Selecting the Right Software Solution

Published on 24/05/2024

Choosing the right software from third-party vendors is a crucial decision for any business. The right software can enhance productivity and streamline operations, while the wrong choice can lead to significant setbacks. With so many options available, it can be challenging to identify a solution that meets your specific needs without compromising operational resilience. Here’s an in-depth guide to help you navigate this complex process effectively:


Procurement Process Steps:


1. Evaluate Key Factors:

  • Onboarding Deadlines: Determine realistic timelines for implementing the software. Consider the potential impacts of any delays on your business operations and plan accordingly. Ensure that the software vendor includes software escrow provisions to protect your investment against unforeseen delays or vendor issues.
  • Resource Requirements: Assess the resources needed, including time, personnel, and financial investments, for both implementation and ongoing maintenance.
  • Maintenance and Costs: Evaluate the total cost of ownership, which includes not just the initial purchase price but also maintenance fees, additional licensing costs, and any necessary training for staff.


2. Deployment Model:

  • Cloud-Based vs On-Premise: Decide whether a cloud-based solution or an on-premise deployment better suits your business needs. Cloud-based solutions offer scalability and lower upfront costs but may involve ongoing subscription fees and reliance on internet connectivity. On-premise solutions provide greater control over data and systems but require significant initial investment and in-house maintenance capabilities.


Assessing Third-Party Risk:


1. Risk Assessment:

  • Business Continuity: Evaluate whether your business can continue to function effectively if the software application becomes unavailable. Consider various scenarios, such as the supplier facing legal issues, financial difficulties, or operational failures. Incorporating software escrow can help ensure you have access to the source code and necessary materials to maintain continuity in such cases.
  • Third-Party Failures: According to research by Deloitte, third-party failures can be extremely costly, with potential losses reaching up to £783 million per incident. Assess whether your internal team has the necessary skills and knowledge to rebuild the solution if required.
  • Supplier Stability: Investigate the financial health and stability of the software supplier. Look into their track record, client testimonials, and industry reputation. A software escrow agreement can provide additional security if the supplier’s stability is a concern.

2. Regulatory Compliance:

  • Relevant Regulations: Ensure the software complies with all applicable regulations, such as third-party risk management frameworks, PRA SS2/21, and the Digital Operational Resilience Act (DORA) in the financial sector. The focus on business continuity and resilience in these regulations means software escrow can assist in achieving compliance in these areas.
  • Regulatory Requirements: Develop a plan that meets regulatory requirements to avoid disruptions in case of unexpected issues with your third-party software supplier. This plan should include contingency measures and communication protocols.


3.Data Hosting and Storage:

  • Data Security: Verify how and where your data is stored, especially for cloud-based applications. Understand the security measures in place to protect your data and ensure compliance with data protection regulations.
  • Responsibility for Data: Remember that cloud service providers (CSPs) are not responsible for your application and data. As the end-user, you are responsible for backing up and restoring the data you store in their services. Implement robust backup solutions and disaster recovery plans, supported by your software escrow agreement to protect both the application and data.


Business Continuity Plan:

To safeguard your software solution:

  •  In-House Expertise: Ensure you have the necessary in-house expertise to support or rebuild the application if needed. This involves training your IT staff or hiring professionals with the required skills.
  • Comprehensive Plan: Develop a comprehensive business continuity plan that outlines the steps to be taken in case of software failure. This plan should identify key personnel responsible for various tasks and include contact details for quick coordination, with clear procedures for accessing the escrowed materials.
  • Regular Testing: Regularly test your business continuity plan to ensure it is effective and can be executed smoothly during an actual incident. Ensure that the software escrow provisions are integrated into these tests to verify their effectiveness.

 

Software Escrow Agreement:

What is a Software Escrow Agreement?

  • Escrow Deposit: The software supplier periodically deposits a copy of the software source code and associated materials into a secure escrow account. This ensures that the code is up-to-date and can be used if needed.
  • Release Conditions: In the event of specific conditions, such as the supplier going out of business or failing to support the software, you can access the escrow deposit. This allows you to maintain and support the software, either internally or with another supplier.
  • Peace of Mind: A software escrow agreement provides peace of mind by ensuring you have a contingency plan in place. It protects your investment in the software and helps maintain business continuity.
  • Regular Updates: Ensure the escrow agreement includes provisions for regular updates to the deposited materials, reflecting the latest version of the software.

Implementing a software escrow agreement is an essential part of your business continuity strategy. It ensures you have access to critical software even if the supplier fails to support it, providing a safety net for your business operations.

Selecting the right software solution is a critical decision that requires careful consideration of various factors. By following the steps outlined in this guide and incorporating software escrow when relevant, you can make an informed decision that aligns with your business needs and ensures operational resilience. Including software escrow in your risk management and continuity planning provides an added layer of security, safeguarding your investment and maintaining business continuity.

For more information, contact our Software Escrow specialist Adam Boland at +44 161 488 1404 or via email at [email protected].

Adam Boland Software Escrow Specialist
 

Find out how SES can help your business
Contact us

Contact us

If you would like further information, discuss your requirements, get a free no obligation quotation or just a friendly chat on how we could possibly help please fill in the details below and one of our team will get back to you as soon as possible.
Tick the box to receive regular updates and industry insights