Your Guide to Source Code Escrow - FAQs Answered
Economic uncertainty and an increase in IT related businesses announcing insolvency are spreading globally in our news headlines at the moment. With the recent shockwave relating to Silicon Valley Bank’s announcement of bankruptcy, the quick demise of Credit Suisse due to a string of scandals, top management changes and multi-billion dollar losses resulting in a huge slump in its shares and bonds, to new regulations relating to the management of third-party supplier risks, many businesses are left questioning their operational resiliency and what they can do to protect themselves from the potential risks of their IT service provider going bust. Source code escrow provides this assurance to businesses, helping them to protect their IT investments and maintain their software in the event of software supply-chain disruption.
In this article, we look at the most frequently asked questions we receive about source code escrow, covering what it means, how it works, the various solutions available and how source code escrow can benefit your business.
What does it mean to put Source Code in Escrow?
Source code escrow, also known as software escrow or code escrow, is available for businesses of all sizes to ensure the source code or their technology investments are always available and protected. For the client or beneficiary (end user) of the software, ensuring such protection is vital in the event of the software vendor or developer not being able to support the software anymore. Source code escrow is also sought by software developers when their clients such as banks, insurance companies and multi-nationals request protection of the source code or data within the software license agreement.
How does Source Code Escrow work?
During the agreement setup, the depositor (software vendor/developer) will deposit, with the source code escrow company, the latest version of the source code which is normally through an automated deposit system directly from GitHub, Bitbucket, GitLab and many other popular version control apps or via SFTP/S3 buckets.
To ensure the files are accessible and free of viruses, some source code escrow companies will perform a file integrity test as part of the source code escrow deposit. This source code escrow deposit would only be released to the beneficiary if the depositor can no longer support or maintain the software. The requirements for deposit and release of the source code are all clearly defined and negotiated upon in the source code escrow agreement.
Who should pay for Source Code Escrow?
When it comes down to who should pay for the source code escrow agreement, there is no definitive answer. However, there are certain cases depending on the situation where the source code escrow fees may be borne solely by the software developer or by the beneficiary. Fees can sometimes be split equally between both parties.
If the software developer is a young start-up company and the beneficiary is an enterprise organisation, the annual costs of the source code escrow arrangement will often be absorbed by the developer as they are willing to do whatever it takes to get the software license agreement completed.
In the circumstance where the software developer is more established and the beneficiary has made a request for the inclusion of source code escrow, the costs will often fall on the beneficiary.
In a situation where verification and testing of the source code is requested to ensure accessibility and usability, the beneficiary usually always pays for this service. However, there are situations where both the software developer and beneficiary agree to split the fees in an amicable way to proceed with implementing a source code escrow solution.
It is recommended that all payment terms are decided upon at the beginning of the agreement by all parties to ensure the source code escrow process is as efficient as possible for all involved.
What Source Code Escrow Service do you need?
Single Beneficiary Source Code Escrow Agreement
A single beneficiary source code escrow agreement is usually used when a client is licensing software from a software company. It is made up of the depositor, beneficiary and the source code escrow company as the independent third party.
Multi Beneficiary Source Code Escrow Agreement
Multi beneficiary source code escrow agreements are often used by software companies to provide comfort to their clients that they have a standing source code escrow agreement in place. This type of agreement allows the software company to add an unlimited number of beneficiaries to the master agreement.
How can Source Code Escrow benefit you?
- Protect your investment: Source code escrow ensures you have access to the source code of your custom software in the event that something happens to the software vendor or developer.
- Ensure continued support: If the software vendor or developer is unable to provide ongoing support and updates, the source code escrow company can release the code to you or a new development team.
- Provide peace of mind to customers: By using source code escrow, software developers can show their customers that they take the security and long term support of their custom software seriously.
- Comply with industry standards: In some industries, using source code escrow is a standard practice and may be required by regulations.
- Avoid costly disputes: In the event of a dispute with the software vendor or software developer, having the source code in escrow can help avoid costly legal battles and will allow you to continue using and maintaining the software.
Can Source Code Escrow be used for Cloud Hosted Applications?
The answer is yes! With an increase in companies shifting from traditional IT methods to SaaS-based offerings, SaaS vendors have more control over a business’s source code and data meaning more businesses are looking at ways to protect themselves if something were to happen to the SaaS vendor resulting in data loss.
A SaaS Escrow Agreement is the process of keeping a copy of critical SaaS application data with a SaaS escrow vendor. Similar to source code escrow, where critical software source code is stored with a source code escrow company, SaaS escrow applies the same logic to the entire cloud environment including the data hosted within a SaaS application. It allows companies to protect their data that resides within SaaS applications hosted by a third party, protecting them against data loss.
The most popular SaaS escrow solutions include:
- Replicated SaaS Continuity with 90 Days of Live Availability – This provides a replicated cloud environment with databases using deployment templates that may be activated in the event of a release situation. In the event of a release, the SaaS escrow vendor will be on hand to keep the lights on and provide a continuity of service for a period of up to 90 days.
- SaaS Environment Escrow – This incorporates a deposit of the cloud environment which may include containers, deployment scripts, templates, automated deposits of databases and source code deposits from Git repositories including relevant documentation.
- SaaS Access Continuity – This solution includes the deposit of the developer’s access credentials to the cloud hosting vendor’s production account. Solutions include the transfer of the access credentials to the beneficiary and the possibility of the SaaS escrow vendor maintaining the production environment for a 90 day period to ensure continuity post release event.
About Escrow London
Escrow London is a global source code escrow and SaaS escrow vendor headquartered in the United Kingdom. Our global coverage is provided across our London office, Escrow London North America Inc in Atlanta, and our Australian office in Sydney.
We have invested considerable resources into innovation to reinvent source code escrow for a SaaS world. As well as source code escrow solutions, Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud hosted SaaS applications. We support a wide range of clients includes major law firms, banks, central banks, insurance companies, technology companies and government organisations.
Find out about SaaS Escrow by viewing our new video here.