Skip to navigation Skip to main content Skip to footer

29 June 2021

Why Would You Verify your Software Escrow Deposit?


The answer is simple: A software escrow agreement means that the developer’s intellectual property (IP) will be released if a release condition is met. This IP, often in the form of software source code, enables the user of the technology to keep their business operations up and running. Unfortunately, there’s no assurance that the intellectual property will be complete, usable, or even readable when it’s released to you. That’s where software escrow verification services come into play.

Verification services are used to validate the completeness, accuracy, and functionality of the escrow materials. This critical audit of the escrow deposit helps to ensure that everything you need to recreate the software application is in the account, before you actually need it.

A technology escrow arrangement is an excellent vehicle to protect all parties involved in licensing intellectual property, but the value of the escrow arrangement is really contingent upon two things, first – is the agreement structured and legally sound, second, the most important, the accuracy of the deposit material. A thorough verification of your escrow materials will provide assurance that, in the event of a deposit release, the technology user (also known as the licensee or beneficiary) will have the ability to read, recreate, and maintain the developer’s technology without any assistance. In essence, “stepping into the shoes” of the vendor.

That’s the short answer. If you want all the details, please read on:

How does Software Escrow Verification work?

Verification Services are custom projects that typically cover two phases of technology; the “Build” process and the “Run” process. If you’re running software in-house (on-premises) which is developed for you, by your provider, then the most critical aspect to your relationship is your ability to build/compile the source code. Compiling software is your ability to re-engineer the software in order to correct “bugs” or to improve compatibility with other hardware devices for migration of the software when devices become outdated.

(Phase 1) – Building/Compiling Software Code includes two test levels:

  • A complete audit and inventory of your deposit (Including analysis of the deposited media - to verify the presence of build instructions and identification of materials necessary to recreate the original environment).
  • Validate whether the development environment can be recreated from the documentation and files supplied in the escrow deposit.

Outsourcing software responsibilities is definitely cost-effective but it also carries the highest risk from an application continuity standpoint. In the event that your software is completely hosted your verification service level is simple, “Full Usability” testing.

Since your provider builds and runs the software for you, it’s important for you to know both aspects as well.

Phase 1 will cover the building of the software and Phase 2 will cover the process for recreating the environment for running the software.

(Phase 2) – Full Usability Testing includes both levels from “Phase 1” plus:

  • Testing the functionality of the compiled deposit by comparing the files built (in the previous test) to the Licensed, executable file running at your location
  • Confirm that the source code placed in escrow is fully functional in the event of a Release. Series of tests are run to ensure that the replicated software runs properly

Upon execution of the SOW, receipt of payment, and receipt of the appropriate materials from the developer, the testing of the escrow account begins. Once the test is complete, your third-party escrow provider will produce a detailed report of its findings to all parties.

Determining your company’s risk tolerance is not strictly based on cost. Here’s a quick calculation you can perform to determine your company’s risk tolerance for a given software application.

Operational Dependencies (number of users, customer impact, lost (productivity/revenue) + Replacement Costs (licensing fees, retraining, customizations, reprogramming, hardware costs) X Time to Replace (identify substitute products, recode software, application dependencies, new vendors) = your Risk Level.

Need more information?

Our experts are here to help you.

Skip to navigation Skip to main content Skip to footer