You are on page 1of 6

Ind AssuranceConsultin Inc,

!4e Adylse * ampIianee, Cansu lting, dertifi cst,I ns


Telephone: t786)505-1862
5303BlueLagoonDrive,Suite400,Miami,FL33126
Emai|: compliance@iacadvice.com
ygwlujeggdylge.cgm*,

L,2Ot7
January

SUBMISSION
BYELECTRONIC

MarleneH. Dortch,Secretary
FederalCommunications Commission
Officeof the Secretary
445 Lzth Street,5.W.,SuiteTW-A325
Washington, DC20554

due March\7AL7 (CY2016Operqtions)


Subject:EBDocketNo.06-36,CPN|Certification

DearMs.Dortch:

GlobalNode.Inc. (herebyreferredta as the "Company"),


submitsthe followingCPNI
regarding
Certification, its CalendarYear2016operations,in compfiance
with Section64.2001
et seq.of the Commission'srules.

TheCompanyrespectfullyasksthe Commission to acceptthe followingCertificationas


timefyfiled,in termsof the March!,20!7 filingdeadlinelistedin 47 C.F.R.
54.2009{e}.

AlonzoBeyene
IndustryAssurance
Consulting,
lnc.
RegulatoryAnalyst

Enclosures

FCCEnforcement Bureau,TelecommunicationsConsumersDivision,
MS lzth Street,SW,Washington,DC20554
BestCopyand Printing,lnc.(viaemailfcc(@bcpiweb.com)
EB Docket06-36
Annual64.2009{e}
CPNICertification for Activitiesof Calendar
Year2015
Datefiled:Januarv1, 2017
Nameof TheCompany{s}covered bythiscertification:GlobalNode,Inc.
Form499 FilerlD:829045
Nameof signatory:Willv Mehu
Title of signatory:President

certifythat I am an officerof the Companynamedabove,andactingasan agent


l, Willv..Mghu,
of the Company, that I havepersonalknowledge that the Companyhasestablished
operating
procedures that areadequateto ensurecompliance with the Commission's
CPNIrules.See47
C.F.R. S 64.2001ef seg.

is an accompanying
Attachedto this certification statementexplaining howthe Company's
procedures ensurethat the companyis in compliancewith the requirements(including
those
mandating the adoptionof CPNIprocedures, training,recordkeeping,andsupervisoryreview)
setforth in section64.2001et seq.of the Commission's rules.

TheCompanyhasnot had to take anv action(sl(i.e.,proceedings institutedor petitionsfiled by


a companyat eitherstatecommissions, the courtsystem, or at the Commission againstdata
brokers)againstdatabrokersin the pastyear.lf affirmative,the Companyis awarethat it must
explainanyactionsthat it hashadto take againstdata brokers. TheCompanyis awarethat it
must reporton anydatathat it haswith respectto the processes that any pretextershaveused
(if any),to attemptto accessCPNI,and what stepsthe Companyis takingto protectCPNI.

TheCompanyhasnot receivedanycustomercomplaints in the pastyearconcerningthe


unauthorized releaseof CPNI.TheCompanyis aware,that hadit hadanysuchcomplaints, it
wouldhaveto reportthe numberof customercomplaints that the Companyhasreceived
relatedto unauthorized accessto CPNI,or unauthorized disclosureof CPNI,brokendownby
categoryof complaints,e.g.,inst?ncesof improperaccessbv employees.instancesof improper
disclosureto individqals receivethe data.or instancgs
not a.uthgrized.to of improperaccessto
onlinedatabv individuals not aVthorizedto viewthe data.

Thecompanyrepresents andwarrantsthat the abovecertification


is consistent
with 47 C.F.R.
5
1.17,whichrequirestruthfulandaccuratestatements to the Commission. Thecompanyalso
acknowledges that falsestatements
andmisrepresentations to the Commission arepunishable
underTitle18 of the U.S.Codeandmaysubjectit to enforcement action.

Signed ,*ature of an officer,asagenfof the canierl

StatementexplainingCPNIprocedures
Attachments:Accompanying
Accompanying Statementon Company's Compliance with 47 C.F.R.
$ 64.2009,
"Safeguards
Networklnformation
requiredfor useof CustomerProprietary (CPNI)"andCompliance
with
et seq.of the Commission's
Section64.Z.OOL Rules.

A. Definitions
CPN)(Customer ProprietgrvNetwarkData)refersto datasuchascustomername,address,
contactdataaswell asquantity,technicalconfiguration, type,destination,andamountof use
of servicesubscribed to by the Company'scustomers, and made availableby the Company's
customers to the company,solelyby virtueof the customerrelationship
to the company.lt also
includesdatacontainedin customerbills,if applicable.

B. Useof CPNI
(1)TheCompanymay,if applicable, or permitaccess
use,disclose, to CPNIfor the purposeof
providingor marketingserviceofferingsamongthe categoriesof serviceli.e..loca.l,
gnd CMRSJ
interexchonqe, to whichthe customeralreadysubscribes from the Company,
withoutcustomerapproval.

(2)TheCompanydoesnot use,disclose,or permitaccessto CPNIto marketserviceofferingsto


a customerthat requireopt-inor opt-outconsentof a customerunder47 C.F.R.
S 64.2001et
seq.

(3)TheCompany doesnot use,discloseor permitaccess


to CPNIto identifyor trackcustomers
that callcompetingserviceproviders.

{4) Notwithstanding the forgoing:lt is the Company'spolicythat the Companymay use,


disclose,or permitaccessto CPNIto protectthe rightsor propertyof the Company,or to
protectusersof thoseseryicesand other carriersfrom fraudulent,abusive,or unlaMul useof,
or subscriptionto, suchservices.

C. S*feguardsRequired for the Use of CPNI


(1)lt is the policyof the Companyto train its applicable personnel, on the circumstances
under
whichCPNImay,andmaynot, be usedor disclosed. policiesto
lt is a violationof the Company's
disclose CPNIoutsideof the Company. Anyemployeethat is foundto haveviolatedthis policy
actionup to and including
will be subjectto disciplinary termination.

(2) lt is the Company'spolicyto requirethat a recordbe maintainedof its own and its affiliates'
salesandmarketingcampaigns that usetheir customers'CPNI.TheCompanymaintainsa
recordof all instances whereCPNI was disclosed or provided
to otherthird-parties, or where
third-parties wereallowedto access suchCPNI.Therecordincludesa description of each
campaign, the specific
CPNIthat was usedin the campaign,and what products and services
were offeredas a part of the campaign.Suchrecordsare retainedfor a minimumof one year.
{3}TheCompanyhasestablished a mandatorysupervisory reviewprocessregarding
compliancewith CPNIrulesfor outboundmarketing. salespersonnel
lf applicable, mustobtain
supervisoryapprovalof any proposedoutboundmarketingrequestfor customerapproval.The
Company'spoliciesrequirethat recordspertaining
to suchcarriercompliancebe retainedfor a
minimum period of one year.

{4)In compliance with Section64.2009{e),the Company will preparea "compliance certificate"


signedby an officeron an annualbasisstatingthat the officerhaspersonalknowledge that the
Companyhasestablished operatingprocedures that areadequateto ensurecompliance with
47 C.F.R.S 64.2001et seq.Thecertificateis to be accompanied by this statementandwill be
filedin EBDocketNo.06-35annuallyon March1, for datapertaining to the previouscalendar
year.Thisfilingwill includean explanation
of anyactionstakenagainstdatabrokersanda
summaryof all customercomplaints receivedin the pastyearconcerning the unauthorized
releaseof CPNI.

D. Safeguardson the Disclosureof CPNI


It is the Company'spolicyto take reasonablemeasuresto discoverand protectagainst
attemptsto gainunauthorized accessto CPNI.TheCompany will properlyauthenticate
a
customerpriorto disclosing CPNIbasedon customer-initiatedtelephonecontactor online
access, asdescribedherein.

ll) Methodsof AccessingCPNI.


(a)TelgphoneAccessto CPN!.lt is the Company'spolicyto only disclosecalldetaildata
overthe telephone,basedon customer-initiated telephonecontact,if the customerfirst
providesthe Company with a password,asdescribed in Section{2},that is not
prornptedby the carrieraskingfor readilyavailablebiographical data,or accountdata.lf
the customeris ableto providecalldetaildatato the Company duringa custorner-
initiatedcallwithoutthe Company's assistance,
thenthe Companymaydiscuss the call
detaildata providedby the customer.

{b) OnlineAccess policyto authenticate


to CPNI.lt is the Company's a customerwithout
the useof readilyavailablebiographicaldata,or accountdata,priorto allowingthe
customeronlineaccess to CPNIrelatedto a telecommunications serviceaccount.Once
authenticated, the customermayonlyobtainonlineaccess to CPNIrelatedto a
telecommunications serviceaccountthrougha password, asdescribed in Section{2},
that is not promptedby the Companyaskingfor readilyavailablebiographical data,or
accountdata.
(21PasswordProcedures
a password,
To establish the Company will authenticatethe customerwithoutthe useof readily
available
biographical data,or accountdata.TheCompanymaycreatea back-upcustomer
authenticationmethodin the eventof lost or forgottenpasswords,
but suchback-upcustomer
authenticationmethodwill not promptthe customerfor readilyavailablebiographical
dataor
accountdata.lf the customercannotprovidethe correctpasswordor correctresponsefor the
back-upcustornerauthenticationmethod,the custornermust establisha new passwordas
describedin this paragraph.

{3) IUotiJTcotion
ol AccauntChanges
TheCompany will notifycustomers immediately whenevera password, customerresponse to a
back-upmeansof authentication for lostor forgottenpasswords, onlineaccount,or addressof
recordis createdor changed. Thisnotificationis not requiredwhenthe customerinitiates
service,incfuding the selectionof a password at serviceinitiation.Thisnotificationmaybe
througha Company-originated voicemailor text message to the telephonenumberof record,
or by mailto the addressof record,andmustnot revealthe changeddataor be sentto the new
accountdata.

(4) BusinessCustomerExemption
TheCompanymaybinditselfcontractually to authentication regimesotherthanthose
describedin this SectionD for servicesit providesto its businesscustomersthat haveboth a
dedicatedaccountrepresentative anda contractthat specifically addressesthe Company's
protectionof CPNI.

E. Notification of CPNI Security Breaches


(1) lt is the Company'spolicyto notify law enforcementof a breachin its customers'
CPNIas providedin thissection.TheCompany will not notifyits customersor disclose
the
breachpubliclyuntil it hascompletedthe processof notifyinglaw enforcement pursuantto
paragraph (2).

(2)Assoonas practicable,andin no eventlaterthan seven(7)business days,afterreasonable


determination the
of the breach, Company will electronically
notifythe applicableUS
governmentagencies suchasthe FederalBureauof Investigation.
(a) Notwithstandingstatelaw to the contrary,the Companywill not notify customersor
disclosethe breachto the publicuntil7 full business
dayshavepassedafternotification
to applicableUSgovernment agencies, exceptas providedin paragraphs {b)and(c).

{b) lf the Company that thereis an extraordinarily


believes urgentneedto notifyany
classof affectedcustomerssoonerthan otherwiseallowedunderparagraph (a),in order
to avoidimmediateandirreparable harm,it will so indicatein its notificationandmay
proceedto immediatelynotify its affectedcustomersonly after consultationwith the
agency.TheCompanywill cooperatewith the relevant
relevantInvestigation
investigatingagency'sreguestto minimizeany adverseeffectsof suchcustomer
notification.
agencydeterminesthat publicdisclosureor noticeto
(c) lf the relevantinvestigating
customerwouldimpedeor compromise an ongoingor potentialcriminalinvestigation
or nationalsecurity,the Companywill complywith suchagenqy's written directives,
includingdirectivesnot to so discloseor notify for an initialperiodof up to 30 days,and
extendedperiodsas reasonablynecessary in the judgmentof the agency.

{3) After the Companyhascompletedthe processof notifoinglaw enforcementpursuant


to paragraph{2),it will notify its customersof a breachof thosecustomers'CPNI.

(4)Recordkeeping. TheCompany will maintaina record,electronically


or in someother
manner,of anybreachesdiscovered, notificationsmadeto the USSS and the FBtpursuantto
paragraph (2),andnotifications madeto customers. Therecordwill include,if available,
dates
of discoveryand notification,a detaileddescriptionof the CPNIthat wasthe subjectof the
breach,andthe circumstances of the breach.TheCompany will maintainthe recordfor a
minimumof 2 years.

{5) Silict controlsare in placeinvolvingresponses


to law enforcementagenciesthat servethe
Company with validlegaldemands, suchasa courtorderedsubpoena, for CPNI.TheCompany
will not supplyCPNIto anylaw enforcement agencythat doesnot producea validlegal
demand.

You might also like