How Does Software
Escrow Work?
The 8 Stages of Software Escrow with EscrowSURE
1.
Consult
In a free consultation our Software Escrow Specialist will work with you to assess your exposure to 3rd party software risk and design a bespoke escrow solution tailored to your unique and specific requirements.
2.
Agreement
Based on your requirements we will prepare a draft agreement for your legal review. Our legal team will facilitate contracting meetings between you and your Vendor concerning terms of the Escrow agreement.
3.
DeposIt
Once the agreement is in place, the software Vendor will deposit an encrypted copy of the latest version of the source code and technical documentation of the application with ESCROWSURE. In the event the application is hosted in the cloud, additional measures are taken including a description of the production environment, secure access for maintenance and updates, as well as hosting details.
4.
Test to Verify
Why test? An escrow deposit is only of value where tested and verified to be of use irrespective of the status of your Vendor.
Our testing services provide the opportunity for you to choose between 3 levels of testing – based on the risk analysis.
Our software testing service secures both on-prem and cloud hosted solutions.
5.
Report
The report documents the level of testing executed as well as the status of the deposited material. All reports will be posted to our Escrow Admin Portal (EAP) live and accessible to the Parties 24/7.
6.
Secure & Vault
After the testing is complete, the material is re-encrypted and vaulted. Our state-of-the-art vaulting services are governed by our ISO 9001:2015; ISO/IEC 27001:2022; ISO/IEC 27017:2015 and ISO/IEC 27018:2019 certifications.
7.
Customer Portal-
Manage
The Escrow Admin Portal (EAP) is a customer interface that provides secure access to vital documentation related to the escrow arrangement. This includes test reports, good governance certificates and details of the escrow legal agreement. EAP provides a convenient and secure way for users to manage their software escrow arrangements.
8.
Release
In the event of a release condition, ESCROWSURE will release the most recently deposited copy of source code and related materials to the End User for the protection of your business continuity
Frequently Asked Questions
Is the agreement customizable? How much customization do you allow?
Yes, absolutely. We believe that each escrow environment is unique and requires a customized approach. ESCROWSURE’s in-house legal counsel will craft a bespoke escrow agreement tailoring the provisions to meet the needs of your specific requirements.
What does the escrow agreement entail?
|
A software escrow agreement is a legal contract between:
The goal is to protect the end-user’s ability to continue using the software if the vendor can no longer support it (e.g., due to insolvency, acquisition, or breach).
|
How often should deposits be updated?
|
Deposits should be updated every time the software changes in a material way.
Escrowsure typically recommends:
|
What happens during the testing phase?
As soon as the encrypted escrow material arrives in our SFTP server, it is transferred to an ‘air-gapped’ machine where it is decrypted and verified according to the contract specifications. When testing is complete, the material is re-encrypted and written to hard media for vaulting.
How is the deposited material secured?
After testing is complete, the encrypted material is written to hard media and vaulted in a high security, temperature and humidity controlled environment.
Why do we need escrow for SaaS applications?
With SaaS applications, software is not accessed on a server located on the end users premises, but instead, is hosted remotely in the cloud by a hosting services provider usually paid for by the software vendor. This introduces an additional layer of risk as it adds to the supply chain dependencies.
In addition, the data generated by the application is hosted in the cloud too. This means that if the software Vendor were to stop answering the phone, both application and data could be beyond the reach of the end user immediately.
Some end users believe that a migration to a cloud service eliminates the need for an escrow arrangement.
But this is not true.
If anything, the need for escrow is greater for SaaS applications, because of the additional layer of risk which puts both the software and the data at risk if the worst should happen.
What is the Escrow Admin Portal (EAP)?
EAP allows access to all records pertaining to the escrow agreement 24/7. Here you will be able to view a copy of the agreement, your Escrow certificate, history of deposits received, versions of the software and any verification reports processed.
Under what conditions is the source code released?
Standard release conditions in a software escrow agreement with Escrowsure typically include vendor bankruptcy or insolvency, failure to provide ongoing support or maintenance, breach of license agreement, voluntary cessation of trading, acquisition by a competitor creating a conflict of interest, and regulatory or legal mandates requiring access.
Are EscrowSURE's services certified?
ESCROWSURE’s services are backed by internationally recognized certifications, including ISO/IEC 27001:2022 for information security, ISO/IEC 27017:2015 for cloud security, and ISO/IEC 27018:2019 for data privacy. We also uphold quality management standards through our ISO 9001:2015 certification, ensuring consistent service excellence. Our operations are fully aligned with both GDPR and POPIA compliance requirements.
How does EscrowSURE ensure the confidentiality of our source code?
Escrowsure ensures the confidentiality of your source code through a combination of robust legal safeguards, advanced security protocols, and certified operational processes—all designed to protect your intellectual property at every stage of the escrow lifecycle.