WHAT IS SOFTWARE ESCROW?
Software escrow (or source code escrow) is the safekeeping (vaulting and verification) of the developer version of your business critical software by an independent and neutral escrow specialist. It is the gold standard backup.
Your business is dependent on software products whether installed in-house, hosted remotely, cloud based or SaaS. Software products are never bug free or complete.
If your software supplier fails, without access to the source code of the software you will not be able to update or maintain your product. If your software supplier fails, without access to the source code of the software you will not be able to update or maintain your product.
Stakeholders will demand:
• How do you know that the business could continue?
• Are vital revenue streams at risk?
• Is our reputation at risk?
In South Africa, King Governance protocols direct that the, “availability of the functioning of the system, possession of the system, authenticity of system information and the assurance that the system is usable and useful” must be safeguarded. Software escrow addresses this business risk as it safeguards the continuity of your day-to-day business operations.
And your business case for this is excellent considering:
• the value of the business processes and revenue streams that are dependent upon the software concerned;
• the value of the investments that have been made in the software product, implementation project, training, support and maintenance etc;
• the magnitude of reputation, consequential and other damage in the event of business disruption due to mission critical IT systems failure.
HOW DOES IT WORK?
The source code of a business application is deposited with an independent and neutral escrow service provider according to the terms set out in an escrow agreement signed between the software supplier, the business end user and the escrow service provider. The escrow agreement will specify the exact legal terms upon which:
1. the software supplier is obliged to deposit the source code,
2. the business end user may call for the release of the source code,
3. the testing of the software product required to verify the integrity of the source code deposit.
ACTIONS YOU CAN TAKE?
1. Identify your mission critical software applications. (Most business depend upon multiple software products for day to day operations).
2. Update your risk register, scoring software applications according to the risk they represent to the business.
3. Establish a uniform risk profile for all suppliers of business critical software
Our end-to-end software escrow
services address all of the above for you.
Click here and we will contact you about your requirements.
COBIT®, Val IT™ and COSO