As part of developing, implementing, and maintaining an entitywide information security program, the commission should complete and maintain inventory of all its information assets, specifically categorizing the level of required security of the information assets based on the potential impact that a loss of confidentiality, integrity, or availability of such information would have on its operations and assets.
Inventory of information assets inventory and classification attached. CPUC is in the process of deploying Data Loss Prevention solution, that will allow CPUC to protect data at rest and in motion.
The Commission has performed a partial inventory on information assets and plans on fulfilling this requirement with the addition of staff.
CPUC's consultants have completed their entity-wide Information Asset Report.
The commission explained that as a result of our follow up work, it reevaluated its progress and now believes it has not fully implemented this recommendation. The commission estimates that it will not achieve full compliance with SAM Chapter 5300 until December 2019.
CPUC has external resources working with CPUC staff and in the process of developing Information Security document along with inventory for information assets.
Plan to allocate resources to complete these tasks during this year.
Agency responses received are posted verbatim.