TECHNOLOGY ESCROW: SAFEGUARDING THE CONTINUITY OF YOUR BUSINESS

“To stay in business, or to continue offering a service, commercial and governmental institutions are often entirely dependent on software over which they have limited or no control”, writes Terry Booysen, CEO of Corporate Governance Research Forum Pty Ltd.

“Even though you may be a diligent and hands-on executive, you might be overlooking a critical aspect of your company's business and inadvertently be exposing the company to a high level of operational risk if your company's core, mission-critical processes, functions and/or services are dependent on software which you do not own but license to use from third parties. Clearly, you are therefore subject to conditions or events beyond your organisation's control.

At the outset, reliance on third parties who supply your organisation its critical mission software may not appear to be a problem, but companies must take into account that such software is often subject to maintenance agreements and ongoing support by the software supplier.

In other words, be aware that your company could be affected by an unforeseen development impacting on the software supplier's business.

For example, supplier insolvency, a change of ownership or a new strategic priority could lead to a discontinuation of support and maintenance, leaving you stranded with extremely serious, possibly catastrophic, impacts on the reputational and financial health of your company.

Such circumstances gives rise to major ICT operation risk considerations best encapsulated in one simple question: As we have no access to the source code of the software we use to run our business, would we be able to guarantee business as usual in the event that our software vendor was no longer available to fix, maintain and/or modify the software?

The threat of business discontinuity -- and the revenues it would derail -- provides the imperative for the practice for underwriting technology dependent risk through what is known as an Escrow Agreement.

Technology escrow, which Gartner describes as a “smart and effective component of a business continuity strategy to protect mission critical applications in an ever-changing environment”, is an elegant way of doing this underwriting. In a nutshell, technology escrow ensures you have access to critical source code should your technology vendor no longer maintain (typically due to insolvency or merger and acquisition conditions) the software for your organisation.

Escrow agreements primarily safeguard business-critical intellectual property such as software source code, but also important databases, industrial designs, specifications and so on. Through an active escrow agreement, organisations are provided with peace of mind that business continuity for their mission critical business processes and function are guaranteed in the event of the unforeseen where their software supplier is either unexpectedly no longer available or where the supplier does not honour predefined commitments such as warranty, support and maintenance conditions.

Unlike passive escrow where an organisation will simply deposit the source code with an escrow agent, organisations that practice active escrow will verify the source code of the software and also ensure that the software and correlating technical documentation is indeed complete, thereby providing assurance to the organisation. Conversely, passive escrow offers no proper re-assurance to an organisation that the source code material was present or that it will be of any use in the event of a release in the event of an emergency.

For active escrow to be met, there should be at least three of the following conditions as a minimum requirement; namely
• that the arrangements must be legally sound;
• all source codes together with all relevant technical material should have been provided and subjected to technical verification;
• and the source code and relevant material should be frequently updated as part of a robust and consistent administrative process.

In particular, active escrow entails the verification of the deposit material, by a suitably qualified independent and neutral expert third party, to ensure that the source code as agreed upon between the parties is present and accurately and completely reflects the software in operation at the end user's site.

Active escrow verification laboratory results provide evidence that 90% of unverified (i.e. 'passive') deposits are most likely to be of little or no use when they are needed. Passive escrow is not an option for the proper protection of your business continuity and does not constitute professional source code escrow best practice”.

For more information contact Terry Booysen, CEO, CGF Research Institute (Pty) Ltd on Tel: +27 (11) 476-8264/1; Cell: +27 82 373 2249; Fax: 086 623 1269; Email: tbooysen@cgf.co.za, or visit www.cgf.co.za / www.corporate-governance.co.za or visit Escrow Europe's website www.escroweurope.co.za or call Lola Rudge on (021) 852 9365.

(Article courtesy CGF Research Institute (Pty) Ltd and Escrow Europe (Pty) Ltd)
 
 
 
www.proudlysa.co.za | info@proudlysa.co.za | Tel: (011) 327-7778 | Fax: (011) 327-3844
 
Copyright (c) Proudly South African. All rights reserved. This message contains privileged/confidential information intended for the use of the addressee only. If you are not the intended recipient, or have received this message in error, kindly notify the sender immediately. Proudly South African, its sponsors, partners and affiliates disclaim all liability for any loss, damage, injury or expense that could arise from the use of, or reliance on, the information contained herein. Although all possible precautions have been taken to safeguard the integrity of this e-mail, it is not guaranteed to be free of errors, viruses, interference or interception.

Buy local for 2010 and beyond!