SAAS, INFORMATION & OTHER TYPES OF ESCROW
Escrow is used to ensure your access and ability to operate essential applications, documents, blueprints and other IPRs you require to keep using your licensor’s solutions even if the provider is no longer active or operating.
More than just on-premise Software – SaaS, IPR & other types of Escrow
Besides on-premise software escrow, we provide SaaS-software IPR (intellectual property rights) escrow solutions – specifically designed to each requisition and geared towards providing maximum protection against counter-party risks. All agreements include release process SLAs and are assessed and signed off by our in-house legal counsel to ensure all aspects are covered.
Software-as-a-Service (SaaS)
Whilst the principles of Software Escrow have been covered under Software Escrow an ever changing IT landscape requires new models of Business Continuity Solutions that take into effect different requirements.
1. SaaS Escrow Restrictions
With on-premises software the user can still run the software for a while as the application runs from within its own environment – the impact of the SaaS Providers failure is not imminent. The Licensee will usually also have an in-house IT Team to keep the application running for a period of time and data is also available within the Licensees environment. With cloud based applications it is a very different story! If the application is down you won’t have access to it and cannot get someone to maintain it in-house. You are fully dependent on the availability of your SaaS Provider and the Infrastructure Host.
If the SaaS Provider is unable to keep the application running consequences to a Licensees business are imminent.
Another important matter to be addressed is the availability of your data. Where is your data stored? Do you run live or frequent in-house backups? What would you do if the application and your data cannot be accessed?
SaaS Escrow Solutions focus on three major risks that come along with SaaS applications:
-
Availability of Source Code and Documentation
-
Availability of executable version of the software (Object code)
-
Availability of Data in the Cloud
2. Source Code & Documentation
There are specifics to a deposit of a Software-as-a-Service product:
- the source will be secured and deposited similar to Software Escrow processes
-
if requested, we undertake further checks to ensure that the source code can be build independently and the application can be used outside the existing SaaS Infrastructure, e.g. as a local installation
-
the documentation and available information is analyzed further in a due diligence to ensure independent use of the material is possible and viable
3. Executing the Application
This is how we ensure that the source code can be executed:
-
Under a SaaS Escrow agreement, the deposit of an executable version of the software is demanded to ensure the Licensee can run the version locally
-
As the Business Continuity Risk is much higher and imminent with SaaS applications, a staggered – two step – release takes place under the SaaS Escrow agreement
-
The Licensee receives the deposited executable version of the software which can then be installed and run by the Licensee in his own environment immediately after a request. Usually, the deposit of a VM is done as well
-
The second step follows a standard release procedure, where the occurrence of a release event is determined before the source code of the application is released.
-
In case that process shows that no release event occurred, the Licensee is obliged to return the delivered object code of the application and delete all installed versions immediately and the source code will not be released.
-
In order to protect the Licensors interests and the Escrow agreement, it is possible to agree on an indemnification clause to be paid by the Licensee to the Licensor in case of a wrongful release request.
4. Data Handling
This is how we ensure that the source code can be executed:
-
Depending on the parties’ requirements, data can be secured and checked in frequent intervals
-
The frequency is defined in a SLA and ranges from live or daily backups to bi-yearly intervals which will usually be delivered by scripting the deposit process.
-
The correctness of data is checked by searching for pre-defined markers
-
As the data typically belongs to the Licensee, the Licensee can request the release of data at any time, depending on the terms of the SaaS Escrow Agreement.
What should be included in SaaS?
1. Deposits & SLAs
Depending on the required service level under a SaaS Escrow Agreement the deposits should contain:
-
Source Code and Information (see Software Escrow for more details)
-
An executable version of the application preferably on a VM
-
Data Access links and configurations
-
Clients data
-
General information and settings for the build and execution of the software
-
Host environment information and settings
2. What Verification Levels are required?
As with every Escrow agreement a minimum of a Level 1 Full Verification is highly recommended to ensure the material deposited is correct and complete and gives the Licensee the know-how and tools required to rebuild the software from the deposited material.
With SaaS Escrow agreements the list of available verification services is much longer, depending on the clients’ requirements and the nature of the deposit.
-
VM Run Check for deposited Object Code (check if the deposited VM can be started)
-
Application implementation test at Licensees site (check if the software can be hosted in the Licensees environment)
-
Data Verification (check if data can be extracted and imported)
-
Data Quick Check (check if previously set markers are available in the deposited data)
To determine the most appropriate verification level for a SaaS Escrow agreement we recommend speaking to us about your requirement.
3. How to Update SaaS Escrow?
Generally, a SaaS Escrow is updated like a Software Escrow:
- More frequent updates might occur depending on the application
-
Each update of Source code should be accompanied by an update of an executable application
-
Data might require more frequent deposits if no bilateral backup is carried out
-
For very frequent updates of data a script is being setup for your SaaS Escrow agreement, to automatically create backups.
4. Types of SaaS Escrow Agreements
SaaS Escrow agreements can be divided into Single-License and Multi-License agreements.
Whenever client-specific data is part of the Escrow deposit or the software is bespoke a Single- License SaaS Escrow Agreement is required.
For standard SaaS applications with multiple users and no client data back up a Multi-License SaaS Escrow Agreement can be implemented.
Please feel free to contact us or download a sample agreement.
Request an Escrow Solution for your specific case
For larger enterprise requisitions we assemble a team of experts and conduct a discovery workshop to understand the entire setting first.