Report 2014-120 Recommendation 18 Responses

Report 2014-120: California Public Utilities Commission: It Needs to Improve the Quality of Its Consumer Complaint Data and the Controls Over Its Information Systems (Release Date: April 2015)

Recommendation #18 To: Public Utilities Commission

The commission should conduct regular tests and exercises to assess the sufficiency of the revised recovery plan and refine the plan when necessary.

Annual Follow-Up Agency Response From October 2021

The California Public Utilities Commission (CPUC) has migrated all systems to Gold Camp Data Center using new updated hardware including, storage and servers. Business Impact Analysis (BIA) is in progress to identify Mission Essential Functions (MEF). Determination of MEFs will outline Mission Critical Systems. Once Mission Essential Systems are identified CPUC will update Technology recovery plans and will develop process to test effectiveness of technology recovery plans.

California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented


Annual Follow-Up Agency Response From November 2020

The California Public Utilities Commission (CPUC) is in the process of relocating Information system resources to California Department of Technology data center, once this move is completed CPUC will update technology recovery plan and schedule exercises to test the effectiveness of the updated plans.

California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented


Annual Follow-Up Agency Response From October 2019

Update: 10/14/19 - Partially Implemented

Failover testing for the public website was successfully completed on 7/21/2019 and for the remote access is tested monthly during monthly Preventative Maintenance. Content Server failover testing to be completed by 6/30/2020 and Oracle Application Portal failover testing to be completed by 12/31/2020

California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented


Annual Follow-Up Agency Response From October 2018

"Successful testing to recover Public Website, Content Server and SharePoint was conducted this year.

Since the migration of email to Office 365 is done, CPUC needs to work Microsoft for failover recovery in cloud.

"

California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented

In its response to Recommendations 16 and 17, CPUC stated that it is continuing to develop a revised recovery plan. Although CPUC asserts that it has performed testing to recover its website, server, and SharePoint, it cannot fully test its recovery plan until it finalizes the plan.


Annual Follow-Up Agency Response From November 2017

CPUC public web site recovery to alternate site was successfully tested. Email environment is in the process to be migrated to Office 365.

California State Auditor's Assessment of Annual Follow-Up Status: Partially Implemented

The CPUC has tested only a portion of its recovery plan.


Annual Follow-Up Agency Response From October 2016

The Commission will develop a plan for testing once the recovery plan is completed.

California State Auditor's Assessment of Annual Follow-Up Status: Not Fully Implemented


1-Year Agency Response

CPUC Business Continuity Plan is in draft form and scheduled to be completed April 30th, 2016.

California State Auditor's Assessment of 1-Year Status: Partially Implemented

The commission explained that as a result of our follow up work, it reevaluated its progress and now believes it has not fully implemented this recommendation. The commission estimates that it will not achieve full compliance with SAM Chapter 5300 until December 2019.


6-Month Agency Response

This will be scheduled after recovery plan is updated.

California State Auditor's Assessment of 6-Month Status: Pending


60-Day Agency Response

This will be scheduled after recovery plan is updated.

California State Auditor's Assessment of 60-Day Status: Pending


All Recommendations in 2014-120

Agency responses received are posted verbatim.