DORA Terms

Purpose and status

• This page provides a high‑level overview of SecurEnvoy’s DORA assurance posture to support Partners and their regulated customers. SecurEnvoy does not hold itself out as an “ICT third‑party service provider” under DORA.
• The full SecurEnvoy DORA Assurance Pack (controls summaries, current third‑party certificates/attestations and service descriptions) is available on reasonable request via your SecurEnvoy Partner or from SecurEnvoy by email or from SecurEnvoy Legal [legal@brookcourtsolutions.com]. We may reasonably redact sensitive material for security reasons.

Binding effect

• This web content and the Assurance Pack are informational only and do not, of themselves, create a contract. They become binding solely if expressly incorporated by reference in a written agreement (for example, a Partner Agreement Change Note or order form). Unless a specific version/date is fixed in that agreement, the Pack is incorporated as updated from time to time.

Key assurances (summary only)

Where a regulated customer reasonably designates the Licensed Services as critical ICT services for its operations, SecurEnvoy will:

• maintain proportionate operational‑resilience, cyber‑security and availability measures;
• retain relevant security/incident records for at least five (5) years;
• notify without undue delay on confirming a material security incident and provide reasonable co‑operation, including regulator‑facing support via the contracting route;
• honour proportionate, risk‑based information/audit rights limited to the Licensed Services and environments under SecurEnvoy’s control (excluding source code and other customers’ data), taking account of third‑party reports/certifications in the Pack;
• flow down materially equivalent obligations to material sub‑contractors, and maintain a mechanism to notify contracting counterparties of material changes to such sub‑contracting where they could reasonably be expected to impact security or resilience;
• provide proportionate, time‑limited exit assistance on a reimbursable basis; and
• support is provided in accordance with SecurEnvoy’s standard Support Services schedule; service credits are not offered under that schedule.

Limitations and charges

• No direct contractual privity arises from this page or the Pack; rights flow only through the applicable agreements in the distribution chain. Bespoke testing/training or additional assurance activities require prior agreement and are chargeable.
• If and to the extent the DORA Flow‑Down Terms are incorporated, SecurEnvoy’s aggregate liability solely under those Flow‑Down Terms is sub‑capped at £250,000, without prejudice to wider caps/exclusions in the governing agreement.

Updates

• We may update the Pack and these high‑level materials periodically. Material changes reasonably expected to affect security or resilience will be notified via the website.

How the Pack and Flow‑Down Terms are provided and incorporated

• Obtaining the Pack: Partners may request the standard Assurance Pack for a customer on reasonable request. Customers may also be granted access via your SecurEnvoy Partner or from SecurEnvoy by email or from SecurEnvoy Legal [legal@brookcourtsolutions.com].