What is Software Escrow? An Overview | NCC Group
Software Escrow is a simple and effective tri-party agreement with mutually agreed terms between the software customer, software supplier, and an independent escrow provider, specifically designed to mitigate risk and protect the interests of all parties involved.
Under the Escrow Agreement, the software supplier periodically deposits a copy of the software’s source code and application materials for secure storage, provided by the escrow provider. If certain predetermined release events occur, such as the supplier’s failure, the escrow provider releases the source code and deposited materials to the software customer (licensee).
In the event of a release, the software customer can use the escrow deposit to maintain the software, working from the source code and application materials, whether that be in-house or by engaging with another supplier.
Other names for Software Escrow include:
- Source code escrow
- IP escrow
- Technology Escrow
- SaaS Escrow
- Escrow as a Service
- EaaS
How does Software Escrow work?
The software customer and software supplier will enter into a legal agreement with the escrow provider. The Escrow Agreement states several legal terms, including what conditions constitute a release of source code and application materials. The deposited materials are updated at regular agreed-upon intervals to ensure that the deposits held in Escrow are always up-to-date and reflects the current version of the software application.
At Escode, part of NCC group, the deposited materials are placed in a highly secure vault. Our global network of physical and virtual vaults delivers the highest standard of security for the safe deposit and access of business-critical materials in escrow.
Should the release conditions outlined in the original Software Escrow Agreement be met, the source code and deposit material will be released to the software customer.
Once released, the Software customer, can then maintain the software, working from the original source code, whether that be in-house or by engaging with another supplier.
When is Software Escrow required?
Software Escrow is highly advisable for:
- Applications that play a crucial role in supporting critical business processes.
- Applications that have been customised and designed specifically for the software customer.
- Applications that contain significant financial investment by the software customer.
- When due diligence/poor credit reports have highlighted an area of concern regarding current software suppliers.
- A small software supplier where there is risk of take-over by a larger organisation.
- When a software supplier needs to demonstrate credibility and continuity to customers.
What are the benefits of Software Escrow?
A Software Escrow Agreement:
- Mitigates IT supplier risk, ensuring seamless execution of business continuity plans with minimal disruption or downtime.
- Protects investment in third-party software by guaranteeing its long-term availability while preserving developers’ intellectual property rights (IPR).
- Reinforces operational resilience, supporting business continuity and exit plans.
- Assists with audit requirements and ensures compliance with key technology outsourcing regulations and guidance.
- Safeguards reputation by ensuring critical third-party applications are consistently available.
What types of Software Escrow Agreements are available?
Selecting the most appropriate Escrow Agreement will depend on whether the software application you are looking to protect is hosted on-premise or in the cloud and if the software application has been specifically written or amended for use by one Software Customer, or if it is an off-the-shelf product used by multiple Software Customers.
Complete your Escrow Agreement with Verification
By establishing an Escrow Agreement, you have recognised that your licensed business-critical technology is an important aspect of your organisation’s business operations. Complementing your Escrow Agreement with Verification Services will help to mitigate potential risks and ensure a more rapid recovery for your organisation should circumstances require it.
Escrow Verification Services play a crucial role in validating the completeness, accuracy, and functionality of the software vendor’s escrow deposits. This essential audit of the source code and deposit materials helps to ensure that you can read, re-build, and maintain the working application. This demonstrates the effectiveness of business continuity and exit plans, providing a higher level of resilience and assurance.
[View source.]