As part of developing, implementing, and maintaining an entitywide information security program, the commission should develop a risk management and privacy plan and conduct an assessment of risks facing its information assets.
CPUC will be undergoing an information security risk assessment in Nov/Dec 2017 conducted by the CA Military Dept. Establishing/implementing a formal risk Mgmt program/process is planned for near future (estimated for 2018)
The Commission continues to work to develop an entity wide risk assessment plan and privacy plan with the addition of staff.
CPUC consultants have been assisting with the risk management plan and it is on track to be finalized by April 15, 2016.
The commission explained that as a result of our follow up work, it reevaluated its progress and now believes it has not fully implemented this recommendation. The commission estimates that it will not achieve full compliance with SAM Chapter 5300 until December 2019.
CPUC has awarded contract to a vendor and the consultants are working with CPUC staff.
RFO released to conduct security assessment, attended privacy training.
Agency responses received are posted verbatim.