By taking the step to establish an escrow arrangement, you have recognized that your licensed mission critical technology is an important aspect of your organization’s business operations. Complementing your escrow arrangement with verification services will help to mitigate potential risks by providing complete intellectual property protection and management, and ensuring a more rapid recovery for your organization should circumstances require it.
A technology escrow arrangement is an excellent vehicle for protecting all parties involved in licensing technology, but the value of the escrow arrangement is heavily dependent on the quality of the escrow deposit materials. A thorough verification of the materials provides assurance that, in the event of a deposit release, a licensee would be able to more quickly and effectively read, recreate, and maintain the licensor’s technology in-house.
Just as lenders examine collateral when they sign a loan, the best practice in technology escrow is to verify and test the deposit materials—both upon initial deposit as well as whenever the contents are updated. This should happen soon after an escrow agreement is executed to ensure that all of the components necessary to rebuild the executable program are part of the deposit and are in working order.
Depositing only source code in escrow is insufficient. Information on utilities, compilers, and operating systems are also required to replicate the original development environment. Without this information and access to the required technology, licensees will likely waste crucial time and money attempting to recreate the software, or they will be forced to find a replacement technology sooner than they may want. It can take a year to research new products and vendors, months to negotiate the technology license, and longer still to deploy and integrate that technology into operations. Gartner reports that there is typically a 10:1 ratio between the money spent on hardware plus the maintenance and support of purchased software, compared to the initial purchase price of that software. Centering the productivity or effectiveness of your organization around licensed software is a significant investment.
Iron Mountain’s escrow verification services provide your company with insight into the composition of your escrow deposits. We identify what you would need to do in order to successfully use the technology that has been escrowed. Then, Iron Mountain presents that information to you in an easy-to-read report, which you can use as a guide to reconstruct the technology from the deposit materials, should that need ever arise.
No one enters into a technology licensing relationship expecting it to terminate prematurely or abruptly. But the risk is real. Every month, Iron Mountain receives requests to release deposit materials from escrow. Although it is easy to believe that everything will be in order, a thorough verification strengthens the leverage value of the escrow by enabling a quick, successful deployment of deposit materials.
We offer five types of escrow verification services. Our dedicated staff of verification experts will consult with you to determine which one best suits your requirements. The recommended type of testing largely depends on the business risk associated with your licensed technology.
Iron Mountain recommends seeking the most thorough verification testing for optimal protection against incomplete or inoperable technology escrow deposits for mission-critical software. The following is a brief explanation of each type of verification testing offered, all of which result in delivery of a full report to our customers.
Checks that the deposit is readable, free of viruses, and, if encrypted, that Iron Mountain has the decryption keys on deposit. The report includes:
Confirmation of the deposit media readability
File listing
File classification
Virus scan results
Level 1 - Inventory & Analysis
Provides a complete audit and inventory of the deposit. The report includes:
Level 2 - Compile
Validates whether the development environment can be recreated from the documentation and files supplied in the escrow deposit. This test includes:
Level 3 - Binary Comparison
Ascertains whether the size and structure of the executable files built in Level 2 compilation tests match those operating in your runtime environment. The resulting report from this test includes a comparison of the executable file built in Level 2 testing to that of the licensed executable file running at your site, as well as all details and deliverables of Level 1 and Level 2 verification tests.
Level 4 - Full Usability
Assures that the source code placed in escrow will be fully functional in the event of a release. This test includes:
NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.