Case Studies

Case #1

 

Situation:

A large multi-national retailer relies upon a small local software development company to provide a critical point of sale and stock replenishment system

Requirement:

 

The retailer needed an independent third party to make sure the software that was in escrow was complete and usable – in the event that the software development company was no longer available. They required verification that the software could be assembled by a non-specialist using just the instructions and code in escrow.

Solution:

 

  • A quarantine environment was commissioned to undertake the verification (closed room – no communication or mobile storage devices)
  • An engineer and supplier liaison were assigned. The liaison ensured that communications between the software developer and engineer was intermediated
  • The engineer was tasked with constructing the object code (executable) using only the documentation and code within the escrow lodgements

Result:

  • Many issues with the escrowed materials uncovered.
  • The verification was halted eight times during the course of the build in order to seek instructions from the developer.
  • All additional instructions were added to the instructions lodged in escrow.
  • A second end-to-end build was undertaken
  • This 140 step exercise took 2 technical staff 4 days effort.
  • Final report covered off all areas of concern and was signed of by end user and developer.
  • Materials were updated and re-lodged into escrow.

Case #2

 

Situation:

 

An aged health-care provider was looking to purchase a software company that supplied human resource solutions to the heath care marketplace. In the final hours of the sale process, the health-care provider decided to secure the software companies source code to protect their investment.

Requirement:

The health-care provider and software company needed a robust, proven source code escrow agreement that they could rely on. They also needed to execute the agreement and lodge the source code into escrow within 24 hours.

Solution:

 

  • Harbinger’s standard three-party escrow agreement was issued to the end-user and vendor at 09.30.
  • Harbinger verified the software developer’s details and opened an account in the escrow management system (by 10:00).
  • The software vendor encrypted their files and lodged them into escrow (midday).
  • The software company and aged health-care provider’s lawyers checked and approved the agreements for signing (14:30).
  • Agreements were forwarded to Harbinger for assembly. Final agreements were dispatched to both parties (14:45).
  • On receipt of the final agreement, the software vendor passed the encryption key to Harbinger (15:00).
  • Harbinger checked the escrowed material for compliance with the escrow agreement (15:30).
  • The software vendor and aged health-care provider received notification that the Agreements were finalised and the escrow lodgements were in place (15:30).
  • The sale was completed the same day (16:00).
  • Further updates to source code have occurred quarterly within the agreed timescales.

Case # 3

 

Situation:

A large insurer was using a small software vendor to provide software that was crucial to new member registrations. The main developer was nearing retirement and the insurer was becoming nervous about the ongoing development and support of the software.

The support and maintenance contract was due to be renewed but the internal risk management department deemed continuing with the incumbent vendor as unsafe.

Requirement:

 

Both the software vendor and the insurer required a solution that would reduce the risk of continuing with the incumbent vendor.

The contract renewal process presented the right opportunity to revise terms and include software escrow as a risk management component.

Solution:

 

  • Harbinger proposed using a standard three party escrow arrangement.
  • Harbinger provided the standard agreements and schedules to both parties.
  • Modifications were made to the Release Events to capture the specifics of a retiring senior developer.
  • Once completed, source code and supporting documentation was lodged electronically.
  • The source code and supporting documents were verified by Harbinger for completeness and confirmation that - if required, the solution could be rebuilt without assistance from the software developer.
  • The source code continued to be updated quarterly for 2 years.
  • The vendor failed to lodge during the third year.
  • Harbinger’s Active Alerts (escrow compliance monitoring) prompted the vendor to make necessary lodgements.
  • No response was received.
  • The Active Alerts system alerted the end-user who issued a Notice of Release  
  • The Vendor responded by disputing the Notice of Release
  • Both parties agreed to and entered into mediation and arbitration.
  • The Arbitrator issued instructions to release the escrowed materials.
  • Harbinger notified. The materials were released to the end user.