When is a Dq Treat participating location considered to have violated security measures related to POS systems and network configurations?
Dq_Treat Franchise · 2025 FDDAnswer from 2025 FDD Document
Managed Firewall/SD-WAN Exclusions In no event shall Acumera have any liability to Participating Location for any data breach that occurs:
during any period in which the Acumera-provided or Acumera-approved firewall or SD-WAN device
has yet to be initially connected or is disconnected or has been circumvented;
i. due to the failure to implement a security measure as recommended by PCI-DSS Standards;
j. in any Participating Location environment where POS system data traffic is not configured to be on an isolated network segment through the Acumera firewall;
k. when Participating Location requests that the isolated network segment containing POS data traffic is granted access to any system or service not directly related to processing POS transactions.
However, this exclusion will not apply unless Participating Location received a Configuration Exception from Dairy Queen;
I. when Dairy Queen mandates implementation of a configuration, policy or procedure that Acumera recommends against (if Dairy Queen has been notified of the recommendation);
m. through any firewall in use, whether provided by Acumera or otherwise acquired by Participating Location, that has not passed its most recent Approved Scanning Vendor's scan (unless the issue has already been remediated);
n. in a manner that industry-standard firewall technology employed at time of breach is not able to prevent.
Source: Item 17 — The following paragraph is added to the end of Item 17 of the Disclosure Document: (FDD pages 70–378)
What This Means (2025 FDD)
According to the 2025 Dq Treat FDD, a participating location can be considered in violation of security measures related to POS systems and network configurations under specific circumstances related to the managed firewall and SD-WAN. These violations primarily involve actions or failures that compromise the security of the network and data, potentially leading to data breaches.
Specifically, a Dq Treat location violates security protocols if a data breach occurs while the Acumera-provided or approved firewall or SD-WAN device is disconnected, circumvented, or not yet initially connected. Failure to implement a security measure as recommended by PCI-DSS standards also constitutes a violation. Additionally, if the POS system data traffic is not configured to be on an isolated network segment through the Acumera firewall, or if the isolated network segment containing POS data traffic is granted access to any system or service not directly related to processing POS transactions, it is considered a security breach. However, the location can be exempt from this if they received a Configuration Exception from Dairy Queen.
Further, if Dairy Queen mandates a configuration, policy, or procedure that Acumera recommends against (and Dairy Queen has been notified of the recommendation), and a breach occurs, it's a violation. The use of a firewall that has not passed its most recent Approved Scanning Vendor's scan, or a breach that industry-standard firewall technology at the time could not prevent, also constitutes a security lapse. These stipulations emphasize the importance of adhering to established security configurations and policies, maintaining up-to-date security measures, and isolating sensitive data traffic to prevent unauthorized access and potential breaches.
These conditions highlight the shared responsibility between Acumera, Dairy Queen, and the Participating Location in maintaining network security and PCI-DSS compliance. Franchisees must understand these responsibilities and ensure they adhere to the established security protocols to avoid potential liabilities and maintain the integrity of the Dq Treat system.