For Dq Treat locations, what is the role of the 'Read-only PCI Contact' in the context of the Acumera services?

According to Dq Treat's 2025 Franchise Disclosure Document, if a franchisee purchases a PCI package from Acumera, they can designate a 'Read-only PCI Contact'. This contact will have read-only access to the compliance portal to view the Self-Assessment Questionnaire (SAQ) and Approved Scanning Vendor (ASV) scan results. However, this contact will not be able to edit any items or receive alerts.

This role provides a way for multiple individuals within a Dq Treat franchise to stay informed about PCI compliance without granting them the ability to make changes or receive direct alerts. This can be useful for training purposes, oversight, or simply keeping other team members in the loop without burdening them with the responsibility of managing the PCI compliance process.

The designation of a Read-only PCI Contact does not fulfill the requirement to have a Primary PCI Contact. The Primary PCI Contact is responsible for managing the Self-Assessment Questionnaire (SAQ) and external vulnerability scanning, receiving compliance alerts via email, and accessing the PCI Compliance Manager Portal to access SAQ tools and scan results. There can only be one Primary PCI Contact per location.

For a prospective Dq Treat franchisee, understanding the different roles and permissions associated with Acumera's PCI services is crucial for maintaining compliance and security. The Read-only PCI Contact offers a way to share information without granting full administrative control, which can be a valuable tool for managing PCI compliance within the franchise.