An SES Guide to Software Escrow Protection
Published on 16/03/2022
Choosing the correct Software Escrow protection to fit your business can be a challenging task. With so many options out there, how do you choose the protection which fits your needs?
At SES, our core Software Escrow service is broken down into four distinct levels, making it easy for you to choose the right protection for your business. Each of our Escrow Software Agreements can be used to protect both on-premise and hosted software applications, are secured to ISO: 27001 standards and include the highest liability indemnity insurance available (£5 million).
Level 1 of our Software Escrow solution includes a very basic, entry level Software Escrow agreement designed for those clients who are entering into a Software Escrow agreement to meet regulatory requirements. It can also be used by developers to secure a contract with a new customer at which point the Escrow can then be scaled to meet the customers' needs.
SES recommend level 2 as the minimum level of protection our clients should consider securing their valuable software applications. This level of Software Escrow agreement also includes a remote code validation which provides the materials and build documentation that would enable the user to fix bugs and maintain the application to the point a suitable replacement can be procured.
This level is designed for on-premise applications which do not require a simulated release event as in the case of supplier failure, in many instances the application would continue to operate.
This level is designed to protect applications that are installed on-site at the end users premises. Because the application is locally installed, it only requires minor, infrequent updates to remain operational in the event of a release. Therefore the end user only requires knowledge of how the application is built to support the application themselves and the simulated deployment is not required.
Level 3 is the minimum level of Software Escrow protection that should be considered for SaaS/Cloud applications. With SaaS applications, in many instances, the first indication of a customer having a problem with their supplier is the complete withdrawal of access to their application and all associated data.
To combat this, the simulated release event included in the level 3 Software Escrow agreement provides assurances that the material and build guide held in Escrow is sufficient to accurately deploy your application with the most current version of your data, enabling you to continue using it to the point a suitable replacement can be procured.
Level 4 a SaaS Continuity service also know as the Licensee Continuity Plan (LCP) is the complete Software Escrow solution, it is designed to ensure hosted applications can be restored quickly and resume providing business critical services. In addition, all necessary build documentation is held in Escrow for the purpose of continued development and support of the software. This proves that the application can be deployed from Escrow independent of the supplier, eliminating the risk of significant downtime to key services and business operations.
For standard Escrow, with releases containing supplier IP, the release process varies typically between 14 to 30 days (across the Escrow industry). While waiting for this process to complete there is a real danger to the software user of increased operational downtime, poor recoverability, loss of revenue, brand & reputation damage, non-recoverable losses, legal claims and business closure. SES's LCP provides a real-time Interim Release that bridges the gap between initiating the release process and its completion. Upon receipt of a release request, SES can switch on the Interim Release and provide the software user with continued access to their services, in some cases within minutes. This protects the software user and ensures the business can continue to operate without disruption until the release process finalises. The LCP will set out the timeframe for operating the Interim Release and once the release has been confirmed the Licensee Continuity Plan would become fully operational.
Choosing the right level of Software Escrow protection is paramount to ensuring that your Software Escrow agreement provides the level of continuity you need to keep your business running when your supplier is unable to support a key application. To speak to one of specialists about your business continuity requirements or discuss our LCP Agreement in more detail, please get in touch.
© SES Secure Limited and ses-escrow.co.uk, 2021. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.