You are on page 1of 6

Industry Assurance Consulting, Inc.

IACAdviceCompliance,Consulting,Certifications
Telephone:(215)4327341
6303BlueLagoonDrive,Suite400,Miami,FL33126
www.iacadvice.com
,
Email:compliance@iacadvice.com

March26,2014

BYELECTRONICSUBMISSION

MarleneH.Dortch,Secretary
FederalCommunicationsCommission
OfficeoftheSecretary
44512thStreet,S.W.,SuiteTWA325
Washington,DC20554

Subject:EBDocketNo.0636,CPNICertificationdueMarch1,2014(CY2013Operations)

DearMs.Dortch:

InternationalTelnetInc.(herebyreferredtoasthe"Company"),submitsthefollowing
CPNICertification,regardingitsCalendarYear2013operations,incompliancewithSection
64.2001etseq.oftheCommission'srules.

TheCompanyrespectfullyaskstheCommissiontoacceptthefollowingCertificationas
timelyfiled,intermsoftheMarch1,2014filingdeadlinelistedin47C.F.R.64.2009(e).


________________________
AlonzoBeyene
IndustryAssuranceConsulting,Inc.
RegulatoryAnalyst

Enclosures

cc: FCCEnforcementBureau,TelecommunicationsConsumersDivision,
44512thStreet,SW,Washington,DC20554
BestCopyandPrinting,Inc.(viaemail fcc@bcpiweb.com)

AccompanyingStatementonCompanysCompliancewith47C.F.R.64.2009,Safeguards
requiredforuseofCustomerProprietaryNetworkInformation(CPNI)andCompliancewith
Section64.2001etseq.oftheCommission'sRules.


A. Definitions
CPNI(CustomerProprietaryNetworkData)referstodatasuchascustomername,address,
contactdataaswellasquantity,technicalconfiguration,type,destination,andamountofuse
ofservicesubscribedtobytheCompanyscustomers,andmadeavailablebytheCompanys
customerstothecompany,solelybyvirtueofthecustomerrelationshiptothecompany.Italso
includesdatacontainedincustomerbills,ifapplicable.


B. Use of CPNI
(1)TheCompanymay,ifapplicable,use,disclose,orpermitaccesstoCPNIforthepurposeof
providingormarketingserviceofferingsamongthecategoriesofservice(i.e.,local,
interexchange,andCMRS)towhichthecustomeralreadysubscribesfromtheCompany,
withoutcustomerapproval.

(2)TheCompanydoesnotuse,disclose,orpermitaccesstoCPNItomarketserviceofferingsto
acustomerthatrequireoptinoroptoutconsentofacustomerunder47C.F.R.64.2001et
seq.

(3)TheCompanydoesnotuse,discloseorpermitaccesstoCPNItoidentifyortrackcustomers
thatcallcompetingserviceproviders.

(4)Notwithstandingtheforgoing:ItistheCompanyspolicythattheCompanymayuse,
disclose,orpermitaccesstoCPNItoprotecttherightsorpropertyoftheCompany,orto
protectusersofthoseservicesandothercarriersfromfraudulent,abusive,orunlawfuluseof,
orsubscriptionto,suchservices.


C. Safeguards Required for the Use of CPNI
(1)ItisthepolicyoftheCompanytotrainitsapplicablepersonnel,onthecircumstancesunder
whichCPNImay,andmaynot,beusedordisclosed.ItisaviolationoftheCompanyspoliciesto
discloseCPNIoutsideoftheCompany.Anyemployeethatisfoundtohaveviolatedthispolicy
willbesubjecttodisciplinaryactionuptoandincludingtermination.

(2)ItistheCompanyspolicytorequirethatarecordbemaintainedofitsownanditsaffiliates
salesandmarketingcampaignsthatusetheircustomersCPNI.TheCompanymaintainsa
recordofallinstanceswhereCPNIwasdisclosedorprovidedtootherthirdparties,orwhere
thirdpartieswereallowedtoaccesssuchCPNI.Therecordincludesadescriptionofeach
campaign,thespecificCPNIthatwasusedinthecampaign,andwhatproductsandservices
wereofferedasapartofthecampaign.Suchrecordsareretainedforaminimumofoneyear.

(3)TheCompanyhasestablishedamandatorysupervisoryreviewprocessregarding
compliancewithCPNIrulesforoutboundmarketing.Ifapplicable,salespersonnelmustobtain
supervisoryapprovalofanyproposedoutboundmarketingrequestforcustomerapproval.The
Companyspoliciesrequirethatrecordspertainingtosuchcarriercomplianceberetainedfora
minimumperiodofoneyear.

(4)IncompliancewithSection64.2009(e),theCompanywillprepareacompliancecertificate
signedbyanofficeronanannualbasisstatingthattheofficerhaspersonalknowledgethatthe
Companyhasestablishedoperatingproceduresthatareadequatetoensurecompliancewith
47C.F.R.64.2001etseq.Thecertificateistobeaccompaniedbythisstatementandwillbe
filedinEBDocketNo.0636annuallyonMarch1,fordatapertainingtothepreviouscalendar
year.Thisfilingwillincludeanexplanationofanyactionstakenagainstdatabrokersanda
summaryofallcustomercomplaintsreceivedinthepastyearconcerningtheunauthorized
releaseofCPNI.


D. Safeguards on the Disclosure of CPNI
ItistheCompanyspolicytotakereasonablemeasurestodiscoverandprotectagainst
attemptstogainunauthorizedaccesstoCPNI.TheCompanywillproperlyauthenticatea
customerpriortodisclosingCPNIbasedoncustomerinitiatedtelephonecontactoronline
access,asdescribedherein.

(1)MethodsofAccessingCPNI.
(a)TelephoneAccesstoCPNI.ItistheCompanyspolicytoonlydisclosecalldetaildata
overthetelephone,basedoncustomerinitiatedtelephonecontact,ifthecustomerfirst
providestheCompanywithapassword,asdescribedinSection(2),thatisnot
promptedbythecarrieraskingforreadilyavailablebiographicaldata,oraccountdata.If
thecustomerisabletoprovidecalldetaildatatotheCompanyduringacustomer
initiatedcallwithouttheCompanysassistance,thentheCompanymaydiscussthecall
detaildataprovidedbythecustomer.

(b)OnlineAccesstoCPNI.ItistheCompanyspolicytoauthenticateacustomerwithout
theuseofreadilyavailablebiographicaldata,oraccountdata,priortoallowingthe
customeronlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount.Once
authenticated,thecustomermayonlyobtainonlineaccesstoCPNIrelatedtoa
telecommunicationsserviceaccountthroughapassword,asdescribedinSection(2),
thatisnotpromptedbytheCompanyaskingforreadilyavailablebiographicaldata,or
accountdata.

(2)PasswordProcedures
Toestablishapassword,theCompanywillauthenticatethecustomerwithouttheuseofreadily
availablebiographicaldata,oraccountdata.TheCompanymaycreateabackupcustomer
authenticationmethodintheeventoflostorforgottenpasswords,butsuchbackupcustomer
authenticationmethodwillnotpromptthecustomerforreadilyavailablebiographicaldataor
accountdata.Ifthecustomercannotprovidethecorrectpasswordorcorrectresponseforthe
backupcustomerauthenticationmethod,thecustomermustestablishanewpasswordas
describedinthisparagraph.

(3)NotificationofAccountChanges
TheCompanywillnotifycustomersimmediatelywheneverapassword,customerresponsetoa
backupmeansofauthenticationforlostorforgottenpasswords,onlineaccount,oraddressof
recordiscreatedorchanged.Thisnotificationisnotrequiredwhenthecustomerinitiates
service,includingtheselectionofapasswordatserviceinitiation.Thisnotificationmaybe
throughaCompanyoriginatedvoicemailortextmessagetothetelephonenumberofrecord,
orbymailtotheaddressofrecord,andmustnotrevealthechangeddataorbesenttothenew
accountdata.

(4)BusinessCustomerExemption
TheCompanymaybinditselfcontractuallytoauthenticationregimesotherthanthose
describedinthisSectionDforservicesitprovidestoitsbusinesscustomersthathavebotha
dedicatedaccountrepresentativeandacontractthatspecificallyaddressestheCompany's
protectionofCPNI.

E. Notification of CPNI Security Breaches
(1)ItistheCompanyspolicytonotifylawenforcementofabreachinitscustomers
CPNIasprovidedinthissection.TheCompanywillnotnotifyitscustomersordisclosethe
breachpubliclyuntilithascompletedtheprocessofnotifyinglawenforcementpursuantto
paragraph(2).

(2)Assoonaspracticable,andinnoeventlaterthanseven(7)businessdays,afterreasonable
determinationofthebreach,theCompanywillelectronicallynotifytheapplicableUS
governmentagenciessuchastheFederalBureauofInvestigation.
(a)Notwithstandingstatelawtothecontrary,theCompanywillnotnotifycustomersor
disclosethebreachtothepublicuntil7fullbusinessdayshavepassedafternotification
toapplicableUSgovernmentagencies,exceptasprovidedinparagraphs(b)and(c).

(b)IftheCompanybelievesthatthereisanextraordinarilyurgentneedtonotifyany
classofaffectedcustomerssoonerthanotherwiseallowedunderparagraph(a),inorder
toavoidimmediateandirreparableharm,itwillsoindicateinitsnotificationandmay
proceedtoimmediatelynotifyitsaffectedcustomersonlyafterconsultationwiththe
relevantinvestigationagency.TheCompanywillcooperatewiththerelevant
investigatingagencysrequesttominimizeanyadverseeffectsofsuchcustomer
notification.

(c)Iftherelevantinvestigatingagencydeterminesthatpublicdisclosureornoticeto
customerwouldimpedeorcompromiseanongoingorpotentialcriminalinvestigation
ornationalsecurity,theCompanywillcomplywithsuchagencyswrittendirectives,
includingdirectivesnottosodiscloseornotifyforaninitialperiodofupto30days,and
extendedperiodsasreasonablynecessaryinthejudgmentoftheagency.

(3)AftertheCompanyhascompletedtheprocessofnotifyinglawenforcementpursuant
toparagraph(2),itwillnotifyitscustomersofabreachofthosecustomersCPNI.

(4)Recordkeeping.TheCompanywillmaintainarecord,electronicallyorinsomeother
manner,ofanybreachesdiscovered,notificationsmadetotheUSSSandtheFBIpursuantto
paragraph(2),andnotificationsmadetocustomers.Therecordwillinclude,ifavailable,dates
ofdiscoveryandnotification,adetaileddescriptionoftheCPNIthatwasthesubjectofthe
breach,andthecircumstancesofthebreach.TheCompanywillmaintaintherecordfora
minimumof2years.

(5)Strictcontrolsareinplaceinvolvingresponsestolawenforcementagenciesthatservethe
Companywithvalidlegaldemands,suchasacourtorderedsubpoena,forCPNI.TheCompany
willnotsupplyCPNItoanylawenforcementagencythatdoesnotproduceavalidlegal
demand.

You might also like