subsequent analysis under this scope of work. 2.1.5 Planning phase approach and importance The prioritized mission objectives, prioritized criteria, and facility ranking will be defined through a full-day, workshop-type meeting involving senior management from the City's water utility. M&E will suggest the type of attendees who may be needed, and will also provide review materials to attendees before this meeting to allow advance consideration of the issues and thereby facilitate productive use of the limited workshop time. An introductory overview of the VA process will also be provided at this first workshop. This workshop will be one day in duration. Since available funding may not allow subsequent analysis of every facility, M&E's subsequent efforts under this scope of work will be focused on representative facilities selected from the prioritized list of facilities. The planning phase will result in the selection of representative facilities for detailed analysis. 2.2 Phase 2 - Threat assessment Threat assessment is the second phase in the VA process, and will consist of the following subtasks. 2.2.1 Define design basis threat The design basis threat (DBT) is the portion of the threat spectrum that the utility will try to protect against. The DBT must be considered and defined by management before a detailed assessment is initiated, to avoid time and resources being wasted on the collection of data not useful for the analysis. The subsequent subtasks of the VA rely heavily on the clear definition of the DBT. For example, the consequences of an event, and the assessment of effectiveness for the existing asset protection systems, depend on the capabilities that are assigned to an adversary. The likelihood of attack is also evaluated based on the DBT. Examples ofa DBT include both outsiders (vandalism, demonstrators, activists, extremists, terrorists, criminals, and computer hackers) and insiders (disgruntled employees, psychotics, criminals, and terrorists). The different categories of DBT are likely to use different approaches, have different levels of knowledge concerning the utility's systems and operations, and have different objectives. While the process of discussing and evaluating the various DBTs is valuable to the utility, M&E assumes that the City's primary reason for conducting the VA is to assess vulnerabilities to a possible terrorist threat (based on EPA requirements). Accordingly, this proposed scope of work allocates only a limited amount of time to the process of defining the DBT. This process will include a review and discussion of the various classes of DBT and the different attributes ("attributes" include probable number of adversaries, tactics, weapons, technical skills and knowledge, financial resources, potential for collusion with an insider, and so on), but will then focus on the DBT involving a terrorist adversary. It should also be noted that, while the characterizations of selected representative facilities will focus on the DBT of a terrorist adversary, the ultimate findings in the areas of asset protection and consequence mitigation may have value for lesser types of DBTs as well. 2.2.2 Evaluate probability of attack While the Sandia methodology can involve a detailed assessment concerning the probability of attack, M&E assumes that the City does not wish to discriminate on this basis. While law enforcement agencies, intelligence agencies, and other sources may be able to provide specific indications concerning the probability of attack, the process of assigning probability is still a highly uncertain exercise. A simplifying assumption in this case is to assume that an attack will occur at some time, and then proceed with the process of facility characterization. It is important to note that this assumption affects only the absolute level of risk that is ultimately calculated, and not the relative levels of risk among various critical assets. Given that the City has committed itself to assessing vulnerabilities and risk, it is the relative risk levels that have importance, since these relative levels will guide decisions concerning asset protection and consequence mitigation measures. 2.2.3 Prepare Summary Memorandum No. 2 The product of this subtask will be a concise memorandum to summarize the work conducted and provide details concerning the nature of the DBT to be considered during subsequent phases of the project. 2.2.4 DBT phase approach and importance It is assumed that the DBT will be the terrorist adversary as noted above. 5 The available funding will not allow detailed analysis of facilities and assets for every class of DBT, and accordingly M&E's subsequent efforts under this scope of work will be focused on the terrorist adversary as a DBT. However, a more general evaluation of other classes of DBT will be provided in the project deliverable. It is assumed that the analysis will focus on relative risk levels, and attack probability will not be used as a discriminating factor, as noted above. 3.0 Facility Characterization and System Effectiveness Evaluation 3.1 Phase 3 - Facility characterization FaciBty characterization is the third phase in the VA process, and will consist of the following subtasks. 3.1.1 Identify critical assets Once the important facilities have been identified, and the DBT defined, the next step involves identifying the critical assets in each facility selected for evaluation. Critical assets are those which, alone or in combination with other assets, could be targeted to cause the most serious consequences. Examples of critical assets could include such assets as pipeline and pumping facilities, control systems, quality of source or treated water, and key personnel. Site specific fault trees will be developed to include the important mission objectives, and related critical assets for each facility. This subtask requires detailed knowledge concerning the equipment and operation of the specific facility being evaluated, and the participation of knowledgeable personnel from the City ("subject matter experts") will be very important to the process at this stage. The Project Team will need to define the scope of the analysis at each facility, with respect to such items as electrical power, SCAD& and piping systems. System process diagrams will be developed to understand single points of failure, the interrelationship of the different processes, and the relationship of the SCADA system. It will also be important to understand how a process problem can be overcome by making operational changes to reduce a possible consequence. This subtask will require a half-day, workshop-type meeting involving selected knowledgeable personnel from the City's water utility. M&E will provide review materials to attendees before this meeting, and request certain materials such as facility site plans and process flow schematics to be made available at the workshop by attendees from the utility. This type of advance preparation'will 6 allow a more complete consideration of the issues and facilitate productive use of the limited workshop time. 3.1.2 Rank critical assets by consequence of loss Critical assets are then ranked according to the consequences that could occur if an adversary is successful in attacking them. Examples of consequence include economic loss, duration of loss, loss of fire protection, number of users impacted, illnesses, and deaths. This process allows the critical assets to be ordered on the basis of consequence value, so that subsequent analysis focuses on the most important assets first. It is anticipated that this subtask will require a half-day, workshop-type meeting involving selected knowledgeable personnel from the City. The intention will be to accomplish this work on the same day as Subtask 3.1.1 above, but an additional half-day meeting with the City Project Manager may be required to complete the work. M&E will provide review materials to attendees before this meeting, and request certain facility and operational information to be made available in advance of the workshop by attendees from the City. This type of advance preparation will allow a more complete consideration of the issues and facilitate productive use of the limited workshop time. 3.1.3 Evaluate existing physical protection systems Existing security systems must be understood so that the subsequent phase of the analysis can properly evaluate the effectiveness of existing systems with respect to the DBT defined for the VA process. An effective security system will feature elements of detection (door sensors, cameras, access control), delay ( fences, walls, doors), and response (guards, local law enforcement). This subtask will require interviews with knowledgeable personnel, visits to the facilities themselves to perform visual assessment of the security features separating facility boundaries from critical assets, and review of documentation with respect to policies and procedures for security personnel and access by visitors and contractors. Design and operational data for existing security systems, security plans, and emergency response plans will also be requested. Information will be collected and recorded on checklists, site plans, and schematics. Photographs will be taken for the purpose of recording observations made in the field. Field evaluation will include, as applicable for the selected representative facilities, existing perimeter barriers such as fences, doors, and building walls; detection equipment such as alarms and cameras; traffic circulation, access points, signage, and parking locations; utility routes and access; terrain and lighting; fire suppression equipment; normal and emergency lighting; shift changes and time clock stations; power disconnect switches; and hazardous materials 7 storage. The primary focus of the on-site reviews will be to identify assets that may be vulnerable to disruption, and review existing security procedures and physical barriers. Any available information concerning the past performance of existing protection systems will also be requested. 3.1.4 Prepare Summary Memorandum No. 3 The product of this subtask will be a concise memorandum to summarize the work conducted under the facility characterization phase. This memorandum will summarize the critical assets, prioritized on the basis of consequence of loss, and will outline the evaluation of existing physical protection systems for asset protection. 3.1.5 Facility characterization phase approach and importance As noted above, it is anticipated that this phase will require a full-day workshop- type meeting involving knowledgeable people from the Utility, possibly an additional half-day meeting with the City's Project Manager, and field visits to the selected representative facilities. M&E will provide review materials to attendees before these meetings to allow advance consideration of the issues, and thereby facilitate productive use of the limited workshop time. The facility characterization phase will result in the identification of critical assets, and the description of existing physical protection systems, to serve as a basis for the subsequent evaluation of system effectiveness and calculation of risk to the assets. 3.2 Phase 4 - System effectiveness evaluation For a system to be effective, there must be awareness of an attack (detection), and a sufficient slowing of adversary progress to the targets (delay) to allow the response force enough time to interrupt or stop the adversary (response). This phase requires consideration of a variety of paths that an adversary could choose to gain access to a critical asset. Worst-case paths are evaluated, and a scenario is developed to allow analysis of system effectiveness (detection, delay, response) along such paths. Vulnerabilities along that path are those that would logically be the first to receive upgrades if the risk is ultimately calculated to be too high. System effectiveness evaluation is the fourth phase in the VA process, and will consist of the following subtasks. 8 3.2.1 Identify most vulnerable strategy By discussion and consensus, with consideration of security weaknesses and vulnerable system states (for example, the middle of the night, or on Holidays), and with consideration of the worst consequences an adversary might cause by having access to the critical asset, the most vulnerable strategy will be assessed. This would equate to the worst strategy against the critical asset at the priority facility, since therefore all other strategies would have lower risks. 3.2.2 Derive most vulnerable scenario In this subtask, the Project Team will consider the variety of paths that an adversary could choose under the most vulnerable scenario defined in the previous subtask. This will require consideration of all paths into the facility, from offsite to the highest consequence critical asset. The worst-case path will then be selected, and a scenario developed to allow analysis of system effectiveness (detection, delay, response) along that single worst-case path. 3.2.3 Identify system vuinerabilities exploited by adversary Once the most vulnerable scenario is defined, the next step in estimating the protection system effectiveness involves listing and evaluating the features of the system that provide detection, delay, and response for the selected scenario. In this case, the protection system includes both the physical elements such as sensors, locks, and law enforcement that could provide for detection, delay, and response, as well as operational elements that could provide a second tier defense by mitigating the effect of an attack. Examples of such operational elements could include an emergency interconnect with a neighboring utility, or other system redundancy that would allow the utility to continue providing a level of water service if its high service pumps were disabled. If neither the physical nor the operational systems detect an attack, then this clearly points to a weakness in the system. With respect to the most vulnerable scenario identified in the previous subtask, the specific vulnerabilities exploited by the adversary will be identified. The identification of specific vulnerabilities will allow a value to be assigned concerning, the effectiveness of the existing system, and will allow upgrades to be considered for both the physical protection system and the mitigation system. 3.2.4 Prepare Summary Memorandum No. 4 The product of this subtask will be a concise memorandum to summarize the work conducted under the system effectiveness evaluation phase. This memorandum will briefly summarize system vulnerabilities for the critical assets considered at the selected representative facilities. 9 3.2.5 System effectiveness evaluation phase approach and importance It is anticipated that this phase may involve additional field visits to the selected representative facilities. The system effectiveness evaluation phase will result in judgments concerning the effectiveness of existing physical and operational systems, and will provide a basis for specific upgrades to be considered in the subsequent phase. 4.0 Phase 5 - Risk Management Risk management is the fitch phase in the VA process, and will consist of the following subtasks. 4.1 Calculate risk levels The Sandia VA methodology provides a mechanism for assigning numerical risk values to critical assets. The calculated risk level varies in direct proportion to the probability of attack and the consequences of an attack, and in inverse proportion to the effectiveness of existing asset protection systems. Previous subtasks will have facilitated the assessment of values for probability of attack, consequences of an attack, and effectiveness of the existing physical protection and mitigation measures for the critical assets analyzed at the selected representative facilities. In this subtask, risk values will be calculated for the applicable critical assets and a ranking established based on relative risk levels among assets. 4.2 Identify possible upgrades to physical and operational security Since the City cannot control the probability of attack, it will ultimately focus its efforts on the factors it can control - the effectiveness of protection systems, and the mitigation of consequences. In this subtask, alternatives will be developed for upgrades to physical and operational security for the protection of critical assets identified as high-risk. Alternatives will be presented in table form, and planning-level cost estimates will be provided for the identified upgrades. Based on the recommended upgrades, residual risk to the critical assets will be evaluated to identify the level of risk reduction that could be expected through the implementation of the physical and/or operational system upgrades. 10 4.3 Prepare Summary Memorandum No. 5 The product of this subtask will be a concise memorandum to summarize the work conducted under the risk management phase. This memorandum will provide a representative summary of calculated risk values, alternative security upgrades, and residual risk values for critical assets considered at the selected representative facilities. 4.4 Risk management phase approach and importance It is anticipated that this phase will require a half-day meeting with the City's Project Manager for the preliminary presentation of findings and alternative upgrades. The City's Project Manager should then obtain comments as necessary from other Utility representatives via the circulation of the memorandum for this task. The risk management phase will result in calculated risk values for applicable critical assets, identified alternatives for upgrading the physical and operational security system, and re-calculated risk values for the subject assets based on the implementation of the identified upgrades. 5.0 Final Report This last phase of the project will consist of the preparation of a final report that will document each of the previous phases and present the upgrades identified in the Risk Management phase. The report will be an expansion of the summary memorandums prepared under the previous subtasks, and will address comments and revisions from the City concerning the previously submitted memorandums. The report will be structured so as to address the EPA requirements. The report structure will be as outlined below in Table 1. TABLE 1. STRUCTURE AND CONTENTS OF FINAL REPORT CHAPTER CONTENTS Chapter 1 - · Introductory and background information on VA process Introduction · Reasons why VA was conducted · City requirements · Scope and organization of report Chapter 2 - · Planning and team selection Planning · Mission statement and objectives · Comparison of criteria · Facility prioritization · Risk reduction goals Chapter 3 - · Design basis threat Threat assessment · Justification for probability of attack 11 TABLE 1. STRUCTURE AND CONTENTS OF FINAL REPORT CHAPTER CONTENTS Chapter 4 - · System description Facility · Site-specific fault trees characterization · Existing security policy, procedures, and physical security · Consequence table · Consequence values for critical assets Chapter 5 - · Adversary strategies and scenarios System effectiveness · System effectiveness for scenarios evaluation · Physical protection system and operating system vulnerabilities Chapter 6 - · Risk analysis Risk assessmen_t · Relative risks for critical assets at selected representative facilities Chapter 7 - · Alternatives for upgrades to physical security and consequence Risk management mitigation · Estimate of risks for proposed actions · Summary of results 6.0 M&E Internal Review As part of our internal review quality control program, M&E will provide for a Technical Advisory Team (TAT) review upon completion of the draf~ final report. 7.0 Grant Application Assistance (optional task) As part of the work proposed herein, M&E will continue to monitor developments with respect to EPA funding, and inform the City of these developments. A task has been included to assist the City in the preparation of the grant application. It is assumed that the grant application will be similar to those of 'large users'. To complete this task, a $2,500 allowance has been allocated and would only be used upon written authorization by the City to proceed with this task. DELIVERABLES Deliverables for the proposed work are listed below. B. C. D. E. F. Summary Memorandum for the Planning phase Summary Memorandum for the Threat assessment phase Summary Memorandum for the Facility characterization phase Summary Memorandum for the System effectiveness evaluation phase Summary Memorandum for the Risk management phase Final Report for project The summary memorandums will be submitted in draft form only. The City personnel receiving the memorandums will be requested to communicate any comments or desired 12 revisions to these memorandums promptly, since each new phase of the project relies heavily on the previous phase and consensus must be reached on a variety of issues before new phases proceed. Comments and intended revisions to the memorandums will be documented using addendums. These memorandums will be used as a basis for the final report. As stated above, the final report will be an expansion of the draft summary memorandum. The final report will be provided in draft form for review and comment by the City. M&E recommends that the City consult its legal counsel concerning the desired form and handling of the final report submittal. Since the document will contain sensitive information concerning the water utility's vulnerabilities, M&E strongly recommends that the report be closely protected and access to its contents be restricted. In general, for the entire project, all sensitive working papers and documents should be stored securely, the number of copies should be limited. PROJECT SCHEDULE The work under this scope can be expected to be a five month duration. A detailed schedule will be provided following receipt of the work authorization, when a definitive starting date can be established. Nevertheless, the EPA requires that the completion be by December 31, 2003. COMPENSATION The following table provides an estimate of staff hours and associated costs for the proposed scope of work. The project cost under this proposed scope of work is estimated at $67,592 with an additional $2,500 in optional activities. Item Description Fee 1.0 Project Management $ 5,975 2.0 Planning and Threat Assessment $10,994 3.0 Facility Characterization and SEE $22,497 4.0 Risk Management $10,693 5.0 Final Report and Presentation $14,681 6.0 M&E TAT Final Report $ 2,752 Total Authorized to M&E $67,592 7.0 Grant Application Allowance (optional) $ 2,500 Compensation for work in this proposal will be based on a lump sum method of payment, to be invoiced monthly on a percent complete basis for items 1-6. Item 7 would only be used with prior written permission from the Assistant City Manager or his designee for those items outlined in this proposal. M&E's current contract billing rates would be used for this allowance. 13 BASIS OF ESTIMATE The following assumptions apply to this scope of work. A. As noted previously, it will be neither possible nor necessary to evaluate every asset at every facility. The proposed methodology will focus on selection and assessment of the highest priority facilities and assets, and findings with respect to security upgrades will in general be transferable to other facilities and assets not considered. The selection of representative facilities and critical assets for detailed evaluation will be conducted through discussion and consensus with the City's Project Manager. Follow-on analyses can be performed on lower priority assets and facilities, subject to the constraints of schedule and funding. To some degree, consolidation of memorandums can also be used to allow analysis of an expanded facility/asset list, and this approach will be reviewed with the City during the planning phase of this project. B. Evaluation ofwastewater facilities will be conducted during the facility characterization phase, with the intent of generating security-related recommendations for representative facilities, and will not follow the overall Sandia process used for water facilities. It is expected that findings with respect to wastewater may be helpful in addressing probable future regulatory requirements in this area, although the final form of such requirements is not yet known. C. The VA process is highly sequential, and the later phases cannot be properly performed unless prior phases have been completed and consensus developed with respect to findings. Successful and timely project execution will rely on active and sustained participation by both "decision-makers" and "subject matter experts" from the City. 14 BY: APPROVED BY CITY OF BOYNTON BEACH, FLORIDA i:ty Manager k.. Date: S~T~DBY Metcalf& Eddy, Inc. By: Mark S. Blanchard, Vice President Date: 15