Closing the Gap Between HBT Targets and CCP Assurance in Drinking Water

Closing the Gap Between HBT Targets and Day-to-Day Assurance

Health-based targets are very good at setting what has to be achieved for safe drinking water, but they do not, on their own, prove that a plant is actually hitting those outcomes every single day. That proof sits in how well we control and document our Critical Control Points, especially when conditions are shifting and regulators, boards, and communities are asking sharper questions about log reduction performance. In this article we unpack HBTs (health-based targets), explain why traditional validation and verification are not enough on their own, and show how CCP assurance provides the operational bridge between design intent and what really happened on a random Tuesday afternoon.

At D2K Information, we work with water utilities, health providers, food and beverage operators and facilities managers across Australia who are wrestling with exactly this problem. We will walk through why spreadsheets are struggling, what “proof” of log reduction looks like in practical terms, and how structured CCP assurance can support Victorian HBT expectations, including when log reduction shortfalls and reporting duties come into play.

Why HBT Targets Aren’t Enough on Their Own

HBT health-based targets are essentially health outcome goals, expressed as log reduction requirements for viruses, bacteria and protozoa. In the Australian Drinking Water Guidelines, the treatment targets are linked to source water quality and risk assessments, often using E. coli data when system-specific pathogen data is not available. In Victorian discussions you often hear shorthand values such as 6 log for viruses, 5 log for bacteria and 4 log for protozoa, even though the exact requirement depends on the source water category and the relevant ADWG tables.

Verification and validation are designed to answer the question, can this plant, set up this way, achieve those HBT-linked log reductions? Through a mix of lab testing, challenge studies and commissioning checks, we build evidence that the treatment train can hit the target under defined conditions. The tension appears later, when the plant has been running for months or years under changing raw water conditions, staffing levels and asset states, and regulators or communities expect assurance that the same performance is still being delivered now, not just at commissioning.

This is particularly sharp in Victoria, where the Safe Drinking Water Regulations include explicit expectations around how log reduction shortfalls are identified, assessed and reported through mechanisms such as Section 18 and Section 22 notifications. When something goes wrong, it is not enough to point to an old validation folder. There is a growing expectation of transparent, defensible, time-specific evidence tying CCP control back to HBT health-based targets.

From Design Intent to Tuesday Afternoon Operations

Most treatment plants start in a neat, structured way. Engineers classify the source water, assign required log reductions for each pathogen group, and select processes to provide those log reduction credits across multiple barriers. Commissioning then checks the pieces: filters can achieve their assigned turbidity and pathogen removal, disinfectants can meet required contact times and residuals, and the overall system, on paper and in tests, meets the HBT-linked targets.

Real-world operation is much messier. Seasonal changes alter raw water turbidity and temperature. Assets age, media fouls, instruments drift, and sometimes workarounds creep in to keep water flowing during constrained periods. Staff turnover can mean control philosophies are not always applied exactly as intended. Over time, confidence that the plant is still behaving like the verified version starts to erode, especially if incident reviews uncover gaps in monitoring or record-keeping.

This is where we need to separate capability from performance. Verification shows what the plant can do when everything is aligned. Ongoing operation has to show what the plant actually did at particular points in time. During audits, complaints or incidents, the key questions become very specific: were the critical barriers in control at this time, and if not, what was the likely impact on log reduction performance and HBT compliance?

CCP Assurance as the Missing Link to HBTs

Critical Control Points are the must-not-fail steps in the treatment process where control is essential to keep pathogens below health-based limits. These are points where a loss of control has a direct and immediate impact on whether HBT-aligned log reductions are delivered. Typical examples include filtration performance, disinfection contact time and residual, or integrity of a critical membrane barrier.

The logic chain is straightforward:

• CCPs are designed and verified to deliver specific log reductions.  
• If CCPs remain within their verified operating limits, the plant is operating as validated.  
• If the plant is operating as validated, we have a defensible basis to claim that the required log reductions are being achieved.  

CCP assurance is more than watching numbers on a screen. It is about being able to prove, over time, that each CCP stayed in control, that any exceptions were detected quickly, and that corrective actions were effective and documented. This turns CCP assurance into the operational bridge between high-level HBT health-based targets and the practical evidence you need when regulators, auditors or internal leaders ask, were we actually meeting our treatment targets at this time?

Why Spreadsheets Struggle with CCP Reality

In theory, CCP monitoring could be as simple as checking if a value is above or below a limit. In reality, CCP rules are often layered and conditional. A single CCP may depend on:

• Multiple parameters, such as turbidity, disinfectant residual and flow.  
• Time elements, including contact times, delays and persistence of alarms.  
• Plant state, such as online, offline, bypassed or operating in a special mode.  
• Combinations of conditions, for example, different limits during start-up or shutdown.  

Trying to capture all of this in manual checks or simple spreadsheets typically leads to one of two outcomes. Either the logic is oversimplified, which means subtle but important exceptions are missed, particularly during transitions and abnormal events. Or you build a complex spreadsheet that throws so many false alarms and data points at operators that it becomes noise, and real issues can be buried in the clutter.

The evidence burden is equally challenging. When an investigation or audit lands, someone has to reconstruct CCP histories from SCADA screenshots, paper logs, lab reports and operator notes. This is slow, stressful and prone to transcription errors, especially when time-critical reporting is required under Victorian frameworks that tie reporting duties to suspected log reduction shortfalls. The more complicated the CCP logic, the harder it is to reliably rebuild what happened without automated support.

Turning CCP Data Into Proof of Log Reduction

For operators, “proof” is not an abstract concept. It is specific, time-stamped information they can stand behind, even under questioning. In our work across the Australian water sector, we see CCP assurance working best when it delivers:

• Clear visual status of each CCP over time, showing in-control, out-of-control and back-in-control periods.  
• A consistent set of limits and rules directly traceable to the original validation or verification basis.  
• Automatic logs of exceptions, including start and end times, cause where known, and corrective actions.  
• Exportable reports aligned with internal needs and external reporting formats.  

Systems such as our Information Engine platform and CCPWatch module are designed to pull data from existing SCADA and telemetry, apply complex CCP rules consistently, highlight exceptions, and automatically build the associated logs and reports. The key point is that software does not create log reduction. What it does is make the CCP assurance story visible, repeatable and audit-ready, so that meeting HBT health-based targets is supported by a clear day-to-day record rather than a one-off validation exercise.

This approach also helps map CCP performance directly to Victorian duties. For example, if a disinfection CCP has a verified minimum residual and contact time to achieve a certain virus log reduction credit, any period out of specification can be clearly identified, assessed for likely impact on log reduction, and documented. Automated CCP assurance can support internal escalation, and if a potential shortfall against HBT treatment targets is identified, the system record can feed into Section 18 or Section 22 notifications with far less manual effort.

Building Confidence in Log Reduction Every Single Day

Designing and verifying treatment to meet HBT health-based targets is only half the task. Real confidence comes from being able to show, for any day and any hour, that CCPs were in control and that verified barriers were actually delivering the intended log reductions. This is what operators, regulators and communities increasingly expect: not just targets, but proof.

We encourage organisations responsible for drinking water quality to look hard at their current CCP assurance approach. How clearly are CCP rules defined and linked to log reduction credits? How reliably are exceptions detected, managed and recorded? How quickly could you assemble a defensible in-plant evidence trail if your HBT performance was questioned tomorrow? By connecting HBT targets, verification and CCP assurance into one coherent system, utilities, health providers and large facilities can move from reactive, paper-heavy responses to a more confident, data-backed story about drinking water safety every single day.

Strengthen Your Water Strategy With Clear, Actionable Targets

If you are ready to move from high-level guidelines to practical, measurable outcomes, we can help you apply HBT health-based targets across your water systems. At D2K Information, we translate complex data into clear insights so you can prioritise investment, manage risk and demonstrate regulatory confidence. Talk with our team about your specific challenges and we will shape a fit-for-purpose approach for your assets and stakeholders. To start a conversation, simply contact us.