If your business systems are dependent on software and services that you do not own, then you have effectively outsourced some of your core business functions. This represents a real operational risk. An operational risk that increases significantly during economic down-turns like the one we are currently experiencing.
You should consider implementing modern software escrow arrangements to protect your business and reduce ICT operational risk.
Reason 1: Australian law currently does not provide for access to software source code in the event of software vendor insolvency.
As no case law or proper legislation is currently available to show the way, the best solution is to provide for eventualities by implementing software escrow arrangements during the procurement cycle.
Australian courts have not yet dealt with the continual use of an insolvent software vendor's product. An escrow agreement will allow the end-user an opportunity it would not otherwise have for continuing to use of the software based on the terms and conditions of the existing agreement. More importantly, an escrow agreement will give the end-user the ability to maintain and support the software for the purposes of their business continuity.
Reason 2: Software escrow helps you meet quality standards.
Modern software escrow arrangements help lower ICT operational risk and deliver ICT good governance. Specifically, modern escrow agreements will help you comply with current protocols and quality standards such as ISO9001, COSO, COBIT, ITIL.
These standards are consistent with the inclusion of modern escrow as an important component of your best practice initiatives
Reason 3: Software escrow helps you comply with corporate governance imperatives.
Corporate governance guidelines, protocols and imperatives including King II, Basel lI, Sarbanes Oxley emphasise the need for modern software escrow and insist that company executives ensure that:
- Procedures and practices are in place to protect the company’s assets and reputation.
- The company complies with all laws, regulations and best business practice.
- Technology and systems in the company are adequate to run the company properly.
- ICT and software risks are identified and addressed.
Reason 4: You need the source code to survive.
When you license software, you get a licence to use the machine-readable ‘object code’ but not access to the human-readable ‘source code’. If the software vendor is unable to support your software for any reason, your programmers will need 'source-code' in order to keep the systems - and your business functioning.
What would the financial and business impact be if the software developer closes down leaving you with unsupported software? An escrow agreement will give you guaranteed access to the source code so you can continue to do business.
Reason 5: Un-verified escrow deposits are often found to be useless when called upon
Traditionally, escrow agents, lawyers and sometimes banks have provided a service by simply ‘holding’ the material in a safe place. Today, software escrow involves regular safe transfer, storage, and verification of the material to ensure that it will be usable when it is needed.
Escrow agents like Harbinger offer several levels of verification. The levels provide options for end-users depending on how critical they consider the software to be.
Up to 90% of escrowed material is found to be lacking some components that would be required by the end-user. Verification gives the end-user further comfort that what is held for them in escrow will work when needed - without the software developer's assistance.
Reason 6: traditional software escrow is inherently insecure
Using either party's lawyer as an escrow agent is not a good practice. It is usual for a lawyer to take care of their client's interests first. Only an independent escrow agent or independent lawyer can act in the best interests of both parties.
Traditionally, software source code was copied to a CD, tape or other media and couriered to the escrow agent. There is a constant risk of misplacing the media and worse - losing control of a most important asset. Today, escrow agents now use the latest technology and electronic security systems to allow the source code deposits to be transferred quickly and securely from the software developer to the escrow agent. This gives the developer and the end-user the comfort that the deposit materials are secure and accunted for.