Report 2014-120 Recommendation 19 Responses

Report 2014-120: California Public Utilities Commission: It Needs to Improve the Quality of Its Consumer Complaint Data and the Controls Over Its Information Systems (Release Date: April 2015)

Recommendation #19 To: Public Utilities Commission

The commission should ensure that any certifications it submits to CalTech accurately represent its information security environment.

60-Day Agency Response

Modified internal certification process.

• Completion Date: January 2015
• Response Date: June 2015

California State Auditor's Assessment of 60-Day Status: Fully Implemented

To address the California State Auditor's recommendation that it ensure that any certifications it submits to California Department of Technology (CalTech) accurately represent its information security environment, the California Public Utilities Commission (CPUC) has created a new policy that modifies its existing internal certification process. The new policy requires all certification documentation submitted to CalTech to be reviewed by a CPUC internal committee consisting of the manager of the Information Technology Unit, the Information Security Officer, and the Chief Information Officer. After the initial review and approval by the committee, the certification documentation will be sent to the Executive Director or designee for final sign off.

---

All Recommendations in 2014-120

Agency responses received are posted verbatim.