Professional Documents
Culture Documents
Approvals
Title
Document Owner:
Department Manager:
Executive Sponsor:
Name
Date
Peter McElligott
2/17/2015
Mark Boyles
2/25/2015
Anthony Bishop
2/25/2015
I. Purpose
This procedure is to be used as a process for informing customers about accessing their
OpenVoice Conferencing account information and making account changes, in compliance with
the Federal Communications Commission rules for customer proprietary network information
(CPNI).
II. Scope
This procedure applies to all Software as a Service (SaaS) Division employees and systems that
handle customer account information for OpenVoice Conferencing.
III. Definitions
1) Customer proprietary network information (CPNI) - is the data collected by
telecommunications corporations about a consumer's telephone calls. It includes the time,
date, duration, origination and destination number of each call, the type of network a
consumer subscribes to, and any other information that appears on the consumer's telephone
bill.
Access to Customer Account Information - Account information may only be accessed with
the customers logon username of record and password, without exception. No account
information is to be given to a customer, or account information changed, unless the customer
provides both the login username of record and OpenVoice Conferencing password. No email
may be sent to any email address other than the customers email address of record under any
circumstances. After accessing a customers account information, a customer service agent
should remind the customer how to change their password using the web site.
Customer Passwords Notification- New customers will receive an automatically-generated
email notification, sent to their registered e-mail address, containing an administrator OpenVoice
Conferencing system password. Emails will be sent exclusively to the email address of record
entered by the customer at the time the account is established.
Lost Passwords. In the event that a customer misplaces their password, the customer may
request the password via the Forgot your Password web page at
https://secure.citrixonline.com/commerce/forgotPassword.tmpl. If the customer is unable to
access the website they may also contact customer service for password reset assistance. If the
customer accesses the Forgot Your Password? web page directly to request a password, the
customers password will be sent to the customers email address of record. If the customer
contacts customer service to request a password, the customer service representative will access
the Forgot Your Password? web page and generate an email containing the customers
password to the customers email address of record.
Customer Account Information Changes, OpenVoice Conferencing customers can access and
review their account information in two locations: On their My Conferences page and on the My
Account page located on the OpenVoice Conferencing web site. Changes to personal customer
account information are made primarily by customers, although occasionally customer service
representatives may change customer account information at the specific request of a customer.
o
In the event that a customer requests a change to their account by contacting a customer
service representative, the following process will be followed by the customer service
representative:
1) Confirm the customers login username of record and conduct an extensive
account verification check including e-mail address, name, phone, account
usage;
2) Confirm the callers first and last name, and the account name by requesting the
information from the customer;
3) Make the requested change in the Internal Admin system database;
4) Document the callers name, requested change, and date and time of the
change request in the customer service account database and;
5) Immediately send a confirmation email to the customers email address of record
confirming the changes made, using the following email template:
In the event that the customer receives notification of the change but did not authorize an
account change request, the customer service agent should immediately:
1)
2)
3)
4)
5)
Breach Notification - Any suspected compromise of CPNI or other customer data must be
promptly reported to management. Management will carry out breach notification of relevant
law enforcement agencies and customers in accordance with the FCC rules. All breaches will
be documented according to the FCC CPNI rules and the Citrix Incident Response Policy.
These records must include dates of discovery and notification, a detailed description of the
CPNI data subject to the breach, and the circumstances of the breach. Citrix will maintain
these records for a minimum of 2 years.
V. Compliance
Software as a Service Division is committed to complying with all federal and state laws and
applicable industry regulations and standards. Compliance with this policy is mandatory. Any
suspected or detected violation of this policy must be reported to your supervisor or the executive
sponsor defined in this document.
Citrix Online Audio, LLC must comply annually with the CPNI and any exceptions with this policy
will be an exception for CPNI.
VI. Reference
Customer Propriety Network Information (CPNI) Compliance: http://www.fcc.gov/eb/CPNI/
Name
Kevin Sacco
Beth Sipula/Mark Boyles
Kevin Sacco
Kevin Sacco/Mark
Boyles
Action
First draft
Feedback and updates; final
2011 review and update
Date Revised
2/10/2010
2/18/2010
2/14/2011
2/7/2012
Kevin Sacco/Mark
Boyles
Kevin Sacco
Beth Sipula
Peter McElligott
2/14/2013
2/14/2014
2/24/2014
2/17/2015