The commission should revise its existing recovery plan to include a list of applications supporting critical business functions, their maximum acceptable outage time frames, and detailed recovery strategies for each application.
Updated technology recovery plan was submitted to CDT Office of Information Security. CPUC is currently in the process of updating this plan to address the infrastructure changes.
The Commission has developed some of the recovery plan and continues to work this to address all of the requirements needed.
CPUC Business Continuity Plan is in draft form and scheduled to be completed April 30th, 2016.
The commission explained that as a result of our follow up work, it reevaluated its progress and now believes it has not fully implemented this recommendation. The commission estimates that it will not achieve full compliance with SAM Chapter 5300 until December 2019.
Critical business outage time frame and recovery strategies for applications will addressed in the form of Business Continuity plan as a subset of security assessment. The consultants and CPUC staff are meeting with business divisions to collect pertinent information.
Critical business outage time frame and recovery strategies for applications will addressed in the form of Business Continuity plan as a subset of security assessment.
Agency responses received are posted verbatim.