Technology escrow is an important and viable solution for federal government agencies — in fact, it should be considered a best practice. Escrow plays an important role in securing software and other intellectual property (IP) assets via a neutral third party.
Any Technical Data Package (TDP) can be protected with a technology escrow agreement. A TDP consists of applicable technical data such as models, drawings, associated lists, specifications, standards, performance requirements, software documentation, and packaging details. TDPs provide critical information for maintenance planning, developing supply support strategies, establishing configuration management requirements, and developing training and related engineering and product support activities.
Using a combat vehicle as an example, all components — from the engine to the GPS, radio, weapons, paint, tires, and drawings on how it should work and how it should be manufactured — can be part of a specific TDP that is protected by a technology escrow agreement.
To do this, all the engineering data and documentation required to support the technology solution is deposited into a secure account with a neutral, trusted escrow provider. The developer's IP is securely protected while they actively support the technology. But if there is an issue, the escrow provider will release the TDP information to the government agency according to predefined release conditions. This gives the government agency access to the technology needed to keep critical systems up and running.
Because no two TDPs are exactly alike, it's important to maintain an extra level of protection with technology escrow. The technology escrow agreement can be used for software and/or hardware and ties everyone together to streamline the workflow, especially when the technical data package contains multiple forms of IP — both classified and unclassified.
Technology escrow is a tried-and-true solution for the government's use of Commercial off-the-shelf (COTS) technology, and it is also gaining traction for classified software. Because classified IP demands more protection and security, technology escrow should be considered as an additional safeguard with the right precautions in place. As expected, federal-grade security capabilities are required to support classified escrow, as well as top-notch support and service.
At times, contractors may be skeptical if they haven't used technology escrow before. This primarily occurs if they try to overthink or overcomplicate the process. Check out our Beginner's Guide blog post to get more familiar with the basics of how escrow works. For more detail, we've written a complete Software Escrow for Dummies guide that's a handy reference.
It's important to remember that Escrow Verification Services are a vital step to validate that everything in your escrow account is complete and ready to recreate your technology if needed. With escrow plus verification, but the contractor will be protected against unforeseen situations while maintaining the security of the developer's IP.
Federal agencies can choose what is protected with each escrow agreement; essentially, they can pick and choose what IP is protected and at what level (classified or unclassified).
Since any TDP can be protected with a technology escrow agreement, the government buyer should include the requirement for escrow in the request for proposal (RFP). The ideal time for a government agency to activate technology escrow accounts is concurrent with contract signing — this simplifies the process and ensures that it gets done. By escrowing the software source code or other IP with Iron Mountain and verifying the deposit, these assets are securely stored in a "virtual lockbox."
For reference, the DoD ESI Software Buyer's Guide discusses source code escrow in Section 3.1.13, and the source code escrow is also included in the Software Buyer's Checklist as part of the key terms to be finalized at the time of placing an order.
An escrow agreement is a smart way to minimize the risks associated with technology acquisition. By aligning your escrow agreement with your technology data package, you'll be prepared if the unexpected happens.
NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.
