[VoiceOps] STIR/SHAKEN non-tech

Thu Jun 24 09:52:49 EDT 2021

Ah, so that's all in the plan that my consultant is working on (and delivered to me yesterday) or already existing in my company. I'll follow up. Thanks. 

----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest Internet Exchange 
http://www.midwest-ix.com 

----- Original Message -----

From: "Mark R Lindsey" <lindsey at e-c-group.com> 
To: "Mike Hammett" <voiceops at ics-il.net> 
Cc: "VoiceOps" <voiceops at voiceops.org> 
Sent: Wednesday, June 23, 2021 4:24:07 PM 
Subject: Re: [VoiceOps] STIR/SHAKEN non-tech 

You used the term "policy and procedure changes", but that depends on your business. I've read many of the RMPs filed in the database, and in most cases, the policies they describe are already practices that were in place. 

Here are a couple of overviews from law firms -- 
https://commlawgroup.com/2021/may-6-2021-deadline-to-have-robocall-mitigation-plan-rmp-and-know-your-customer-procedures-operational-fast-approaching-deadline-to-register-and-file-rmp-with-fcc-on-the-horizon/ 

>From CommLaw Group -- 

A good RMP will contain detailed (but not necessarily lengthy) descriptions of an SVP’s: 

• acceptable use policy 
• know your customer procedures (e. information that confirms the customer’s identity) 
• telephone number authorization 
• monitoring 
• investigation of suspicious activity and traceback 
• blocking 
• plan update information. 

<blockquote>

</blockquote>

https://www.dwt.com/insights/2020/10/fcc-stir-shaken-robocall-mitigation-plan-deadline 

>From DWT -- 
<blockquote>

The FCC requires all programs to include: 

• (1) Detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls; 

• (2) Compliance with the described practices; and 

• (3) Participation in industry traceback efforts. 
</blockquote>

If you're an "Intermediate Provider" (calls enter your network from another voice service provider, and without going to an end-user subscriber they also leave your network, but IANAL so read the legal definition ) then the changes are more likely to be substantial. If you allow people to signup with a credit card and start sending you calls from random numbers, then you're probably not demonstrating that you "know your customer", also known as KYC. And if they're sending calls from US telephone numbers and non-US IP addresses, then you should know exactly why. 

Mark R Lindsey, SMTS | +1-229-316-0013 | mark at ecg.co | https://ecg.co/lindsey/ 

<blockquote>

On Jun 23, 2021, at 3:18 PM, Mike Hammett < voiceops at ics-il.net > wrote: 

We have a consultant filing our mitigation plan (June 30 deadline) and are working with Metaswitch\TNS on the technical aspects (seems like we have until 2022 to do that). 

>From some webinars I got the impression that we needed a variety of policy and procedure changes to be compliant. Where is a good resource to figure those out? 

Yes, I am working a variety of things in parallel in this project. 

----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest Internet Exchange 
http://www.midwest-ix.com 

_______________________________________________ 
VoiceOps mailing list 
VoiceOps at voiceops.org 
https://puck.nether.net/mailman/listinfo/voiceops 
</blockquote>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20210624/b913f2d3/attachment-0001.htm>