- Best Practice (18)
- deposited material (9)
- Developer Escrow Agreement (5)
- G-Cloud (5)
- green technology (1)
- ISO 9001 (11)
- MirrorWeb (1)
- Saas (13)
- Software (16)
- Software Escrow (30)
- Software Escrow Agreement (20)
- Software Escrow Cost (6)
- source code (9)
- Source Code Escrow (14)
- Technology (3)
- TES – Directors (1)
- total escrow solutions (3)
- Uncategorized (5)
- Website Security (1)
Best Practice guide to Software Escrow
January 11, 2012
Software escrow agreements are used by organisations when reliance on a third party software vendor is necessary to facilitate operational effectiveness. All third party relationships carry a certain degree of risk and corporate ICT and procurement departments must ensure that these risks are identified and managed in line with the operational guidelines for the organisation.
Third party software vendors supply a wide range of applications that perform many different functions to many different departments across the whole of UK Public Sector. These applications enable organisations to deliver the level of service required to meet strict government performance targets and ultimately deliver the services that the electorate demand.
Software Escrow agreements enable you to mitigate the risks that are inherent when you rely on a third party software vendor. A software escrow is an arrangement where the owner of the software gives a copy of the application source code to a trusted third party, usually an ‘escrow agent’. The software escrow agent then holds the source code, under the terms of an agreement. This agreement includes a pre-defined set of “trigger events”. When one or more of these events occur, it triggers a “release event” and the “escrow agent” may hand over the source code to the user. So, should your third party software vendor no longer be in a position to perform their duties and warranties as specified in the license agreement or service and maintenance contract you would then have the legal rights to access the source code to enable further development and maintenance of the application to meet your operational requirements, you will also have the option of providing the source code to another developer who would then replace your existing developer for support and maintenance.
There are two main types of escrow agreement:
Single user software escrow agreements are used when the application has been written or enhanced specifically for you the client. This is called a bespoke application and must be covered by a set of terms that both licensee and vendor are comfortable with. Only by using a software escrow agreement can you ensure that you business continuity is guaranteed.
A Multiple User software escrow agreement is used when the application is of a generic nature. This means the same code is supplied by the vendor, to multiple licensees who all run the same application but not necessarily the same version.
When an application is procured by an organisation the type and level of escrow protection should be considered. While this consideration criteria will vary from organisation to organisation there are two core principles that should be adhered too.
- does the application perform a critical business function
- would there be significant financial impact if the application was unavailable
If the answer to these questions is yes then an escrow agreement should be used to minimize the impact of vendor failure.
You may also wish to consider advanced levels of certification testing and these should be discussed with the software escrow provider.
Software Escrow is a very cost effective way of ensuring your business continuity and should be viewed as a very important part of your disaster recovery strategy.