Formerly known as ESCROW EUROPE (Pty) Ltd

Source Code Escrow

Safeguard your business continuity by protecting business-critical software, insisting on a deposit of source code with a trusted third party – ESCROWSURE.

 

 

What is Source Code Escrow?

Source Code Escrow involves the deposit of the source code of a software application with ESCROWSURE for safekeeping. In the event of a release condition, ESCROWSURE will release the most recently deposited copy of source code and technical documentation to the end user for the protection of your business continuity. Source Code Escrow applies to software installed on-premise and software accessed in the cloud (SaaS).

Why do I need a Source Code Escrow?

 

4 typical risks that threaten your business continuity

The software
vendor ceases
to exist

The software
vendor
is liquidated

A breach of license
obligations by
software vendor

The software
vendor bought out by
your competitor

8 threats to
your business

1. Lost market share
2. Enraged customers
3. Frustrated clients
4. Regulator fines
5. Lost reputation
6. Lost revenue
7. Lost profit
8. CIO at risk

6 benefits of protecting source code with ESCROWSURE

Safeguards investment

Ensures that you have access to source
code and technical documentation in
order to update and maintain the
software in the event that the software
vendor is no longer able to satisfy its
licence obligations.

Protects business continuity

Reinforces business resilience while
underpinning operational continuity and
providing a time buffer for third party
software retirement and replacement.

Manages supplier relationship

Prevents software vendor from
leveraging unreasonable licence fee
increases by ensuring access to the
latest version of source code and
technical documentation.

Avoids unplanned
business interruptions

Avoid a business black out due to
software vendor’s bankruptcy,
acquisition, or failure to support the
software product.

Satisfies governance
and compliance

Aligns with audit and compliance
requirements. Business critical software
outsourcing regulation, guidance and
best practice. Complies with King IV good
governance codes.

Mitigates supplier
dependency

Mitigates business interruption risk by
ensuring the frictionless deployment of
business continuity strategies with least
possible disruption.

How does Source Code Escrow work?

Step 1
Getting you started

ESCROWSURE’s legal counsel will
facilitate negotiations between
the end user and software vendor
to agree the terms of the escrow
contract including release
conditions, deposit frequency and
aligning verification testing with
risk assessment. The hosting
service provider is also contracted
to engage with ESCROWSURE in
the event the software vendor
stops paying for its service.

Step 2
Arranging the deposit

In compliance with our
ISO/IEC 27001:2013 certification,
ESCROWSURE’s operations team
will receive the deposited material
and vault digitally and physically.

Our Escrow Administration Portal (EAP)
provides access to deposit
information and integrates
with Git repositories.

Step 3
Verification testing

ESCROWSURE’s verification testing
department will execute the
required testing specified in the
agreement to confirm the deposit
will enable the end user to update
and maintain, redeploy or retire
the software where the vendor is
unable or unwilling to support.

Verification testing

For an escrow deposit to be of any value, source code and relevant Material must be frequently updated and verified as part of a robust and consistent administrative process.
The focus of ESCROWSURE’s verification services is to ensure to the highest degree possible that the escrow material will be useful in the event of a release condition.

To achieve this ESCROWSURE offer
three levels of verification testing:

Level I

Verification testing

  • Deposit inspection
  • Check for readability of material
  • Check for the presence of source code
  • Check for the presence of technical documentation
  • Check for the presence of user
    documentation
  • Check for the presence of development environment/third party software
  • Check for the presence of additional material as agreed upon in the escrow contract

 

 

 

Level II

Verification testing

  • Software supplier has provided the escrow material (ie source code deposit)
  • Escrow beneficiary provides copy of software operational at beneficiary’s site (ie operational material as implemented at beneficiary site)
  • ESCROWSURE analyses the software components found in the operational material and checks for presence of corresponding source code for each component
  • ESCROWSURE request missing source code items from supplier
  • If so required, supplier updates source code deposit; ESCROWSURE creates verification report
  • ESCROWSURE initiates update procedure

Full

Verification testing

  • Software supplier has provided the escrow material (ie the source code and technical documentation as included in the escrow deposit)
  • Analyse development environment, ensure that development environment documentation is complete
  • Compile source code into binary code, ensure that compile process documentation is complete
  • Build binaries into executable software application, ensure that build process documentation is complete
  • ESCROWSURE creates verification report
  • ESCROWSURE initiates update procedure

 

Frequently Asked Questions

Is the agreement customizable? How much customization do you allow?

Yes, absolutely. We believe that each escrow environment is unique and requires a customized approach. ESCROWSURE’s in-house legal counsel will craft a bespoke escrow agreement tailoring the provisions to meet the needs of your specific requirements.

Is the agreement customizable? How much customization do you allow?

Yes, absolutely. We believe that each escrow environment is unique and requires a customized approach. ESCROWSURE’s in-house legal counsel will craft a bespoke escrow agreement tailoring the provisions to meet the needs of your specific requirements.

What if we have an unscheduled software update? Can you accommodate additional source code deposits?

Absolutely. We understand the dynamic nature of software and so we offer a flexible approach and can accommodate the changes required within your operational environment.

What events are usually defined as release events?

ESCROWSURE’s standard release conditions include:

  1. Software vendor ceases its business undertakings without formally assigning its maintenance obligations to a competent third party;
  2. Software vendor becomes insolvent, is declared bankrupt, is dissolved and/or is liquidated;
  3. The business of software vendor under the licence agreement is transferred entirely or partly to a third party that does not continue the maintenance obligations or offers to provide them only on terms that are considered by end user to be commercially unreasonable;
  4. Software vendor breaches its obligations to provide maintenance and support in such a way that it substantially jeopardises beneficiary’s ability to continue to use the product;
  5. Software vendor fails to perform one or more of its material obligations under the agreement and remains in breach for twenty (20) business days after written notification from ESCROWSURE to this effect.

These are standard release clauses however, our legal counsel can work with you to customize the release conditions requirements.

Why do we need escrow for SaaS applications?

With SaaS applications, software is not accessed on a server located on the end users premises, but instead, is hosted remotely in the cloud by a hosting services provider usually paid for by the software vendor. This introduces an additional layer of risk as it adds to the supply chain dependencies.

In addition, the data generated by the application is hosted in the cloud too. This means that if the software Vendor were to stop answering the phone, both application and data could be beyond the reach of the end user immediately.

Some end users believe that a migration to a cloud service eliminates the need for an escrow arrangement.

But this is not true.

If anything, the need for escrow is greater for SaaS applications, because of the additional layer of risk which puts both the software and the data at risk if the worst should happen.

Why do we need escrow for SaaS applications?

With SaaS applications, software is not accessed on a server located on the End Users premises, but instead, is hosted remotely in the cloud by a hosting services provider usually paid for by the software Vendor. This introduces an additional layer of risk as it adds to the supply chain dependencies.

In addition, the data generated by the application is hosted in the cloud too. This means that if the software Vendor were to stop answering the phone, both application and data could be beyond the reach of the End User immediately.

Some End Users believe that a migration to a cloud service eliminates the need for an escrow arrangement.

But this is not true.

If anything, the need for escrow is greater for SaaS applications, because of the additional layer of risk which puts both the software and the data at risk if the worst should happen.

What differentiates your service provisions from your competitors?
  1. ESCROWSURE is ISO 9001:2015; ISO/IEC 27001:2013; ISO/IEC 27017:2015 and ISO/IEC 27018:2019 certified, not just compliant.
  2. The value of an escrow arrangement depends entirely on the integrity and completeness of the deposited material.

For this reason, technical verification of the escrow material is a basic requirement for a quality escrow arrangement. With ESCROWSURE,  deposits are subjected to verification testing.

Some escrow service providers do not offer a testing service, and others, offer only a very expensive full compile and build verification service. While ESCROWSURE offers the compile and build service, it is unique in offering a productized Level II verification service, where prices are fixed, not determined by the size of the software product – a very effective and budget friendly approach. We believe this is why we have been selected as best of breed to supply escrow services to more than 13 Central Banks world wide.

What types of escrow arrangements do you offer?

ESCROWSURE offers a wide range of product solutions for our clients:

  • SaaS Escrow
  • Source Code Escrow
  • Technology Escrow
  • IP Escrow
  • Developer Escrow
  • Multi-party Escrow
  • Transactional Escrow

Proudly providing bespoke escrow services

to our valued clients world-wide since 2004

Mutual & Federal
Ministry of Lands and Natural Resources
Liberty
Lion of Africa Life Insurance
MMI Holdings
Ithuba
Kindle
Lawtrust
Grindrod
Guardrisk
Instant Life.co.za
Gijima
Zeiss

“Their work has been a major factor for IT Risk success, as we hold a number of our business-critical applications in escrow with them.”

FIDELITY SERVICES GROUP

GENERAL MANAGER

“We have been depositing our source code and technical documentation with ESCROWSURE for the many years and have consistently been impressed with the level of service by the team.”

GENASYS

CEO

“The level of service that the team provides, has provided our clients with assurance that their customized solutions are securely stored and professionally verified.”

TOLLINK

SHEQ MANAGER

GBP56 million fine, and what it means for SA businesses

GBP56 million fine, and what it means for SA businesses

When the Risk Manager of RBS arrived at work, he couldn’t have known that at 3pm he would be plunged into the worst nightmare of his career. When a system’s upgrade went wrong, staff tried to return to the original system, which failed. He had a back-up of course, but...

read more
Keep calm and manage your IT Risk

Keep calm and manage your IT Risk

"There is a joke doing the rounds about who was responsible for initiating your digital transformation, the CEO, CIO, CTO or COVID-19?" Today in Futurewave Business IT (23 April 2020) The reality is that suppliers of outsourced IT solutions represent significant risk...

read more
Twitter Loses its Source Code

Twitter Loses its Source Code

A leak of sensitive source code poses a serious security risk, as it provides valuable information to hackers and malicious actors who may attempt to exploit vulnerabilities in the code. It is therefore important for companies like Twitter to take steps to secure...

read more

Chat to us about getting
your source code into
escrow today.

Simply fill in your details and one of our
escrow specialists will contact you to set
up your free consultation.