What is Budget Licensee's obligation regarding scanning files for computer viruses obtained via the Internet, electronic mail, or diskette?

According to Budget's 2025 Franchise Disclosure Document, Budget licensees must establish and enforce policies requiring employees to scan all files obtained via the Internet, electronic mail, or diskette for computer viruses. This scanning must be done using virus detection software specified in the Controls, as defined by Budget. Licensees are prohibited from knowingly allowing any user to transfer or transmit infected files, or files that have not been scanned as required. If a computer virus is detected, the licensee's policy must require the individual to contact the Help Desk immediately.

Budget also requires that all business systems with access to Budget's system and the Internet be protected by a firewall system specified in the Controls. This firewall must intercept and control all data traffic between the Internet and the licensee's business systems. Direct access to any gateway or multi-user system with access to Budget's system from the Internet is prohibited. Licensees must also implement a network intrusion detection system (IDS) at all Internet access points and portals, potentially monitored by Budget.

Furthermore, Budget mandates that all equipment with access to their system be installed and configured securely, following the manufacturer's recommendations. Default passwords and accounts must be changed or removed before accessing the system. All operating systems and applications must have the latest service packs, security patches, and updates applied, reviewed, and updated by a designated administrator at least every 60 days. These measures are designed to protect Budget's systems and data, and the licensee's systems, from potential security breaches and data contamination.

Budget also specifies that licensees must maintain security controls and procedures that meet current industry standards, including measures for firewalls, web security, email protection, intrusion detection, incident response, and malware protection. Licensees are responsible for implementing anti-malware measures on all data transfer mechanisms, including encryption standards, to prevent the spread of computer viruses. This comprehensive approach to IT security ensures that licensees are proactive in protecting their systems and customer data, aligning with industry best practices for data security and compliance.