What must a Chop5 Salad Kitchen franchisee do if they are noncompliant with PCI-DSS requirements?

According to the 2024 Chop5 Salad Kitchen FDD, if a franchisee becomes noncompliant with PCI-DSS (Payment Card Industry Data Security Standard) requirements, they must promptly notify Chop5 Salad Kitchen. This notification is essential for discussing remediation efforts and establishing a timeline to regain compliance. PCI-DSS is a set of security standards required by major credit card brands like American Express, Discover, JCB, MasterCard, and Visa. These standards are detailed on the PCI Security Standards Council website.

Compliance with PCI-DSS is crucial for protecting customer credit card information. Chop5 Salad Kitchen franchisees must establish administrative, technical, and physical controls to secure credit card data that they store, process, or transmit. They must also promptly notify Chop5 Salad Kitchen if they suspect any security breach or potential compromise of credit card information.

Furthermore, franchisees are required to provide Chop5 Salad Kitchen with updates regarding their PCI-DSS status. This can be done through a completed PCI AOC (Attestation of Compliance), PCI-DSS SAQ (Self-Assessment Questionnaire), or another mutually agreed-upon method. Maintaining PCI-DSS compliance is not only a contractual obligation but also vital for maintaining customer trust and protecting the Chop5 Salad Kitchen brand's reputation.