CENTRAL ARKANSAS TELEPHONE COOPERATIVE, INC. CUSTOMER PROPRIETARY NETWORK INFORMATION (CPNI) STATEMENT OF CERTIFICATION Per the Federal Communications Commission’s (FCC) regulations, 47CFR 64.2009 which requires the Company to implement a system to clearly establish the status of a customer’s CPNI approval prior to the use of CPNI, and to train its personnel as to when they are, and are not, authorized to use CPNI, and to have an express disciplinary process in place. Central Arkansas Telephone Cooperative, Inc. (CATC) has complied a manual, which constitutes the Company’s policies and procedures related to CPNI. All employees are required to follow the policies and procedures specified in this Manual. CATC employees have received training on these policies and procedures. CATC ‘s management has been trained to ensure that strict compliance to this Manual is achieved. CATC operating procedures ensure compliance with the CPNI rules, which include new carrier authentication requirements, and requirement to notify customers of account changes, and a requirement to notify both law enforcement and customers in the event of a CPNI breach. CENTRAL ARKANSAS TELEPHONE COOPERATIVE, INC. IDENTITY THEFT PREVENTION PROGRAM STATEMENT OF COMPLIANCE In compliance with the FTC’s Red Flag rules, the Company’s Board of Directors, an appropriate committee of the Board, or a designated employee at the level of senior management annually must address specific issues related to the Company’s Identity Theft Program including: 1) the effectiveness of the policies and procedures of the Company in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; 2) service provider arrangement; 3) significant incidents involving identity theft and management’s response; and 4) recommendation for material changes to the Program. Per the latest compliance certification on file at the Company; 1) These rules went into effect on December 31, 2010; 2) The Company does not utilize a service provider at this time; 3) There has been no significant incidents to date; 4) As of this date there are no recommendation s for substantive changes to the Program.