- Best Practice (18)
- deposited material (9)
- Developer Escrow Agreement (5)
- G-Cloud (5)
- green technology (1)
- ISO 9001 (11)
- MirrorWeb (1)
- Saas (13)
- Software (16)
- Software Escrow (30)
- Software Escrow Agreement (20)
- Software Escrow Cost (6)
- source code (9)
- Source Code Escrow (14)
- Technology (3)
- TES – Directors (1)
- total escrow solutions (3)
- Uncategorized (5)
- Website Security (1)
How do I set up an escrow agreement and what should I expect as standard?
February 12, 2013
The requirement for an escrow agreement should be established as part of the contractual phase of the software development project. Where such agreements were not specified in the original contract a corrective action should be undertaken to ensure that such agreements are retrospectively established to protect users rights to continued use of a supplied application.
The software escrow set up process should be very straightforward. Your escrow agent will send you a .doc copy of the agreement that is applicable to your situation and ask you to comment before forwarding to your client/supplier for them to comment. When both parties have commented on the agreement it is returned for final approval. Once approved the agreement is circulated for signature and the software owner then has 30 days to deposit the source code to the escrow repository.
All deposits received by your escrow agent should be checked to confirm that they contain source code. Worryingly, some of the largest software agents perform a “visual inspection” of the media; “yes this is a disk” – very risky.
Checks for complete configuration and its contents should be part of the basic service that your chosen escrow partner provides.
- That all media are virus free
- That the media and the files can be read
- If compression has been used that expansion utilities are available
- That me deposit contains source code
- That the source code is legible and maintainable and should contain the following;
- Version numbers
- Modification history
- File structure
- Source comments
- Variable and procedure names
- Meaningful file names
These basic checks confirm that the deposit is source code and is of an acceptable standard. The industry norm is 15-20% of all escrow deposits contain corrupt, useless or blank data so a “visual inspection” is meaningless when you consider your application criticality.
All escrow agents recommend that additional verification testing is considered for all applications placed within an escrow agreement and I will discuss these in future posts.