Who at Camp Margaritaville must the franchisee communicate the approved information security incident plan to?

According to Camp Margaritaville's 2025 Franchise Disclosure Document, the franchisee is required to communicate their written, up-to-date information security incident plan to Key Personnel. This plan must be approved by management and have a designated owner responsible for maintaining and reviewing the incident response management program.

This requirement ensures that in the event of a cybersecurity incident, the franchisee has a clear and actionable plan in place. By communicating this plan to Key Personnel, Camp Margaritaville aims to ensure that those in leadership positions are aware of the procedures and their roles in responding to such incidents. The plan itself must include processes for responding to a cybersecurity event, goals for the response plan, roles and responsibilities, internal and external communication plans, requirements for remediation, documentation and reporting related to incident response activities, and post-incident evaluation and policy revision activities.

For a prospective Camp Margaritaville franchisee, this means allocating resources to develop and maintain a comprehensive information security incident plan. This includes not only the initial creation of the plan but also ongoing updates, training for personnel, and regular reviews to ensure its effectiveness. The franchisee should clarify with Camp Margaritaville the definition of "Key Personnel" to ensure proper communication and compliance.