What is Source Code Escrow?

Source Code Escrow is a simple and effective tri-party agreement with mutually agreed terms between the software customer, software supplier, and an independent escrow provider, specifically designed to mitigate risk and protect the interests of all parties involved.

Under the Escrow Agreement, the software supplier periodically deposits a copy of the software’s source code for secure storage, provided by the escrow provider. If certain predetermined release events occur, such as the supplier’s failure, the escrow provider releases the source code to the software customer (licensee).   

In the event of a release, the software customer can use the escrow deposit to maintain the software, working from the source code, whether that be in-house or by engaging with another supplier.

Other names for Source Code Escrow include: 

• Software Escrow
• IP Escrow
• Technology Escrow
• SaaS Escrow
• Escrow as a Service
• EaaS

How does Source Code Escrow work? 

The Software Customer and Software Supplier will enter into a legal agreement with the escrow provider. The escrow agreement states several legal terms, including what conditions constitute a release of the application’s source code. The deposited materials are updated at regular agreed-upon intervals to ensure that the deposits held in Escrow are always up-to-date and reflects the current version of the software application.

At Escode, the deposited materials are placed in a highly secure vault. Our global network of physical and virtual vaults delivers the highest standard of security for the safe deposit and access of business-critical materials in escrow.

Should the release conditions outlined in the original software escrow agreement be met, the source code and additional materials will be released to the software customer.

Once released, the Software Customer can then maintain the software, working from the original source code, whether that be in-house or by engaging with another supplier.

When is Source Code Escrow required?

Source Code Escrow is highly advisable for:

• Applications that play a crucial role in supporting critical business processes.
• Applications that have been customised and designed specifically for the software customer.
• Applications that contain significant financial investment by the software customer.
• When due diligence/poor credit reports have highlighted an area of concern regarding current software suppliers.
• A small software supplier where there is risk of take-over by a larger organisation.
• When a software supplier needs to demonstrate credibility and continuity to customers.

What are the benefits of Source Code Escrow? 

An Escrow Agreement:

• Mitigates IT supplier risk, ensuring seamless execution of business continuity plans with minimal disruption or downtime.
• Protects investment in third-party software by guaranteeing its long-term availability while preserving developers' intellectual property rights (IPR).
• Reinforces operational resilience, supporting business continuity and exit plans.
• Assists with audit requirements and ensures compliance with key technology outsourcing regulations and guidance.
• Safeguards reputation by ensuring critical third-party applications are consistently available.

What types of Escrow Agreements are available?  

Selecting the most appropriate Escrow Agreement will depend on whether the software application you are looking to protect is hosted on-premise or in the cloud and if the software application has been specifically written or amended for use by one Software Customer, or if it is an off-the-shelf product used by multiple Software Customers. Learn more about our agreements. 

Complete your Escrow Agreement with Verification

By establishing an Escrow Agreement, you have recognised that your licensed business-critical technology is an important aspect of your organisation’s business operations. Complementing your Escrow Agreement with Verification Services will help to mitigate potential risks and ensure a more rapid recovery for your organisation should circumstances require it.

Escrow Verification Services play a crucial role in validating the completeness, accuracy, and functionality of the software vendor’s escrow deposits. This essential audit of the source code and deposit materials helps to ensure that you can read, re-build, and maintain the working application. This demonstrates the effectiveness of business continuity and exit plans, providing a higher level of resilience and assurance.

Our Software Escrow Agreements and Verification Services for on-premise and cloud applications, enable businesses to prepare for, respond to, and recover from disruption – so whatever your business challenges, we’re here to help you handle them.