You used the term "policy and procedure changes", but that depends on your business. I've read many of the RMPs filed in the database, and in most cases, the policies they describe are already practices that were in place.
Here are a couple of overviews from law firms -- https://commlawgroup.com/2021/may-6-2021-deadline-to-have-robocall-mitigation-plan-rmp-and-know-your-customer-procedures-operational-fast-approaching-deadline-to-register-and-file-rmp-with-fcc-on-the-horizon/ <https://commlawgroup.com/2021/may-6-2021-deadline-to-have-robocall-mitigation-plan-rmp-and-know-your-customer-procedures-operational-fast-approaching-deadline-to-register-and-file-rmp-with-fcc-on-the-horizon/> From CommLaw Group -- A good RMP will contain detailed (but not necessarily lengthy) descriptions of an SVP’s: • acceptable use policy • know your customer procedures (e. information that confirms the customer’s identity) • telephone number authorization • monitoring • investigation of suspicious activity and traceback • blocking • plan update information. https://www.dwt.com/insights/2020/10/fcc-stir-shaken-robocall-mitigation-plan-deadline <https://www.dwt.com/insights/2020/10/fcc-stir-shaken-robocall-mitigation-plan-deadline> From DWT -- The FCC requires all programs to include: • (1) Detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls; • (2) Compliance with the described practices; and • (3) Participation in industry traceback efforts. If you're an "Intermediate Provider" (calls enter your network from another voice service provider, and without going to an end-user subscriber they also leave your network, but IANAL so read the legal definition <https://www.law.cornell.edu/cfr/text/47/64.2115>) then the changes are more likely to be substantial. If you allow people to signup with a credit card and start sending you calls from random numbers, then you're probably not demonstrating that you "know your customer", also known as KYC. And if they're sending calls from US telephone numbers and non-US IP addresses, then you should know exactly why. Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ <https://ecg.co/lindsey/> > On Jun 23, 2021, at 3:18 PM, Mike Hammett <voice...@ics-il.net> wrote: > > We have a consultant filing our mitigation plan (June 30 deadline) and are > working with Metaswitch\TNS on the technical aspects (seems like we have > until 2022 to do that). > > From some webinars I got the impression that we needed a variety of policy > and procedure changes to be compliant. Where is a good resource to figure > those out? > > Yes, I am working a variety of things in parallel in this project. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com <http://www.ics-il.com/> > > > > Midwest Internet Exchange > http://www.midwest-ix.com <http://www.midwest-ix.com/> > > > > _______________________________________________ > VoiceOps mailing list > VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> > https://puck.nether.net/mailman/listinfo/voiceops > <https://puck.nether.net/mailman/listinfo/voiceops>
_______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
