Software escrow is a common method of mitigating future risks in deals involving the licence of business critical software. Risks such as insolvency of the software provider or obsolescence of the software may cause significant disruption to the customer’s business. A customer that has access to the source code can take steps to ensure continuity of its operations.
What is source code?
Source code is the version of a computer program written in human-readable computer language. It is converted into object code so it can be run on a computer. The source code allows a user to see how the software is processing data or performing functions and is needed to change the operation of the software as well as to carry out maintenance.
What is software escrow?
In a traditional software escrow arrangement, the software provider deposits a copy of the source code with a trusted third party, the escrow agent, who will release the source code to the customer upon the occurrence of one of a number of release events such as the service provider becoming insolvent. The obvious attraction for a customer is being able to maintain the software where the software provider is unable to do so.
When do I need one?
Escrow arrangements can be expensive as well as time consuming to establish and to maintain so they will not be appropriate for every deal. If you’re thinking of requesting escrow, the following should influence your decision:
- Service Provider: you have reason to believe that the software provider will have difficulty maintaining or supporting the software in the future. This could be because the software provider is a small or new business or perhaps it has experienced a decline in business or sales forecasts.
- Software: the software is business critical or revenue generating and without it your organisation would experience severe disruption. Where the software is bespoke or highly customised, it may be costly and difficult to move your operations to new software.
What are the potential pitfalls?
There are a number of drawbacks to escrow. You must be mindful of the following:
- Costs: the costs relating to the opening and maintenance of an escrow arrangement are significant and they are typically borne by the customer. You must weigh the costs against the impact of any potential disruption on your business.
- Source Code: the service provider must be required to deposit a copy of the source code with the escrow agent each time a change is made to it. You will need to be vigilant and must monitor deposits to ensure the agent has an up-to-date copy of the source code.
- Verification: the terms of the escrow arrangement must include a requirement for the escrow agent to verify that the source code is accessible and usable. This is essential and must be performed each time a copy of the code is deposited with the agent.
- Disputes Over Release: it is common for there to be a disparity between what a customer and the service provider consider to be a release event which can lead to delays in concluding the initial deal. Disagreements may also arise as to whether a release event has actually occurred and in such circumstances an escrow agreement would typically require the parties to submit to a dispute resolution procedure. This would delay the release of the source code negating the key benefit of escrow.
- Lack of Expertise: a problem most customers encounter upon the release of the source code is not having the expertise needed to implement, maintain and support the software. You should have a plan for this eventuality particularly when dealing with business critical software. You could train or recruit staff for those purposes but that can be a lengthy process. An alternative provider could step in but you may struggle to find one with the necessary expertise particularly where the software is bespoke or highly customised. Where one is available, you will once again be reliant on a third party to maintain the source code.
What about Cloud and SaaS Services?
A traditional software escrow arrangement would give a customer access to the source code so it can maintain software that has been installed on its servers without the software provider. Where your organisation is receiving cloud and SaaS services you are not going to have access to the software, let alone the source code.
Besides, where the provider fails, you will be prioritising the migration of data to a new server that can host the SaaS application and you will want to achieve that quickly to minimise disruption. Some service providers offer such solutions but they can be costly.
If you turn to escrow, you should opt for a cloud or SaaS focussed arrangement that requires the software provider to deposit a copy of your data and, ideally, the hosting environment with the escrow agent for your use upon the occurrence of a release event. Nevertheless, you are likely to encounter similar pitfalls as in a traditional escrow arrangement, particularly in relation to costs and disputes over release events.
Software escrow can help a customer protect business critical software and valuable data, avoiding interruptions to operations. However, it will not be suitable for every scenario and you must have a strong business case for escrow to justify the costs and inherent risks.