California DMV: 
From Hours to 
15-Minute Incident Response

Overview

The California Department of Motor Vehicles serves millions of residents every year, supporting critical services such as driver licensing, vehicle registration, and identity verification. As the DMV underwent a broad digital transformation, ensuring the reliability and availability of these services became a top priority.

By modernizing its Network Operations Center and adopting BigPanda as the foundation for AI-driven event correlation and incident management, the DMV reduced incident response times from four to eight hours to under 15 minutes and avoided nearly 12,000 tickets annually. Just as significantly, the organization shifted from reactive firefighting to proactive operations.

“I’m able to sleep at night because BigPanda is always watching my events,” said Kwan Kim, Chief Technology Officer at the California DMV.

Background and Challenges

When Kwan Kim joined the California DMV, one of the most pressing issues was that the organization often learned about outages from customers rather than from its own monitoring systems. Critical services would go down, and the first signal would come from the public rather than internal alerts.

This reality underscored the urgency of improving the customer experience and modernizing legacy systems. Years of technical debt, siloed teams, and fragmented tooling had made it difficult to detect and respond to issues quickly. The DMV environment generated an overwhelming volume of alerts from dozens of monitoring tools. Infrastructure teams were inundated with notifications, many of which lacked context or actionable insight. As a result, alerts were often ignored or filtered out entirely.

“When I joined, we had something like 14 million events annually,” Kim explained. “It’s insane to think any team can go through that many alerts and intelligently determine what the root cause is.”

Multiple teams would work on the same incident independently, each focused on their own alerts, without a clear understanding of the underlying issue.

“We had different admins getting alerts from different systems, but nobody saw the big picture,” said Frank Andrade, Sr. IT Consultant at the DMV. “Three teams would chase three different symptoms when the real issue was something higher up the stack.”

As part of its NOC modernization effort, the DMV set out to build a more proactive and accountable operational model. The team needed a solution that could correlate millions of raw events into meaningful incidents, dramatically reduce alert noise without losing critical signals, and provide shared visibility across infrastructure, network, and application teams. It also had to integrate cleanly with existing monitoring tools and ServiceNow ITSM, while enabling faster detection, response, and resolution so teams could move from reacting to outages to preventing them altogether.

“Our success is not reacting to outages faster,” Kim said. “Our success is when we take a warning and avoid an outage entirely.”

Why BigPanda

The DMV evaluated several options, including expanding existing monitoring tools, but found that none addressed the core challenge of event correlation and cross-domain visibility.

BigPanda stood out for its ability to ingest data from a wide range of sources, including Splunk, CloudWatch, DataDog, network tools, certificate monitoring systems, and external signals. Using ML-based correlation and deduplication, BigPanda helped the DMV quickly and consistently identify root causes.

The decision was driven primarily by infrastructure and operations teams, with visibility and governance at the executive level.

“BigPanda became the heart that brings all the sensor data together,” Kim said. “It takes signals from everywhere and turns them into a story we can act on.”

Implementation and Rollout

The DMV took a phased and pragmatic approach to implementation. BigPanda was rolled out as part of a broader NOC initiative focused on people, process, and technology.

Early efforts focused on establishing clear triage workflows, defining escalation paths, and training NOC staff. Over time, the DMV expanded integrations and standardized incident creation and management in ServiceNow. Rather than attempting to onboard every team at once, the DMV started with a core group and scaled from there.

“Start with a finite, proven process and a core team,” Kim advised. “If you try to boil the ocean, you will never get there.”

A key factor in the rollout’s success was the close partnership between the DMV team and BigPanda’s Solutions Architecture team. The hands-on engagement helped translate technical capabilities into operational workflows and ensured that the DMV team developed internal ownership of the platform.

“The way BigPanda engaged during implementation made a huge difference,” Kim said. “They helped our team learn the platform and eventually own it.”

The DMV credits its success to a combination of strong leadership, disciplined processes, and the right technology. Key lessons include the importance of executive sponsorship, starting with clear operational goals, and partnering closely with vendors who invest in customer success.

Results and Impact

The impact of BigPanda was immediate and measurable. Alert noise was reduced by more than 99 percent, with over 13 million raw events correlated into fewer than 1,000 actionable incidents. Response times dropped from four to eight hours to under 15 minutes. The DMV also avoided nearly 12,000 tickets annually, while significantly reducing escalations to critical incidents and lowering business impact per outage.

By correlating related alerts into a single incident, BigPanda helped teams prioritize work logically and avoid redundant effort.

“We are a lot better at identifying what the real issue is,” Andrade said. “Instead of three teams spinning their wheels, we fix the right thing first.”

One of the most visible operational improvements has been the management of certificate expirations. In the past, certificate alerts were often ignored until they became urgent or disruptive. With BigPanda correlating and elevating those alerts based on severity and timing, the DMV now proactively identifies risks weeks in advance and prevents outages before they occur.

That visibility also drove broader improvements inside ServiceNow. As certificate-related events were surfaced and prioritized in BigPanda, the DMV launched a formal initiative to strengthen how certificates were tracked, governed, and operationalized. “With the BigPanda integrations of certificate management events, we then birthed a new project for our CMDB and our IT Operations Management module within ServiceNow to actually start ingesting all the certificates,” Kim said. “We then created knowledge-based articles specifying the process to update the certificate, the players involved, and the order in which you refresh it.”

The operational culture shifted as well. Teams moved from ignoring alerts to trusting them, and from reacting to failures to addressing early warning signs.

“We went from being reactive to proactive,” Andrade said. “A warning alert is now treated as an outage we avoided.”

Looking Ahead

The California DMV continues to expand its use of BigPanda and is exploring advanced AI capabilities to automate remediation further and reduce manual effort. The team is particularly interested in agent-driven workflows that can respond to incidents consistently and safely.

As the DMV continues its modernization journey, BigPanda remains a foundational platform for reliable digital service delivery.

“Our goal is simple,” Kim said. “Stay out of the headlines for outages, and be known for delivering great service to the public.”