Volume 1 Companion Toolkit | Systems Risk Advisory

Turn short cybersecurity tasks into documented follow-through.

The companion toolkit is intended to help utility teams record what they reviewed, assign owners, track status, and prepare clear follow-up items for leadership.

A downloadable companion toolkit that supports Volume 1 of the 15-Minute Cybersecurity Fixes™ series.
A set of worksheets, checklists, tracking tables, and short prompts intended to help utilities document what they reviewed, what they found, and what should happen next.
A practical aid for leadership discussions, staff assignments, tabletop exercise preparation, and follow-up after quick cybersecurity reviews.
A resource that should support better local decisions, not replace professional assessment, engineering review, legal advice, incident response, or regulatory judgment.

Related pages: Privacy Policy, Terms of Use, and Contact.

What the toolkit is expected to include

The final toolkit can be expanded as the book series grows. Volume 1 should stay focused on the easiest attacks and the first practical fixes.

Utility and contact information

Basic fields for utility name, completed by, date, owner, status, due date, and notes.

Task tracking worksheets

Space to track each short cybersecurity task, the current condition, the person responsible, and the next action.

Remote access and vendor access review

Prompts to identify remote access methods, vendors, shared accounts, unused access, and approval gaps.

Account and password cleanup

Review prompts for admin accounts, shared accounts, old users, password storage, and multifactor authentication status.

Backup and recovery checks

Short review items for backup location, backup testing, recovery priority, and ransomware recovery concerns.

Findings and follow-up summary

A simple structure for summarizing findings, assigning owners, and preparing leadership discussion items.

Who should use this page

The page is written for readers who want a practical resource tied to Volume 1.

General managers and utility directors who need a practical way to track cybersecurity action items
Public works directors and city leaders responsible for essential service continuity
Operators, superintendents, and field staff who know how the utility actually works
IT and OT staff supporting control systems, remote access, vendor access, accounts, and backups
Boards, councils, commissioners, and executives who need short, plain-language status information

Important limits

The toolkit supports basic review and action tracking. It does not replace formal professional work.

Do not use the toolkit as a substitute for an AWIA Risk and Resilience Assessment or Emergency Response Plan update.
Do not treat it as a complete cybersecurity assessment, penetration test, engineering review, legal opinion, or compliance determination.
Do not submit passwords, network diagrams, vulnerability details, incident evidence, sensitive operational information, or facility security weaknesses through the website form.
Do not include exploit details, credentials, or sensitive vendor access information in any web form response.

Request Volume 1 toolkit access

This placeholder form shows the recommended fields for the live version. Connect it to the approved website form handler before publication.

Security note: Do not submit passwords, credentials, network diagrams, vulnerability details, incident evidence, sensitive operational information, or facility security weaknesses through this form.

Request toolkit access

First and last name

Work email

Organization

Role or title

Utility type

State

Primary interest

Biggest current concern

Optional. Keep this general. Do not include sensitive technical or security details.

I agree to receive the toolkit and related Systems Risk Advisory updates. I understand I can unsubscribe from marketing messages.

By submitting this form, you agree that Systems Risk Advisory may use the information provided to deliver the toolkit and respond to your request. See our Privacy Policy.

Recommended access flow

Use a simple flow that protects the download, respects privacy, and does not ask visitors to submit sensitive security details.

1. Visitor lands on /volume1/

The page explains the Volume 1 Companion Toolkit and who it is for.

2. Visitor submits the access form

The form captures only business contact information and general interest information.

3. Visitor reaches a thank-you page

Recommended URL: /volume1/thank-you/. Confirm the request and explain what happens next.

4. Toolkit access is delivered

Recommended approach: send the toolkit link by email or provide access from a controlled download page after form submission.

Common questions

Use these questions in the live page, or convert them into expandable sections in the site builder.

Is the companion toolkit available now?

This page is prepared for toolkit access. The final download link, form handler, and follow-up pages should be added when the toolkit PDF is ready for release.

Who is the toolkit for?

It is intended for water and wastewater utility personnel, public works teams, local government leaders, IT and OT support staff, and others responsible for practical cybersecurity follow-up.

Does the toolkit replace a formal assessment?

No. The toolkit supports practical task tracking and discussion. It does not replace an AWIA RRA, ERP update, cybersecurity assessment, engineering review, legal review, compliance review, or incident response engagement.

Can the toolkit be used for training?

Yes. The toolkit can support staff discussions, short workshops, leadership briefings, and tabletop exercise preparation.

Need help turning Volume 1 into action?

Systems Risk Advisory can support workshops, tabletop exercises, briefings, and practical cybersecurity reviews for water and wastewater utilities.

Contact SRA