Skip to navigation Skip to main content Skip to footer

22 September 2021

Building Software Resilience into your Digital Transformation Project

Article by Tim Rawlins, Senior Adviser at NCC Group

Worldwide spending on digital transformation technologies and services increased by as much as 10% in 2020, reaching $1.3 trillion.

The pace of technology adoption continues to increase around the world, and in the words of Microsoft CEO Satya Nadella, “every company is now a software company”.

For most businesses, digital transformation projects involve IT outsourcing. Bringing the innovation, expertise, productivity, and cost benefits that often come with the use of specialist solutions. However, the more integral to day-to-day operations these applications are, the larger the risk to the buyer’s business services if there were to be any interruption to the capabilities they deliver.

Legal protection for software licensing agreements

Assessing and advising on business continuity and the risk of supply chain disruption is one area where legal professionals can support their clients. In many cases, this can also help businesses to maintain compliance. For example, the Monetary Authority of Singapore and the UK’s Prudential Regulation Authority recommend that for new software transactions, financial institutions should consider an escrow agreement to help ensure business continuity, should something have an impact on the software-as-a-service (SaaS) provider’s ability to deliver.

There is a range of factors counsel should consider when supporting clients taking on software agreements, to provide them with a more resilient foundation upon which their business can transform. Firstly, there is the advice that the buyer needs to understand that a SaaS contract is not a simple outsourcing arrangement, nor will a standard software or hardware contract do. They must also remember that for all SaaS providers the business model is based on the one-to-many commoditized service offering and anything bespoke, around security requirements or escrow, is likely to be an unwelcome distraction. However, a well-drafted contract can do a great deal to help manage the risks involved.

Setting up a source code escrow agreement

When reviewing SaaS agreements, it is important to consider the size and age of the provider, as this can help determine the level of risk associated with using them and their commitment to an effective SaaS escrow agreement.

Smaller, new, and growing providers are often more flexible when it comes to the safe escrow of their source code. With a limited client base, these businesses tend to run a more personal account management service, providing a forum for open discussion and negotiation around the terms of escrow agreements. However, these less well-established providers are typically more at risk of financial failure, might have ‘key person’ issues – such as being reliant on particular individuals for their sustainability – and are vulnerable to take over or a deliberate sale. All these factors make it even more important to have a robust business continuity strategy in place when choosing to use them.

At the other end of the spectrum, larger, well-established providers might be more viable but are generally less flexible. Stricter licensing and standard ‘short form’ agreements mean that there is less wiggle room in seeking to obtain particular security or escrow requirements. The buyer is more constrained and has less power in the relationship. The business risk weighs more heavily on the buyer in this case.

In either case, the escrow agreement must be part of the risk management solutions written into any SaaS contract. In addition, counsel should suggest that their client develops an effective exit strategy, identify alternative suppliers and test their business continuity and disaster recovery plan.

Choosing an independent software escrow agent

Agreeing to store applications in escrow as part of any software transaction can go a long way towards building operational resilience and lowering overall risks for a business looking to use a SaaS provider. As well as ensuring business continuity, it can also help businesses to become compliant with specific sector standards and regulations.

It is, therefore, crucial to choose a well-established escrow provider when working with clients on software agreements and seek businesses that are both technically capable and financially sound. When working with a larger SaaS provider, more experienced escrow providers often have existing relationships and a better understanding of the software itself. This can ensure that the escrow process is well-practiced, and any verification processes are easier to maintain.

Transparency and understanding of the security of the escrow provider, and the technology used to store solutions, is also vital in ensuring that your clients’ business-critical applications remain secure.

Business continuity assurance for SaaS applications and data

For clients relying on a SaaS provider, it is also important to understand how wider obligations, such as reporting security and other issues, will be met by the supplier, particularly in highly regulated industries. Being transparent about this and ensuring that the provider is on board from the onset is key; it will need to be an ongoing relationship between the buyer and provider, as each becomes part of the complex web of operational activity.

With software agreements becoming ever more ubiquitous, it is likely that regulators of the future will require businesses to have considered their exit strategy, as mentioned above, to support moving from one provider to another. Questions around how data is stored, processed, and transferred by SaaS providers will become key, and getting the answers early in the software outsourcing process ensures that any transitions will run much more smoothly later down the line.

Ultimately, with changing regulatory requirements, complex supply chains, and a shifting business landscape, building resilience into software agreements can be highly complex.

Need more information?

Our experts are here to help you.

Skip to navigation Skip to main content Skip to footer