What services does Acumera provide to Dq Treat Participating Locations to assist with PCI-DSS compliance?
Dq_Treat Franchise · 2025 FDDAnswer from 2025 FDD Document
- 17.9. Acumera provides both internal and external vulnerability scanning services administered by the third-party ASV for those Participating Locations subscribing to those services.
Acumera provides limited advisory services to assist with the completion of PCI-DSS.
Notwithstanding the aforementioned, Acumera does not warrant or assume any legal liability or responsibility concerning Participating Location's compliance with the PCI Data Security Standard.
Acumera, is not responsible for the completion of Participating Location's Self-Assessment Questionnaire (SAQ), the filing or refiling of failed external ASV scan exceptions, the failure of scans due to Participating Location premise IP address changes, or any other PCI-DSS requirement that requires Participating Location's action or attestation.
Further, Participating Location acknowledges and agrees that Participating Location's use of Acumera's services does not guarantee PCI compliance or that the implementation of those services alone will make Participating Location's systems secure from unauthorized access. Participating Location is responsible for PCI compliance and notification of any suspected breach of its systems and Acumera is not responsible for any fines, penalties or registration fee imposed by any payment card association or its acquiring bank for Participating Location's failure to be PCI compliant.
Source: Item 17 — The following paragraph is added to the end of Item 17 of the Disclosure Document: (FDD pages 70–378)
What This Means (2025 FDD)
According to the 2025 Dq Treat FDD, Acumera provides specific services to Participating Locations to assist with PCI-DSS compliance. These services include both internal and external vulnerability scanning, which are administered by a third-party ASV (Approved Scanning Vendor) for those locations that subscribe to these services. Acumera also offers limited advisory services to aid in the completion of PCI-DSS requirements.
However, the FDD clearly states that Acumera does not guarantee PCI compliance, nor does it assume any legal liability or responsibility for a Participating Location's compliance with the PCI Data Security Standard. Acumera is not responsible for completing the Self-Assessment Questionnaire (SAQ), handling failed external ASV scan exceptions, or addressing scan failures due to changes in the Participating Location's IP address. These responsibilities fall on the Participating Location.
Furthermore, the FDD emphasizes that using Acumera's services does not ensure that a Participating Location's systems are secure from unauthorized access. The Participating Location remains responsible for PCI compliance and for notifying the appropriate parties of any suspected security breaches. Acumera is not liable for any fines, penalties, or registration fees imposed by payment card associations or acquiring banks due to the Participating Location's failure to comply with PCI standards. Dq Treat franchisees should be aware of these limitations and ensure they understand their own responsibilities for maintaining PCI compliance.