You are on page 1of 5

Annual4T C.F.R. Q 64.2009(e) CPNI Certification

EB Docket 0G36

Annual 64.2009(e) CPM Certification for 2014

Date filed: February 19,2015

Name of company covered by this certification: Scio Mutual Telephone Association

Form 499 Filer ID: 807792

Name of signatory: Thomas J. Barth Title of signatory: CEO/GM

I, Thomas J. Barth, certify that I am an officer of the company named above, and acting

that the company has established

as an agent of the company, that i hur" personal knowledge

operatiig procedures tlat are adequate to ensure

compliance with the Commission's CPM ru1es'

See 47 C.F.R. $ 64.2001 et seq.

Attached to this certification is an accompanying

procedures ensure that the company ii in

64.2OOl et seq. of Commission's rules'

statement explaining how the

comptiance with the requirements set forth

company's

in section

The company has not taken any actions against

information that they have with

data brokers in the past year' Companies

respect to the processes pretexters are using to

must report on any

attempito access

-Cpt

tt, and what steps companies are taking to protect CPM'

represents and warrants that the above certification is consistent with 47

'reqirires

truthful

The company

C.F.R. S 1 .1 7, *fri"t

also acknowledges

under Title 18 of

and accurate statements to the Commission' The company

that ialse statements and misrepresentations to the Commission are punishable

the US Code and may subject it to enforcement to the action'

The company has not received any customer complaints in the past year conceming the

unauthorized release of CPNI.

Thomas J. Barth, CEO/GM

OPERATING PROCEDURES FOR COMPLIANCE WITH CPNI RULES

Scio Mutual Telephone

following

Code

Association (the "Company") has implemented the

procedures to ensure that it is compliant with Part 64 of Title 47 of the

Customer Proprietary Network

oJ Federal Regulations, Subpart U -

lnformation (CPNI), S 64.2001 through S 64.2011.

Compliance Officer The Company has appointed a CPNI Compliance

Officer is responsible ior ensuring

that the Company

the cPNl rules. The compliance

Officer' The Compliance

is in compliance with all of

officer is also the point of contact for anyone

(internally or externally) with questions about CPNI.

Emolovee Traininq:

The Compliance Officer arranges

uisis, ano more frequently as

OV if," Corp"ny.

aie and are noi

The triining

authorized to

;;a;y

the

for the training of all employees on an annual

needed. Any new employee is trained when hired

includes, but is not limited to, when employees use CPNI, and the authentication methods the

is using. The detail of the training can differ based on whether or not

employee has access to CPNI.

After the training, all employees

received

pio""Jrr"i

traini;g on the

are required to sign

a certification that they have

understand the Company's

CPNI rules' that they

they

tor p-rotecting CPNI and

understand the Company's disciplinary

process for improper

borp"ny't CPNI

use of CPNI. Each employee is informed as to where the

manual with the rules is kept in the office'

Employees

of Cplrtt,

are instructed that if they

of

ever have any

questions regarding the.use

or if they are aware

CirNl being used improperly by anyone, they

should contact the Compliance Officer immediately'

Disciplinarv Process

The Company has established a specific disciplinary process for improper use of

CPNI. The disciplinary action is based on the type and severity of the violation

and could include any

on CPNI rules,

or a combination of the

following:

retraining the employee

notation in the employee's

personnel file, formal written

reprimand, suspension or termination. The disciplinary process is reviewed with all employees. A copy of the Company's disciplinary process is kept in the CPNI manual.

Customer Notification and Request for Approval to Use CPNI

The company has not provided notification to its customers and has not asked

for approval tb use CPNI because it only

is permissible

customer's

uses CPNI in those instances where it

to use cPNl without customer approval. lt does not share the

cPNl with any joint venture partner, independent contractor or any

purposes, the Company does mass marketing.to

CPNI to market only service offerings among the

service to which the customer already subscribes'

other third party. For marketing

a1 customers, or uses

categories of

lf the company receives a call from a customer who wants to discuss services

ouisiOe of' the customer's existing

iepi"i"ntutiru uses the oral

service offerings, the customer service

use of CPNI to obtain

notification for one-time

approval for the duration of the call only.

Authentication The Company does not disclose any CPNI until the customer has been

appropriately authenticated as follows:

ln-office visit - the customer must provide a valid photo lD matching the

customef s account information.

call

- lf the customer cannot provide all of the call detail

the customer to come into the office and provide a

customer-initiated

information to

address the customer's issues, the company will: 1. call the

number of record, 2. send the information to the

iustomer back at the telephone

address of record, or 3. ask valid photo lD.

Notification of Account Chanqes

The Company promptly notifies customers whenever a change is made to any of the following:

r

Address of record.

The notification to the customer will be made either by a Company-originated voicemail or text message to the telephone number of record or sent to the

address (postal or electronic) of record.

The company

recording

has a process for tracking when a notification is required and for

when and how the notification is made by software that generates a

notification letter.

Notifi cation of Breaches

Employees will immediately notify the compliance

breach. lf it is determined that a breach has

officer of any indication of a

occurred, the compliance officer

will do the following:

o Notify the United States Secret Service (USSS) and the Federal

Bure.auoflnvestigation(FBl)asSoonaSpracticable,butinnoevent

laterthanTbusinessdaysafterdeterminationofthebreach.The

notification will be via the FCC link at

http://www'fcc'sov/eb/cpni'

eNotifycustomersonlyafterTfullbusinessdayshavepassedsince

notifitation to the usss and

the FBl, unless the USSS or FBI has

requested an extension.

o

lf there is an urgent need to notify

sooner to avoid immediate and

affected customers or the public

irreparable harm, it will be done only

after consultation with the relevant investigating agency'

.

Maintain a record of the breach, the notifications made to the USSS

unJ fAf ,

and the notifications made to customers' The record should

and notification, a detailed description of the

include dates of discovery

cirlr 1,rt was the

sublect of the breach, and the circumstances of the

breach.

.

lnclude a summary of the breach in the annual compliance certificate

filed with the FCC.

Annual Certification

The Compliance Officer will file a Compliance Certification with the FCC by

March 1 of each year, for data pertaining to the previous calendar year.

Record Retention

The Company retains all information regarding CPNI in a CPNI file and the CPNI manual in the Compliance Officer's office. Following is the minimum retention

period we have established for specific items:

.

CPNI notification and records of approval - one year

o Marketing campaigns - one year Breaches - two years

.

Annual certification - five years Employee training certification - two years o All other information - two years

.

.