Software applications have become ingrained into our lives and have completely transformed the workplace. Business tools like slack and SharePoint enable us to work without the constraints of a typical office, Xero and Sage provide us with the financial insights to help us make key business decisions, whilst Salesforce and HubSpot help us optimise our customer lifecycle.
Whilst these are just a few examples of key applications we use daily, many businesses build their entire operation around bespoke applications. These key applications have become so critical to their ongoing success that a world without them is completely unimaginable. However, for those businesses without a robust business continuity plan which includes provisions for no longer being able to access key applications, this could become a very real and daunting reality.
Think about your most important applications. The ones that are business critical, bespoke, highly customised and revenue generating. What happens If one day your developer is no longer able to support them?
Software Escrow is essential to protecting your business critical applications as it provides the mechanism for end users of business critical applications to legally access the source code and supporting material for their applications in the event that their 3rd party software owner is no longer able to continue with development and support of your application.
Without an Escrow agreement in place, in the event your supplier is unable to support your application it is likely that the time needed to procure and set up a suitable replacement will exceed your maximum tolerable downtime.
SES recommend performing Remote Code Validation on all source code deposits to ensure that the source code held in Escrow is complete, accurate and can be swiftly and accurately rebuilt into a working application. SES achieve this by witnessing and recording your software owner's development team executing the complete build of the software in their own environment.
In addition to this, an important aspect to highlight is the detailed Audio-Visual recording which is created by the SES Testing Consultant when witnessing the build of the Source Code and is stored along with the Source Code deposit. Both the Build Guide and AVI contain the vital information any reasonably skilled programmer would need to quickly and effectively redeploy the software in the event of a release.
Without properly validating the provided materials and producing a Build Guide demonstrating how they go back together, there are no guarantees that your Escrow deposit will enable you to effectively redeploy your application.
To provide complete assurance that your application can be effectively redeployed, SES can also complete a Simulated Release Event once the Remote Code Validation has been completed. This involves the SES Testing Consultant using the Build Guide and audio-visual recording to complete a full redeployment of your application to demonstrate that all the required materials are present and the build guide provides an accurate representation of the necessary steps.
For applications which are revenue generating, business-critical, bespoke or highly customised, SES would always recommend performing Remote Code Validation Testing with the Simulated Release as this is the only form of Validation Testing which provides complete assurance that the Escrow deposit can be swiftly and accurately redeployed whilst minimising downtime in the event of a release.
If you are interested in finding out more about our Escrow agreements and various Validation options to protect your business in the event of vendor failure, please get in touch and one of our specialists will get back to you within one business day.
© SES Secure Limited and ses-escrow.co.uk, 2022. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.