Customer Proprietary Network Information Compliance Procedures

Approvals
Title
Document Owner:
Department Manager:
Executive Sponsor:

Senior Counsel, Telecommunications

Director, Customer Operations,
Audio Services
Vice President, Divisional Legal
Counsel

Name

Date

Peter McElligott

2/17/2015

Mark Boyles

2/25/2015

Anthony Bishop

2/25/2015

I. Purpose
This procedure is to be used as a process for informing customers about accessing their
OpenVoice Conferencing account information and making account changes, in compliance with
the Federal Communications Commission rules for customer proprietary network information
(CPNI).

II. Scope
This procedure applies to all Software as a Service (SaaS) Division employees and systems that
handle customer account information for OpenVoice Conferencing.

III. Definitions
1) Customer proprietary network information (CPNI) - is the data collected by
telecommunications corporations about a consumer's telephone calls. It includes the time,
date, duration, origination and destination number of each call, the type of network a
consumer subscribes to, and any other information that appears on the consumer's telephone
bill.

IV. Customer Account Information Procedure

Access to Customer Account Information - Account information may only be accessed with
the customers logon username of record and password, without exception. No account
information is to be given to a customer, or account information changed, unless the customer
provides both the login username of record and OpenVoice Conferencing password. No email
may be sent to any email address other than the customers email address of record under any
circumstances. After accessing a customers account information, a customer service agent
should remind the customer how to change their password using the web site.
Customer Passwords Notification- New customers will receive an automatically-generated
email notification, sent to their registered e-mail address, containing an administrator OpenVoice
Conferencing system password. Emails will be sent exclusively to the email address of record
entered by the customer at the time the account is established.

Lost Passwords. In the event that a customer misplaces their password, the customer may
request the password via the Forgot your Password web page at
https://secure.citrixonline.com/commerce/forgotPassword.tmpl. If the customer is unable to
access the website they may also contact customer service for password reset assistance. If the
customer accesses the Forgot Your Password? web page directly to request a password, the
customers password will be sent to the customers email address of record. If the customer
contacts customer service to request a password, the customer service representative will access
the Forgot Your Password? web page and generate an email containing the customers
password to the customers email address of record.

Customer Account Information Changes, OpenVoice Conferencing customers can access and
review their account information in two locations: On their My Conferences page and on the My
Account page located on the OpenVoice Conferencing web site. Changes to personal customer
account information are made primarily by customers, although occasionally customer service
representatives may change customer account information at the specific request of a customer.
o

In the event that a customer requests a change to their account by contacting a customer
service representative, the following process will be followed by the customer service
representative:
1) Confirm the customers login username of record and conduct an extensive
account verification check including e-mail address, name, phone, account
usage;
2) Confirm the callers first and last name, and the account name by requesting the
information from the customer;
3) Make the requested change in the Internal Admin system database;
4) Document the callers name, requested change, and date and time of the
change request in the customer service account database and;
5) Immediately send a confirmation email to the customers email address of record
confirming the changes made, using the following email template:

Dear <insert customer name here>:

Our records indicate that on [Date] you, or someone providing your Citrix
Online OpenVoice Conferencing login username of record and password,
requested that the following changes to your account information be made: [list
type of change but do not provide specific data, i.e. change in billing location].
If you did not request these changes, or if you did not authorize that these
changes be made, please contact Citrix Online OpenVoice Conferencing
customer service immediately
http://support.citrixonline.com/en_US/OpenVoice/contact.
Thank you for your business.
Citrix Online Audio, LLC

In the event that the customer receives notification of the change but did not authorize an
account change request, the customer service agent should immediately:
1)
2)
3)
4)
5)

Access the change request call documentation;

Inform the customer of who made the request;
Verify whether the customer did make the change,
Inform your supervisor of the situation;
Immediately change the customers account password after verifying the
customers email address and current account information;
6) Send an email to the customers registered email address with the new password
and;
7) Document the situation in the customer service account database.

Breach Notification - Any suspected compromise of CPNI or other customer data must be
promptly reported to management. Management will carry out breach notification of relevant
law enforcement agencies and customers in accordance with the FCC rules. All breaches will
be documented according to the FCC CPNI rules and the Citrix Incident Response Policy.
These records must include dates of discovery and notification, a detailed description of the
CPNI data subject to the breach, and the circumstances of the breach. Citrix will maintain
these records for a minimum of 2 years.

V. Compliance
Software as a Service Division is committed to complying with all federal and state laws and
applicable industry regulations and standards. Compliance with this policy is mandatory. Any
suspected or detected violation of this policy must be reported to your supervisor or the executive
sponsor defined in this document.
Citrix Online Audio, LLC must comply annually with the CPNI and any exceptions with this policy
will be an exception for CPNI.

VI. Reference
Customer Propriety Network Information (CPNI) Compliance: http://www.fcc.gov/eb/CPNI/

VII. Revision Tracking

This policy will be reviewed on an annual basis by the Director of Regulatory Compliance or
Counsel.

Name
Kevin Sacco
Beth Sipula/Mark Boyles
Kevin Sacco
Kevin Sacco/Mark
Boyles

Action
First draft
Feedback and updates; final
2011 review and update

Date Revised
2/10/2010
2/18/2010
2/14/2011

2012 review and update

2/7/2012

Kevin Sacco/Mark
Boyles
Kevin Sacco
Beth Sipula
Peter McElligott

2013 review and update

2014 review and update
2014 review and approve
2015 review and update

2/14/2013
2/14/2014
2/24/2014
2/17/2015