The FTC Safeguards Rule WISP template every dealer needs.
A written information security programme (WISP) covering all nine FTC-required control families — drafted in plain English, ready to fill in and sign. Built for franchise stores and independent dealers.
What's inside
Nine sections — one for each FTC Safeguards element.
Each section explains what the FTC requires, gives you template language you can adapt and adopt, and lists the evidence to keep on file. Sign at the bottom, file it, and refresh annually.
- 1Designated Qualified Individual
- 2Written Risk Assessment
- 3Access Controls
- 4Data Inventory & Classification
- 5Encryption of Customer Information
- 6Application Security
- 7Multi-Factor Authentication
- 8Secure Disposal Procedures
- 9Monitoring, Training, Incident Response & Reporting
The template is a printable web document. Use your browser's Print → Save as PDF to keep an offline copy.
Why this matters
The FTC enforces. The carriers check. Your local IT guy can't draft this for you.
Penalties are real
Up to $43,792 per violation per day under the FTC Act, plus state attorney general enforcement. A 'we'll get to it later' WISP is the most common deficiency the FTC cites.
Insurance requires it
Most cyber insurance carriers now ask whether the dealership maintains a written WISP and operate MFA, EDR, and training. Misrepresent the answer and a future claim gets denied.
The hard part is writing it down
Most dealers already do some of what the FTC requires — but can't produce documentation. This template makes the "written" part of WISP straightforward.
Want the controls behind the template?
Kapacyber runs the day-to-day security operations behind every section of this WISP — MFA on your DMS, EDR on every device, 24/7 monitoring, dealership-specific awareness training, and monthly plain-English reporting.