Active Escrow minimises IT risk, provides proper reassurance of business continuity
The major reason for depositing software in escrow is to mitigate against operational risk, primarily in the context of business continuity. However, the usefulness of the escrow arrangement may be seriously compromised if the software deposit has not been confirmed as readable and complete (ie capable of serving the purpose), preferably by an independent third party that specialises in this kind of work on an international basis.
Technical verification of the material on deposit is a basic requirement for professional escrow arrangements. At Escrow Europe, we add value by providing verification for every initial escrow deposit, as well as for every software update deposited thereafter. After each verification, a comprehensive verification report is submitted to both the user and the supplier. Technical verification of software source code is our core business and is performed by dedicated specialists in our Technical Centre in Amsterdam. Our professional escrow service is offered for the benefit of both User and Supplier and is an ongoing process that we refer to as `active escrow`.
Our technical verification services are summarised as follows:
Verification level I
This verification is performed for each and every deposit lodged at Escrow Europe and is included in the cost of all our standard Active escrow arrangements. The objective is to ensure that the deposited media is readable and contains those elements as agreed upon in the escrow contract. However, as a basic integrity checking service, Level I verification cannot guarantee that the material on deposit represents an accurate and complete facsimile of the software currently operational at theuUser site: to achieve this, higher levels of verification are required.
Verification level II
Verification level II is a low cost addition to verification level I as an option for the beneficiary of the escrow arrangement. It is generally an in-house service performed by our technical staff. Practice has shown that implementation of Verification level II results in significantly improved escrow deposits. We recommend this level of verification to clients when, judging from the results of the level I verification, we have reservations about the usefulness of the escrow deposit in the event of a release.
Verification level III
Verification Level III is optional and performed at additional cost for the beneficiary of the escrow arrangement. This verification generally is executed at the user site by the technical staff of both the supplier and Escrow Europe. The objective is to ensure, to the fullest extent possible, that the material on deposit can be built into a fully functional system. Successful implementation of verification level III offers the greatest assurance that the escrow deposit is not only complete, but also contains all the supporting material that will expedite use of the software in the event of a release.
Each escrow deposit is unique and as such may require a unique approach to its verification. Our technical staff are available to assist our clients with verification projects customised to their particular requirements. Based on time and materials metrics, these projects can be effected at any location in the world as agreed upon between the parties. Projects may be complemented by resources from trusted third parties such as those sourced from consulting firms, auditing firms etc.
When performing our initial verification (level I), we typically find that there is a failure rate of around 10% for new escrow deposits. This figure rises exponentially for deposits verified at a higher level: For instance, we have found that some 70% of deposits fail to meet the verification level III quality requirements. This may impede the use of the deposit on release and/or even result in a deposit being of no value. Ideally, Escrow Europe advises beneficiaries to have a Level III verification performed for the initial deposit; thereafter level I or level II verification for updates depending on the complexity of the software application suite.