INFOTECH: Escrow Leads Business Continuity Charge
Recent Gauteng Business News
As South Africa emerges from the financial stresses of 2009, an uptick in the procurement of information technology and software, particularly in the last three quarters of 2010, is anticipated. We asked Escrow Europe director, Andrew Stekhoven, how active software escrow can assist companies manage ITC risk and business continuity, and control legal costs, particularly when it comes to outsourcing critical business functions to third party vendors when making these IT investments.
Why does my business need software escrow?
If you have limited or no control over software that your business is dependent upon, your company could run the risk of being the proud owner of ‘orphanware’ - all in less time than it takes to log on to Google. Orphanware is software that is no longer supported by the company that developed it, as a result of bankruptcy, merger or numerous other factors.
What is active software escrow?
An active escrow agreement is a simple method of guaranteeing access to maintainable information systems by the software end-user should certain predefined commitments such as warranty, support and maintenance not be honoured by the software supplier.
How does active software escrow differ from passive software escrow?
Escrow Europe is the only South African agent that concentrates entirely on active escrow which means we technically verify every deposit, and track updates and new releases. This ensures that the deposit material will be useful to you should it be required in the event of a release condition. By contrast, ‘passive’ escrow offers no assurance that the code on deposit is present and correct – the deposit media might even be a blank CD for all you know and therefore ‘passive’ escrow cannot qualify as an adequate risk management measure.
What about purchasing a source code licence?
One way to mitigate the operational risk associated with dependency on software that the company does not own is for the company to purchase a source code licence, a situation actively discouraged (usually via an outrageously high licence fee) by the developers because it gives the purchasing company direct access to the ‘secret code’ in which the application is written.
Has demand for escrow protection in South Africa increased?
During 2009, South African companies have increased their escrow protection by more than 200% which is an indication of a responsible response to risk management by South Africa’s directors and company officers.
How crucial is escrow protection when negotiating SaaS contracts?
As SaaS (software as a service) continues to gain acceptance as a viable model of managing a corporation's IT requirements, so too do the inherent risks associated with that corporation 'relinquishing control' of both its data and the mission critical systems that utilise that data to enable it to continue trading. SaaS customers, therefore, need to take specific steps to include software escrow protection when negotiating contracts with providers of SaaS solutions.
How does a businessman know if he needs active software escrow?
The governance of IT is regarded as a corporate imperative in today’s business environment. Responsible response to risk management by South Africa’s directors and company officers is governed by the latest King III report released by the Institute of Directors (IoD) earlier this year. King III states that, historically information systems were used as enablers to business but have now become pervasive in the sense that they are built into the strategy of the business.
Are directors are open to personal liability?
Directors of companies are personally responsible for good governance strategy and risk avoidance, and it was interesting to see how South African directors reacted smartly to very real threats to their business continuity during the global financial crisis. Directors were being proactive in getting competent escrow protection measures in place to protect their business continuity for the foreseeable future.
Are there any examples of companies - overseas or local - who could have benefited from active software escrow?
One local company which stands out, and in hindsight, would have benefitted from escrow protection, is Prestasi, which lost its entire customer database in a highly publicised dispute with its (then) IT outsource provider, Dexdata. Prestasi was reduced to managing its business without access to its own customer database. A court order eventually compelled Dexdata to return the data, but the returned tapes were unreadable.
This case not only taught South African directors about the need to safeguard their IT investments but that the distinction between active escrow and passive escrow is vital. The ‘passive’ approach to escrow or intellectual property custodianship involves simply ‘holding’ the material; active escrow involves both holding the material and verifying it to be usable.
What certification does Escrow Europe have?
Escrow Europe has achieved the ISO 9001:2008 quality certification standard as set out by the International Organization for Standardization (ISO). Additionally, Escrow Europe is the only 100% BB-BEE certified provider of active software escrow - clients include the largest banks, industrial firms, government agencies, software firms and venture capitalists as well as smaller software houses that need its services in order to qualify to do business with local and international corporate entities.
The Institute of Risk Management in South Africa (IRMSA) recognised Escrow Europe’s role in assisting South African companies manage their mission critical business risks and the company was named as the recipient of the Best Small Business Initiative Related to Risk Management Award at IRMSA's 2007 annual conference.
Active escrow is also recognised by Gartner as a "cost effective part of proper operational risk management strategy."
Business News Sector Tags: Infotech|