Back to home
GLBA Safeguards Rule

ECIW Written Information Security Program (WISP)

ECIW — administrative, technical, and physical safeguards for the protection of Nonpublic Personal Information.

Last Updated: May 2026Document Owner: ECIW Systems, OperatorEffective: Immediately
This document sets out ECIW Systems’ administrative, technical, and physical safeguards for the protection of customer information collected through the ECIW platform, in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (16 C.F.R. Part 314).
1

Purpose

This Written Information Security Program (WISP) describes how ECIW Systems protects Nonpublic Personal Information (NPI) in compliance with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule.

2

Scope

This program applies to all electronic and physical information collected through the ECIW platform.

3

Information Security Program Coordinator

ECIW Systems, the operator of the ECIW platform (based in Philadelphia, Pennsylvania, USA), is designated as the Information Security Program Coordinator and is responsible for implementing and maintaining this program.

4

Risk Assessment

We conduct periodic risk assessments to identify reasonably foreseeable threats to customer information, including unauthorized access, use, or disclosure.

5

Security Safeguards

ECIW Systems maintains a layered set of safeguards designed to protect customer information:

  • Administrative: Role-based access controls, background-checked personnel, mandatory security training.
  • Technical: Encryption in transit (TLS 1.3) and at rest, secure authentication, automatic session timeouts, input validation, and logging of access to sensitive data.
  • Physical: All data is hosted on secure Cloudflare infrastructure with industry-standard physical controls.
6

Employee Training

All personnel receive security awareness training upon hire and annually thereafter.

7

Vendor Management

Third-party service providers are contractually required to maintain appropriate safeguards and are reviewed periodically.

8

Incident Response Plan

In the event of a data breach, we will investigate, contain, notify affected parties and regulators as required by law, and document all steps taken.

9

Program Review & Updates

This WISP is reviewed and updated at least annually or whenever material changes occur to our business or technology.

ECIW is committed to protecting the confidentiality and security of the information you entrust to us.

Issued by
ECIW
A product of Efficient Client Intake Workflow Systems
Information Security Program Coordinator
Philadelphia, PA, USA
Contact
[email protected]
Phone: 215.645.2288
Questions about this WISP, requests to review it, or incident reports may be sent to the address above.
ECIW Systems
Efficient Client Intake Workflow Systems
Philadelphia, PA, USA
Support: [email protected]Phone: 215.645.2288
Back to home
Terms of ServicePrivacy PolicyPricing