Report 2014-120 Recommendation 13 Responses
Report 2014-120: California Public Utilities Commission: It Needs to Improve the Quality of Its Consumer Complaint Data and the Controls Over Its Information Systems (Release Date: April 2015)
Recommendation #13 To: Public Utilities Commission
As part of developing, implementing, and maintaining an entitywide information security program, the commission should develop a risk management and privacy plan and conduct an assessment of risks facing its information assets.
Annual Follow-Up Agency Response From November 2017
CPUC will be undergoing an information security risk assessment in Nov/Dec 2017 conducted by the CA Military Dept. Establishing/implementing a formal risk Mgmt program/process is planned for near future (estimated for 2018)
- Estimated Completion Date: 6/30/2018
California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented
Annual Follow-Up Agency Response From October 2016
The Commission continues to work to develop an entity wide risk assessment plan and privacy plan with the addition of staff.
- Estimated Completion Date: 12/30/2018
California State Auditor's Assessment of Annual Follow-Up Status: Not Fully Implemented
1-Year Agency Response
CPUC consultants have been assisting with the risk management plan and it is on track to be finalized by April 15, 2016.
- Estimated Completion Date: 4/15/2016
- Response Date: April 2016
California State Auditor's Assessment of 1-Year Status: Partially Implemented
The commission explained that as a result of our follow up work, it reevaluated its progress and now believes it has not fully implemented this recommendation. The commission estimates that it will not achieve full compliance with SAM Chapter 5300 until December 2019.
6-Month Agency Response
CPUC has awarded contract to a vendor and the consultants are working with CPUC staff.
- Estimated Completion Date: Ongoing implementation.
- Response Date: October 2015
California State Auditor's Assessment of 6-Month Status: Pending
60-Day Agency Response
RFO released to conduct security assessment, attended privacy training.
- Estimated Completion Date: April 2016
- Response Date: June 2015
California State Auditor's Assessment of 60-Day Status: Pending
Agency responses received are posted verbatim.