What policy regarding user logoff and screen locking is Budget expected to enforce?
Budget Franchise · 2025 FDDAnswer from 2025 FDD Document
ilure happens more than twice within any one-year period, ABCR may also, at its discretion, suspend permanently Licensee's connection to the System via the Internet, and require Licensee to follow dedicated connection procedures at Licensee's expense as provided in the Rental System Agreement.
- (d) Licensee will be responsible for any damage suffered by ABCR and/or the System as a result of unauthorized access, use or code or file transmission from Licensee's Equipment during any period in which the Controls are not in place on Licensee's Equipment.
- (e) Licensee is responsible for the actions of all of its authorized users who have access to Licensee's Equipment at Licensee's locations, regardless of the location of the persons or the means by which such persons access the Equipment. This responsibility exists regardless of the security mechanisms that are in place. This responsibility also extends to actions taken by persons who are not authorized to (i) use Licensee's Equipment but who use Licensee's Equipment while physically located at one of Licensee's locations or (ii) access the System remotely but nevertheless have such access due to Licensee's intentional or negligent act or omission. Licensee is expected to employ the Controls available, and commercially reasonable security mechanisms and procedures including those specified herein.
- (f) Licensee is responsible for making best efforts to enforce a policy under which (i) its authorized users log off Licensee's business systems when not in use or lock their screens when leaving their Equipment unattended and (ii) the business systems cannot be remotely operated or accessed by an unauthorized user. Licensee must automatically log all remote logins through Licensee's Equipment, whether successful or failed, and the logs must be reviewed at least once per week by senior supervisory personnel of Licensee for signs of unauthorized access.
Source: Item 23 — RECEIPTS (FDD pages 80–426)
What This Means (2025 FDD)
According to Budget's 2025 Franchise Disclosure Document, Budget expects its licensees to enforce a policy where authorized users log off the business systems when not in use. If a user leaves their equipment unattended, they must lock their screens. This is to ensure that the business systems cannot be remotely operated or accessed by an unauthorized user.
Budget requires licensees to automatically log all remote logins through the licensee's equipment, whether successful or failed. These logs must be reviewed at least once per week by senior supervisory personnel to check for signs of unauthorized access. Licensees must also appoint a password administrator who will assign a unique password and a unique User ID to each authorized user.
Licensees are responsible for establishing policies and making reasonable efforts to protect the confidentiality of each password and User ID. Employees must be instructed to keep passwords and User ID information confidential and to avoid sharing or disclosing them, except to the password administrator. Licensees must also disable any "save password" features in software present on their equipment. These measures are designed to protect Budget's systems and data from unauthorized access and potential breaches.