What proof of PCI-DSS compliance status must an Auntie Annes franchisee submit, and how often?
Auntie_Annes Franchise · 2024 FDDAnswer from 2024 FDD Document
We require that you submit annually proof of your PCI-DSS compliance status, and we may require you to provide evidence of compliance with applicable Privacy Requirements upon our request.
We may require you to use vendors or Approved Suppliers to conduct periodic security audits to ensure that personal data is adequately protected.
We may require you to provide, or make available, to us copies of any audits, scanning results, or related documentation relating to such compliance or audits.
We may charge a reasonable fee for us to review your systems and verify your compliance with these requirements.
If you suspect or know of a security breach, you must immediately give us notice of such security breach and promptly identify and remediate the source of any compromise or security breach at your expense.
You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the Franchised Business.
Source: Item 22 — CONTRACTS (FDD page 106)
What This Means (2024 FDD)
According to Auntie Anne's 2024 Franchise Disclosure Document, franchisees must submit proof of their PCI-DSS compliance status annually. PCI-DSS refers to the Payment Card Industry Data Security Standard, which are security standards to protect credit card data.
In addition to submitting annual proof of compliance, Auntie Anne's may also require franchisees to provide evidence of compliance with applicable Privacy Requirements upon request. Auntie Anne's retains the right to request copies of audits, scanning results, or related documentation pertaining to compliance or audits. Franchisees may also be required to undergo periodic security audits conducted by vendors or approved suppliers designated by Auntie Anne's to ensure adequate protection of personal data.
Furthermore, Auntie Anne's may charge a reasonable fee to review a franchisee's systems and verify compliance with these requirements. Franchisees are responsible for promptly notifying Auntie Anne's of any suspected or known security breaches and for identifying and remediating the source of such breaches at their own expense. Franchisees also assume full responsibility for providing all necessary breach notifications and monitoring credit histories and transactions of their customers.