Frequently Asked Questions
- What are the advantages of escrow agreements for an end-user?
- Can we use our lawyers as the escrow agent?
- Do burned CDs have a short life span?
- How do we know the deposit materials are complete and accurate?
- Registered users terms and conditions
- We already have our software in escrow. Can Harbinger administer our terms?
- We prefer not to lodge online. can we send Harbinger a tape or a cd?
- What can be deposited into the electronic vault?
- What is source code?
- What is Source on Ice?
- Why is it important to use an online vault for the storage of escrow deposits?
- What are Deposit Materials
- What are Additional Materials?
- What are Active Alerts?
- Where does Harbinger store escrow deposits?
- How does software escrow work?
- Why use an escrow agent?
- What is software escrow?
- What is an online vault?
- What is a Release Event?
- What are the electronic lodgement system's specifications?
- What happens when I upload new files? Do the old files stay?
- What are the benefits of Source on Ice?
- What are the advantages of escrow agreements for software developers and vendors?
- How is Harbinger different from other escrow agents?
- What is Harbinger's information privacy and data protection policy?
- What is Harbinger's record keeping and retention policy?
- What is Harbinger's backup and archiving policy?
- Development Plans can change in time. How is this evaluation made? And by whom?
- How is judgment made in relation to ceasation of support/maintenance?
- What is a "verification reset"
- What does Harbinger do with the material in escrow after the escrow agreement is terminated?
- What is Level 0 Verification?
- How do I know if my company needs software escrow?
- Gartner's comments about software source code escrow?
- What is the difference between traditional and modern approaches to software escrow?
- What is Supervised Compilation
End-users do not have access to the source code or other proprietary materials needed or useful for maintaining, updating or enhancing the software, and therefore is dependent upon a Vendor to maintain, update and enhance the software.
If the Vendor goes out of business, or fails to maintain, update or enhance the software, the End-user may suffer significant interruption of their business.
As a beneficiary to the Escrow Services Agreement, the End-user will receive the Deposit Materials if a Release Event occurs and will have the right to use them (in accordance with permitted use guidelines) to maintain, update and enhance the software.
An End-user’s business may depend on software licensed from a Vendor. A knowledgeable end-user would be concerned about timely maintenance of the software to correct programming errors and about updating or enhancement of the software to meet the End-user's changing needs.
Conventional wisdom used to be that anyone other than the developer or end-user could serve as the escrow agent. However, as business has evolved and their technology agreements have matured it is now agreed that there are critical characteristics an escrow agent must have in order to provide an acceptable service:
- Proven escrow agreements
- Best practice secure storage of the deposit material
- Proactive alerts and compliance reporting,
- Escrow agent neutrality
- Auditing validation and verification services
The use of "casual escrow agents" has dropped significantly in the past decade as typically they can only offer part of these necessary components. The following illustrates some of the short-comings of "casual escrow agents":
Lawyers / Accountants - will likely have strong knowledge of the business / contracts and may be able to provide account information as needed. However, they usually lack the storage facilities and requisite experience in handling electronic data. Also, lawyers are seldom neutral third parties as they usually represent one party in the transaction.
Banks - Banks are often considered as escrow agents because of their physical vault facilities. However, bank vaults are not designed to store electronic media and banking industry employees typically have no training in this area. Further, their employees are not trained to handle electronic media. Over time, banks have learned that software escrow services are not in their core competency.
Opinions vary on how to preserve data on digital storage media, such as optical CDs and DVDs. Kurt Gerecke, a physicist and storage expert at IBM Deutschland, has his own view: If you want to avoid having to burn new CDs every few years, use magnetic tapes to store all your pictures, videos and songs for a lifetime.
"Unlike pressed original CDs, burned CDs have a relatively short life span of between two to five years, depending on the quality of the CD," Gerecke says. "There are a few things you can do to extend the life of a burned CD, like keeping the disc in a cool, dark space, but not a whole lot more."
The problem is material degradation. Optical discs commonly used for burning, such as CD-R and CD-RW, have a recording surface consisting of a layer of dye that can be modified by heat to store data. The degradation process can result in the data "shifting" on the surface and thus becoming unreadable to the laser beam.
"Many of the cheap burnable CDs available at discount stores have a life span of around two years," Gerecke says. "Some of the better-quality discs offer a longer life span, of a maximum of five years."
Distinguishing high-quality burnable CDs from low-quality discs is difficult, he says, because few vendors use life span as a selling point.
Hard-drive disks also have their limitations, according to Gerecke. The problem with hard drives, he says, is not so much the disk itself as it is the disk bearing, which has a positioning function similar to a ball bearing. "If the hard drive uses an inexpensive disk bearing, that bearing will wear out faster than a more expensive one," he says. His recommendation: a hard-drive disk with 7200 revolutions per minute.
To overcome the preservation limitations of burnable CDs, Gerecke suggests using magnetic tapes, which, he claims, can have a life span of 30 years to 100 years, depending on their quality. "Even if magnetic tapes are also subject to degradation, they're still the superior storage media," he says.
But he's quick to point out that no storage medium lasts forever and, consequently, consumers and business alike need to have a migration plan to new storage technologies.
"Companies, in particular, need to be constantly looking at new storage technologies and have an archiving strategy that allows them to automatically migrate to new technologies," he says. "Otherwise, they're going to wind up in a dead-end, and for those sitting on terabytes of crucial data, that could be a colossal problem.
Without performing a technical verification on the source code in escrow, it is impossible to know if the deposit is complete, accurate or will be useful when needed. Harbinger provides a range of audit and verification services to determine if the escrowed materials are complete and accurate.
There are steps that can be undertaken in the agreement process to improve the quality and completeness of the deposit material. Harbinger can provide assistance to ensure that the necessary components are included in the deposit materials.
Verification of escrow deposits is not part of an escrow service agreement with Harbinger. Users must commission verification services separately.
The Website of: Harbinger Group Pty Ltd, (Harbinger) presents information and services from Harbinger to registered users.The website offers users the ability to learn more about Harbinger and access online services such as forms, agreements and software tools. It also serves as a channel to link visitors to Harbinger's specialised functions and services such as online lodgement and reporting functions.
Access to, and use of, the Harbinger website constitutes acceptance of the following general terms and conditions.
Neither Harbinger nor any other party involved in creating, producing or delivering the website shall be liable for any direct, incidental, consequential, indirect or punitive damages arising out of Users' access to, or use of, the website. The Website does not guarantee the accuracy of information provided by external sources and accepts no responsibility or liability for any consequences arising from the use of such data.
Though Harbinger uses the best technical standards to control its site, material on this website may inadvertently include factual or technical inaccuracies or other errors. We should be grateful if users could notify us of any errors or inaccuracies they may find. Please note that users browse and use the website at their own risk. Harbinger does not warrant that the functional aspects of the website will be uninterrupted or error free or that this website, or the server that makes it available, are free of viruses or other harmful components. Harbinger may change material on the site without prior notice.
Access and availability of service and links
The Harbinger site may contain links and references to third-party websites. These are provided for the convenience and interest of users and on the part of Harbinger this implies neither responsibility for, nor approval of, information contained in these websites. Harbinger makes no warranty, either express or implied, as to the accuracy, availability or content of information, text, graphics which are not under the 'harbinger.com.au or sourceonice.com.au' domain. Harbinger has not tested any software located on other sites and does not make any representation as to the quality, safety, reliability or suitability of such software.
Personal data privacy
By accessing the Harbinger website, certain information about users, such as internet protocol (IP) addresses, navigation through the site, software used and time spent, as well as other similar information, will be stored on Harbinger servers. These will not specifically identify users and the information will be used internally for website traffic analysis only. If users provide unique identifying information, such as name, address and other information on forms stored on this site, this information will be used for statistical purposes only and will not be published or made available for general access.
Harbinger does not sell or rent its registered website users' names, addresses, email addresses or other personal information.
If you are registered on the Harbinger database and would like your name to be removed, please click on the unsubscribe link and this will enable you to remove your details from Harbinger’s database.
Use of IP address
The IP address is a number that is automatically given to your computer when you are surfing on the internet. Servers and ‘big computers’ that host web pages, automatically identify your computer through its IP number. Harbinger uses IP addresses in order to carry out statistics, however, as IP addresses and personal identification are not linked to each other users remains anonymous.
Cookies are pieces of information that a website transfers to an individual hard drive for record-keeping purposes; passwords are not saved in cookies. Cookies help Harbinger to know which pages are visited most often and helps Harbinger to ensure that its website responds to users' needs.
If you do not wish to receive a cookie, or if you wish your browser to notify you when you receive a cookie, you may use the option on your web browser to disable cookies. Click on the 'help' section of your browser to learn how to change cookie preferences. However, please note that if you disable all cookies you may not be able to take advantage of all the features available on this website.
Harbinger does not use personal identification details transferred through cookies either for promotion or marketing purposes, nor will such information be shared with a third party.
From time to time the Harbinger website contains bulletin boards, chat rooms, access to mailing lists and other message and communication facilities (collectively termed 'forums'). Users agree to use forums only to send and receive messages and materials that are strictly related to the particular forum. When using a Harbinger forum users agree not to do any of the following:
- Users may not download, distribute or otherwise publish through the Harbinger website any content which is libellous, defamatory, obscene, pornographic, abusive or in any way violates any laws.
- Forums are for non-commercial use only. Users should not distribute or otherwise publish any material containing any solicitation for funding, advertising or solicitation for goods or services without requesting and receiving prior written approval from Harbinger.
- Users shall not delete any author attributions, legal notices, proprietary designations or labels from any file that is downloaded nor falsify the origin or source of software or other material contained in a file that is downloaded.
- Harbinger does not and cannot review every message posted by users on forums and is not responsible for the content of any messages posted. Harbinger reserves the right to delete, move or edit, at its sole discretion, messages that it deems abusive, defamatory, obscene, in violation of copyright laws or unacceptable. Users shall remain solely responsible for the content of their messages.
- Users acknowledge that any submissions may be edited, removed, modified, published, transmitted and displayed by Harbinger.
- Users should be aware that all forums and discussion groups are public and not private communications. Further, users acknowledge that chats, postings, conferences and any other form of communication by other users are not endorsed by Harbinger, and that such communications shall not be considered as having been reviewed, screened or approved by Harbinger.
The contents of the Harbinger Website is intended to support Harbinger's commercial and non-commercial use undertakings. Harbinger grants permission to users to visit the site, and to download and copy information, images, documents and materials from the website in order to expedite commercial dealings with Harbinger. Harbinger does not grant the right to use, resell or redistribute any information, documents, images or material from its website or to compile or create derivative works from material on its website.
Use of material on the website is subject to the terms and conditions outlined below.
- All material published on the Harbinger Website is protected by copyright and owned or controlled by Harbinger Group Pty Ltd. or the party credited as the provider of the content, software or other material.
Use of Harbinger or Source on Ice logo
Yes we can,
Often end-users and vendors transfer their existing escrow agreements to Harbinger to take advantage of our standard agreements, online vault, pro-active services and lower fees. The transfer process is simple and we will provide detailed instructions once we understand your requirements.
Harbinger is even able to handle the bulk of the administrative details related to the transfer.
Yes you can!
Regardless of how secure our online lodgement systems are, we find some of our vendors just prefer traditional and time-proven methods of transfering their precious source code to us. If this is you, rest assured, you can still take advantage of all Harbinger has to offer. We will be happy to accept delivery of your materials, and lodge them securely into our electronic vault on your behalf.
The offline transfer process is also simple. We will handle the bulk of the administrative details related to the transfer and will provide detailed instructions to you once we fully understand your requirements.
We can accept most forms of media including:
- USB / Firewire devices
- SCSI, SATA, IDE based storage
- .... many more
Note: There may be additional handling fees due for receipt and storage of manual lodgements.
Harbinger can administer escrow agreements for a wide array of deposit materials. The typical deposit materials consist of a bundle of electronic data made up of software source code, documentation related to the development and production environments and other core information.
However, any electronic data files can be placed into the online vault. Harbinger can help facilitate virtually any electronic data-related transaction.
Source code is the sequence of logical statements and operations written in a human-readable computer programming language that controls the processing of data and the functionality of software.
The source code itself can be hundreds of thousands of lines of code and is normally designed and written by software programmers in programming languages such as C++, Java or Visual Basic.
When completed, the source code is compiled into "executable code" that can be downloaded, installed and run on a end user computer.
However, with only the executable code, end users have no ability to see how the software is processing data or performing functions and, for the most part, have no ability to change the operation of the software.
Because repairing problems or changing functionality is only possible with the source code, the escrow of source code is common in large software transactions involving custom developed or operationally critical applications.
Source on IceTM is an online escrow management system that provides highly secure lodgement, protection and monitoring of valuable intellectual property such as source code.
It is a unique and highly efficient online service that includes:
- a highly secure online vault
- the ability for vendors and end-users to monitor activity and view the details of lodgements online
- special tools for compressing encrypting and lodging deposit materials
- dynamic rules that reflect the terms of the escrow agreement and assist vendors and end-users comply with their escrow agreement obligations
- the ability to audit and report on lodgement and agreement activity
Source on Ice has been engineered by security specialists specifically for the storage and preservation of data escrow lodgements.
Using encryption and security technology coupled with the accessibility of the Internet, everyone's data is protected in a manner that was once the realm of only large companies and governments. Source on Ice provides security for escrowed data and can also act as protection for Vendors from catastrophic data loss.
Source on Ice is "designed to fail" without impacting data integrity. The Source on Ice vault is equipped with devices that monitor aspects of the electronic and physical environment.
Software and source code escrow agreements are a good part of any business continuity plan. However, the quality, completeness and accuracy of the deposit materials determine the value of the escrow deposit.
All electronic media degrades over time. Since the deposit materials may not be utilised until some later date, the storage and preservation is critical in preserving the value of the escrow deposit. Storing electronic files in an appropriate fashion and environment will significantly extend the value of the escrow deposit and reduce the risk to the Client's business.
Deposit Materials are a group of electronic data files that contain the confidential elements of an escrow agreement. The Deposit Materials are critical and important items that form the basis of that which is being protected by your escrow agreement. Deposit Materials do not contain information, data or elements that are readily available or provided to an end user in their original form - such as diagrams, third party software, manuals, operating systems, database schematics and raw data.
Additional Materials are a group of electronic data files that contain the necessary - but not confidential elements of an escrow agreement. The Additional Materials are important items that form the supporting materials of that which is being protected by your escrow agreement. Additional Materials often contain information, data or elements that are readily available or could be provided to an end-user in their original form - such as diagrams, third party software, manuals, operating systems, database schematics and raw data. Additional Materials do not include secret confidential material.
Active Alerts are unique to Source on Ice. They dynamically compare the requirements of your escrow agreement with activity and events in the online vault such as vendor lodgements. This enables you to check that lodgements are being made regularly and on time. It provides peace of mind to vendors and end-users alike as both can be sure the escrow lodgements are in accordance with the requirements of the escrow agreement.
Active Alerts include a range of helpful services including:
- reminding vendors of lodgements that are due
- signalling to end-users when there are changes to Deposit Materials
- updating both parties to the presence of a Release Alerts or a Release Event
The benefits of Active Alerts include:
- improving the effectiveness of an escrow arrangement
- enhancing communication between vendor and end-user
- reducing business risk by improving compliance with escrow agreements
- reducing the likelihood of a Release Event
- reducing the number of missed or late lodgements
- ensuring your Deposit Materials are protected by escrow agreements for their entire lifecycle.
In alignment with our security policies, the exact location of the master online vault, secondary (replicated) vault and our archiving and backup services is considered a secret. Source on Ice utilises only state of the art online vault facilities to store escrow deposits.
We provide state of the art online storage in Australia that is mirrored in a separate Australian location.
Software escrow (or source code escrow) services are most commonly used to store a software developers' source code. In the event that the software developer can no longer meet their obligations, the source code may be released to the end user. This ensures that the end-user can continue to operate their business as usual.
For end-users; software escrow is an essential part of modern technology services contracts. It not only delivers compliance with best procurement practices, but most importantly it also reduces the risk to your business.
For software developers; it improves the marketability of your software and demonstrates a willingness to reduce the risk of doing business with you.
Source code is lodged with Harbinger, Object code is provided to the end user
Harbinger Escrow Services is Australia's leading escrow agent that has an unique online lodgment and monitoring system - Source on Ice. By leveraging the latest in technology and data security,Harbinger provides the most efficient method of implementing escrow arrangements.
We provide and administer escrow services - including electronic lodgement, verification, reporting, alerts, software auditing, technical and legal services for some of Australia's best known companies.
Our services are primarily designed to meet the needs of three types of customers:
- Vendors or developers of software engaged in providing software or services to their clients
- End users - the clients of those vendors
- Agents - engaged in providing data escrow services
By using Source on Ice,Harbinger allows vendors to securely lodge their software source code and other related data. It also allows end users to monitor the vendor's compliance with timely and regular lodgement.
Harbinger also provides traditional lodgement (CD, tapes, etc) and vaulting (physical fire-proof safe) if this is preferred.
Harbinger provides the agreements and professional services to ensure that the escrow service effectively reduces the risk to business. These services include:
- Standard and tailored escrow agreements
- Reporting and active alerts
- Audit and verification services
- Legal and technical services
When designating an escrow agent, it is critical to be sure that the agent is an independent third party not under the influence or control of either end-user or vendor.
It is rarely a good idea to simply name one of the party's lawyers or accountants as the escrow agent. Their duty is to their client so there is a potential conflict of interest. A founding principle of escrow agents is to remain neutral.
Further to this, those parties are not usually accustomed to the details of administering escrows or properly equipped to hold lodgements. It is therefore not recommended that a lawyer, accountant or similar professional be appointed as an escrow agent
Software escrow (or source code escrow) is electronic data granted to an entity but held by an Escrow Agent and only released after a condition is met
'Electronic data' is any data that can reside on a computer. For example, the 'source code' that software developers create.
The 'Entity' is the End-user of the electronic data. For a software vendor this is their end-user - their client.
The 'Escrow Agent' is Harbinger. Escrow agents hold the electronic data - for example a vendor's source code.
'Condition is met' - a pre-determined condition, often related to insolvency or the inability of the vendor to fulfil an existing contract.
Software escrow is a term that is interchangeable with source code escrow and data escrow. Software escrow is a relationship in which a Client (or licencee) requires software intellectual property (the source code and other associated) material to be stored with an escrow agent during the term of a software license, support or other agreement. The material would be released based upon the occurrence of specific events defined within the escrow agreement. Clients use software escrow services to protect against a disruption in support of mission critical technologies due to vendor failures.
An online vault is an electronic data storage facility that is designed and constructed specifically for the storage and preservation of mission critical data and source code. The online vault is designed to meet the highest standards in data storage, withstand catastrophic failure and disasters without affecting the contents of the stored files. These facilities are "designed to fail" without impacting the souce code integrity or availability. Our online vaults are equipped with devices that monitor every variable aspect of the electronic environment. Further, each form of electronic deposit is stored in several fashions (eg. optical disk, magnetic tape) that further preserves the availability of the source code.
Source on Ice's online vault and escrow management system provides a level of transparency, security and protection that is unique in the Australian and regional marketplace. The escrow management system supports the relationships between vendors and their users.
Our online vault systems has been engineered by security specialists specifically for the storage and preservation of mission critical data such as source code.
Using encryption and security technology coupled with the accessibility of the Internet, everyone's data is protected in a manner that was once the realm of only large companies and governments. Source on Ice's vault provides security for escrowed data and also acts as protection for vendors from catastrophic data loss.
Source on Ice's online vault provides you with comfort and peace of mind when storing your valuable company assets.
The systems are "designed to fail" without impacting data integrity. The vault is equipped with devices that monitor aspects of the electronic and physical environment. Further, each lodgement is stored in several fashions and in several locations - in separate Australian locations. This further preserves the integrity of the data.
The online vault's encryption security measures ensure that data remains safe and secure throughout the entire escrow life-cycle.
Escrow "Release Events" are the scenarios and conditions in which a release or partial release of the materials held by Harbinger as the escrow agent would be warranted. In a typical software escrow agreement, Release Events are not inevitable but serve as business continuity planning if some pre-negotiated event should occur.
Harbinger's standard escrow agreements support a wide array of release conditions already however we can also work with you to draft special Release Events that meet your particular business requirements. Typical Release Conditions may include:
- Bankruptcy of Vendor
- Cessation of Vendor's business
- Failure to support the terms of a license, support agreement or other agreement
- Failure to meet pre-defined service level requirements
- Death of key personnel
- Developer's acquisition by a key competitor
Data held by Harbinger is only released under strict conditions and the positive existence of a release event that is stipulated in the escrow services agreement. In that case, the vendor's escrowed material is released to the end-user so that they may continue business normally.
- ASIO T4 Standard Security consisting of three layers of physical barriers
- ASIO endorsed Electronic Access Control System
- ASIO endorsed Security Alarm Systems
- VeriSign compliant
- CCTV cameras, including analytics
- Located remote from geographic risk sources (flight paths, highways, fuel storage)
- Secure computer racks nd cabinets
- Facility staffed 24x7
- All hosting staff carry Australian government security clearances
- Uptime Institute Tier II facility
- On-site substation fed from dual power grids
- Diesel generators, with 28 hours of fuel storage on site
- Priority resupply from petroleum distributer
- 750 kVA rotary UPS in N+1 configuration
- Comprehensive Building Management system
- Redundant Air Conditioning (N+1)
- Humidity control
Fire Suppression System
- VESDA aspirated smoke detector sensor equipment
- Aragonite gaseous fire suppression
- Non-greenhouse, non-ozone depleting alternative to FM200
- Local zoning
You may use any filename that you wish - including the same or a different filename from your previous lodgements.
Many of our clients use a unique filename that includes the date. We identify your lodgements through a series of metadata that includes Date:Time, lodgement type etc.. The system will also append a number to your lodgement name if you use an identical name.
In accordance with your escrow agreement, superceeded lodgements are archived for a certain number of years. If the escrow is called on by the End-user (beneficiary), then we make available the most recent lodgements. If there are problems with the most recent lodgements, then under certain circumstances we may provide an earlier version of the lodgements.
Source on Ice - Harbinger's escrow management system, ensures your escrow agreements are as healthy as they can be. Our service is designed to ensure your escrow agreements are maintained and compliant, with the minimum of effort from you.
Source on IceTM offers round the clock monitoring services with several staff on standby to respond to any discrepancies as they arise. This includes our industry leading Active AlertsTM that dynamically compare lodgements with the requirements of your escrow agreements.
Every Source on IceTM member has direct access to e-mail and "call me back" telephone support to assist you in getting the most out of your membership.
Source on IceTM includes comprehensive context sensitive help and online training material. If you would prefer a manual, we would be happy to send you our latest user manual. You may also access our support center by telephone.
You will automatically receive Source on IceTM system upgrades. Harbinger is constantly monitoring trends and innovation in security and performance to ensure that the systems and processes guarding your IP and escrow lodgements continue to achieve best practice. We will introduce you to new features enhancements and extensions to our services as they become available.
As a member, you also have a say in what features and services Source on IceTM will provide in the future.
By establishing an escrow arrangement, you can address the concerns of prospective buyers and end-users without exposing yourself to the risks inherent in distributing source code and other proprietary materials.
Even under non-disclosure obligations, the proliferation of source code and other proprietary materials to end-users makes it difficult or impossible to ensure against eventual disclosure to competitors or loss of trade secrets.
By using an escrow arrangement you can make your software more marketable and can use escrow as a selling point to prospective customers.
Having an escrow arrangement already in place eliminates a barrier to purchasing your software and reduces the need for negotiation over source code rights that can delay or de-rail the sales process.
The Harbinger team originate from the legal and technology services industry and have decades of experience in software, data security, technology procurement, legal and commercial agreements. We understand that there are several key elements to providing quality escrow services:
Facilities - electronic data must be handled and stored appropriately to secure, protect and preserve the code so that it can be used in a time of need to support the application. Harbinger provides state of the art online storage in Australia that is replicated in the US. The online vaults are designed to meet the highest standards of data storage, withstand catastrophic failure and natural disasters without affecting the contents of the stored files. In addition, Harbinger has developed proprietary transmission, storage and retrieval system known as Source on Ice to safeguard our client's intellectual property while in transit and in our custody.
Experience - Harbinger specialise in software escrow. Our clients rely upon us to add value to their business by implementing and administering escrow processes to reduce the risk of doing business. Further, Harbinger periodically run "release scenarios" to ensure that when a release request occurs, Harbinger has the experience and the procedures in place to administer the escrow terms with authority.
Speed - Harbinger is committed to providing the most responsive and professional services in our industry. In most circumstances we will provide a "same day" response time upon request for agreement executions, beneficiary enrollments, and more.
A unique online interface We provide our clients with online access so they can:
make escrow lodgements online- Source on Ice provides vendors with a file encryption, transmission (and reception) tool that provides secure file transfer between the Vendor and the online vault
monitor compliance with an agreement - Information on each deposit received from a vendor is entered into our lodgement tracking systems to help ensure agreement compliance, and to provide precision in the storage and retrieval of deposits material.
receive reports, audit and verification results - End-users who choose to have their escrowed source code verified can access the results and reports on the verification and testing online
form Release Request Communities - If a single Release Event occurs that triggers a Release Request from several end users Harbinger will assist in the formation of common user groups to help with finding a resolution to the ongoing development and support needs of the group
access account information - End-users and vendors can access, review and update their account information
review current agreements - current (and historical) agreements are stored and summarised in an online interface
Pre-packaged and tailored escrow agreements - Harbingerhas designed agreements to provide flexibility with regards to initial structure and long term usability. With Harbinger there are no proprietary terms that will hinder flexibility later or require separate agreements depending upon your release conditions. The flexibility designed into our escrow agreements makes meeting current and future escrow requirements as efficient and economical as possible with out compromising quality.
In the end, many companies can provide software escrow services and meet one or two of these key benefits. However, only Harbinger can provide all four key benefits and meet your budgetary requirements.
Our services are designed with both small and large vendors and end-users in mind. For example:
If you have escrow agreements with multiple vendors and suppliers, then you will findSource on Ice vault view, automated alerts and proactive reporting service particularly useful. It removes time-consuming low-value activities from your business.and provides improved compliance and accountability.
Maintaining a development plan is a Release Alert. It is a responsibility of the end-user to highlight this to the Escrow Agent, who in turn contacts the Vendor. If a Release Alert is not resolved satisfactorily, then this may be escalated to a Release Event. Release Alerts raise awareness that a condition may have occurred that could be a precursor to a Release Event.
This release event relates specifically to the Vendor ceasing to maintain the Deposit Materials - that being, that the Vendor fails to upload Deposit Materials periodically (in accordance with the escrow agreement) to the Escrow Agent. It does not relate to whether or not the vendor is maintaining the source code (as may be required by a service level agreement).
A verification reset occurs when the instructions or components provided by the software supplier are insufficient for the verification programme to continue. At that point, the project manager will refer to the software supplier who will remediate the escrowed material.
Verification then commences from the start.
Termination, destruction and/or return processes differ from agreement to agreement. The exact details of the process that we will follow when your escrow agreement is terminated is detailed in your agreement.
For instance: In the case of Harbinger's standard agreement:
Harbinger will issue a Notice of Termination to all parties (the Vendor and the End-User).
The parties must confirm that they all agree with the termination
Harbinger waits for the required Notice Period (usually 30 or 60 days)
All electronic and physical lodgements are destroyed in compliance with Harbinger's Data Destruction policy.
A digital archive is retained for 5 years from the Notice of Termination
Level 0 Verification is also known as a Deposit Validity Review.
This is a process that Harbinger undertakes when it receives a deposit from a software vendor. We undertake a series of checks that include:
- Deposits have been lodged in a timely fashion
- Materials are up to date (in alignment with the escrow agreement)
- Media (if applicable) is checked for damage and wear
- Deposits can be de-compressed (un archived)
- Encrypted files can be decrypted and the method of encryption is known
- Deposits are accessible using the appropriate encryption key or password
- Deposits are free from viruses
- Sample files are tested for human readability
- A Validity Review report is produced and filed for future reference
You need the protection of modern software escrow if:
- Your business uses third party software through licence agreements.
- The software is critical to your daily operations and/or communications.
- The software application is embedded in other mission critical systems or applications.
- The software is customised for your business.
- You use third parties to update and maintain the software.
- Time to replace the software and implement a similar solution will be longer than the business can operate without it.
- You would not be able to operate, support and update the software should the owner or licensor fail to support and maintain it.
"It is an insurance policy to make sure you have access to that source code should that vendor no longer maintain that software for your organisation, so this gives you an alternative,"
“Inherent to every technology license agreement is a level of risk. Companies that supply and demand technology must adjust to a fast-changing marketplace, and with such uncertainty, precautions are needed. It is very important when setting up an escrow agreement to make sure the contract actually gives the customer the rights it needs in order to maintain that source code."
Securing your strategic ICT Investments - When licensing software or other technology, the IT, procurement or legal department needs to address increased regulatory compliance pressures to ensure the protection of strategic assets. Often, these strategic assets are in the form of software applications that materially affect a company's business.
Technology escrow is a smart and effective component of a business continuity strategy that software licensees can use to protect their mission critical applications in an ever-changing environment.
The practice of escrow can be identified as being either ‘traditional’ or ‘modern’. ‘Traditional’ escrow involves simply placing the software’s source code on physical media and depositing with the escrow agent. The escrow agent does not verify the source code to see that what was deposited was in fact the complete set of source code, associated technical documentation etc.
Until recently, most escrow arrangements were traditional in their approach. Custodians such as banks, notaries and legal firms physically ‘held’ a copy of the software source code as a deposit but did not technically verify that the deposit was complete, correct or up-to-date. If the escrowed material was out-of date, incomplete or unusable, then the protection afforded by the escrow agreement was worthless.
Further, the use of legal firms seldom met the requirement for independence demanded of escrow agents.
Modern software escrow agreements provide options so the end-user can elect for the escrowed material to undergo regular verification. Several options of verification provide deeper and deeper levels of assurance that the escrowed material contains what your software vendor committed to lodge, and that the materials are complete, up-to-date and usable.
Verification results evidence that greater than 90% of escrowed material is incomplete and often of little use to the end-user.
Traditional escrow arrangements are characterised by:
- passive or no monitoring of contract compliance
- media is transferred from vendor to escrow agent on physical media (CD / Tape)
- physical storage of the media in a secure location
- no validation process
- often no requirement or process to refresh or update the escrowed material
For an escrow agreement to be qualified as Modern, the following conditions must be present:
- the arrangement should be legally sound and the contract actively and continuously monitored for compliance;
- escrowed material should have been transferred to the escrow agent using a secure and encrypted medium,
- the escrowed material must be stored in two geographically distant locations including one electronic vault and one electro-magnetically shielded security deposit enclosure
- the escrowed material should be independently validated by a suitably qualified independent and neutral expert third party using an appropriate software verification process
- source code and supporting material should be updated frequently (several times a year).
Traditional escrow therefore offers little assurance that the source code material is present or that it will be of any use when called upon.
Traditional escrow should no longer be considered proper protection of your business. It does not meet ISEA (International Software Escrow Association) regulations for source code escrow practice.
The traditional test compilation of the source code (part of Harbinger's Level 2 Deposit Analysis) can be a time-consuming exercise. Supervised Compilation occurs when the escrow agent attends the vendor's workplace, confirms the build environment documentation, observes the compilation of the source code into object code, observes the working object code and then supervises the lodgement of the materials into escrow.
Often it is necessary to repeat the compilation process several times if there is discrepancy in the vendor's build instructions.