Must I comply with industry standards for data security at my Azal Coffee franchise?

You are responsible for securing the data of your customers. You must comply with industry standards and all applicable laws relating to the protection of customer information and other personal information. You must comply with the PCI Requirements in connection with your Store. It is recommended that you also comply with the ISO/IEC 27000-series information security standards (or other comparable third-party information security standards) ("Information Security Standards") in connection with the Store. It is your responsibility to research and understand the PCI Requirements and Information Security Standards, other industry standards, and applicable laws and to ensure that your business policies and practices comply with these requirements. You must periodically participate in audits of your information technology systems and data security policies by third party auditors as specified by us. We have the right to engage a vendor to consult with and advise you on compliance with the PCI Requirements and Information Security Standards and to require you to pay a portion of the cost of the vendor's services as determined under our policies or to directly engage the vendor for these purposes. Also, we will have the right to acquire a cyber insurance policy for our franchise system and to require you to pay a portion of the cost of the cyber insurance policy as determined under our policies and procedures.

Source: Item 11 — FRANCHISOR'S ASSISTANCE, ADVERTISING, COMPUTER SYSTEMS AND TRAINING (FDD pages 27–36)