The request for a software escrow was properly brought up last minute when negotiating your software license. The last thing anyone wants is to delay a critical software deal.
In this article, I will show you everything you need to know about software escrows including what a software escrow is, how it can help, the steps to determine if one is needed, and—if necessary—how to easily set one up.
A software escrow is a service that helps protect all parties involved in a software license; A neutral, third-party escrow agent holds any source code, data, and documentation until a mutually-agreed-upon event occurs.
When negotiating a software license, a prudent licensee may ask, "What happens if the software vendor goes out of business?" What usually follows is a request to access the source code and any other critical materials used to maintain the software.
For a software vendor, a licensee having access to source code or other confidential materials is a risk to their business. How would a software vendor know the licensee will keep the source code safe and secret, and will not use it prematurely? What if dozens of licensees demand the source code?
For a licensee, not having access to the source code—and materials needed to maintain or update the software—is a risk to business. How would the licensee continue to use and maintain software it heavily depends on if the software vendor goes out of business, fails to meet its obligations, or any other unforeseen event occurs?
This difference in perspectives and concerns is the reason software escrows exist.
For both parties, software escrows mitigate the inherit risk in software licenses by storing source code and other critical materials with an independent, neutral, third-party escrow agent. This independent and neutral storage is the key in mitigating risk to all parties involved.
The process is simple:
When deciding which software escrow vendor to use, the following factors are important: how long it has been in business, where it keeps your materials, what its legal expertise is, what is its technical expertise is, and how easily can you manage the escrow.
Source code, documentation and any other important materials should be easily deliverable to the software escrow agent. The escrow agent should offer submission methods such as escrow synchronization, automated submission scripts via sftp, manual online submission and manual offline submission.
"Release conditions" define if and when the software escrow agent should release the escrow materials to the licensee. This ensures that the escrow materials are only released to the licensee after the occurrence of an in mutually-agreed-upon event.
As new versions of the software are developed corresponding updates to the escrow should occur. Modern escrow agents can automate this process which helps keep the escrow always up to date.
If a software license terminates without a release condition occurring then the materials can either be returned to the software vendor or destroyed depending on the software vendor's wishes.
The first step in effecting a good escrow is to ask if an escrow is needed. Neither the software vendor or licensee should waste time, effort, and money on an escrow if it is not needed.
For example, an escrow is probably needed if the licensee worries that:
In making this assessment, the size and fame of the software vendor should not be the only considerations. Bankruptcies are not limited to small, unknown companies and individuals. Large companies also use the bankruptcy laws to reject contracts. Furthermore, any vendor might decide to drop support and maintenance of software products.
The licensee should envision itself in the position of suddenly being without maintenance or support of the software when any of the following occurs:
In any of these situations, would it be beneficial to have source code and other materials such as build instructions, deployment documentation, virtual machines and a list of developers who built the software?
If so, an escrow might be right for your situation.
Selecting the correct software escrow agent is the first crucial step you must take to ensure both the licensee and software vendor are adequately protected. A software escrow agent should have safe and secure vaults, legal expertise and technical expertise.
The length of time a software escrow company has been in business is often a great indicator that it is a reputable company. Most software escrow providers list this information on their website; however, you can independently verify this by doing a business name search for the state their headquarters is located in. For example, here is EscrowTech's registration.
Security is of the utmost importance when sensitive and valuable materials are involved. A software escrow company should store the escrow materials in top of the line, long-term "offline" vaults or in "online" vaults that are regularly checked via penetration testing and other security best practices.
At EscrowTech, we offer both "offline" and "online" vault solutions depending on the customer's unique needs.
When escrow materials are submitted to an escrow company different levels of technical verification can occur. When choosing an escrow company, its technical expertise is a key factor in determining how well, if at all, it will be able to perform these services.
EscrowTech employs its own developers which allows it to adapt to its customers' needs and unique situations.
It is a common mistake to view a software escrow as merely an arrangement for the physical storage and transfer of escrow materials to a licensee in the event of a release condition.
Although storage is a critical purpose of the escrow, there is a second purpose that is just as important to the licensee. A proper escrow will provide the legal structure necessary to ensure a release of the material and use the escrow materials after they are released to the licensee.
Furthermore, every software project is different, which often requires custom agreements. Make sure your escrow provider has the expertise to work with your attorney to properly structure a software escrow agreement to fit any unique need that may arise.
EscrowTech's in-house counsel has many years of experience in software licensing and information technology law. EscrowTech provides the forms, but is willing to work with you and your attorneys to structure the final agreement as needed.
Managing a software escrow doesn't have to be a difficult or a time consuming process. When vetting a software escrow company, ask how you can submit materials, update account information, view account documents and pay bills online.
Modern software escrow companies will have a fully developed online account management application that is accessed through a login on their website. These solutions help software vendors easily fulfill their obligations and avoid out-of-date escrow materials.
EscrowTech's online application "RealTime Escrow" allows you to easily manage your escrow from the convenience of your browser.
While researching what a software escrow is, you have probably come across companies calling escrows several types of names. This list here will hopefully clear up some of the confusion.
This is the most common type of escrow and is designed to store mission critical application's source code, configuration, virtual machines, build instructions and any other critical documentation.
These escrows can be used not only in connection with traditional on premises software licenses, but also development agreements, software acquisition agreements, and other transactions involving software.
While software escrows normally store on-site applications they can also store SaaS based applications assuming the extra protection and features a true SaaS escrow offers are not needed.
Technology escrows are designed to provide the same level of protection as software escrows; however, they contain a wider range of materials and apply to a wider range of licenses and technology deals.
Technology escrows can hold any piece of technology including, but not limited to, encryption keys, product designs, documents, prototypes, samples, chemical formulas and any other embodiment of technology that can be stored physically, electronically or in the cloud.
This flexibility allows savvy customers to use escrows to address a wide range of needs.
At EscrowTech, we treat a technology escrow similar to a software escrow.
SaaS applications are a different breed of software and can often require a more robust solution to obtain the desired protection. This is due to the fact that SaaS subscribers do not have direct access to a running copy of the software and more importantly their own data.
If the SaaS vendor goes out of business, the SaaS subscriber is immediately in a crisis situation. Even if the SaaS vendor remains in business, all it takes is the flip of a metaphorical switch and the SaaS subscriber is without use of the software and without access to its data.
To protect against this, a SaaS escrow can be set up to store not only the source code, but executable code, production virtual machines, data and any other key components of the SaaS solution. These items should be updated on a frequent basis - especially data.
These items must be sufficient to enable the subscriber to get the SaaS solution up and running again. The materials can be stored in a cold, warm or hot state of readiness. They may be on storage media or may be on a configured server ready or near ready to go live. The state of readiness will determine how quickly the SaaS solution can be restored for the customer. The customer needs to offset the higher cost of a hot environment against the need for a speedy restoration.
As more software shifts away from the traditional on-premises licensing model, SaaS and other Cloud escrows will become increasingly important.
Domain Name Escrows are a service that help reduce risk when purchasing a domain or using a domain as collateral. This is accomplished by an escrow agent holding the domain's credentials until a release condition occurs.
These types of release conditions can include a successful payment, end of a loan or any other condition that both parties agree to.
When determining what should be included in the escrow the developer should ask themselves the following question. If I was given a foreign software product what would I need to maintain or support it?
The cornerstone of a software escrow is the source code and its' 3rd party dependencies. After escrowing a large number of software projects we found that the following should be included:
There are few things crueler you can do to your development team than give them a poorly documented software product. While a poorly documented software product doesn't render an escrow worthless, properly documented software greatly helps the licensee in the event of a release.
If the software vendor is holding the licensee's customer data, this should also be included in the escrow materials.
The power of virtualization makes escrowing entire production or build environments possible. This greatly reduces the amount of time a licensee might have to spend when a release occurs.
One often overlooked escrow item is a list of developers and their contact information. Escrows are often released due to the software vendor going bankrupt which normally means their developers are also out of work. This is a great opportunity for a licensee to hire developers familiar with the software they now intend to maintain.
Escrows can be updated either on-line via the Internet or off-line through the mail or a courier service or personal delivery.
A modern software escrow company should have a fully developed online application which supports secure online submissions of escrow materials. This process typically entails using a username and password to access a secured section of the escrow company's website. Once logged in, a simple process will allow you to submit and upload files to your escrow securely through an encrypted connection.
Additionally, modern software escrow companies will offer escrow synchronization or automated scripts which fully automate the submission process.
After submission, depending on the escrow company, the materials will be removed from the server, a standard inspection will be conducted and upon passing that inspection the materials will be copied onto DVDs or other storage media and then moved to long-term storage vaults.
After the materials are safely stored, your escrow provider should send notifications to all parties involved that the escrow was successfully updated.
At EscrowTech we offer RealTime Escrow as our online escrow management solution which includes a simple to use update process that can be completed in as little as five minutes.
Escrow materials can be submitted to the escrow agent off-line by mailing, using a courier service, or hand delivering the materials. This is an older process that the majority of customers do not use today; however, escrow agents should offer this option as every situation is unique.
Depending on the type of escrow and the escrow agent, materials can be stored in either online or offline vaults.
Offline escrow vaults are physical locations with high levels of security and features such as:
This type of vault provides the highest assurance that critical and sensitive materials such as source code is kept safe and available in the event of a release.
Materials can still be delivered electronically to the escrow agent however long-term storage happens offline.
Read more about EscrowTech's offline escrow vaults.
Online escrows vaults use servers to store escrow materials for long periods of time. These servers are normally located in the cloud or are hosted internally by the escrow company.
Keeping materials online generates a different array of risks; however, most of these risks can be mitigated by proper use of best security practices such as:
Managing an escrow doesn't have to be an expensive or time consuming process. With EscrowTech's RealTime escrow service you can easily manage your escrow with the following benefits:
The Single Beneficiary "SB" agreement is a three party agreement between a software vendor (owner), a single beneficiary (licensee) and EscrowTech. This type of agreement is used when:
The Multiple Beneficiary - Separated Products "MB-SP" agreement is a multiple party agreement between a software vendor (owner), EscrowTech and any additional number of beneficiaries (licensees) for multiple software products. This type of agreement is used when:
The Multiple Beneficiary - Separated Escrows "MB-SE" agreement is a multiple party agreement between a software vendor (owner), EscrowTech and any additional number of beneficiaries (licensees) that have their own customized deposit materials. This type of agreement is used when:
Every software project is different which often presents unique and challenging situations.
At EscrowTech we understand these situations and have, for over 24 years, been customizing our agreements to meet those challenges.
EscrowTech's General Counsel can work with you and your attorney to customize an agreement that fits your situation.
Below is a list of common contract language that may be helpful.
Software Escrow. Licensor and Licensee will enter into a Software Escrow Agreement with EscrowTech International, Inc. to establish an escrow of the Deposit Materials. The Deposit Materials will include the source code of the Licensed Software, compilation and build instructions, and ________________. [The Release Conditions and procedure will be specified in the Software Escrow Agreement.] [Any one of the following Release Conditions will entitle Licensee to a release of the Deposit Materials in accordance with the procedure and terms of the Software Escrow Agreement:
In drafting an escrow agreement, the release conditions (sometimes called trigger events) are just as important as the escrow materials. The occurrence of a release condition entitles the licensee to receive the escrow materials. There may be one or more release conditions.
Here are just a few simple examples of release conditions used in escrow agreements: