Most businesses that license software know a software escrow agreement is an important part of a contingency plan. If something unforeseen happens to the provider of your business-critical software application, it's paramount to have an exit strategy from the business relationship to avoid disruption to your operations. With control of the software source code, you can continue to maintain the software yourself, or find another provider to take over support. It is also essential to verify the escrow deposit and supporting materials are all in place and could successfully recreate the application if necessary. Without escrow verification, you may have a false sense of security about the contents of your escrow account.
Since verifying source code and materials is such a prudent step, it makes even more sense to create a repeatable process around verification with a subscription-based plan. Much like Amazon's "Subscribe and Save" service, an escrow verification subscription lets you set up a regular schedule for verification to simplify the process and make sure it happens regularly — all at a discounted rate. I've subscribed on Amazon to get trash bags, batteries, air conditioner filters, and dog food delivered regularly to my home. These are all basics that I know I will need, and now I don't have to give it another thought. In much the same way, once an escrow agreement is finalized and the initial escrow deposit has been submitted, monitoring the escrow deposit is no longer a challenge if there is a subscription verification plan.
In the world of Agile software development, technology is constantly changing, systems are always being updated, and the details to manage these solutions continue to be a work in progress. Today, source code deposits can be submitted electronically to your escrow account using a GitHub integration so that your source code is always the most up-to-date version. To keep up with the pace of change, it just makes sense to routinely audit the contents of your escrow account to better manage the escrow materials and the ability of those materials to be able to recreate your business-critical applications if required.
A subscription-based escrow verification service is a lot like a bank statement from your financial institution. Software licensees will receive a detailed summary of the files, tools, and supporting documents that were deposited into the escrow account during escrow submission.
The audit includes:
If any information is absent, the escrow agent may notify the software developer to request the missing information for the process. With a frequent, basic level of monitoring, companies licensing software will be able to see if the deposit information looks reasonable and sufficient to support their continuity plan, or if there are any flags that would indicate a higher level of escrow verification needs to be completed.
The benefits of an escrow verification subscription include:
Of course, nobody wants their software vendor to disappear or discontinue support for their product. However, a contingency plan is basically a false sense of security unless you verify the feasibility of your plan. While having an escrow agreement is a good start, it is important to manage the process by auditing the account on a routine basis to confirm you have everything you need, if by chance something does happen to your vendor.
NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.
