How do I choose the right Technology Escrow Vendor?

Technology escrow is commonly used by companies to protect their source code or their investment. Software escrow services are often sought by software developers when their client requests protection of the source code or the data contained within an application. This requirement is often stipulated in the software license agreement between the developer and the client. Similarly, with the increased uptake of SaaS hosted applications, companies today are looking to instruct a technology escrow vendor to ensure that they have a third-party continuity process in place in the unlikely event something happens to the SaaS vendor.  

Choosing the right technology escrow vendor can be tricky. This article reviews the key attributes of what to look for in a technology escrow vendor to ensure your source code and intellectual property are always protected and secure.

Key attributes to look for in a technology escrow vendor

Competent Management of Process from Start to Finish
It is advisable to choose a technology escrow vendor who can handle the entire managerial process of a software escrow agreement from initiation to testing through to the release/trigger event process. This management process should cover the 4 key areas below:

1. Data storage – Depositing and storing data such as source code or database files is a critical component of the technology escrow agreement. The technology escrow vendor should offer a simple yet secure process for this. Select a technology escrow vendor who can offer a seamless process to securely and automatically upload your files in one of the following ways:
   1. Directly from your Git repo such as GitHub, GitLab or Bitbucket;
   2. Via a secure File Transfer Protocol (SFTP); or
   3. Directly within the cloud hosting vendor such as AWS S3, Microsoft Azure Blob storage or Google Cloud storage. Your data should be encrypted while in transit and at rest.
      
      
2. Security – As mentioned above, your data needs to be secure. Look for a technology escrow vendor who can offer the highest level of information security and data protection. They should hold the appropriate information security accreditations, such as ISO27001 and ISO27017, for peace of mind that your data is safe and secure.
   
   
3. Version Control Management – Once a technology escrow agreement is in place, it is vital to ensure that the source code is updated on an agreed frequency. You should select a technology escrow vendor who can provide the means of automated deposits from Git. This ensures the developer can automatically upload the source code from their Git repository using SSH encryption and maintains a version control of previous deposits. This process ensures that the technology escrow vendor always maintains an up-to-date version of the source code.
   
   
4. Release Process– In the unlikely event that a release/trigger event occurs, you will need to make sure the technology escrow vendor you selected is experienced enough to  ensure that the release process is handled in a delicate, professional and neutral way. This may even include a dispute resolution process if one of the parties contests the release of the escrow deposit materials.

Technical Understanding
The testing of the source code in a technology escrow deposit is an integral part of every technology escrow agreement. It is vital to choose a technology escrow vendor that has inhouse technical consultants who possess solid experience in the management and verification of the source code. With more businesses turning to SaaS based applications, and if this applies to your organisation, also look into whether the technology escrow vendor has consultants who are certified engineers in the main cloud infrastructure providers such as AWS, Google Cloud and Microsoft Azure.

Streamlined Sales cycle
As the majority of software applications have moved to being hosted within AWS, Microsoft Azure or Google Cloud, technology escrow has become more complex. Source code alone will not usually suffice for most applications being placed into escrow. A common frustration amongst software developers is being sold an escrow product by sales representatives that don’t fully understand the technologies they are tasked with selling. This usually requires a second or third call with a technical representative followed with a lengthy questionnaire to complete in order to prepare a proposal. Look for a technology escrow vendor who can ensure that all sales representatives have extensive knowledge and understanding of the leading cloud hosting vendors and third-party integrations. They should aim to keep their initial call to a maximum of 20-30 minutes with a proposal following the same business day.

Experience
You need to look at the relevant experience that the technology escrow vendor has, in particular around SaaS hosted applications within Amazon Web Services (AWS), Google Cloud and Microsoft Azure. Case studies published by the technology escrow vendor are a great way to learn more about their relevant commercial experience in providing software escrow solutions. Accreditations such as ISO27001 and ISO27017 indicate that the technology escrow vendor has placed information security at the forefront in what they do.

No delays in the legal review process
A technology escrow agreement usually needs to be reviewed and agreed upon by three parties. Developers and their clients often amend the agreement to meet their specific requirements which then needs to be approved by the technology escrow vendor. Delays in the review process and the inflexibility of the technology escrow vendor often causes frustration with the developer and their beneficiary client. This was identified as a major pain point and by a technology escrow vendor having an internal legal department, red-lined agreements can be turned around usually by the next business day.  In addition to this, the technology escrow vendor should provide as much flexibility as possible as long as certain parameters are met. In this way, they can facilitate agreements rather than becoming another hurdle to overcome. Escrow London provides a variety of free template agreements which can offer a great starting position when negotiating the perfect technology escrow agreement.

Unlimited automated deposit process
In a world of automated deployment from Git repositories such as GitHub, GitLab and Bitbucket, software developers find the manual deposit requirements of some technology escrow vendors antiquated and inefficient. To overcome this potential headache, they should choose a technology escrow vendor who can provide unlimited automated deposits from unlimited Git repos integrating the source code deposit into the software development lifecycle. Choosing a technology escrow vendor who places limits on the number of repositories or the size of files may lead to increased costs in the future.

Remote and timely verification process
Verification is an independent test to provide assurance to the beneficiary that the deposited code or SaaS environments can be rebuilt and deployed in the event of a trigger. During a verification exercise, the developer will need to demonstrate the build process to the technology escrow vendor. A good technology escrow vendor will aim to minimise the time required from the developer for verifications. Verifications should be performed remotely by using video conferencing and the verification consultants should be empowered to keep the time required from the developers to an absolute minimum. For repeat verifications, the same consultants (wherever possible) should perform the test to ensure that no new knowledge transfer is required.

Trusted Legal Expertise
A reputable technology escrow vendor will hold extensive legal experience in negotiating software agreements in multiple jurisdictions including USA, UK, EU, Switzerland, Australia and Canada. Not all software escrow agreements are the same, so ensure you select a software escrow vendor who can provide a number of template agreements to suit the needs of your business. Escrow London offer a range of free template agreements which provide a good starting position to negotiate a fair software escrow agreement.

##

About Escrow London

Escrow London is a global technology escrow vendor headquartered in the United Kingdom. Our global coverage is provided across our London office, Escrow London North America Inc in Atlanta, and our Australian office in Sydney.

We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud hosted SaaS applications. We support a wide range of clients includes major law firms, banks, central banks, insurance companies, technology companies and government organisations.