What is Software Escrow? An Easy-To-Understand Guide
You may have heard of the word Software Escrow before, but what does it mean for you, your company, and your software? Well, you’ve come to the right place to find out. This article goes through what software escrow is, when you should consider using a software escrow vendor and lists the different software escrow agreements available to you.
What is Software Escrow?
Software escrow is a three-party agreement between a software developer (the depositor), the end user (beneficiary) and the software escrow vendor. The objective of a software escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the code can be released to them. The software escrow agreement will outline the responsibilities of all the parties and usually includes the pre-defined release conditions.
Why should I look at using a Software Escrow Vendor?
As explained above, software escrow agreements are set up to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the source code can be released to them and business operations can continue as normal. Release conditions outlined in a software escrow agreement usually include the following and may be negotiated between the parties:
- Insolvency – The state of being unable to pay debts
- Bankruptcy – Declared in law as unable to pay debts
- Discontinuing support or service of the software application
- Failure to support the product that is licensed to the Beneficiary and then failing to cure such a material breach within 10 days of notice
- Transfer of IP rights to a third party who does not provide the same level of protection provided for in the escrow agreement
If a release condition occurs, the beneficiary may apply to the software escrow vendor to release the deposit materials including the source code. The depositor has the opportunity to dispute such a release condition and if necessary, the dispute may be moved to arbitration.
How to select the best Software Escrow Vendor for your company
Once you have decided that you want to use a software escrow vendor, there are factors you need to consider to ensure the software escrow vendor is adequate for your business. These include:
You need to look at the relevant experience that the software escrow vendor has in particular around SaaS hosted applications within Amazon Web Services (AWS), Google Cloud and Microsoft Azure. Case studies published by the escrow vendor are a great way to learn more about their relevant commercial experience in providing software escrow solutions. Accreditations such as ISO27001 and ISO27017 indicate that the software escrow vendor has placed information security at the forefront in what they do.
- Technical Understanding
The testing of the source code in a software escrow deposit is an integral part of every software escrow agreement. It is vital to choose a software escrow vendor that have inhouse technical consultants who possess solid experience in the management and verification of the source code. With more businesses turning to SaaS based applications, and if this applies to your organisation, also look into whether the software escrow vendor has consultants who are certified engineers in the main cloud infrastructure providers such as AWS, Google Cloud and Microsoft Azure.
- Competent Management of Process from Start to Finish
It is advisable to choose a software escrow vendor who can handle the entire managerial process of a software escrow agreement from initiation to testing through to the release/trigger event process. This management process should cover the below 4 key areas:
– Data storage – Depositing and storing data is a critical component of the software escrow agreement. The software escrow vendor should offer a simple yet secure process for this. Select a software escrow vendor who can offer you means to securely upload your files via a secure File Transfer Protocol (FTP) to their servers. Your data should be encrypted while in transit and at rest. Most software escrow vendors today utilise cloud storage service providers such as Amazon Web Services (AWS) and Microsoft Azure to provide this data storage.
– Security – As mentioned above, your data needs to be secure. Look for a software escrow vendor who can offer the highest level of information security and data protection. They should hold the appropriate information security accreditations, such as ISO27001 and ISO27017, for peace of mind that your data is safe.
– Management – Once a software escrow agreement is in place, it is vital to ensure that the source code is updated on an agreed frequency. You should select a software escrow vendor who can provide the means of automated deposits from Git. This ensures the developer can automatically upload the source code from their Git repository using SSH encryption. This process ensures that the software escrow vendor always maintains an up-to-date version of the source code.
– Release Process – In the unlikely event that a release/trigger event occurs, you will need to make sure the software escrow vendor you selected can ensure the process is handled in a delicate, professional and neutral way.
- Trusted Legal Expertise
A reputable software escrow vendor will hold extensive legal experience in negotiating software agreements in multiple jurisdictions including USA, UK, EU, Australia and Canada. Not all software escrow agreements are the same, so ensure you select a software escrow vendor who can provide a number of template agreements to suit the needs of your business. Escrow London offer a range of free template agreements which provide a good starting position to negotiate a fair software escrow agreement.
What Software Escrow Agreement Do I Need?
Once deciding on a software escrow vendor, your next job is to decide what software escrow agreement is right for you.
- SaaS Escrow Agreement
A SaaS Escrow agreement is used for SaaS hosted applications within AWS, Microsoft Azure, GCP or private hosting vendor. Solutions typically include replicated environments with 90 days of live continuity, deposit of production environment access credentials and the deposit of all the components that are required to spin up a SaaS environment (i.e. source code, deployment scripts, databases).
- Single Beneficiary Agreement
A Single Beneficiary agreement is made up of the depositor, beneficiary and the software escrow vendor as an independent 3rd party. A software escrow service agreement of this type is usually used when a client is licensing software from a developer. The agreement clearly outlines the release events and a guideline for the process should a release occur.
- Multi Beneficiary Agreement
Multi Beneficiary agreements are used by a developer to provide comfort to their clients that they have a standing software escrow agreement in place. By having a Multi Beneficiary agreement in place, under a single agreement, the developer is able to add an unlimited number of beneficiaries to the master agreement.
- Data Holding Agreements
Data Holding agreements are used when a company is using a developer to create a bespoke application and the beneficiary owns the intellectual property.
For further information on what Software Escrow services Escrow London provides, please click here.
About Escrow London
Escrow London is a global software escrow vendor headquartered in the United Kingdom. Our global coverage is provided across our London office, Escrow London North America Inc in Atlanta, and our Australian office in Sydney.
We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud Platform hosted SaaS applications. We support a wide range of clients includes major banks, central banks, insurance firms, technology companies and government.