Software Escrow Services & Fundamentals

The ins and outs of Software Escrows, Source Code Escrows and Technology Escrows

M
;

Introduction To Software Escrow Services

The request for a software escrow was properly brought up last minute when negotiating your software license. The last thing anyone wants is to delay a critical software deal.

In this article, I will show you everything you need to know about software escrows including what a software escrow is, how it can help, the steps to determine if one is needed, and—if necessary—how to easily set one up.

Choosing a software escrow

What is a Software Escrow?

A software escrow is a service that helps protect all parties involved in a software license. A neutral, third-party escrow agent holds any source code, data, and documentation until a mutually-agreed-upon event occurs.

WHY You Need Software and Source Code Escrow Services

When negotiating a software license, a prudent licensee may ask, “What happens if the software vendor goes out of business?” What usually follows is a request to access the source code and any other critical materials used to maintain the software.

For a software vendor, a licensee having access to source code or other confidential materials is a risk to their business. How would a software vendor know the licensee will keep the source code safe and secret? What if dozens of licensees demand the source code? A source code escrow agreement ensures a high level of security surrounding precious IP.

For a licensee, not having access to the source code is a risk to business. How would the licensee continue to use and maintain software if the vendor goes out of business? What if it fails to meet its obligations, or any other unforeseen event occurs? Working with a source code escrow agent ensures mission critical code remains accessible.

This difference in perspectives and concerns is the reason software escrows exist.

The Simple, Five-Step Solution

For both parties, software escrows mitigate the inherit risk in software licenses. They accomplish this by storing source code and other critical materials with an independent, neutral, third-party escrow agent. This independent and neutral storage is the key in mitigating risk to all parties involved.

The process is simple:

1) Execute an escrow agreement with a reputable software escrow agent

When deciding which software escrow vendor to use, the following factors are important:

  • How long it has been in business
  • Where it keeps your materials
  • What its legal expertise is
  • What is its technical expertise is
  • How easily can you manage the escrow

2) Delivery of source code and other materials to the escrow agent

Source code, documentation and any other important materials should be easily deliverable to the software escrow agent. The escrow agent should offer submission methods such as:

  • Escrow synchronization
  • Automated submission scripts via sftp
  • Manual online submission
  • Manual offline submission.

3) Source code is securely held awaiting release conditions to occur

Release conditions” define if and when the software escrow agent should release the escrow materials to the licensee. This ensures that the escrow materials are only released following a mutally-agreed-upon event.

4) The escrow is updated as the software product evolves

As new versions of the software are developed corresponding updates to the escrow should occur. Modern escrow agents can automate this process which helps keeps the escrow up to date.

5) A release condition occurs and the escrow materials are released

If a software license terminates without meeting a release condition, materials can either be returned to the software vendor or destroyed

Benefits for a Software Vendor

  •  Smoother negotiations
  •  Establishes confidence by addressing the concerns of the prospective licensees (those concerns may be unspoken)
  •  Safe storage of source code and other materials with one company instead of scattered across multiple customers

Benefits for a Licensee

  •  The ability and legal right to maintain, update and enhance mission critical software
  •  Reduced chance of significant interruption of, or damage to, its business
  •  Eliminate concerns regarding the software vendor’s capabilities
  •  Business continuity

When should I use a software escrow?

The first step in effecting a good escrow is to ask if an escrow is needed.

For example, an escrow is probably needed if the licensee worries that the software vendor: 

  • Is not financially stable
  • Could go out of business
  • Might, willingly or not, discontinue maintenance and support of the software
  • Might, willingly or not, not breach its maintenance or support obligations

In making this assessment, the size and fame of the software vendor should not be the only considerations. Bankruptcies are not limited to small, unknown companies and individuals. Large companies also use the bankruptcy laws to reject contracts. Furthermore, any vendor might decide to drop support and maintenance of software products.

The licensee should envision itself in the position of suddenly being without maintenance or support when the following occurs:

  • The software crashes, produces erroneous results or experiences incompatibilities with other software
  • The software needs to be updated because of changing business needs

In any of these situations, would it be beneficial to have source code and other materials? If so, an escrow might be right for your situation.

How To Vet A Software Escrow Agent

Below are the qualities and facilities you should look for when choosing a software escrow agent.

Dependable - How long has the agent been in business?

The length of time a software escrow company has been in business is often a great indicator of its reputation. Most software escrow providers list this information on their website. You can independently verify this by doing a business name search for the state their headquarters is located in.

For example, here is EscrowTech’s registration.

Facilities - How and where is your data stored?

A software escrow company should store the escrow materials in top of the line, long-term “offline” vaults. Alternately, in “online” vaults that are regularly checked via penetration testing and other security best practices.

At EscrowTech, we offer both “offline” and “online” vault solutions depending on the customer’s unique needs.

Technical Expertise - How well staffed are they?

When choosing an escrow company, its technical expertise is a key factor in determining how well it will be able to perform technical verification services.

EscrowTech employs its own developers which allows it to adapt to its customers’ needs and unique situations.

Legal Expertise - How strong and Flexible are their agreements?

It is a common mistake to view a software escrow as merely an arrangement for the physical storage and transfer of escrow materials to a licensee if a release condition occurs.

There is a second purpose that is just as important to the licensee. A proper escrow will provide the legal structure necessary to ensure a release of the material.

Furthermore, many software projects require custom agreements. Make sure your escrow provider has the expertise to work with your attorney to fit any unique need that may arise.

EscrowTech’s in-house counsel has many years of experience in software licensing and information technology law. EscrowTech provides the forms, but is willing to work with you and your attorneys to structure the final agreement as needed.

Simple Online Management - How easy is it to manage your escrow?

When vetting a software escrow company, ask how you can:

  • Submit materials
  • Update account information
  • View account documents
  • Pay bills online

Modern software escrow companies will have a fully developed online account management application. These solutions help software vendors fulfill their obligations and avoid out-of-date escrow materials.

EscrowTech’s online application “RealTime Escrow” allows you to easily manage your escrow from the convenience of your browser.

Types of Escrows

Below, we’ve described some of the critical vocabulary related to software and technology escrow.

Software Escrow or Source Code Escrow

This is the most common type of escrow and is designed to store:

  • Source code
  • Configuration
  • Virtual machines
  • Build instructions
  • Other critical documentation.

These escrows can be used with:

  • In connection with traditional on premises software licenses
  • Development agreements
  • Software acquisition agreements
  • Other transactions involving software

While software escrows normally store on-site applications they can also store SaaS based applications.

Technology Escrow

Technology escrows provide the same level of protection as software escrows. However, they contain a wider range of materials and apply to a wider range of licenses and technology deals.

Technology escrows can hold any piece of technology including, but not limited to:

  • Encryption keys
  • Product designs
  • Documents
  • Prototypes
  • Samples
  • Chemical formulas
  • Other embodiment of technology that can be stored physically, electronically or in the cloud

At EscrowTech, we treat a technology escrow similar to a software escrow.

SaaS Escrow

SaaS applications often require a more robust solution to obtain the desired protection. This is because SaaS subscribers do not have direct access to a running copy of the software. More importantly, they don’t have access to their own data.

If the SaaS vendor goes out of business, the SaaS subscriber is immediately in a crisis situation. Even if the SaaS vendor remains in business, all it takes is the flip of a metaphorical switch. Suddenly, the SaaS subscriber is without use of the software or access to its data.

To protect against this, a SaaS escrow can be set up to store not only the source code, but:

  • Executable code,
  • Production virtual machines
  • Data
  • Other key components of the SaaS solution

These items should be updated on a frequent basis – especially data. These items must be sufficient to enable the subscriber to get the SaaS solution up and running again.

The materials can be stored in a cold, warm or hot state of readiness. They may be on storage media or may be on a configured server ready or near ready to go live. The state of readiness will determine how quickly the SaaS solution can be restored. The customer needs to offset the higher cost of a hot environment against the need for a speedy restoration.

As more software shifts away from the traditional on-premises licensing model, SaaS and other Cloud escrows will become increasingly important.

Domain Name Escrow

Domain Name Escrows are a service that help reduce risk when purchasing a domain or using a domain as collateral. This is accomplished by an escrow agent holding the domain’s credentials until a release condition occurs.

These types of release conditions can include payments, the end of a loan, or other agreed upon conditions.

Software Escrow Details

What should be included in escrow materials?

If given a foreign software product, what would you I need to maintain or support it? We recommend including the items below.

Source Code

The cornerstone of a software escrow is the source code and its’ 3rd party dependencies. After escrowing a large number of software projects we found that the following should be included:

  • Internal repositories – Every now and then during a technical verification we find that most, but not all, of the internal repositories were escrowed. Performing a technical verification can verify that all necessary repositories are present.
  • 3rd party dependencies – The majority of software is built using frameworks, libraries or other 3rd party dependencies. These may be difficult to find years later when the source code is released from escrow. The software vendor should escrow 3rd party dependencies and license keys.

Documentation

Properly documented software greatly helps the licensee in the event of a release. Consider including:

  • Build instructions – This type of documentation should include the steps taken when building the source code into an executable. Although the reader should be experienced in the relevant programming language and development environment, he or she likely has no tribal knowledge. Always assume they have never worked on this software in the past. In the event your software is built using an interpreted language, this type of documentation can be omitted.
  • Configuration instructions – Include clear configuration steps of the server running the application. Likewise, include any configurations the software itself needs. For example, server configuration files, usernames, passwords, application startup options, or database configurations.
  • Any other critical documentation – The whole idea behind documentation is to make setting up the software easier. If there is a piece of documentation that is critical to the software, include it in the escrow.

Customer Data

If the software vendor is holding the licensee’s customer data, this should also be included in the escrow materials.

Virtual Machines

The power of virtualization makes escrowing entire production or build environments possible. This greatly reduces the amount of time a licensee might have to spend when a release occurs.

List Of Developers

One often overlooked escrow item is a list of developers and their contact information. Escrows are often released because the software vendor has gone bankrupt. This normally means their developers are also out of work. This is a great opportunity for a licensee to hire developers familiar with the software they now intend to maintain.

How to update a Software Escrow

Escrows can be updated either on-line or off-line.

Online

A modern software escrow company should have a fully developed online application which supports secure online submissions of escrow materials. This process typically entails using a username and password to access a secured section of the escrow company’s website. Once logged in, a simple process will allow you to submit and upload files to your escrow. You can do so securely through an encrypted connection.

Additionally, modern software escrow companies will offer escrow synchronization, or automated scripts, which fully automate the submission process.

After submission, depending on the escrow company:

  • Materials will be removed from the server
  • A standard inspection will be conducted
  • Materials will be copied onto DVDs or other storage media
  • Storage media will be moved to long-term storage vaults

After the materials are safely stored, your escrow provider should send notifications to all parties involved.

At EscrowTech we offer RealTime Escrow as our online escrow management solution. It includes a simple to use update process that can be completed in as little as five minutes.

Off-Line

Escrow materials can be submitted to the escrow agent off-line by:

  • Mailing
  • Courier service
  • Hand delivering the materials

This is an older process that the majority of customers do not use today. Still, escrow agents should offer this option, as every situation is unique.

Where are Escrow Material Stored?

Depending on the type of escrow and the escrow agent, materials can be stored in either online or offline vaults.

Off-line Escrow Vaults

Offline escrow vaults are physical locations with high levels of security and features such as:

  • 24 hour armed security
  • 24 hour electronic surveillance
  • Natural disaster resistant properties
  • Environment controls for ideal long-term storage
  • Remote location

This type of vault provides the highest assurance that materials remain safe and available in the event of a release.

Materials can still be delivered electronically to the escrow agent, but long-term storage happens offline.

Read more about EscrowTech’s offline escrow vaults.

Online Escrow Vaults

Online escrows vaults use servers to store escrow materials for long periods. These servers are normally located in the cloud or are hosted internally by the escrow company.

Keeping materials online generates a different array of risks. Most risks can be mitigated by proper use of best security practices such as:

  • Using the latest encryption technologies
  • Regularly scheduled penetration testing
  • Audits of access logs

Online Escrow Management

With EscrowTech’s RealTime escrow service you can easily manage your escrow with the following benefits:

  • Submit escrow materials online – RealTime escrow contains a secure online deposit system that allows the software vendor to submit materials online. It’s secure and much easier than dealing with other file transfer protocols. The software vendor simply fills out the electronic deposit form online. They then drag or drop their files into the upload tool. The deposit is sent directly to EscrowTech’s encrypted FTP server via a Secure Socket Layer using HTTPS.
  • View status reports for one or multiple accounts online – As a user of RealTime Escrow, you may register to view all accounts under one simple username. Every customer under an escrow account has their own unique Status Report. This Status Report provides an account summary. It includes general contact information, balance due, a deposit history log, and a list of licensees registered to the escrow account.
  • Automatic semi annual status reports – Every six months a detailed Status Report is sent out to all parties on the account. It outlines the health of the escrow in detail. This helps ensure that escrows will provide the desired protection.
  • View deposit confirmations online – EscrowTech generates a Deposit Confirmation for every deposit received. Clients can view Deposit Confirmations online for every deposit submitted. This Deposit Confirmation includes a detailed description of the Deposit Materials submitted by the software vendor. This includes a signed Deposit Inventory Form from the software vendor. This form helps the owner and beneficiary internally audit what products and version of products have been submitted to EscrowTech.
  • Set up new agreements online – EscrowTech’s agreements and forms are all posted online. You may set up a new account by simply downloading the correct form, collecting the signatures and submitting it to EscrowTech.
  • Register new licensees online – Licensee forms are available online for download. You may register a new licensee by downloading the form, collecting the signatures and submitting it to EscrowTech.
  • View signed account documents – All important signed account documents are stored online. At anytime, you may access your signed agreement, licensee form, deposit confirmations, technical verification reports or amendments.
  • Submit updated contact information – Clients can submit any changes to contact information online. This ensures clients will receive important notices such as Deposit Confirmations and Status Reports
  • View and pay outstanding balances – Each account’s Status Report indicates the current balance of the account. Clients may pay online via EscrowTech’s payment portal.

Software escrow agreements

Single Beneficiary (Licensee)

Who is it for?

The Single Beneficiary “SB” agreement is a three party agreement between a software vendor (owner), a single beneficiary (licensee) and EscrowTech. This type of agreement is used when:

  • There is one software vendor
  • There is one licensee

How it works

Graphic illustrating Multiple Beneficiary Separated Products Escrow. | EscrowTech International

  •  Deposit Materials – The actual source code, documents and any other important material.
  •  Release Conditions – What must occur for the deposit materials to be released. See helpful contract language.

Multiple Beneficiary  – Separated Products

Who is it for?

The Multiple Beneficiary – Separated Products “MB-SP” agreement is a multiple party agreement between a software vendor (owner), EscrowTech and any additional number of beneficiaries (licensees) for multiple software products. This type of agreement is used when:

  • There is one software vendor
  • There will be one or more beneficiaries
  • The escrow materials contain different software projects
  • Not all beneficiaries should have access to all software projects

How it works

  • Beneficiary Registration Form – This form is used to add a beneficiary to the escrow account. In addition, if needed, this form allows each beneficiary to have unique release conditions different from other beneficiaries.
  • Deposit Materials – The actual source code, documents and any other important material.
  • Release Conditions – What must occur for the deposit materials to be released. See helpful contract language.

Multiple Beneficiary – Separated Escrows

Who is it for?

The Multiple Beneficiary – Separated Escrows “MB-SE” agreement is a multiple party agreement between a software vendor (owner), EscrowTech and any additional number of beneficiaries (licensees) that have their own customized deposit materials. This type of agreement is used when:

  •  There is one software vendor
  •  There will be one or more beneficiaries (licensees)
  •  The deposit materials for each beneficiary are customized and should be stored separately

How it works

Graphic illustrating Multiple Beneficiary Separated Escrows. | EscrowTech International

  •  Beneficiary Registration Form – This form is used to add a beneficiary to the escrow account. In addition, if needed, this form allows a beneficiary to have unique release conditions different from other beneficiaries.
  •  Deposit Materials – The actual source code, documents and any other important material.
  •  Release Conditions – What must occur for the deposit materials to be released. See helpful contract language.

Create A Custom Software Escrow Agreement

Every software project presents unique and challenging situations.

For over 24 years, EscrowTech has been customizing our agreements to meet those challenges. We will work with you and your attorney to customize an agreement that fits your situation.

Helpful Contract Language

Below, you’ll find a software escrow agreement sample featuring common contract language.

Software Escrow Sample Clauses

Software Escrow. Licensor and Licensee will enter into a Software Escrow Agreement with EscrowTech International, Inc. to establish an escrow of the Deposit Materials. The Deposit Materials will include the source code of the Licensed Software, compilation and build instructions, and ________________. [The Release Conditions and procedure will be specified in the Software Escrow Agreement.] [Any one of the following Release Conditions will entitle Licensee to a release of the Deposit Materials in accordance with the procedure and terms of the Software Escrow Agreement:

Sample Release Conditions - When the source code will be released

In drafting an escrow agreement, the release conditions (sometimes called trigger events) are just as important as the escrow materials. The occurrence of a release condition entitles the licensee to receive the escrow materials. There may be one or more release conditions.

Here are just a few simple examples of release conditions used in escrow agreements:

  •  Licensor discontinues business because of insolvency or bankruptcy, and no successor assumes licensor’s software maintenance obligations under the license agreement.
  •  Licensor (or its successor) defaults in its obligation to provide maintenance services as required by the license agreement and fails to cure such default within two weeks after receiving written notice of the default from beneficiary. The notice must describe the default and the action that beneficiary believes is necessary to cure the default. If more than two weeks is reasonably required to complete the cure, licensor (or its successor) shall have such additional time (not to exceed two months) as is reasonably needed, provided that licensor (or its successor) is diligent in completing the cure.
  •  Licensor ceases to maintain the software for beneficiary while under a maintenance obligation to beneficiary, and no successor to licensor continues to maintain the software for beneficiary.
  •  Licensor discontinues its business relating to the software and no successor to such business assumes and carries out licensor’s contractual obligations to maintain the software for beneficiary.
  •  Licensor becomes insolvent or admits either insolvency or a general inability to pay its debts as they become due.
  •  Licensor files a petition for protection under the US Bankruptcy Code or an involuntary petition in bankruptcy is filed against licensor and is not dismissed within 60 days thereafter.
  •  Licensor refuses or fails to renew its maintenance and support obligations under the license agreement after beneficiary has requested such renewal in a writing delivered to licensor.
  •  Licensor becomes the subject of a Chapter 7 bankruptcy proceeding under the US Bankruptcy Code, and such proceeding is not dismissed within 90 days after its initiation.
  •  Licensor is acquired by or merges with a competitor of beneficiary.