How often must a Moes Southwest Grill franchisee submit proof of PCI-DSS compliance status?
Moes_Southwest_Grill Franchise · 2025 FDDAnswer from 2025 FDD Document
We require that you submit annually proof of your PCI-DSS compliance status, and we may require you to provide evidence of compliance with applicable Privacy Requirements upon our request.
Source: Item 22 — Contracts (FDD page 92)
What This Means (2025 FDD)
According to the 2025 Moe's Southwest Grill Franchise Disclosure Document, franchisees are required to submit proof of their PCI-DSS (Payment Card Industry Data Security Standard) compliance status annually. This requirement ensures that franchisees are adhering to security standards for protecting cardholder data. Moe's Southwest Grill may also request evidence of compliance with applicable Privacy Requirements at any time.
In addition to the annual PCI-DSS compliance submission, Moe's Southwest Grill may require franchisees to use specific vendors or Approved Suppliers for security services. These services include maintaining a managed firewall, conducting quarterly network scans, using anti-virus/anti-malware software, and utilizing managed Wi-Fi. While these specific measures are currently in place, Moe's Southwest Grill retains the right to modify the required security measures from time to time.
Moe's Southwest Grill also has the right to conduct periodic security audits to ensure personal data is adequately protected. Franchisees may be required to provide copies of audits, scanning results, or related documentation. Furthermore, Moe's Southwest Grill may charge a reasonable fee to review a franchisee's systems and verify compliance, but this fee will not exceed 110% of their actual costs and expenses related to these services.
It is crucial for prospective Moe's Southwest Grill franchisees to understand these requirements, as failure to comply with PCI-DSS standards and other security measures can result in penalties and potential data breaches. Franchisees are also responsible for promptly notifying Moe's Southwest Grill of any suspected or known security breaches and for identifying and remediating the source of any compromise at their own expense. Franchisees must also provide all necessary notices of breach or compromise and monitor credit histories and transactions concerning customers of the franchised business.