top of page

Written Information Security Program

A written Information Security Program or “WISP” is the document that defines the administrative, technical, and physical safeguards you will use to protect the customer data that your business collects. Your WISP should address the risks identified in the risk assessment that you conduct and how you plan to mitigate these risks.

Rule Requirement


Information security program.  You shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in paragraph (b) of this section.

  • (b) Objectives.  The objectives of section 501(b) of the Act, and of this part, are to:

  • (1) Insure the security and confidentiality of customer information;

  • (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and

  • (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

Our Service

Mosaic's team of retail automotive compliance attorneys will craft your written information security program which will include all the policy documentation you need to comply with the FTC's revised Safeguards Rule.

bottom of page