Ah, so that's all in the plan that my consultant is working on (and delivered to me yesterday) or already existing in my company. I'll follow up. Thanks.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Mark R Lindsey" <lind...@e-c-group.com> To: "Mike Hammett" <voice...@ics-il.net> Cc: "VoiceOps" <voiceops@voiceops.org> Sent: Wednesday, June 23, 2021 4:24:07 PM Subject: Re: [VoiceOps] STIR/SHAKEN non-tech You used the term "policy and procedure changes", but that depends on your business. I've read many of the RMPs filed in the database, and in most cases, the policies they describe are already practices that were in place. Here are a couple of overviews from law firms -- https://commlawgroup.com/2021/may-6-2021-deadline-to-have-robocall-mitigation-plan-rmp-and-know-your-customer-procedures-operational-fast-approaching-deadline-to-register-and-file-rmp-with-fcc-on-the-horizon/ >From CommLaw Group -- A good RMP will contain detailed (but not necessarily lengthy) descriptions of an SVP’s: • acceptable use policy • know your customer procedures (e. information that confirms the customer’s identity) • telephone number authorization • monitoring • investigation of suspicious activity and traceback • blocking • plan update information. <blockquote> </blockquote> https://www.dwt.com/insights/2020/10/fcc-stir-shaken-robocall-mitigation-plan-deadline >From DWT -- <blockquote> The FCC requires all programs to include: • (1) Detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls; • (2) Compliance with the described practices; and • (3) Participation in industry traceback efforts. </blockquote> If you're an "Intermediate Provider" (calls enter your network from another voice service provider, and without going to an end-user subscriber they also leave your network, but IANAL so read the legal definition ) then the changes are more likely to be substantial. If you allow people to signup with a credit card and start sending you calls from random numbers, then you're probably not demonstrating that you "know your customer", also known as KYC. And if they're sending calls from US telephone numbers and non-US IP addresses, then you should know exactly why. Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co | https://ecg.co/lindsey/ <blockquote> On Jun 23, 2021, at 3:18 PM, Mike Hammett < voice...@ics-il.net > wrote: We have a consultant filing our mitigation plan (June 30 deadline) and are working with Metaswitch\TNS on the technical aspects (seems like we have until 2022 to do that). >From some webinars I got the impression that we needed a variety of policy and >procedure changes to be compliant. Where is a good resource to figure those >out? Yes, I am working a variety of things in parallel in this project. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com _______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops </blockquote>
_______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
