subscribe: Daily Newsletter

 

Active escrow agreements on the rise

0 comments

Escrow Europe, one of the leading providers of active software escrow in South Africa, has put in place over 20 active escrow agreements over the past few months including those for Business Connexion, Ellerines, Hollard Select Brokers, Natsure, Santam and South African Express Airways.

The Institute of Risk Management of South Africa (IRMSA) has recognised Escrow Europe’s role in assisting South African companies manage their mission critical business risks and named the company as the recipient of the Best Small Business Initiative Related to Risk Management Award for 2007 at its annual conference.
According to Escrow Europe MD Andrew Stekhoven, the question South African Directors and Officers need to consider in respect of ICT operational risk is "What are our annual revenues that are dependent on technology platforms that we do not own". This provides the imperative for the practice of active source code escrow in underwriting this risk.
An active escrow arrangement is typically the only way whereby access to maintainable information systems, by the software end-user, can be guaranteed:
* Irrespective of the stability or commercial status of the software supplier; and
* If certain predefined commitments such as warranty, support and maintenance are not honoured.
From an operational risk perspective, an active escrow arrangement is the only proper re-assurance that an organisation has that software that is vital to the survival of their business will not become "orphanware".
Reasons for orphanware range from the obvious for instance bankruptcy on the part of the supplier, to the more subtle – what happens if a competitor acquires your supplier with the sole purpose of killing a competitive product.
Stekhoven says that active software escrow is well used in Europe and the US to manage ICT risks and comply with good governance regulations, but many South African companies either ignore its potential for managing the multifaceted risks and due diligence obligations facing their company directors and/or officers, or they mistakenly believe that a passive escrow arrangement offers the same protection as one that is active.
However, this is changing, he said, proof being the increasing number of companies seeking out Escrow Europe’s considerable expertise in the area.
Gartner Research believes ICT – or technology – escrow is a smart and effective component of a business continuity strategy that software licensees can use to protect their mission critical applications in an ever-changing environment.
According to director of the IT Asset Management and Applied Research Group, Jane Disbrow, inherent to every technology license agreement is a level of risk. Companies that supply and demand technology must adjust to a fast-changing marketplace, and with such uncertainty, precautions are needed. Escrow is an insurance policy to make sure you have access to that source code should that vendor no longer maintain that software for your organisation, so this gives you an alternative.
Adds Stekhoven: “Under an active software escrow agreement, the material on deposit is subjected to consistent standards of technical verification on a regular, scheduled basis. It will also warrant that the deposit contains what your supplier has committed to lodge, on an ongoing basis, so as to provide proper reassurance to you that the deposit is complete, up-to-date and usable in the event that you may need it.
“The ‘passive’ approach to escrow or intellectual property custodianship involves simply ‘holding’ the material; active escrow involves both holding the material and verifying it to be usable in terms of the escrow agreement between the software supplier and the end-user.
“However, research findings suggest that businesses making use of passive software escrow would have, at best, experienced severe difficulty in using the material released in keeping with the terms of the agreement should anything happen to force it into play. At worst, the deposit would be entirely useless. Without proper technical verification how would you know?”