Technology escrow—which is also known as software escrow, source code escrow, or data escrow—is a proven solution that benefits both the developer and the contracting party to mitigate risk when negotiating a license for software, technology, or relevant intellectual property (IP).
To put it simply, technology escrow provides both the developers and users of technology with valuable peace of mind. When you create an escrow contract, software source code or other IP from the developer is placed in a secure escrow account held by an escrow agent—a trusted independent third party. Therefore, if in the future, the developer is no longer able to support the product for reasons specified in the escrow agreement—such as bankruptcy, obsolescence, merger or acquisition—the technology buyer will still have access to the source code, IP, and other “know how” to keep their mission-critical applications and systems up and running.
For example, a potential acquisition that could be supported by technology escrow may include a combat vehicle or a battlefield intelligence tracking system. Multiple developers working on the project would deposit their source code or IP into a secure escrow account with Iron Mountain. The deposits are protected, and even the government doesn’t have full insight into the developers’ source code or IP unless there is an issue, and the code is released according to the escrow agreement’s release conditions.
The concept of technology escrow was commercialized in 1982 by a company that was later acquired by Iron Mountain. To this day, technology escrow plays an important role in securing software and other intellectual property assets via a neutral third party.
Hardware and software systems form the backbone of the networks that run our command, control, communications, computers, cyber, intelligence, surveillance and reconnaissance (C5ISR) systems—and safeguarding this technology is essential.
In addition, government agencies require the ability to maintain and upgrade software applications in the event something prevents the developer from supporting them. For instance, software source code is necessary for the development of new functions, reports, and creating bug fixes. If the developer is no longer available, a release of the escrow materials enables the federal government to access that source code to make those changes themselves or to give another contractor the tools to do so.
In fact, any Technical Data Package (TDP) can be protected with a technology escrow agreement. For instance, the Technical Data Package delivered with a defense system contains all the engineering data and descriptive documentation required to support the system throughout its life cycle—all of this information can be deposited into an escrow account. The developer’s IP is securely protected as long as they are actively supporting the technology. But if that is no longer true, the TDP information will be released to the government agency according to predefined release conditions. This gives the government agency access to the technology needed to keep critical systems up and running.
With commercial escrow customers, technology escrow deposits are certainly stored securely, but classified government technology demands protection with federal-grade security. Iron Mountain has unique underground facilities to store classified materials for escrow. This video gives a tour of the Iron Mountain Underground Data Center, located in western Pennsylvania. The 200-acre campus is located 220 feet under the Earth’s surface and provides unparalleled security. With Classified Escrow, the government agency would have its own dedicated area for storage of escrow materials within the Underground, and only employees with classified clearance are allowed to enter that area.
Iron Mountain also offers some of the world’s most secure FISMA data centers and has been serving federal government organizations for more than 60 years. The multi-layered approach to security includes a combination of technical and human security measures, and the innovative security and trained personnel help to mitigate risk. Of course, when the escrow account is set up, the technology buyer can specify classified or standard security levels.
In summary, implementing technology escrow is a best practice when contracting with the federal government. The escrow agreement can be customized to the needs of each technical data package and can vary by RFP. To begin the process, the federal government agency and prime contractor can work together with Iron Mountain to define the specifics of a technology escrow agreement that will work best to safeguard their critical technology.
NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.
