**1. Introduction**

For Water Service Providers (WSPs), the safety and quality of drinking water is paramount to protecting public health and providing a valued product. To ensure safety, a WSP must have a good understanding of the potential hazards of the supply system all the way from catchment to tap [1]. In drinking water source protection, ecosystem services in the catchment area play a vital role in the cost-effective delivery of water quality outcomes through controlling the movement of sediment, nutrients, and contaminants as well as stabilizing banks and slopes. Leveraging these services and viewing catchment areas as water treatment assets has the potential to complement conventional engineering solutions, such as water treatment, and reduce public health risks to consumers [2]. Riparian buffers in catchments are often critical zones for targeted mitigation measures for interrupting the movement of contaminants and sediments from non-point sources such as agricultural land to surface waters [3].

This study uses a comprehensive hazard analysis to identify requirements for the good managemen<sup>t</sup> of stream buffers for drinking water outcomes. Riparian buffers supply many services as natural water treatment infrastructure by protecting and enhancing natural ecosystem services. Thus, as a drinking water source protection strategy, vegetative buffers can be a practical risk managemen<sup>t</sup> approach [4]. The services provided by vegetation buffers include soil erosion control through slope stability and water purification by reducing sediments, nutrients, pollutants, and pathogens entering waterways [5]. Replacing such services with constructed assets entails complex water treatment, dam construction, and slope engineering. Furthermore, through the natural purification processes, buffers can reduce operational costs for existing water treatment infrastructure and processes. A review of catchment land cover and chemical costs for water treatment by [6] showed that vegetation buffers between diffuse pollution sources and streams has a negative correlation between stream buffers area and treatment costs. The resultant reduction in treatment costs

**Citation:** Merrett, H.C.; Horng, J.J. A Systems Approach to Identifying Hazards in the Management of Vegetative Buffers for the Protection of Drinking Water Quality. *Environ. Sci. Proc.* **2023**, *25*, 33. https:// doi.org/10.3390/ECWS-7-14173

Academic Editor: Athanasios Loukas

Published: 14 March 2023

**Copyright:** © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

provides a compelling case for using vegetation buffers as a public health risk managemen<sup>t</sup> strategy and reducing operational costs associated with water treatment.

The water quality benefits of stream buffers appear to be well understood in the water industry. Many examples exist where stream buffers have been used to improve water quality outcomes [7,8]. In addition, studies have shown that the public is willing to support catchment interventions to provide water quality improvement outcomes. For example, in the water industry in England and Wales, customers have shown an acceptance of beneficiary pays solutions in catchment managemen<sup>t</sup> for drinking water source protection [9]. However, a review of the Capital Expenditure (CAPEX) bias in the water and sewerage sectors in England and Wales found that for many water service providers, there is a belief that CAPEX solutions are favored over solutions that rely on operational expenditure (OPEX) [10]. Much of this bias arises from a perceived lower certainty of outcomes of operational interventions on natural assets.

Typical hazard analysis methods for drinking water assets include FMEA, HAZOP, Fault Trees amongs<sup>t</sup> many others [11]. This study uses System Theoretic Process Analysis (STPA) to systematically examine the hazards inherent to sociotechnical structures involved in using vegetated buffers for drinking water quality managemen<sup>t</sup> in surface water catchments. STPA is a hazard analysis methodology based on System Theoretic Accident Modelling Processes (STAMPs), which, being founded on systems theory, views safety as the emergen<sup>t</sup> property of the system [12]. This method has been used in a wide range of applications from aerospace design through to regulation and legal systems. In the study of drinking water source protection programs by Ref. [13], STPA was used to analyze the hazards associated with catchment-level ecosystem services provided by stream buffers. However, the study only considered ecosystem services in general without inspecting the different processes individually. In this study, the sociotechnical system of interest includes technical, social, economic and agency interaction factors which control the water quality outcomes from vegetative buffers. The use of conventional hazard analysis techniques in this type of system or process is limited as they focus on the reliability of individual components and miss the interaction of the various components in the plans. Furthermore, such approaches have limited ability to identify leading indicators of safety or early warning signs.

Building on the hazard analysis using STPA, this study investigates the leading indicators of safety throughout the system based on the Early Warning Signal Analysis based on STPA (EWaSAP) methodology proposed by Ref. [14]. The EWaSAP methodology presented in Ref. [14] builds on the STPA methodology for hazard analysis to identify possible early warning signals that control actions may be failing to enforce the safety objectives of the system.

### **2. Methods**

To test the applicability of STPA and EWaSAP for the assessment of process risks in managing vegetation buffers, a theoretical example was created based on typical real-world conditions. The hypothetical scenario constructed is a surface water catchment used for the public supply of drinking water with a broad mix of land uses controlled by different private and public entities.

### *2.1. STPA Method*

The STPA methodology consists of four key steps: define the purpose of analysis, model of control structure, identify unsafe control actions, and identify loss scenarios. In this study, the four steps of STPA are adapted from Ref. [15] with the parallel EWaSAP steps [13] which are described in the following sections.

#### 2.1.1. Step 1—Define the Purpose of the Analysis

In the definition of the purpose of the analysis, the unacceptable losses are identified, as well as the associated system-level hazards and the corresponding safety constraints. In this STPA step, the EWaSAP tasks include:


#### 2.1.2. Step 2—Model of the Control Structure

The model is not a physical model of the system, rather a model of the hierarchal control of the system components included in the scope of the analysis. The control model is created using a series of feedback and control loops [15].

### 2.1.3. Step 3—Identify Unsafe Control Actions

The next step of the analysis is to identify the ways the control actions can be unsafe. Ref. [14] provides four prompts for identifying potential unsafe control actions (UCAs): not providing the control action when required; providing the control action that causes a hazard; providing the control action too soon or too late; or is stopped too soon or is applied too long. The concurrent EWaSAP tasks relate to the enforcement of internal awareness actions.

### 2.1.4. Step 4—Identify Loss Scenarios

The loss scenarios combine causal factors that can lead to the identified UCAs being realized. The EWaSAP methodology focuses on using the available pool of data to indicate the existence of factors that could result in the UCA and, ultimately, the violation of the high-level safety constraints.
