Skip to main content
Butter bar
Take a self-guided virtual tour of Everbridge 360™
Watch now

Resilience Terms (DORA) 

Short Banner Blue

Master Services Agreement

Previous Versions

Security Program Framework

Previous Versions

Data Processing (DPA)

Resilience Program (DORA)

Subprocessors List

Acceptable Use Policy

Company has implemented and shall maintain resilience program designed to promote  applicable resilience regulation, such as Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (“DORA” (“Resilience Regulation”).  If Client is subject to a Resilience Regulation and uses the Services to transmit, store or otherwise process data covered by such Resilience Regulation, then acceptance or execution of an applicable Company Master Services Agreement (the “Agreement”) incorporates the terms of this Resilience Agreement into the Agreement.  The Resilience Agreement reflects the parties’ agreement with regard to resilience regulation compliance, unless another agreement containing security terms have been agreed to in writing by both Parties.  Unless otherwise stated, capitalized terms in this Resilience Agreement shall have the meanings set forth in the Agreement.  

The Parties acknowledge and agree that disruption of the Services will not materially impair Client’s financial performance or result in a breach of obligations of financial entity authorizations or financial services law.   
The Parties acknowledge and agree that this Resilience Agreement supplements the provisions of the Company Services Agreement, and together with the provisions of the Company Services Agreement, shall qualify as the contractual arrangement on the use of ICT services (as defined in DORA) under Article 30(1) and (2) DORA. 

A.  Location of Services and Data Processing 

  1. A description of Company’s subprocessing activities is contained in the following Processing Activities List:  https://www.everbridge.com/about/legal/everbridge-sub-processors/
  2. The Services shall be performed and data processed and stored in the locations described in the Processing Activities List.  Company will timely notify Customer if Company intends to expand the locations or change the storage location. 
  3. The Services shall be performed and data processed by the sub-processors disclosed in the Processing Activities List.   

B. Performance of Services 

Company shall: 

(a) Perform the services as described in the Agreement and as expressly authorized by Customer to store, copy, disclose, delete, enhance or use data of the Customer;  

(b) Use the security measures described in the Agreement to preserve data of the Customer, so far as possible, for protecting the integrity of the data and for preventing against loss, disclosure, theft, manipulation or interception of the data; 

(c) without undue delay notify the Customer if the Customer’s data is lost, becomes corrupted, is damaged or is deleted accidentally such that the Services cannot be performed; 

(d) at the written direction of the Customer, delete or return to the Customer all Customer ’s Data on termination or expiry of the agreement or on the Company becoming insolvent or discontinuing its business operations, and certify to the Customer in writing that it has done so. 

C. Service Description and Service Level Agreements 

  1. The Security and resilience product description is available in the applicable Agreement or Data Protection Agreement.  
  2. Customer support is available 24x7x365 (via telephone, email, and through its Support Center online) in accordance with the most recently published Support Services Guide. 
  3. Company shall use commercially reasonable efforts to make message delivery through the Solutions available 24 hours a day, 7 days a week except for planned downtime (with prior notice). 
  4. Company shall notify the Customer, without undue delay, of any development that might have a material impact on the Company’s ability to provide the contracted services.  

D. ICT Incidents 

  1. For the purposes of this ICT Incidents clause, “ICT Incident” means the occurrence of an unplanned event or a series of unplanned events in the provision of the Services that (a) compromises the security of the Customer’s network and information systems and (b) has an adverse impact on the availability, authenticity, integrity or confidentiality of the Customer’s data, or on the services provided by the Customer. 
  2. In the event of an ICT Incident, Company, including any subcontractor of the Company approved by the Customer, shall provide the Customer with such commercially reasonably assistance as may be reasonably requested by the Customer to resolve and report the ICT incident in accordance with any relevant and applicable regulatory timelines and reporting conventions, as specified in the applicable Company Services Agreement.  

E.  Co-operation with Regulators 

Each Party shall co-operate with all appropriate governmental authorities and regulatory bodies in connection with any investigation, request for information or other matter arising in relation to the Agreement or the provision of the Services. 

F.  Training

Company shall maintain a training program for the handling of customer information, security awareness, and operational resilience training in accordance with the compliance certifications it maintains, such as ISO 27001.  To the extent the Customer identifies training that is not already provided, the Parties shall co-operate to provide the additional training to Company at a reasonable time and at Customer’s additional cost.   

 G. Service Continuity 

Company shall maintain and regularly test (no less than annually) appropriate business continuity and disaster recovery plans and implement remedial action as appropriate to enhance security measures, processes and policies, so as to provide a commercially reasonable level of security of provision of the Services and comply with applicable regulatory obligations.  

 H. Audit 

  1. Company shall provide any applicable government regulatory body (and any third- party auditors appointed by them) with all reasonable co-operation, access and assistance in relation to each regulatory body’s audit. 
  2. The Agreement covers the scope, type and frequency of audit rights available to the Customer.  Such rights are applicable to monitor with this Resilience Agreement, irrespective of where the rights are found in the Company Services Agreement. 

 I.  Exit Strategy  

In the event of termination of the Agreement (other than where Company has ceased operations or otherwise become unable to provide the Services), Company will at the request of the Customer continue to provide the Services at the pricing and on terms and conditions to be agreed between the Parties, during a transition period reasonably sufficient to minimise the risk of disruption to the Customer’s business or to allow effective resolution and/or restructuring of the Customer’s business.   

 J.  Root Cause Analysis

The Company should provide a notification without undue delay of incident resolution, summarising the detection, investigation, resolution and post resolution actions / activities to further investigate / remediate in what time frame. All updates in terms of actions taken, should be reported back to the Customer and once any vulnerabilities have been addressed, a final RCA report should be submitted which summarises actions taken and vulnerabilities addressed as a result, in a commercially reasonable timeframe.  

See us in action

Request a demo or just call us at 888-366-4911

Schedule demo
Request a Demo