Industry Assurance Consulting, Inc.

IACAdviceCompliance,Consulting,Certifications
Telephone:(786)5051862
6303BlueLagoonDrive,Suite400,Miami,FL33126
www.iacadvice.com,Email:compliance@iacadvice.com

January27,2016

BYELECTRONICSUBMISSION

MarleneH.Dortch,Secretary
FederalCommunicationsCommission
OfficeoftheSecretary
44512thStreet,S.W.,SuiteTWA325
Washington,DC20554

Subject:EBDocketNo.0636,CPNICertificationdueMarch1,2016(CY2015Operations)

DearMs.Dortch:

Rovex,Inc.(herebyreferredtoasthe"Company"),submitsthefollowingCPNI
Certification,regardingitsCalendarYear2015operations,incompliancewithSection64.2001
etseq.oftheCommission'srules.

TheCompanyrespectfullyaskstheCommissiontoacceptthefollowingCertificationas
timelyfiled,intermsoftheMarch1,2016filingdeadlinelistedin47C.F.R.64.2009(e).

________________________
AlonzoBeyene
IndustryAssuranceConsulting,Inc.
RegulatoryAnalyst

Enclosures

cc: FCCEnforcementBureau,TelecommunicationsConsumersDivision,
44512thStreet,SW,Washington,DC20554
BestCopyandPrinting,Inc.(viaemail fcc@bcpiweb.com)

EB Docket 06-36
Annual 64.2009(e) CPNI Certification for Activities of Calendar Year 2015
Date filed: January 27, 2016
Name of The Company(s) covered by this certification: Rovex, Inc.
Form 499 Filer ID: 831017
Name of signatory: Roman Zaikin
Title of signatory: Secretary
I, Roman Zaikin, certify that I am an officer of the Company named above, and acting as an
agent of the Company, that I have personal knowledge that the Company has established
operating procedures that are adequate to ensure compliance with the Commission's CPNI
rules. See 47 C.F.R. 64.2001 et seq.
Attached to this certification is an accompanying statement explaining how the Company's
procedures ensure that the company is in compliance with the requirements (including those
mandating the adoption of CPNI procedures, training, recordkeeping, and supervisory review)
set forth in section 64.2001 et seq. of the Commission's rules.
The Company has not had to take any action(s) (i.e., proceedings instituted or petitions filed by
a company at either state commissions, the court system, or at the Commission against data
brokers) against data brokers in the past year. If affirmative, the Company is aware that it must
explain any actions that it has had to take against data brokers. The Company is aware that it
must report on any data that it has with respect to the processes that any pretexters have used
(if any), to attempt to access CPNI, and what steps the Company is taking to protect CPNI.
The Company has not received any customer complaints in the past year concerning the
unauthorized release of CPNI. The Company is aware, that had it had any such complaints, it
would have to report the number of customer complaints that the Company has received
related to unauthorized access to CPNI, or unauthorized disclosure of CPNI, broken down by
category of complaints, e.g., instances of improper access by employees, instances of improper
disclosure to individuals not authorized to receive the data, or instances of improper access to
online data by individuals not authorized to view the data.
The company represents and warrants that the above certification is consistent with 47 C.F.R.
1.17, which requires truthful and accurate statements to the Commission. The company also
acknowledges that false statements and misrepresentations to the Commission are punishable
under Title 18 of the U.S. Code and may subject it to enforcement action.
Signed X_____________________________ [Signature of an officer, as agent of the carrier]
Attachments: Accompanying Statement explaining CPNI procedures

AccompanyingStatementonCompanysCompliancewith47C.F.R.64.2009,Safeguards
requiredforuseofCustomerProprietaryNetworkInformation(CPNI)andCompliancewith
Section64.2001etseq.oftheCommission'sRules.
A. Definitions
CPNI(CustomerProprietaryNetworkData)referstodatasuchascustomername,address,
contactdataaswellasquantity,technicalconfiguration,type,destination,andamountofuse
ofservicesubscribedtobytheCompanyscustomers,andmadeavailablebytheCompanys
customerstothecompany,solelybyvirtueofthecustomerrelationshiptothecompany.Italso
includesdatacontainedincustomerbills,ifapplicable.
B. Use of CPNI
(1)TheCompanymay,ifapplicable,use,disclose,orpermitaccesstoCPNIforthepurposeof
providingormarketingserviceofferingsamongthecategoriesofservice(i.e.,local,
interexchange,andCMRS)towhichthecustomeralreadysubscribesfromtheCompany,
withoutcustomerapproval.
(2)TheCompanydoesnotuse,disclose,orpermitaccesstoCPNItomarketserviceofferingsto
acustomerthatrequireoptinoroptoutconsentofacustomerunder47C.F.R.64.2001et
seq.
(3)TheCompanydoesnotuse,discloseorpermitaccesstoCPNItoidentifyortrackcustomers
thatcallcompetingserviceproviders.
(4)Notwithstandingtheforgoing:ItistheCompanyspolicythattheCompanymayuse,
disclose,orpermitaccesstoCPNItoprotecttherightsorpropertyoftheCompany,orto
protectusersofthoseservicesandothercarriersfromfraudulent,abusive,orunlawfuluseof,
orsubscriptionto,suchservices.
C. Safeguards Required for the Use of CPNI
(1)ItisthepolicyoftheCompanytotrainitsapplicablepersonnel,onthecircumstancesunder
whichCPNImay,andmaynot,beusedordisclosed.ItisaviolationoftheCompanyspoliciesto
discloseCPNIoutsideoftheCompany.Anyemployeethatisfoundtohaveviolatedthispolicy
willbesubjecttodisciplinaryactionuptoandincludingtermination.
(2)ItistheCompanyspolicytorequirethatarecordbemaintainedofitsownanditsaffiliates
salesandmarketingcampaignsthatusetheircustomersCPNI.TheCompanymaintainsa
recordofallinstanceswhereCPNIwasdisclosedorprovidedtootherthirdparties,orwhere
thirdpartieswereallowedtoaccesssuchCPNI.Therecordincludesadescriptionofeach
campaign,thespecificCPNIthatwasusedinthecampaign,andwhatproductsandservices
wereofferedasapartofthecampaign.Suchrecordsareretainedforaminimumofoneyear.

(3)TheCompanyhasestablishedamandatorysupervisoryreviewprocessregarding
compliancewithCPNIrulesforoutboundmarketing.Ifapplicable,salespersonnelmustobtain
supervisoryapprovalofanyproposedoutboundmarketingrequestforcustomerapproval.The
Companyspoliciesrequirethatrecordspertainingtosuchcarriercomplianceberetainedfora
minimumperiodofoneyear.

(4)IncompliancewithSection64.2009(e),theCompanywillprepareacompliancecertificate
signedbyanofficeronanannualbasisstatingthattheofficerhaspersonalknowledgethatthe
Companyhasestablishedoperatingproceduresthatareadequatetoensurecompliancewith
47C.F.R.64.2001etseq.Thecertificateistobeaccompaniedbythisstatementandwillbe
filedinEBDocketNo.0636annuallyonMarch1,fordatapertainingtothepreviouscalendar
year.Thisfilingwillincludeanexplanationofanyactionstakenagainstdatabrokersanda
summaryofallcustomercomplaintsreceivedinthepastyearconcerningtheunauthorized
releaseofCPNI.
D. Safeguards on the Disclosure of CPNI
ItistheCompanyspolicytotakereasonablemeasurestodiscoverandprotectagainst
attemptstogainunauthorizedaccesstoCPNI.TheCompanywillproperlyauthenticatea
customerpriortodisclosingCPNIbasedoncustomerinitiatedtelephonecontactoronline
access,asdescribedherein.

(1)MethodsofAccessingCPNI.
(a)TelephoneAccesstoCPNI.ItistheCompanyspolicytoonlydisclosecalldetaildata
overthetelephone,basedoncustomerinitiatedtelephonecontact,ifthecustomerfirst
providestheCompanywithapassword,asdescribedinSection(2),thatisnot
promptedbythecarrieraskingforreadilyavailablebiographicaldata,oraccountdata.If
thecustomerisabletoprovidecalldetaildatatotheCompanyduringacustomer
initiatedcallwithouttheCompanysassistance,thentheCompanymaydiscussthecall
detaildataprovidedbythecustomer.

(b)OnlineAccesstoCPNI.ItistheCompanyspolicytoauthenticateacustomerwithout
theuseofreadilyavailablebiographicaldata,oraccountdata,priortoallowingthe
customeronlineaccesstoCPNIrelatedtoatelecommunicationsserviceaccount.Once
authenticated,thecustomermayonlyobtainonlineaccesstoCPNIrelatedtoa
telecommunicationsserviceaccountthroughapassword,asdescribedinSection(2),
thatisnotpromptedbytheCompanyaskingforreadilyavailablebiographicaldata,or
accountdata.

(2)PasswordProcedures
Toestablishapassword,theCompanywillauthenticatethecustomerwithouttheuseofreadily
availablebiographicaldata,oraccountdata.TheCompanymaycreateabackupcustomer
authenticationmethodintheeventoflostorforgottenpasswords,butsuchbackupcustomer
authenticationmethodwillnotpromptthecustomerforreadilyavailablebiographicaldataor
accountdata.Ifthecustomercannotprovidethecorrectpasswordorcorrectresponseforthe
backupcustomerauthenticationmethod,thecustomermustestablishanewpasswordas
describedinthisparagraph.

(3)NotificationofAccountChanges
TheCompanywillnotifycustomersimmediatelywheneverapassword,customerresponsetoa
backupmeansofauthenticationforlostorforgottenpasswords,onlineaccount,oraddressof
recordiscreatedorchanged.Thisnotificationisnotrequiredwhenthecustomerinitiates
service,includingtheselectionofapasswordatserviceinitiation.Thisnotificationmaybe
throughaCompanyoriginatedvoicemailortextmessagetothetelephonenumberofrecord,
orbymailtotheaddressofrecord,andmustnotrevealthechangeddataorbesenttothenew
accountdata.

(4)BusinessCustomerExemption
TheCompanymaybinditselfcontractuallytoauthenticationregimesotherthanthose
describedinthisSectionDforservicesitprovidestoitsbusinesscustomersthathavebotha
dedicatedaccountrepresentativeandacontractthatspecificallyaddressestheCompany's
protectionofCPNI.
E. Notification of CPNI Security Breaches
(1)ItistheCompanyspolicytonotifylawenforcementofabreachinitscustomers
CPNIasprovidedinthissection.TheCompanywillnotnotifyitscustomersordisclosethe
breachpubliclyuntilithascompletedtheprocessofnotifyinglawenforcementpursuantto
paragraph(2).

(2)Assoonaspracticable,andinnoeventlaterthanseven(7)businessdays,afterreasonable
determinationofthebreach,theCompanywillelectronicallynotifytheapplicableUS
governmentagenciessuchastheFederalBureauofInvestigation.
(a)Notwithstandingstatelawtothecontrary,theCompanywillnotnotifycustomersor
disclosethebreachtothepublicuntil7fullbusinessdayshavepassedafternotification
toapplicableUSgovernmentagencies,exceptasprovidedinparagraphs(b)and(c).

(b)IftheCompanybelievesthatthereisanextraordinarilyurgentneedtonotifyany
classofaffectedcustomerssoonerthanotherwiseallowedunderparagraph(a),inorder
toavoidimmediateandirreparableharm,itwillsoindicateinitsnotificationandmay
proceedtoimmediatelynotifyitsaffectedcustomersonlyafterconsultationwiththe
relevantinvestigationagency.TheCompanywillcooperatewiththerelevant
investigatingagencysrequesttominimizeanyadverseeffectsofsuchcustomer
notification.

(c)Iftherelevantinvestigatingagencydeterminesthatpublicdisclosureornoticeto
customerwouldimpedeorcompromiseanongoingorpotentialcriminalinvestigation
ornationalsecurity,theCompanywillcomplywithsuchagencyswrittendirectives,
includingdirectivesnottosodiscloseornotifyforaninitialperiodofupto30days,and
extendedperiodsasreasonablynecessaryinthejudgmentoftheagency.

(3)AftertheCompanyhascompletedtheprocessofnotifyinglawenforcementpursuant
toparagraph(2),itwillnotifyitscustomersofabreachofthosecustomersCPNI.

(4)Recordkeeping.TheCompanywillmaintainarecord,electronicallyorinsomeother
manner,ofanybreachesdiscovered,notificationsmadetotheUSSSandtheFBIpursuantto
paragraph(2),andnotificationsmadetocustomers.Therecordwillinclude,ifavailable,dates
ofdiscoveryandnotification,adetaileddescriptionoftheCPNIthatwasthesubjectofthe
breach,andthecircumstancesofthebreach.TheCompanywillmaintaintherecordfora
minimumof2years.

(5)Strictcontrolsareinplaceinvolvingresponsestolawenforcementagenciesthatservethe
Companywithvalidlegaldemands,suchasacourtorderedsubpoena,forCPNI.TheCompany
willnotsupplyCPNItoanylawenforcementagencythatdoesnotproduceavalidlegal
demand.