Business Continuity: Keep Your Company on a Roll
March 21, 2012
Escrow accounts alone can’t ensure that an application will work properly when you need it. But when you use a verification service, you’re covered.
Verification services can guarantee that mission-critical code held in escrow accounts will be up and running when you need it.
What do the time capsule buried at the New York World’s Fair in 1939 and technology escrow agreements have in common? Both ensure that critical assets (cultural or technical) never go away.
If everything goes as planned, the capsule won’t be opened until 6939. With escrow agreements, however, a business can access source code as needed when a release condition specified in the escrow agreement is met. It’s a simple arrangement: A developer and a customer agree to put source code into the hands of a trusted third-party escrow service provider. By doing this, both parties ensure that their mission-critical technology can be released and up and running as quickly as possible. This is especially helpful in cases such as loss of support by the developer, bankruptcy, or an end to business operations.
But how does each side know that what’s in escrow will function properly when it’s needed? Actually, they don’t, and the outcomes are often unfavorable. In fact, Iron Mountain studies show that 70 percent of software escrow deposits are incomplete on the first try.
Verification services are the answer to this potentially crippling business hurdle. They strengthen an agreement by confirming that the contents in escrow are complete and that everything needed to compile the code is intact.
IT professionals are starting to realize the value of verification service. In a survey by IDG Research Services, 45 percent of respondents said it was critical or very important that their escrow agreement include the rights to perform third-party verification services. As such, demand for verification services has increased by 35 percent over the past five years, according to 2010 Iron Mountain reports.
How Much Is Enough?
Your optimum verification level depends on how critical the technology is to your livelihood.
- Level 1: File List Verification (the most basic type) checks that all assets are readable and virus-free. If encrypted, the keys must also reside in escrow.
- Level 2: Inventory and Analysis Verification audits all assets in escrow, analyzing media to verify that everything needed to recreate the original development environment is intact.
- Level 3: Compile Verification checks whether the development environment can be recreated from the documentation and files. It configures build machines, compiles code and identifies areas in need of developer input.
- Level 4: Binary Comparison Verification tests the functionality of compiled code by comparing it to licensed executable applications running at your site.
- Level 5: Full Usability Verification (the most comprehensive type) re-creates the production environment and executes scripts to ensure full functionality.
A More Complete “Peace of Mind”
Escrow accounts help technology providers build trust, but an escrow agreement without verification services won’t give you true peace of mind. While it’s nice to know that your mission-critical code is safely stored in escrow, what you really need is assurance that the code will work. With so many unknowns, why take the risk?
While You Were Out: Avoid Costly Interruptions
Adding verification services to an escrow agreement can help minimize financial and reputational risks. For example, it can help reduce costs such as:
- Replacing licensed software and hardware
- Retraining personnel on replacement software, which may include consultant fees
- Attorney and arbitration fees and court costs
Verification services can also help reduce business risks such as:
- Lost profits or savings due to business interruptions
- Slowdowns in your ability to respond to customers and process orders
- Breach of contract
- Customer complaints that go viral or lead to attrition
Iron Mountain Suggests: Prioritize Your Applications
Verification makes sense for applications that could bring your business to a grinding halt. Here’s what to keep in mind:
- Potential losses. Consider the application’s number of users, its customer impact, the potential for lost productivity and, of course, lost revenue.
- Recovery time. How long would it take to recode the application? Are substitutes available? How long would they take to implement?
- Cost factors. Look beyond your initial investment: Think about how much you’d have to pay for new licenses, installations, retraining, customization, reprogramming and hardware if you lost your code.
- Damage control. How would an extended disruption affect the top and bottom lines? Would your business survive?
Do you have questions about technology escrow services? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s Consulting Services Team. You’ll be connected with a knowledgeable product and services specialist who can address your specific challenges.
Let Software Escrow Seal the Deal
The Many Faces of Technology Escrow
Software Escrow: A Best Practice Against Business Interruptions
Trust, But Verify