IT Policy/CPNI/2

From CSWiki
Jump to: navigation, search

Paragaph 2: Recording all electronic access to CPNI seems like a heavy burden. If it isn't, we should add a line explaining why not.

Paragraph 4: "Preserve audit logs for 5 years or as long as CPNI data is kept WHICHEVER IS LONGER"- should we synchonize this with the "limiting data retention" time periods on page 11? For example, "...required to maintian the integrity of the audit logs and preserve them for five years or as long as the CPNI data is kept, subject to the revisions suggested in section six of this submission."

Paragraph 6: I would strike this paragraph, given that the issue of small companies is covered for all measures in section 7.

Paragraph 9: "...companies could insist that access be done from a land line that can be more easily traced."

Is this reasonable given that more and more people don't have land lines?

- Andrew K