Analytix launched its active software escrow training course, which will assist organisations to enhance their approach to IT risk management and IT governance.
Speaking at the launch event in Illovo, Analytix Managing Director Johan Botha explained that most organisations' business continuity is compromised due to their dependence on mission-critical IT software applications. In reality, a vast majority of organisations are not adequately managing the risks associated with their reliance on software applications.
Botha explained that there is rarely an organisation that does not depend on software for mission-critical business processes and functions, and it is only these organisations that might not be concerned with active escrow. However, for any other organisation a need exists to mitigate the risks associated with its dependence on IT software via an active escrow arrangement.
Quoting Jane Disbrow of Gartner, Andrew Stekhoven, Managing Director of Escrow Europe, defined escrow as "...an insurance policy to make sure you have access to that source code should that vendor no longer maintain that software for your organisation..."
Analytix, Escrow Europe and Chetty Law joined specialist forces to offer this unique Active Software Escrow Best Practices Training Course, which is presented as a public course, or can be tailor-made for in-house training.
This training course will provide CIOs, IT management, risk and business continuity managers, software developers, escrow agents, business process managers, quality assessors, legal practitioners, compliance officers, etc, with the necessary ammunition to actively defend the vulnerability of information and IT - two of the organisation's most valuable assets.
"There is a distinct correlation between active escrow best practice principles and the requirements for organisations to comply with various local and international standards, frameworks and guidelines, such as ISO 9001: 2000, King II and especially once King III is launched, COSO and COSO ERM, BS 25999, ISO 17799 / 27001, Cobit, SOX etc," Botha explained.
"The purpose of placing source code in escrow is to reduce the risk of being unable to have the system it represents supported and maintained. To ensure that the reduction of risk is meaningful, controls should be in place to minimise that risk so that the assurance provided by escrow is itself protected," according to Botha.
If the necessary controls are not checked (passive escrow), it may only be discovered too late that the code submitted to escrow is unavailable or unreadable, and is therefore worthless.
For more information, or to register for the Active Software Escrow Best Practice Training Course or other courses, please contact Analytix Customer Service on 011 215 2480, e-mail info@analytix.co.za or visit www.analytix.co.za.
Share
Analytix is a training and consultancy firm that assists organisations to understand, implement and comply with industry best practice standards and frameworks that lead to sustained process and business improvement. Its services are underpinned by internationally accepted IT management practices based on a range of de facto industry frameworks and standards including COSO, CobiT, ISO 17799, ISO 27001, BS 25999, Togaf, ISO 20000, ITIL and the Balanced Scorecard.
Escrow Europe
Escrow Europe was founded as a neutral Escrow Agent in Amsterdam in 1989. Escrow means "security in the hands of third parties". As an independent third party, Escrow Europe guards business-critical assets such as source code of software, important databases or industrial designs.
Chetty Law
Chetty Law acknowledges legal constructs as pivotal to technology, innovation and information management. As such, the firm has been established to promote enabling legal environments and provide contextualised and relevant legal services in the realm of technology and innovation activities in Africa and more especially South Africa.