Annual 47 C.F.R. 64.

2009(e) CPNI Certification

EB Docket 06-36

Annual 64.2009(e) CPNI Certification for 2017

Date filed: February 16, 2017

Name of company covered by this certification: CMOLS, LLC

Form 499 Filer ID: 825284

Name of signatory: Dr. Harry Deng

Title of signatory: President

I, Dr. Harry Deng, certify that I am an officer of the company named above, and acting as
an agent of the company, that I have personal knowledge that the company has
established operating procedures that are adequate to ensure compliance with the
Commissions Customer Proprietary Network Information (CPNI) rules. See 47 C.F.R.
64.2001 et seq.

Attached to this certification is an accompanying statement explaining how the

companys procedures ensure that the company is in compliance with the requirements
set forth in section 64.2001 et seq. of the Commissions rules.

The company has not taken any actions (proceedings instituted or petitions filed by the
company with either state commissions, the court system, or the Commission) against
data brokers in the past year. I acknowledge that companies must report on any
information that they have with respect to the processes pretexters are using to attempt
to access CPNI, and what steps companies are taking to protect CPNI, and I have no
such information to report at this time.

The company has not received any customer complaints in the past year concerning the
unauthorized release of or access to CPNI and I hereby acknowledge that if the
company does receive any such complaints, it must provide that information to the
Commission, including the number of customer complaints a company has received
related to unauthorized access to CPNI, or unauthorized disclosure of CPNI, broken
down by category or complaint, e.g., instances of improper access by employees,
instances of improper disclosure to individuals not authorized to receive the
information, or instances of improper access to online information by individuals not
authorized to view the information.

____________________________
Dr. Harry Deng, President
Statement Accompanying CPNI Certificate EB Docket No. 06-36

CMOLS, LLC (the Company) doesnotuse,discloseorpermitaccesstoCustomerProprietary

NetworkInformation(CPNI)exceptaspermittedorrequiredbylawpursuantto47U.S.C.
222.ThesafeguardssetforthinSectionsIandJbelowarefollowedbytheCompany,and,tothe
extent that the Company finds it necessary to use, disclose or permit access to CPNI, the
operatingproceduresinSectionsAHbelowareobserved.

A. Definitions.ThetermsusedinthisStatementhavethesamemeaningassetforthin47
64.2003.

B. UseofCPNI. ItistheCompanyspolicythattheCompanymayuse,disclose,orpermit
accesstoCPNIforthepurposeofprovidingormarketingserviceofferingsamongthecategoriesof
service (i.e., local, interexchange, and interconnected VOIP) to which the customer already
subscribesfromtheCompany,withoutcustomerapproval.

TotheextentthattheCompanyprovidesdifferentcategoriesofservice,andacustomersubscribesto
morethanonecategoryofserviceofferedbytheCompany,theCompanymayshareCPNIamong
theCompany'saffiliatedentitiesthatprovideaserviceofferingtothecustomer.However,tothe
extentthattheCompanyprovidesdifferentcategoriesofservice,butacustomerdoesnotsubscribe
tomorethanoneoffering,theCompanydoesnotshareCPNIwithitsaffiliates,exceptbyfollowing
therequirementsdescribedherein.

TheCompanydoesnotuse,disclose,orpermitaccesstoCPNItomarkettoacustomeranyservice
offeringsthatarewithinacategoryofservicetowhichthesubscriberdoesnotalreadysubscribe
fromtheCompany,unlesstheCompanyhascustomerapprovaltodoso.TheCompanydoesnotuse,
disclose or permit access to CPNI to identify or track customers that call competing service
providers.

Notwithstandingtheforgoing,itistheCompanyspolicythattheCompanymayuse,disclose,or
permitaccesstoCPNItoprotecttherightsorpropertyoftheCompany,ortoprotectusersofthose
servicesandothercarriersfromfraudulent,abusive,orunlawfuluseof,orsubscriptionto,such
services.

C. CustomerApprovals.

ItistheCompanyspolicythattheCompanymayobtainapprovalthroughwritten,oralorelectronic
methods. The Company acknowledges that it bears the burden of demonstrating that any oral
approvalshavebeengivenincompliancewiththeCommission'srules.TheCompanyhonorsall
approvalsordisapprovalstouse,disclose,orpermitaccesstoacustomer'sCPNIuntilthecustomer
revokes or limits such approval or disapproval. The Company maintains records of approval,
regardlessoftheformofsuchapproval,foratleastoneyear.

OptOutandOptInApprovalProcesses.ItistheCompanyspolicythatitmay,subjecttooptout
approvaloroptinapproval,useitscustomer'sindividuallyidentifiableCPNIforthepurposeof
marketingcommunicationsrelatedservicestothatcustomer.ItistheCompanyspolicythatitmay,
subjecttooptoutapprovaloroptinapproval,discloseitscustomer'sindividuallyidentifiableCPNI,
forthepurposeofmarketingcommunicationsrelatedservicestothatcustomer,toitsagentsandits
affiliates that provide communicationsrelated services; and its joint venture partners and
independentcontractorswhodothesame.ItistheCompanyspolicythatitmayalsopermitsuch
personsorentitiestoobtainaccesstosuchCPNIforsuchpurposes.Exceptasprovidedherein,oras
otherwiseprovidedinSection222oftheCommunicationsActof1934,asamended,theCompany
onlyuses,discloses,orpermitsaccesstoitscustomers'individuallyidentifiableCPNIsubjecttoopt
inapproval.

D. Notice Required For Use Of Customer Proprietary Network Information. It is the

Companyspolicythatpriortoanysolicitationforcustomerapproval,notificationisprovidedtothe
customerofthecustomer'srighttorestrictuseof,disclosureof,andaccesstothatcustomer'sCPNI.
TheCompanymaintainssuchrecordsofnotification,whetheroral,writtenorelectronic,foratleast
oneyear.ItistheCompanyspolicythatindividualnoticetocustomersisprovidedwhensoliciting
approvaltouse,disclose,orpermitaccesstocustomers'CPNI.

E. Notice Content Requirements. Company notices must comply with the following
requirements:

1. Noticesmustprovidesufficientinformationtoenablethecustomertomakeaninformeddecision
astowhethertopermittheCompanytouse,disclose,orpermitaccessto,thecustomer'sCPNI.

2. Noticesmuststatethatthecustomerhasaright,andtheCompanyhasaduty,underfederallaw,
toprotecttheconfidentialityofCPNI.

3. NoticesmustspecifythetypesofinformationthatconstituteCPNIandthespecificentitiesthat
willreceivetheCPNI,describethepurposesforwhichCPNIwillbeused,andinformthe
customerofhisorherrighttodisapprovethoseuses,anddenyorwithdrawaccesstoCPNIat
anytime.

4. Noticesmustadvisethecustomeroftheprecisestepsthecustomermusttakeinordertograntor
denyaccesstoCPNI,andmustclearlystatethatadenialofapprovalwillnotaffecttheprovision
ofanyservicestowhichthecustomersubscribes.

5. Noticesmustbecomprehensibleandmustnotbemisleading.

6. TotheextentthatwrittenNoticesareprovided,theNoticesareclearlylegible,usesufficiently
largetype,andareplacedinanareasoastobereadilyapparenttoacustomer.

7. IfanyportionofaNoticeistranslatedintoanotherlanguage,thenallportionsoftheNoticemust
betranslatedintothatlanguage.

8. TheNoticemaystatethatthecustomer'sapprovaltouseCPNImayenhancetheCompany's
abilitytoofferproductsandservicestailoredtothecustomer'sneeds.TheNoticemayalsostate
thattheCompanymaybecompelledtodiscloseCPNItoanypersonuponaffirmativewritten
requestbythecustomer.

9. Noticesmaynotincludeinthenotificationanystatementattemptingtoencourageacustomerto
freezethirdpartyaccesstoCPNI.
10. Noticesmuststatethatanyapproval,ordenialofapprovalfortheuseofCPNIoutsideofthe
servicetowhichthecustomeralreadysubscribesfromtheCompanyisvaliduntilthecustomer
affirmativelyrevokesorlimitssuchapprovalordenial.

11. TheCompanyssolicitationforapprovalmustbeproximatetotheNoticeofacustomer'sCPNI
rights.
F. OptOutNoticeRequirements. ItistheCompanyspolicythatNoticestoobtainoptout
approval be given only through electronic or written methods, and not by oral communication
(exceptasprovidedwithrespecttoonetimeuseofCPNIbelow).

ThecontentsofanysuchnotificationmustcomplywiththeNoticeContentRequirementsdescribed
above.

ItistheCompanyspolicytowaita30dayminimumperiodoftimeaftergivingcustomersnotice
andanopportunitytooptoutbeforeassumingcustomerapprovaltouse,disclose,orpermitaccessto
CPNI.This30dayminimumperiodiscalculatedasfollows:(1)Inthecaseofanelectronicformof
notification,thewaitingperiodshallbegintorunfromthedateonwhichtheNoticewassent;and(2)
InthecaseofNoticebymail,thewaitingperiodshallbegintorunonthethirddayfollowingthedate
thatthenotificationwasmailed.ItistheCompanyspolicytonotifycustomersastotheapplicable
waitingperiodforaresponsebeforeapprovalisassumed.

For those instances in which the Company uses the optout mechanism, the Company provides
noticestoapplicablecustomerseverytwoyears.

ForthoseinstancesinwhichtheCompanyusesemailtoprovideoptoutnotices,theCompany
follows the additional requirements in addition to the requirements generally applicable to
notification:

(1)TheCompanymustobtainexpress,verifiable,priorapprovalfromconsumerstosendnoticesvia
emailregardingtheirserviceingeneral,orCPNIinparticular;

(2)TheCompanymustallowcustomerstoreplydirectlytoemailscontainingCPNInoticesinorder
tooptout;

(3)OptoutemailnoticesthatarereturnedtotheCompanyasundeliverablemustbesenttothe
customerinanotherformbeforetheCompanyconsidersthecustomertohavereceivednotice;

(4)Thesubjectlineofthemessagemustclearlyandaccuratelyidentifythesubjectmatterofthee
mail;and

(5)TheCompanymakesavailabletoeverycustomeramethodtooptoutthatisofnoadditionalcost
tothecustomerandthatisavailable24hoursaday,sevendaysaweek.

G. OptInNoticeRequirements.ItistheCompanyspolicythatNoticestoobtainoptin
approvalbegiventhoughoral,written,orelectronicmethods.Thecontentsofanysuchnotification
mustcomplywiththeNoticeContentRequirementsdescribedabove.

H. OneTimeUseofCPNINoticeRequirements.TheCompanymayuseoralnoticetoobtain
limited,onetimeuseofCPNIforinboundandoutboundcustomertelephonecontactsforthe
durationofthecall.TheCompanyrequiresthatthecontentsofanysuchnotificationmustcomply
withtheNoticeContentRequirementsdescribedabove,exceptthattheCompanymayomitanyof
thefollowingnoticeprovisionsifnotrelevanttothelimiteduseforwhichtheCompanyseeksCPNI:

(1)TherequirementthattheCompanyadvisecustomersthatiftheyhaveoptedoutpreviously,no
actionisneededtomaintaintheoptoutelection;

(2)TherequirementthattheCompanyadvisecustomersthattheymayshareCPNIwiththeir
affiliatesorthirdpartiesandneednotnamethoseentities,ifthelimitedCPNIusagewillnotresultin
useby,ordisclosureto,anaffiliateorthirdparty;

(3)TherequirementthattheCompanydisclosethemeansbywhichacustomercandenyorwithdraw
futureaccesstoCPNI,solongasexplanationisgiventocustomersthatthescopeoftheapprovalthe
Companyseeksislimitedtoonetimeuse;and

(4)TheCompanymayomitdisclosureoftheprecisestepsacustomermusttakeinordertograntor
denyaccesstoCPNI,aslongastheCompanyclearlycommunicatesthatthecustomercandeny
accesstohisCPNIforthecall.

I. SafeguardsRequiredfortheUseofCPNI.ItisthepolicyoftheCompanytotrainits
personnelastothecircumstancesunderwhichCPNImay,andmaynot,beusedordisclosed.In
addition,theCompanyhasestablishedawrittendisciplinaryprocessininstanceswhereits
personneldonotcomplywithestablishedpolicies.ItistheCompanyspolicytorequirethata
recordbemaintainedofitsownanditsaffiliatessalesandmarketingcampaignsthatusetheir
customersCPNI.TheCompanymaintainsarecordofallinstanceswhereCPNIwasdisclosed
orprovidedtootherthirdparties,orwherethirdpartieswereallowedtoaccesssuchCPNI.The
recordincludesadescriptionofeachcampaign,thespecificCPNIthatwasusedinthecampaign,
andwhatproductsandserviceswereofferedasapartofthecampaign.Suchrecordsareretained
foraminimumofoneyear.

TheCompanyhasestablishedamandatorysupervisoryreviewprocessregardingcompliance
withCPNIrulesforoutboundmarketing.Salespersonnelmustobtainsupervisoryapprovalof
anyproposedoutboundmarketingrequestforcustomerapproval.TheCompanyspolicies
requirethatrecordspertainingtosuchcarriercomplianceberetainedforaminimumperiodof
oneyear.
IncompliancewithSection64.2009(e),theCompanywillprepareacompliancecertificatesigned
byanofficeronanannualbasisstatingthattheofficerhaspersonalknowledgethattheCompanyhas
establishedoperatingproceduresthatareadequatetoensurecompliancewith47
C.F.R.64.2001etseq.Thecertificateistobeaccompaniedbythisstatementandwillbefiled
inEBDocketNo.0636annuallyonorbeforeMarch1,fordatapertainingtotheprevious
calendaryear.Thisfilingwillincludeanexplanationofanyactionstakenagainstdatabrokers
andasummaryofallcustomercomplaintsreceivedinthepastyearconcerningtheunauthorized
releaseofCPNI.

ItistheCompanyspolicytoprovidewrittennoticetotheFCCwithinfivebusinessdaysofany
instancewheretheoptoutmechanismsdonotworkproperly,suchthataconsumersinabilityto
optoutismorethanananomaly.Thewrittennoticeshallcomplywith47C.F.R.64.2009(f).

J. SafeguardsontheDisclosureofCPNI. ItistheCompanyspolicytotakereasonable
measures to discover and protect against attempts to gain unauthorized access to CPNI. The
CompanywillproperlyauthenticateacustomerpriortodisclosingCPNIbasedoncustomerinitiated
telephonecontact,onlineaccess,orinstorevisit,ifapplicable,asdescribedherein.
(1)MethodsofAccessingCPNI.

(a)TelephoneAccesstoCPNI.ItistheCompanyspolicytoonlydiscloseCalldetailinformation
overthetelephone,basedoncustomerinitiatedtelephonecontact,ifthecustomerfirstprovidesthe
Companywithapassword,asdescribedinSection(2),thatisnotpromptedbytheCompanyasking
forreadilyavailablebiographicalinformation,oraccountinformation.Ifthecustomerdoesnot
provideapassword,theCompanywillonlydiscloseCalldetailinformationbysendingittothe
customersaddressofrecord,or,bycallingthecustomeratthetelephonenumberofrecord.Ifthe
customerisabletoprovideCalldetailinformationtotheCompanyduringacustomerinitiatedcall
withouttheCompanysassistance,thentheCompanymaydiscusstheCalldetailinformation
providedbythecustomer.

(b)OnlineAccesstoCPNI.ItistheCompanyspolicytoauthenticateacustomerwithouttheuseof
readilyavailablebiographicalinformation,oraccountinformation,priortoallowingthecustomer
onlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount.Onceauthenticated,the
customermayonlyobtainonlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount
throughapassword,asdescribedinSection(2),thatisnotpromptedbytheCompanyaskingfor
readilyavailablebiographicalinformation,oraccountinformation.

(c)InStoreAccesstoCPNI.ItistheCompanyspolicythatitmaydiscloseCPNItoacustomer
who,atanyretaillocationoperatedbytheCompany,firstpresentstotheCompanyoritsagenta
validphotoIDmatchingthecustomersaccountinformation.

(2)PasswordProcedures.Toestablishapassword,theCompanywillauthenticatethecustomer
withouttheuseofreadilyavailablebiographicalinformation,oraccountinformation.TheCompany
maycreateabackupcustomerauthenticationmethodintheeventoflostorforgottenpasswords,but
suchbackupcustomerauthenticationmethodwillnotpromptthecustomerforreadilyavailable
biographicalinformationoraccountinformation.Ifthecustomercannotprovidethecorrect
passwordorcorrectresponseforthebackupcustomerauthenticationmethod,thecustomermust
establishanewpasswordasdescribedinthisparagraph.

(3)NotificationofAccountChanges.ItistheCompanyspolicytonotifycustomersimmediately
wheneverapassword,customerresponsetoabackupmeansofauthenticationforlostorforgotten
passwords,onlineaccount,oraddressofrecordiscreatedorchanged.Thisnotificationmaybe
throughCompanyoriginatedvoicemailortextmessagetothetelephonenumberofrecords,orby
mailtotheaddressofrecord,andwillnotrevealthechangedinformationorbesenttothenew
accountinformation.

(4)BusinessCustomerExemption.ItistheCompanyspolicythatitmaycontractuallybebound
tootherauthenticationregimesotherthanthosedescribedhereinforservicesprovidedto
businesscustomersthathavebothadedicatedaccountrepresentativeandacontractthat
specificallyaddressestheCompanysprotectionofCPNI.

K. NotificationofCPNISecurityBreaches.

(1)ItistheCompanyspolicytonotifylawenforcementofabreachinitscustomersCPNIas
providedinthissection.TheCompanywillnotnotifyitscustomersordisclosethebreachpublicly
untilithascompletedtheprocessofnotifyinglawenforcementpursuanttoparagraph(2).
(2)Assoonaspracticable,andinnoeventlaterthanseven(7)businessdaysafterreasonable
determinationofthebreach,theCompanywillelectronicallynotifytheUnitedStatesSecretServices
(USSS)andtheFederalBureauofInvestigation(FBI)throughacentralreportingfacility.

(a)Notwithstandingstatelawtothecontrary,theCompanyshallnotnotifycustomersordisclosethe
breachtothepublicuntil7fullbusinessdayshavepassedafternotificationtotheUSSSandtheFBI,
exceptasprovidedinparagraphs(b)and(c).

(b)IftheCompanybelievesthatthereisanextraordinarilyurgentneedtonotifyanyclassofaffected
customerssoonerthanotherwiseallowedunderparagraph(a),inordertoavoidimmediateand
irreparableharm,itwillsoindicateinitsnotificationandmayproceedtoimmediatelynotifyits
affectedcustomersonlyafterconsultationwiththerelevantinvestigationagency.TheCompanywill
cooperatewiththerelevantinvestigatingagencysrequesttominimizeanyadverseeffectsofsuch
customernotification.

(c)Iftherelevantinvestigatingagencydeterminesthatpublicdisclosureornoticetocustomerwould
impedeorcompromiseanongoingorpotentialcriminalinvestigationornationalsecurity,such
agencymaydirectthecarriernottosodiscloseornotifyforaninitialperiodofupto30days.Such
periodmaybeextendedbytheagencyasreasonablynecessaryinthejudgmentoftheagency.Ifsuch
directionisgiven,theagencyshallnotifythecarrierwhenitappearsthatthepublicdisclosureor
noticetoaffectedcustomerswillnolongerimpedeorcompromiseacriminalinvestigationor
nationalsecurity.Theagencyshallprovideinwritingitsinitialdirectiontothecarrier,any
subsequentextension,andanynotificationthatnoticewillnolongerimpedeorcompromisea
criminalinvestigationornationalsecurityandsuchwritingsshallbecontemporaneouslyloggedon
thesamereportingfacilitythatcontainsrecordsofnotificationsfiledbytheCompany.

(3)CustomerNotification.AftertheCompanyhasnotifiedlawenforcementpursuanttoparagraph
(2),itwillnotifyitscustomersofbreachofthosecustomersCPNI.

(4)Recordkeeping.TheCompanywillmaintainarecord,electronicallyorinsomeothermanner,of
anybreachesdiscovered,notificationsmadetotheUSSSandtheFBIpursuanttoparagraph(2),and
notificationsmadetocustomers.Therecordwillinclude,ifavailable,datesofdiscoveryand
notification,adetaileddescriptionoftheCPNIthatwasthesubjectofthebreach,andthe
circumstancesofthebreach.TheCompanywillmaintaintherecordforaminimumof2years.