Skip to navigation Skip to main content Skip to footer

Escrow verification services

Contact Us

Risk Management For Mission-Critical Technology

By taking the step to establish an escrow arrangement, you have recognized that your licensed mission critical technology is an important aspect of your organization’s business operations. Complementing your escrow arrangement with verification services will help to mitigate potential risks by providing complete intellectual property protection and management, and ensuring a more rapid recovery for your organization should circumstances require it.

Why Verification Is Necessary

A technology escrow arrangement is an excellent vehicle for protecting all parties involved in licensing technology, but the value of the escrow arrangement is heavily dependent on the quality of the escrow deposit materials. A thorough verification of the materials provides assurance that, in the event of a deposit release, a licensee would be able to more quickly and effectively read, recreate, and maintain the licensor’s technology in-house.

Just as lenders examine collateral when they sign a loan, the best practice in technology escrow is to verify and test the deposit materials—both upon initial deposit as well as whenever the contents are updated. This should happen soon after an escrow agreement is executed to ensure that all of the components necessary to rebuild the executable program are part of the deposit and are in working order.

Depositing only source code in escrow is insufficient. Information on utilities, compilers, and operating systems are also required to replicate the original development environment. Without this information and access to the required technology, licensees will likely waste crucial time and money attempting to recreate the software, or they will be forced to find a replacement technology sooner than they may want. It can take a year to research new products and vendors, months to negotiate the technology license, and longer still to deploy and integrate that technology into operations. Gartner reports that there is typically a 10:1 ratio between the money spent on hardware plus the maintenance and support of purchased software, compared to the initial purchase price of that software. Centering the productivity or effectiveness of your organization around licensed software is a significant investment.

Iron Mountain’s escrow verification services provide your company with insight into the composition of your escrow deposits. We identify what you would need to do in order to successfully use the technology that has been escrowed. Then, Iron Mountain presents that information to you in an easy-to-read report, which you can use as a guide to reconstruct the technology from the deposit materials, should that need ever arise.

No one enters into a technology licensing relationship expecting it to terminate prematurely or abruptly. But the risk is real. Every month, Iron Mountain receives requests to release deposit materials from escrow. Although it is easy to believe that everything will be in order, a thorough verification strengthens the leverage value of the escrow by enabling a quick, successful deployment of deposit materials.

An Incomplete Escrow Deposit Can Expose Your Company To The Following Risks:

  • Costs associated with replacing licensed software and hardware
  • Lost profits and/or savings
  • Lost time
  • Customer dissatisfaction
  • Breach of contract(s)
  • Costs associated with consultants’ fees, court costs, arbitration fees, and attorneys’ fees

Verification Overview

We offer five types of escrow verification services. Our dedicated staff of verification experts will consult with you to determine which one best suits your requirements. The recommended type of testing largely depends on the business risk associated with your licensed technology.

Iron Mountain recommends seeking the most thorough verification testing for optimal protection against incomplete or inoperable technology escrow deposits for mission-critical software. The following is a brief explanation of each type of verification testing offered, all of which result in delivery of a full report to our customers.

File List

Checks that the deposit is readable, free of viruses, and, if encrypted, that Iron Mountain has the decryption keys on deposit. The report includes:

Confirmation of the deposit media readability
File listing
File classification
Virus scan results

Level 1 - Inventory & Analysis

Provides a complete audit and inventory of the deposit. The report includes:

  • Analysis of the deposit media to identify the presence/ absence of build instructions
  • Identification of the materials required to recreate the depositor’s software development environment
  • Build instructions, file classification tables, database schema, and listings
  • An inventory of the required software development materials, including required source code languages and compilers, third-party software, libraries, operating systems, and hardware
  • Analysis of the deposit

Level 2 - Compile

Validates whether the development environment can be recreated from the documentation and files supplied in the escrow deposit. This test includes:

  • Identification of third-party libraries
  • Recreation of the software vendor’s development environment
  • Compilation of source files and modules
  • Recreation of the executable code
  • Delivery of a comprehensive listing of the hardware and software configurations

Level 3 - Binary Comparison

Ascertains whether the size and structure of the executable files built in Level 2 compilation tests match those operating in your runtime environment. The resulting report from this test includes a comparison of the executable file built in Level 2 testing to that of the licensed executable file running at your site, as well as all details and deliverables of Level 1 and Level 2 verification tests.

Level 4 - Full Usability

Assures that the source code placed in escrow will be fully functional in the event of a release. This test includes:

  • Replicating the production environment and running a series of test scripts to ensure the software is functioning properly, as well as in accordance with its specifications.
  • Delivery of a report detailing what tests were performed, including a series of screen shots demonstrating the functioning software in action.


NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.

Get in touch

Skip to navigation Skip to main content Skip to footer