Official Seal of the City of Pagadian, Zamboanga del Sur — founded 1937, chartered as city 1969
City of Pagadian CSWDO · City Social Welfare & Development Office
TLS 1.3 · 23 Jun 2026, 15:57 PHT
Authorized Caseworker Access

City of Pagadian, Zamboanga del Sur CSWDO · Secure Caseworker Sign-In

For the most human-facing records the City holds

You are signing in to the client management system of the City Social Welfare and Development Office. The records you will handle from here — AICS, Solo Parent, Centenarian, SPISC, beneficiary case files — are among the most sensitive citizen data the City holds. They are protected under RA 10173 (Data Privacy Act of 2012) and this portal treats them accordingly.

Watch · CSWDO system walkthrough
Full caseworker walkthrough · AICS · Solo Parent · SPISC · case timeline Download MP4

Foundation · Ligon, Proven, Built by Hand

31 years in Pagadian City government 26-year production record on a system he wrote Programmer + developer in-house Zero external vendor in the path

Built and maintained by Edgardo Dingal Caseñas, an in-house Pagadian City government employee with a career arc that explains why this CSWDO portal behaves the way it does: three years at the City Accounting Office as a casual employee (where the discipline for money, ledgers, and audit trails came from), then twenty-eight years — and counting — at the Office of the Secretary to the Sangguniang Panlungsod of Pagadian, the office where every legislative record, decision, and approval gets handled. Public servant since 1994.

Proof, not promise. One of the records systems Edgar programmed and built has been in continuous production since 2000 — that is 26 unbroken years of real, government-grade use, audits, password changes, hardware migrations, and policy updates. The same design discipline that kept it running carries straight into this CSWDO portal. He does not just talk about computerization — naa nay working proof.

Technical foundation: trained informally first by his amigo, kababata, and Sto. Niño Village, Pagadian City silingan Mario Luisma — the chess partner from their high-school days, who later introduced Edgar to programming long before any classroom did. In 2000, sent by the City of Pagadian to a National Computer Center seminar in Zamboanga City — out of 33 participants from across the Philippines, Edgar finished in the top 3 of the final exam. Sent again in 2019 to a paperless-system seminar in Zambales, which fed directly into Pagadian's Paperless Session Program for the Sangguniang Panlungsod. Bentley-trained CAD / structural designer (Revit / Civil 3D / Archicad / STAAD Pro), with certifications across low-rise, mid-rise, and high-rise building design. Lead designer of the adopted Official Sangguniang Panlungsod Emblem and Seal. Builder of the Pagadian Sangguniang Panlungsod Legislative Tracking System — the 26-year reference above — and most recently of the PACIGEA member portal, additional proof that the skill is current, not nostalgic.

“Makapasalig ko: kining sistema gibuhat aron ligon, secure, stable, ug long-term. Dili lang saad — naa nay working proof. No external vendors in the path. No shortcuts. No surprises.”

Security & Compliance — Built In, Not Bolted On

  • Argon2id password hashing — OWASP 2024 parameters (64 MB memory, t=3). Memory-hard, GPU-resistant. Legacy hashes auto-upgrade on first successful login.
  • Libsodium-ready — the existing CSWDO APP_KEY is wired up for at-rest encryption of beneficiary national IDs and bank details.
  • Zero SQL-injection surface — every database write uses PDO::prepare() with ATTR_EMULATE_PREPARES = false.
  • 256-bit CSRF tokens — single-use, intent-scoped, hash_equals() constant-time compared, 30-minute window.
  • Account lockout — 5 failed attempts triggers a 15-minute hold via failed_attempts + locked_until columns. No schema change, no data drop.
  • Session hardening — isolated CSWDO_SEC session, HttpOnly + Secure + SameSite=Strict, session ID rotated on login.
  • Browser-close = logout — session cookies have no Expires / Max-Age. Close the browser, the gate kicks back in on next visit.
  • Force HTTPS — HSTS preload, X-Frame-Options: DENY, strict CSP, no mixed-content fallback.
  • Audit logs on critical ops — auth, role change, beneficiary delete, file upload, financial-aid movement all written to immutable trail.
  • RA 10173 compliant (Data Privacy Act of 2012) — beneficiary data collected only for declared CSWDO purposes, accessed under RBAC, retained per NPC Circular 16-01.
  • Off-site encrypted backups — daily × 30, weekly × 12, monthly × 12. Hardware loss does not equal data loss.
Beneficiary Data Dignity

Sensitive identifiers (PhilSys, bank, biometrics, medical) protected at rest. RBAC gates every read.

Hardware-Fail Tolerance

Encrypted GPG off-site backups on Hostinger schedule + manual snapshots before every schema change.

26-Year Zero-Breach Lineage

SP Legislative Tracking System has run since 2000 with no breach — same design discipline carries here.

Builder Accountability

Designed by an in-house Pagadian City government employee since 1994. No external vendor in the path.

PHP 8.3MariaDBArgon2idPDO PreparedLibsodium CSRFHSTSTLS 1.3RA 10173Hostinger
Edgardo Dingal Caseñas · Builder · gov’t employee since 1994 · casenasinnovates2025@gmail.com