Print Print

What is source code escrow?

October 9, 2007 – 9:58 pm by John Giles

If your business is dependent on custom developed software, then you should consider placing your software in safekeeping - escrow - as prudent risk management practice in order to reduce your companies risk exposure and safeguard the continuity of your day-to-day business operations that are dependant on that software.

The source code of a business application is lodged with an independent and neutral escrow agent according to the terms and conditions set out in an escrow agreement signed between the software vendor, the software licensee and the escrow agent.

The terms of this agreement will specify the exact legal terms upon which:

  1. the software vendor is obliged to deposit the source code,
  2. the software licensee may call for the release of the source code, and
  3. the escrow agent must act in the event of any dispute or legal action.

By entering into an escrow agreement, the potential for risk or dispute is reduced in that the escrow agent takes up a neutral and independent position that simultaneously ensures that the software vendor’s copyright and intangible assets are respected, whilst at the same time providing the licensee with the required protection.

If you require more information about escrow please email escrow@michalsons.com

Similar:

  • Share/Bookmark

Tags:

  1. 2 Responses to “What is source code escrow?”

  2. Audit Committees and Corporate Risk Officers are asking:-

    * Are we dependent on Technology such as Software for mission critical functions ?
    * Do we secure source code through the practice of Active Escrow (COBIT, SOx, Gartner etc refers) ?
    * What are our annual transaction values that depend upon IT over which we have little or no control ?

    Other than via an actual Source Code License, Software source code escrow is the only way whereby access to maintainable information systems, by the licensed End-User, can be guaranteed:

    * Irrespective of the stability or commercial status of the software supplier;
    * If certain predefined commitments such as warranty, support and maintenance are not honoured.

    Software Suppliers and Developers, worldwide, are recognising that:-

    * software escrow is a stamp of quality for demonstrating commitment to their Clients in respect of their company and product;
    * their Client’s need for escrow is perfectly legitimate as the arrangement deals with mission critical software that requires additional continuity of use warranties.

    Many Software Houses benefit from source code escrow iro a competitive advantage – they find that an escrow arrangement results in their selling more software licenses, more quickly.

    In South Africa, we have had confirmation from the Institute of Directors (IoD) that King III will address what it is that is required of South African Directors and Officers to manage the ICT Operational Risk associated with the dependence on technology such as software products as, to date, this ICT operational risk has generally been underestimated if not ignored because the protection that “active” escrow offers was not readily available to South African organisations, or has only been available subject to foreign legal jurisdiction.

    In summary, an “active” source code escrow is a vital operational risk management measure to ensure the continuity of ICT dependent business processes and functions in the event that a Software Supplier, or own key ICT resource, is no longer able or willing to do so.

    By Andrew Stekhoven on Apr 8, 2009

  3. The draft of King 3 does deal with IT risks on page 69, and IT governance and IT security on pages 17 and 90. See http://www.michalsons.com/king-3-published-for-comment/1463 for more information.

    By John Giles on Apr 8, 2009

You must be logged in to post a comment.

Copyright 2002 - 2010 Lematics. All Rights Reserved. Entries (RSS), Comments (RSS) and XML Sitemap. Designed by Bob