Está en la página 1de 6

Industry Assurance Consulting, Inc.

IACAdviceCompliance,Consulting,Certifications
Telephone:(786)5051862
6303BlueLagoonDrive,Suite400,Miami,FL33126
www.iacadvice.com,Email:compliance@iacadvice.com

February27,2015

BYELECTRONICSUBMISSION

MarleneH.Dortch,Secretary
FederalCommunicationsCommission
OfficeoftheSecretary
44512thStreet,S.W.,SuiteTWA325
Washington,DC20554

Subject:EBDocketNo.0636,CPNICertificationdueMarch1,2015(CY2014Operations)

DearMs.Dortch:

A.A.SmartComtechUSALLC(herebyreferredtoasthe"Company"),submitsthe
followingCPNICertification,regardingitsCalendarYear2014operations,incompliancewith
Section64.2001etseq.oftheCommission'srules.

TheCompanyrespectfullyaskstheCommissiontoacceptthefollowingCertificationas
timelyfiled,intermsoftheMarch1,2015filingdeadlinelistedin47C.F.R.64.2009(e).

________________________
AlonzoBeyene
IndustryAssuranceConsulting,Inc.
RegulatoryAnalyst

Enclosures

cc: FCCEnforcementBureau,TelecommunicationsConsumersDivision,
44512thStreet,SW,Washington,DC20554
BestCopyandPrinting,Inc.(viaemail fcc@bcpiweb.com)

EB Docket 06-36
Annual64.2009(e)CPNICertificationforActivitiesofCalendarYear2014
Datefiled:February27,2015
NameofTheCompany(s)coveredbythiscertification:A.A.SmartComtechUSALLC
Form499FilerID:828512
Nameofsignatory:ArkadyBerkovsky
Titleofsignatory:CEO

I,ArkadyBerkovsky,certifythatIamanofficeroftheCompanynamedabove,andactingasan
agentoftheCompany,thatIhavepersonalknowledgethattheCompanyhasestablished
operatingproceduresthatareadequatetoensurecompliancewiththeCommission'sCPNI
rules.See47C.F.R.64.2001et seq.

AttachedtothiscertificationisanaccompanyingstatementexplaininghowtheCompany's
proceduresensurethatthecompanyisincompliancewiththerequirements(includingthose
mandatingtheadoptionofCPNIprocedures,training,recordkeeping,andsupervisoryreview)
setforthinsection64.2001etseq.oftheCommission'srules.

TheCompanyhasnothadtotakeanyaction(s)(i.e.,proceedingsinstitutedorpetitionsfiledby
acompanyateitherstatecommissions,thecourtsystem,orattheCommissionagainstdata
brokers)againstdatabrokersinthepastyear.Ifaffirmative,theCompanyisawarethatitmust
explainanyactionsthatithashadtotakeagainstdatabrokers.TheCompanyisawarethatit
mustreportonanydatathatithaswithrespecttotheprocessesthatanypretextershaveused
(ifany),toattempttoaccessCPNI,andwhatstepstheCompanyistakingtoprotectCPNI.

TheCompanyhasnotreceivedanycustomercomplaintsinthepastyearconcerningthe
unauthorizedreleaseofCPNI.TheCompanyisaware,thathadithadanysuchcomplaints,it
wouldhavetoreportthenumberofcustomercomplaintsthattheCompanyhasreceived
relatedtounauthorizedaccesstoCPNI,orunauthorizeddisclosureofCPNI,brokendownby
categoryofcomplaints,e.g.,instancesofimproperaccessbyemployees,instancesofimproper
disclosuretoindividualsnotauthorizedtoreceivethedata,orinstancesofimproperaccessto
onlinedatabyindividualsnotauthorizedtoviewthedata.

Thecompanyrepresentsandwarrantsthattheabovecertificationisconsistentwith47C.F.R.
1.17,whichrequirestruthfulandaccuratestatementstotheCommission.Thecompanyalso
acknowledgesthatfalsestatementsandmisrepresentationstotheCommissionarepunishable
underTitle18oftheU.S.Codeandmaysubjectittoenforcementaction.

SignedX_____________________________[Signature of an officer, as agent of the carrier]

Attachments: AccompanyingStatementexplainingCPNIprocedures

AccompanyingStatementonCompanysCompliancewith47C.F.R.64.2009,Safeguards
requiredforuseofCustomerProprietaryNetworkInformation(CPNI)andCompliancewith
Section64.2001etseq.oftheCommission'sRules.

A. Definitions
CPNI(CustomerProprietaryNetworkData)referstodatasuchascustomername,address,
contactdataaswellasquantity,technicalconfiguration,type,destination,andamountofuse
ofservicesubscribedtobytheCompanyscustomers,andmadeavailablebytheCompanys
customerstothecompany,solelybyvirtueofthecustomerrelationshiptothecompany.Italso
includesdatacontainedincustomerbills,ifapplicable.
B. Use of CPNI
(1)TheCompanymay,ifapplicable,use,disclose,orpermitaccesstoCPNIforthepurposeof
providingormarketingserviceofferingsamongthecategoriesofservice(i.e.,local,
interexchange,andCMRS)towhichthecustomeralreadysubscribesfromtheCompany,
withoutcustomerapproval.
(2)TheCompanydoesnotuse,disclose,orpermitaccesstoCPNItomarketserviceofferingsto
acustomerthatrequireoptinoroptoutconsentofacustomerunder47C.F.R.64.2001et
seq.

(3)TheCompanydoesnotuse,discloseorpermitaccesstoCPNItoidentifyortrackcustomers
thatcallcompetingserviceproviders.

(4)Notwithstandingtheforgoing:ItistheCompanyspolicythattheCompanymayuse,
disclose,orpermitaccesstoCPNItoprotecttherightsorpropertyoftheCompany,orto
protectusersofthoseservicesandothercarriersfromfraudulent,abusive,orunlawfuluseof,
orsubscriptionto,suchservices.

C. Safeguards Required for the Use of CPNI


(1)ItisthepolicyoftheCompanytotrainitsapplicablepersonnel,onthecircumstancesunder
whichCPNImay,andmaynot,beusedordisclosed.ItisaviolationoftheCompanyspoliciesto
discloseCPNIoutsideoftheCompany.Anyemployeethatisfoundtohaveviolatedthispolicy
willbesubjecttodisciplinaryactionuptoandincludingtermination.

(2)ItistheCompanyspolicytorequirethatarecordbemaintainedofitsownanditsaffiliates
salesandmarketingcampaignsthatusetheircustomersCPNI.TheCompanymaintainsa
recordofallinstanceswhereCPNIwasdisclosedorprovidedtootherthirdparties,orwhere
thirdpartieswereallowedtoaccesssuchCPNI.Therecordincludesadescriptionofeach
campaign,thespecificCPNIthatwasusedinthecampaign,andwhatproductsandservices
wereofferedasapartofthecampaign.Suchrecordsareretainedforaminimumofoneyear.

(3)TheCompanyhasestablishedamandatorysupervisoryreviewprocessregarding
compliancewithCPNIrulesforoutboundmarketing.Ifapplicable,salespersonnelmustobtain
supervisoryapprovalofanyproposedoutboundmarketingrequestforcustomerapproval.The
Companyspoliciesrequirethatrecordspertainingtosuchcarriercomplianceberetainedfora
minimumperiodofoneyear.

(4)IncompliancewithSection64.2009(e),theCompanywillprepareacompliancecertificate
signedbyanofficeronanannualbasisstatingthattheofficerhaspersonalknowledgethatthe
Companyhasestablishedoperatingproceduresthatareadequatetoensurecompliancewith
47C.F.R.64.2001etseq.Thecertificateistobeaccompaniedbythisstatementandwillbe
filedinEBDocketNo.0636annuallyonMarch1,fordatapertainingtothepreviouscalendar
year.Thisfilingwillincludeanexplanationofanyactionstakenagainstdatabrokersanda
summaryofallcustomercomplaintsreceivedinthepastyearconcerningtheunauthorized
releaseofCPNI.
D. Safeguards on the Disclosure of CPNI
ItistheCompanyspolicytotakereasonablemeasurestodiscoverandprotectagainst
attemptstogainunauthorizedaccesstoCPNI.TheCompanywillproperlyauthenticatea
customerpriortodisclosingCPNIbasedoncustomerinitiatedtelephonecontactoronline
access,asdescribedherein.

(1)MethodsofAccessingCPNI.
(a)TelephoneAccesstoCPNI.ItistheCompanyspolicytoonlydisclosecalldetaildata
overthetelephone,basedoncustomerinitiatedtelephonecontact,ifthecustomerfirst
providestheCompanywithapassword,asdescribedinSection(2),thatisnot
promptedbythecarrieraskingforreadilyavailablebiographicaldata,oraccountdata.If
thecustomerisabletoprovidecalldetaildatatotheCompanyduringacustomer
initiatedcallwithouttheCompanysassistance,thentheCompanymaydiscussthecall
detaildataprovidedbythecustomer.

(b)OnlineAccesstoCPNI.ItistheCompanyspolicytoauthenticateacustomerwithout
theuseofreadilyavailablebiographicaldata,oraccountdata,priortoallowingthe
customeronlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount.Once
authenticated,thecustomermayonlyobtainonlineaccesstoCPNIrelatedtoa
telecommunicationsserviceaccountthroughapassword,asdescribedinSection(2),
thatisnotpromptedbytheCompanyaskingforreadilyavailablebiographicaldata,or
accountdata.

(2)PasswordProcedures
Toestablishapassword,theCompanywillauthenticatethecustomerwithouttheuseofreadily
availablebiographicaldata,oraccountdata.TheCompanymaycreateabackupcustomer
authenticationmethodintheeventoflostorforgottenpasswords,butsuchbackupcustomer
authenticationmethodwillnotpromptthecustomerforreadilyavailablebiographicaldataor
accountdata.Ifthecustomercannotprovidethecorrectpasswordorcorrectresponseforthe
backupcustomerauthenticationmethod,thecustomermustestablishanewpasswordas
describedinthisparagraph.

(3)NotificationofAccountChanges
TheCompanywillnotifycustomersimmediatelywheneverapassword,customerresponsetoa
backupmeansofauthenticationforlostorforgottenpasswords,onlineaccount,oraddressof
recordiscreatedorchanged.Thisnotificationisnotrequiredwhenthecustomerinitiates
service,includingtheselectionofapasswordatserviceinitiation.Thisnotificationmaybe
throughaCompanyoriginatedvoicemailortextmessagetothetelephonenumberofrecord,
orbymailtotheaddressofrecord,andmustnotrevealthechangeddataorbesenttothenew
accountdata.

(4)BusinessCustomerExemption
TheCompanymaybinditselfcontractuallytoauthenticationregimesotherthanthose
describedinthisSectionDforservicesitprovidestoitsbusinesscustomersthathavebotha
dedicatedaccountrepresentativeandacontractthatspecificallyaddressestheCompany's
protectionofCPNI.
E. Notification of CPNI Security Breaches
(1)ItistheCompanyspolicytonotifylawenforcementofabreachinitscustomers
CPNIasprovidedinthissection.TheCompanywillnotnotifyitscustomersordisclosethe
breachpubliclyuntilithascompletedtheprocessofnotifyinglawenforcementpursuantto
paragraph(2).

(2)Assoonaspracticable,andinnoeventlaterthanseven(7)businessdays,afterreasonable
determinationofthebreach,theCompanywillelectronicallynotifytheapplicableUS
governmentagenciessuchastheFederalBureauofInvestigation.
(a)Notwithstandingstatelawtothecontrary,theCompanywillnotnotifycustomersor
disclosethebreachtothepublicuntil7fullbusinessdayshavepassedafternotification
toapplicableUSgovernmentagencies,exceptasprovidedinparagraphs(b)and(c).

(b)IftheCompanybelievesthatthereisanextraordinarilyurgentneedtonotifyany
classofaffectedcustomerssoonerthanotherwiseallowedunderparagraph(a),inorder
toavoidimmediateandirreparableharm,itwillsoindicateinitsnotificationandmay
proceedtoimmediatelynotifyitsaffectedcustomersonlyafterconsultationwiththe
relevantinvestigationagency.TheCompanywillcooperatewiththerelevant
investigatingagencysrequesttominimizeanyadverseeffectsofsuchcustomer
notification.

(c)Iftherelevantinvestigatingagencydeterminesthatpublicdisclosureornoticeto
customerwouldimpedeorcompromiseanongoingorpotentialcriminalinvestigation
ornationalsecurity,theCompanywillcomplywithsuchagencyswrittendirectives,
includingdirectivesnottosodiscloseornotifyforaninitialperiodofupto30days,and
extendedperiodsasreasonablynecessaryinthejudgmentoftheagency.

(3)AftertheCompanyhascompletedtheprocessofnotifyinglawenforcementpursuant
toparagraph(2),itwillnotifyitscustomersofabreachofthosecustomersCPNI.

(4)Recordkeeping.TheCompanywillmaintainarecord,electronicallyorinsomeother
manner,ofanybreachesdiscovered,notificationsmadetotheUSSSandtheFBIpursuantto
paragraph(2),andnotificationsmadetocustomers.Therecordwillinclude,ifavailable,dates
ofdiscoveryandnotification,adetaileddescriptionoftheCPNIthatwasthesubjectofthe
breach,andthecircumstancesofthebreach.TheCompanywillmaintaintherecordfora
minimumof2years.

(5)Strictcontrolsareinplaceinvolvingresponsestolawenforcementagenciesthatservethe
Companywithvalidlegaldemands,suchasacourtorderedsubpoena,forCPNI.TheCompany
willnotsupplyCPNItoanylawenforcementagencythatdoesnotproduceavalidlegal
demand.