Statement of CPNI Procedures

NebraskaLink, LLC (the “Company”) has implemented the follo in! procedures to ensure that it is compliant ith Part "# of $itle #% of the Code of &ederal 'e!ulations, Subpart ( ) Customer Proprietary Net ork Information (CPNI), * "#+,--. throu!h * "#+,-..+

Compliance /fficer

$he Company has appointed a CPNI Compliance /fficer ho is responsible for ensurin! that the Company is in compliance ith all of the CPNI rules+ $he Compliance /fficer is also the point of contact for anyone (internally or e0ternally) ith 1uestions about CPNI+ $he Compliance /fficer ill ensure that a compliance certification si!ned by an officer of the Company is filed ith the &CC by 2arch . of each year for data pertainin! to the pre3ious year+

4mployee $rainin!

$he Compliance /fficer arran!es for the trainin! of all employees on an annual basis and more fre1uently as needed+ 5ny ne employee is trained hen hired by the Company+ $he trainin! includes, but is not limited to, hen employees are and are not authori6ed to use CPNI and the authentication methods the Company is usin!+ $he detail of the trainin! can differ based on hether or not the employee has access to CPNI+ If employees ha3e any 1uestions re!ardin! the use of CPNI or if they are a are of CPNI bein! used improperly by anyone, they are instructed to contact the Compliance /fficer immediately+

$he Company has established a disciplinary process for improper use of CPNI hich is re3ie ed ith employees+ $he disciplinary action is based on the type and se3erity of the 3iolation and could include any or a combination of the follo in!7 retrainin! the employee on CPNI rules, notation in the employee8s personnel file, formal ritten reprimand, suspension or termination+

9isclosure and (se of CPNI

$he Company has not pro3ided notification to its customers and has not asked for appro3al to use CPNI because it does not use CPNI outside of the areas that are allo ed ithout customer appro3al+ $hus, the status for all customers is that they ha3e not !i3en appro3al to use CPNI+ $he Company does not share the customer8s CPNI ith any :oint 3enture partner, independent contractor or any other third party+ If in the future, the Company decides to ask customers for appro3al to use their CPNI, it ill implement a system by hich the status of a customer8s CPNI appro3al can be clearly established prior to the use of any CPNI+

Currently, the Company does not conduct any marketin! campai!ns that use customer8s CPNI+ If the Company decides to use CPNI for marketin! purposes, the marketin! campai!n and the complete process ill be re3ie ed and appro3ed by the Compliance /fficer to make certain all CPNI rules are follo ed+ $he Compliance /fficer ill be responsible for makin! sure that a complete record of the campai!n is documented and maintained for a minimum of one year+

$he Company has established a process for authenticatin! customers and ill not disclose any CPNI until the customer has been appropriately authenticated+ &or an in;office 3isit, the customer must pro3ide a 3alid photo I9 matchin! the customer8s account information+ $he Company8s customer accounts do not include call detail information+

$he Company ill promptly notify customers hene3er a chan!e is made to the customer8s address of record+ $he notification ill be sent to the customer8s old address of record+

Notification of <reaches $he Company takes reasonable measures to disco3er and protect a!ainst acti3ity that is indicati3e of prete0tin! includin! re1uirin! employees to immediately notify the Compliance /fficer of any indication of suspicious acti3ity+ If it is determined that a breach has occurred, the Compliance /fficer ill do the follo in!7

Notify the (nited States Secret Ser3ice ((SSS) and the &ederal <ureau of In3esti!ation (&<I) as soon as practicable, but in no e3ent later than % business days after determination of the breach+ $he notification ill be 3ia the &CC link at http7== +fcc+!o3=eb=cpni+ Notify customers only after % full business days ha3e passed since notification to the (SSS and the &<I, unless the (SSS or &<I has re1uested an e0tension+ If there is an ur!ent need to notify affected customers or the public sooner to a3oid immediate and irreparable harm, it ill be done only after consultation ith the rele3ant in3esti!atin! a!ency+ 2aintain a record of the breach, the notifications made to the (SSS and &<I, and the notifications made to customers+ $he record should include dates of disco3ery and notification, a detailed description of the CPNI that as the sub:ect of the breach, and the circumstances of the breach+ Include a summary of the breach in the annual compliance certificate filed ith the &CC+

'ecord 'etention

&ollo in! is the minimum retention period the Company has established for CPNI related information7

• • • •

2arketin! Campai!ns ) one year <reaches ) t o years 5nnual CPNI Certification ) permanently 5ll other information ) t o years

Sign up to vote on this title
UsefulNot useful