What security services does Auntie Annes currently require franchisees to use?
Auntie_Annes Franchise · 2024 FDDAnswer from 2024 FDD Document
We require that you use vendors (and may require you to use one or more Approved Suppliers that we designate) to provide security services that are consistent with the Privacy Requirements.
We currently require you to use a managed firewall, conduct a quarterly network scan, maintain anti-virus/anti-malware software, and use managed Wi-Fi, but we may modify from time to time the specific security measures that you must maintain.
We require that you submit annually proof of your PCI-DSS compliance status, and we may require you to provide evidence of compliance with applicable Privacy Requirements upon our request.
We may require you to use vendors or Approved Suppliers to conduct periodic security audits to ensure that personal data is adequately protected.
We may require you to provide, or make available, to us copies of any audits, scanning results, or related documentation relating to such compliance or audits.
We may charge a reasonable fee for us to review your systems and verify your compliance with these requirements.
If you suspect or know of a security breach, you must immediately give us notice of such security breach and promptly identify and remediate the source of any compromise or security breach at your expense.
You assume all responsibility for providing all notices of breach or compromise and all duties to monitor credit histories and transactions concerning customers of the Franchised Business.
- 12.3 Data Breach Notification.
If you learn of an incident that may be a "breach of the security of the system" under Cal.
Civ.
Code § 1798.82 or any other data breach notification Law, you must immediately notify us of the facts that are known about the incident (a "Data Breach").
Source: Item 22 — CONTRACTS (FDD page 106)
What This Means (2024 FDD)
According to Auntie Annes's 2024 Franchise Disclosure Document, franchisees are required to use specific security services to protect data and maintain compliance. Auntie Annes requires franchisees to use vendors, potentially designated Approved Suppliers, to provide security services that align with privacy requirements.
Currently, Auntie Annes mandates the use of a managed firewall, quarterly network scans, anti-virus/anti-malware software, and managed Wi-Fi. However, Auntie Annes retains the right to modify these specific security measures over time. Franchisees must also submit annual proof of PCI-DSS compliance and provide evidence of compliance with applicable Privacy Requirements upon request.
Auntie Annes may also require franchisees to use specific vendors or Approved Suppliers to conduct periodic security audits to ensure adequate protection of personal data. Franchisees may need to provide copies of audits, scanning results, or related documentation to Auntie Annes. Auntie Annes may charge a reasonable fee to review systems and verify compliance with these requirements.
In the event of a suspected or known security breach, franchisees must immediately notify Auntie Annes and promptly identify and remediate the source of the breach at their own expense. Franchisees are responsible for providing all breach notices, monitoring credit histories, and overseeing transactions concerning customers of the Franchised Business. Franchisees must also immediately notify Auntie Annes of the facts known about the incident if they learn of an incident that may be a data breach under Cal. Civ. Code § 1798.82 or any other data breach notification Law.