Customer Proprietary Network Information (CPNI) Documentation of Operating Procedures for Valley Telecommunications Coop. ssn.!

Inc PO "o# $ % &'( )ain *t * +erreid *D ,$-.(/'''$

Valley Telecommunications Cooperative Association, Inc. (Valley) has implemented the followin procedures to ensure that it is compliant with C!"I rules. Valley has appointed a C!"I Compliance #fficer as a central point of contact for employees, customers and any others with $uestions a%out Valley&s C!"I responsi%ilities. This individual will train employees and maintain and secure Valley&s C!"I files. All mar'etin and sales campai ns will %e reviewed and approved %y the C!"I Compliance #fficer. Valley trains employees on the C!"I rules on an annual %asis. "ew employees that have access to C!"I are trained when hired. The trainin includes, %ut is not limited to, when employees are and are not authori(ed to use C!"I, and the authentication methods the company is usin . )mployees are instructed that if they ever have any $uestions re ardin the use of C!"I, they should contact the C!"I Compliance #fficer. After trainin , employees si n a certification that they have %een trained, and the certification is retained in Valley&s files. Valley has esta%lished disciplinary procedures for violations and for improper use of C!"I. The disciplinary procedures are discussed with employees so that they understand the process. Valley authenticates all customers. *or in+office visits, Valley re$uires a valid photo I,. *or a customer initiated call, Valley re$uires a password that is not %ased on readily availa%le %io raphical or account information. If the customer for ets the password, Valley re+ authenticates the customer without the use of readily availa%le %io raphical or account information and esta%lishes a new password for the customer. To re+authenticate the customer, Valley calls the customer %ac' at the telephone num%er of record. If the customer is not at the telephone num%er of record, Valley ta'es down the $uestion and mails the customer a letter to the address of record with the information they re$uested. Valley has a process in place for handlin %reaches, which includes notification to the -... and */I, and notification to the affected customers and0or pu%lic. The company maintains a record of any %reach that includes the date of discovery and notification, a detailed description of the C!"I that was the su%1ect of the %reach, and the circumstances of the %reach. An e2planation of any action ta'en a ainst data %ro'ers and a summary of all customer complaints will %e included in the annual certification that is filed with the *CC. 3ecords of %reaches will %e 'ept for a minimum of two years. .ince Valley uses the opt+out method, it provides C!"I notification, alon with the re$uest to

use C!"I, to customers every two years. If any customers have previously opted out, Valley does not send the notification a ain since the customer&s denial to use C!"I is valid until the customer ma'es a chan e. The company will provide written notice, within five %usiness days, to the *CC of any instance where the opt+out mechanisms do not wor' properly. Customer account records clearly show the approval0denial status for the account prior to the use of C!"I. Catalo code of C!"I#- and a eneral service order has %een setup that when closed will show up in customer service records 4 a %old red opt out will appear on the customers screen alon with an icon in the alerts column. Valley retains C!"I notification and approval records for a minimum of two years. Valley Telecommunications Coop. Assn., Inc has esta%lished a process for maintainin a record of any mar'etin campai n of its own or its affiliates that use customers& C!"I. The record will include a description of the campai n, the specific C!"I that was used in the campai n, and what products and services were offered as part of the campai n. These records are maintained for a minimum of one year. Valley Telecommunications Coop. Assn., Inc has esta%lished a supervisory review process for any out%ound mar'etin efforts to ensure that supervisory approval has %een o%tained for any proposed out%ound mar'etin . The C!"I Compliance #fficer must review and approve all out%ound mar'etin campai ns to ensure that they are in compliance with the C!"I rules. Valley Telecommunications Coop. Assn., Inc will not provide C!"I to third parties, includin 1oint venture partners and independent contractors, without the customer&s approval via the opt+in process. Valley employees that have access to C!"I are provided with a manual for their reference to %e used whenever they have $uestions or need clarification re ardin C!"I. If the employee still has $uestions or needs further clarification after reviewin the manual, the employee is instructed to contact the C!"I Compliance #fficer.