Institute of Directors in South Africa (IoD) has endorsed active software escrow as an operational risk management measure. In its first issue of 2008 (January 21), it leads with an article on the business and corporate governance benefits of active software escrow and advises its members to investigate further, particularly by requesting a two-page executive overview and 16-page guide prepared for it by escrow experts.

This new booklet highlights everything chief information officers need to know about IT governance and active software escrow.
Compiled by Escrow Europe with input from Michalsons Attorneys and senior lecturer in Private Law at the University of Pretoria, B Prozesky-Kuschke, the booklet is intended for CIOs, their boards of directors and senior management of organisations who are:
* Subject to, or embrace the provisions of, the King II report on corporate governance; or
* Obliged to be compliant with Sarbanes Oxley legislation (Section 404).
Its aim is to assist them identify what constitutes professional, or active, software escrow as well as why active software escrow is a very necessary business tool for all organisations that are dependent on information technology.
The booklet also provides hints on how to fast-track active software escrow and guidelines about the costs associated with it.
Commenting on the IoD’s stance, Escrow Europe director Andrew Stekhoven says it proved that the Institute truly had its members’ interests at heart, and was taking the lead in guiding them through complex but important issues.
“Many boards of directors are now starting to insist on active escrow as a matter of policy – they recognise that they have a duty of care in securing all software products on which their vital business processes and functions absolutely depend.
“I’m certain that the IoD’s responsible position on active software escrow will raise its profile even further and ensure that South African companies, and directors and officers, are not exposed to risks which can so easily be mitigated through the use of escrow.”
Possibly most important is the section providing four compelling reasons why active software escrow is a business necessity in South Africa. These are:
* Active software escrow facilitates compliance with corporate governance imperatives;
* South African law currently does not provide for the protection of, and access to, software source code in the event of software supplier insolvency;
* Active software escrow bridges the source code-object code divide; and
* Untested or passive escrow deposits are often useless when called upon to deliver what they promise – business continuity in the face of the software supplier’s inability to continue supporting its technology.