# DORA

ilert GmbH is compliant with Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (DORA). ilert provides a standard compliance package for EU financial-sector customers (banks, insurers, investment firms, PSPs, etc.).

## Documents

* [DORA Compliance Package](https://docs.ilert.com/trust-center/legal/dora-compliance) — Self-contained dossier mapping ilert's controls to core DORA obligations. Includes key facts, requirements mapping, responsibility allocation, and supporting documentation index.
* [DORA Addendum](https://docs.ilert.com/trust-center/legal/dora-addendum) — Contractual addendum to ilert's Terms & Conditions covering service levels, data location, security & incident handling, business continuity & exit, audit & regulatory cooperation, and termination rights.

## Key facts

| Topic                  | Detail                                                                                        |
| ---------------------- | --------------------------------------------------------------------------------------------- |
| DORA "critical" status | Not designated as critical ICT third-party                                                    |
| Incident notification  | ≤ 4 hours; updates every ≤ 4 hours; post-incident report within 5 business days               |
| Business continuity    | Active/active architecture; RTO ≤ 60 min, RPO ≤ 15 min                                        |
| Resilience testing     | Annual external pentest; quarterly vulnerability scans; cooperation with client TLPT          |
| Audit rights           | 1 remote audit/year free; on-site at agreed cost; additional audits after Major ICT Incidents |
| Exit & transition      | 60-day transition period; data export within 5 business days; step-in rights                  |

For the full details, refer to the documents above. For DORA-related inquiries, contact <compliance@ilert.com>.