factual

What is a Carls Jr. franchisee required to provide annually to attest to continuous PCI compliance?

Carls_Jr Franchise · 2025 FDD

Answer from 2025 FDD Document

Franchisee agrees to utilize administrative, physical, and technical safeguards designed to protect systems and data from unauthorized access, disclosure, acquisition, destruction, use, or modification that are consistent with industry standards and best practices. Franchisee further agrees to adhere to any applicable law relating to data security. In the event of a suspected or actual data breach, Franchisee will notify CJR within 24 hours of becoming aware of the actual or suspected data breach and provide timely updates and information when requested by CJR. Franchisee will comply with industry standards and best practices regarding breach reporting and notification obligations and take all necessary and appropriate corrective action to remedy the data breach, prevent a recurrence of such a breach, and avoid and/or prevent any further loss or damage arising from the data breach.

Source: Item 22 — CONTRACTS (FDD pages 75–76)

What This Means (2025 FDD)

Based on the 2025 Carls Jr. Franchise Disclosure Document, the document does not specify what a franchisee is required to provide annually to attest to continuous PCI compliance. However, the FDD does state that franchisees must utilize administrative, physical, and technical safeguards designed to protect systems and data from unauthorized access, disclosure, acquisition, destruction, use, or modification that are consistent with industry standards and best practices. Franchisees must also adhere to any applicable law relating to data security.

In the event of a suspected or actual data breach, the franchisee is required to notify Carls Jr. within 24 hours of becoming aware of the breach and provide timely updates and information when requested. The franchisee must also comply with industry standards and best practices regarding breach reporting and notification obligations.

To fully understand the specific requirements for annual PCI compliance attestation, a prospective Carls Jr. franchisee should ask the franchisor for clarification on what documentation or proof is needed to demonstrate ongoing adherence to data security standards and regulations.

Disclaimer: This information is extracted from the 2025 Franchise Disclosure Document and is provided for research purposes only. It does not constitute legal or financial advice. Consult with a franchise attorney before making any investment decisions.
All Carls_Jr 2025 FAQs Ask FDD Ninja