Unpredictable supply chains, shifting consumer demand and turbulent global dynamics - have all required organisations to adapt. As businesses adopt cutting-edge technology to enhance and adapt their operations, the ability to protect investments in third-party technology is an increasingly important concern. Edge-to-Cloud and IIoT applications are becoming essential components of modern supply chains and manufacturing operations, and safeguarding investments in these technologies can be a difficult task.
Approaches to protecting these investments were discussed during this year’s IIoT World Manufacturing Days session 'Protecting Third-party technology investments in Edge-to-Cloud and IIoT applications'.
NCC Group’s Vice President of Sales, Julie Antonelli, joined the panel to discuss how organisations can maintain the availability and reliability of their business-critical systems.
According to research by Forrester, software and outsourcing services will increase at the fastest rate this year, at 10.5%. To meet rising demand and to support business growth, many organisations are diversifying their technology portfolios. As a result, manufacturers have begun to outsource IIoT-related systems, including some of their most mission-critical components, to third-party providers.
However, this has introduced new elements of risk which manufacturers should understand. What would happen if one of those third-party providers was to no longer be able to provide that critical service? What would their back-up plan be in order to ensure that operations weren’t compromised?
To mitigate against the risk of third-party supplier failure, manufacturers should consider developing an exit strategy for all business-critical third-party applications. This ensures that critical services can continue to operate in the case of supplier failure or insolvency, minimising the impact of disruption on the organisation and its customers.
It is essential to assess the risks associated with third-party suppliers from the beginning of the procurement process and throughout the relationship. Any disruption that has not been planned and prepared for, has a detrimental impact on the organisation’s operations.
This is particularly true for the manufacturing sector. For instance, what would happen to your business if the warehouse management system, that you rely on, is disrupted by system downtime or supplier insolvency?
Eventually, the effects of downtime would have a significant financial impact, not to mention the knock-on ramifications that would cause significant damage to business.
It is crucial to consider how long it would take to replace an application after failure or to get it back up and running. During the session, 29% of respondents stated they would "develop an alternative solution internally", while 37% said they would "replace with another off-the-shelf software solution". The process of electing a new vendor and negotiating terms of your licence agreement could take several weeks or even months. That amount of downtime could be catastrophic to any organisation - both operationally and financially.
To protect against supply chain disruption and ensure business continuity, manufacturers should consider implementing an escrow agreement, for all critical third-party applications.
Firstly, what is a software escrow agreement?
A software escrow agreement is a simple and effective tri-party arrangement with mutually-agreed terms between the software customer, software supplier, and an independent escrow service provider (NCC Group). Under the agreement, the supplier periodically deposits a copy of the software source code and associated materials for secure storage. At this point, we would also recommend verifying the escrow deposit, this is the process of testing what is held in escrow. You can find out more about our verification process here.
By securely storing the software source code and materials with an independent third party, it ensures that the materials can be access and released if the need arises. For example, if a release condition is met – such as bankruptcy and supplier failure – the escrow deposit is released to the software customer. The source code can then be used to recreate and maintain their business-critical software application, either with in-house resources or by engaging with another supplier.
In short, by implementing a software escrow agreement, you can provide assurance that the source code and data behind critical applications are secure and always available. This protects IT investments, manages third-party risk, and maintains the software application in the event of software supply-chain disruption.
For a fairly nominal fee in comparison to the cost of the initial investment, organisations can safeguard their operations by implementing a software escrow agreement.
