Frequently Asked Questions

Similar documents
Software Escrow Service Workflow. Comprehensive and Trusted Software Escrow Services from Iron Mountain.

Software Escrow: Practical Strategies for Bolstering Licensing Agreements

CLOUD COMPUTING PROTECTION STRATEGIES

:: market pulse :::: market pulse :::: market pulse :::: market pulse :::: market

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services

WHITE PAPER. How Software as a Service (SaaS) Providers Can Instill Customer Confidence IRON MOUNTAIN DIGITAL

Thinking about tomorrow today

XANGATI END USER SOFTWARE LICENSE TERMS AND CONDITIONS

SOFTWARE ESCROW AGREEMENT. ( Effective Date ), this Software Escrow Agreement ( Agreement ) is

The Keys to a Reliable Escrow Agreement

MEDIA AND IT ASSET DISPOSITION: YOUR GUIDE TO SELECTING A SUPPLIER

White Paper FASTFILE / Page 1

Desktop Solutions SolutioWhitepaper

CRM in a Day Support Services Agreement

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

CRM Support Services Agreement

Overview Software Assurance is an annual subscription that includes: Technical Support, Maintenance and Software Upgrades.

Escrow is dead? WHITE PAPER

HYBRID SOLUTIONS INDEPENDENT SOFTWARE VENDOR AGREEMENT

Change & configuration management

FIVE BEST PRACTICES FOR PROTECTING BACKUP DATA

Service Schedule for CLOUD SERVICES

Commercial Software Licensing

How To Write A Successful Automation Project

C-DAC Medical Informatics Software Development Kit End User License Agreement

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

IMPROVE YOUR DATA MANAGEMENT

Risk Management of Outsourced Technology Services. November 28, 2000

Information and Communication Technology. Patch Management Policy

Licensor: Deveo Oy Customer: [address line 2] LICENSE NUMBER:

Open Source Voting Systems

Customer: Address: Support Contact:

SOFTWARE ESCROW AGREEMENTS: A BUSINESS CONTINUITY STRATEGY PAPER PRESENTED FOR NEW ZEALAND COMPUTER SOCIETY THE LAW OF IT SEMINARS

COMPLIANCEDESKTOP TECHNOLOGY PLATFORM SUPPORT AND MAINTENANCE SERVICES

Windows Server 2003 End of Support: Your Opportunity for Transformation

Software as a Service: Guiding Principles

RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Payment Card Industry Compliance

Application Security in the Software Development Lifecycle

1. Redistributions of documents, or parts of documents, must retain the SWGIT cover page containing the disclaimer.

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.

Software License Agreement

Cloud Computing and Records Management

MTS GUI LICENCE SCHEDULE TO. MTS Data Terms & Conditions End Customer; or. MTS and EuroMTS Membership Documentation; or. MTS Registered ISV Agreement

Module 3 Licensed Software TABLE OF CONTENTS. Version 3.0

CLOUD SERVICE SCHEDULE

The Art of the Deal: Negotiating a Winning EHR Contract

Domain 5 Information Security Governance and Risk Management

Miami University. Payment Card Data Security Policy

ESCROW AGREEMENT PRELIMINARY UNDERSTANDING

The State of Kansas Information Technology Executive Council

May Dispute Perspectives Dispute Management of Software Escrow Agreements

NSI Policy Supplement for XML Retail Accounting Reports Certification/Verification. May 7, 2007 Revision 1.1

PCI DSS Reporting WHITEPAPER

Quick Guide: Managing ICT Risk for Business

How to ensure control and security when moving to SaaS/cloud applications

Paychex Accounting Online Terms of Use

Statement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP)

This License Agreement applies to the Real Vision Software

Stiftung SIC Java Crypto-Software Development Kit Licence Agreement

MEDICAL-OBJECTS SOFTWARE LICENCE AGREEMENT

Commercial Software Licensing

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork,

Cloud Agreements: Do s, Don ts, and Cautions

ECC Board of Trustees

[Contractor] and. [European Space Agency] ESA Intellectual Property Licence for the Agency s Own Requirements

SAMPLE SOFTWARE LICENSE AGREEMENT (Review Copy)

What s the Path? Information Life-cycle part of Vendor Management

Security Patch Management

GALLAGHER GROUP LIMITED, 181 KAHIKATEA DRIVE, HAMILTON, NEW ZEALAND GALLAGHER

PUBLIC RELEASE PATENT AND TRADEMARK OFFICE. Inadequate Contractor Transition Risks Increased System Cost and Delays

LEGAL ISSUES IN CLOUD COMPUTING

7 Mistakes Businesses Make When Moving To the Cloud

Contents. Best Practices Guide. 3 Physical Records: The Ongoing Compliance Challenge

SAMPLE CLINIC ADDENDUM TO SAMPLE PRO-VENDOR MAINTENANCE AGREEMENT

End User Agreement. between. Secure Backup Limited. and [END USER]

SOURCE CODE ESCROW. Katheryn A. Andresen and Jen C. Salyers

Master Services Terms & Conditions

Development, Acquisition, Implementation, and Maintenance of Application Systems

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

End-User Software License Agreement

Taming ERP for good: How Australian organisations can improve ERP success rates through better planning

Understanding the Value of Symantec Managed Enterprise Vault

GUIDANCE FOR MANAGING THIRD-PARTY RISK

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

COMPUTER SOFTWARE AS A SERVICE LICENSE AGREEMENT

CHRISTIE ONSITE AGREEMENT

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

PCI DSS Top 10 Reports March 2011

Validating Enterprise Systems: A Practical Guide

Quantum Q-Cloud Backup-as-a-Service Reference Architecture

Privacy and Electronic Communications Regulations

Software Source Code Escrow Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

Transcription:

FAQ INTELLECTUAL PROPERTY MANAGEMENT Escrow Verification Services Frequently Asked Questions overview The value of an escrow arrangement is heavily dependent on the quality of the deposit materials a fact increasingly recognised by users and developers. Over 70% of all deposits sent in to Iron Mountain for analysis were determined to be incomplete and required additional input from the developer in order to be compiled. You can learn about Iron Mountain Escrow Verification Services at www.ironmountain.co.uk/services/technology-escrow. In addition, listed below are answers to frequently asked questions about Iron Mountain s escrow verification services. We ve also included answers to common questions about software development and licensing, including definitions of technical terms. Over 70% of all deposits sent in to Iron Mountain for analysis were determined to be incomplete and required additional input from the developer in order to be compiled. Iron Mountain escrow verification faq Q. Why would I need Iron Mountain to verify my technology escrow deposit? A. A technology escrow arrangement is an excellent vehicle to protect all parties involved in licensing intellectual property, but the value of the escrow arrangement is seriously compromised if the deposit materials are incomplete. A thorough verification of the materials provides assurance that, in the event of a deposit release, the technology user (also known as the licensee or the escrow beneficiary) would be able to read, recreate and maintain the developer s technology in-house in essence, step into the shoes of their vendor. Iron Mountain s experience has shown that over 70% of deposits sent into Iron Mountain for analysis are incomplete, and therefore would compromise that user s ability to benefit from having access to the deposit materials. Most times the technology placed into escrow is software source code, but other technology can be escrowed as well. At Iron Mountain, we ve escrowed secret formulas, a jet engine and even a cookie recipe! 08445 60 70 80/www.ironmountain.co.uk 1

Intellectual Property Management Q. What are some of the possible ramifications of an incomplete deposit? A. Should there be a release of incomplete deposit materials the following realities can result: Costs associated with replacing licensed software and hardware Lost profits and/or savings Lost time Client dissatisfaction Breach of contract(s) Costs associated with consultants fees, court costs, arbitration fees, and legal fees Costs associated with retraining personnel Q. How can Iron Mountain s verification services reduce my company s risk? A. Iron Mountain s verification services provide your company with insight into the composition of your escrow deposits. We identify what is needed to use the technology, including anything that is missing from your deposit. Iron Mountain can also recreate the technology for you. The information we collect through our analysis is developed into an easy-to-read report, which you can use as a guide to reconstruct the technology from the deposit materials, should you ever need to do so. Performing the testing to recreate the product independently, away from the developer s office or environment, is a crucial process as it replicates the conditions the beneficiary will likely experience if there is an issue with developer support. Q. What does my company need to do to use source code released from escrow? A. Your company must accomplish the following to use source code released from escrow: Obtain the deposit media provided to Iron Mountain Read the media Understand and recreate the developer s software development environment (which is often very complex) Have access to all third party tools Compile the source code Recreate executable code Install the code onto appropriate production systems Iron Mountain can perform one or more of these tasks for you when software source code is placed into escrow depending on the level of verification you select. This verification process will ensure that you can recreate these tasks if the source code needs to be released in the future. Q. When should the escrow deposit be verified? A. Iron Mountain recommends verifying a deposit at the outset when the escrow account is established. In all cases, verification should be performed before a release condition has occurred, in order to most effectively limit your exposure to risk. Q. How frequently should deposits be tested? A. This requires a cost-benefit analysis. If there is material change to the technology or if the risk profile of the developer changes detrimentally, new deposits should be verified. However, for mission-critical applications, Iron Mountain recommends testing each deposit update at some level. In less critical cases, technology users typically require testing with each major version release or bug fix. Iron Mountain s verification service levels are designed to allow for the maximum flexibility in protection during the life of the technology and escrow. 2 08445 60 70 80/www.ironmountain.co.uk

Q. What problems does Iron Mountain typically find with escrow deposits? A. Recent data on deposit testing has revealed the following: Over 70% of all deposits sent in for analysis were determined to be incomplete. 92% of examined deposits required additional input from the developer in order to be compiled. 38% of all verified deposits did not contain any configuration or build instructions, which are critical to putting escrowed materials into deployment. As a result, much of the software source code that is deposited into escrow is not ready to use upon release. Iron Mountain verification services ensure that any problems are resolved before storing and protecting the software source code. Without verification there could be considerable delays with creating a functional deposit. Q. How does the verification process work? A. Prior to performing verification tests, Iron Mountain requests that the software developer (depositor) complete an escrow deposit questionnaire (Exhibit Q). This enables Iron Mountain to understand the scope of the work required so that a detailed Statement of Work (SOW) and cost estimate for the testing can be prepared. The SOW is fixed price based on our experience and good faith estimates that the developer s representations are accurate on build times and adequacy of the instructions. Upon execution of the Statement of Work, receipt of payment and receipt of appropriate deposit materials, Iron Mountain begins testing the deposit. During testing, Iron Mountain notifies the parties of its progress. Once the testing is complete, Iron Mountain provides detailed reports of its findings to all parties. Iron Mountain will also follow up with a technical resource to review the test results with the user of the technology. Parties interested in requesting a verification of deposited materials should contact their Iron Mountain sales representative. 08445 60 70 80/www.ironmountain.co.uk 3

Intellectual Property Management Q. What are the types of technical verification offered by Iron Mountain? A. Level 1 - Inventory and Analysis Test Provides a complete audit and inventory of your deposit, including analysis of deposited media to verify the presence of build instructions and identification of materials necessary to recreate the original development environment. Level 2 - Compile Test Validates whether the development environment can be recreated from the documentation and files supplied in the escrow deposit. Level 3 - Binary Comparison Test Tests the functionality of the compiled deposit materials by comparing the files built in compile testing to the licensed, executable file running at your site. Level 4 - Full Usability Test Confirms that the source code placed in escrow will be fully functional in the event of a release. We run a series of tests to ensure that replicated software runs properly, and then create a detailed report of these tests, which includes demonstrations of the functioning software in action. Iron Mountain s Verification Service Levels Level 4 Full Usability Test Level 3 Binary Comparison Test Does the software work properly? Verify and confirm that the built application works properly when installed Level 2 Compile Test Do the files match? Verify that the compiled files on deposit compare identically to the technology licensed Level 1 Inventory & Analysis Test Do the deposited materials compile? Verify the ability to compile the deposit materials and build executable code Can the environment be recreated? Verify that information required to recreate the depositor s development environment has been stored in escrow 4 08445 60 70 80/www.ironmountain.co.uk

Q. How do I know which verification level I need? A. Iron Mountain s dedicated staff of verification experts will consult with you to determine which verification level best suits your requirements. The recommended type of testing largely depends on the criticality of your licensed technology and the business risks of your developer. For mission-critical software, Iron Mountain recommends seeking the most thorough verification testing for optimal protection against incomplete or inoperable technology escrow deposits. Software Development and Licensing FAQ Q. What is source code? A. Source code is the written version of a software application that is readable by programmers. It is like a secret recipe and is often deemed a trade secret. That s why software development companies do their best to protect their source code it is their most valuable piece of intellectual property. Licensed software cannot be repaired or upgraded without the source code. Q. What is object code? A. Object code is the translation of source code into a language that only computers can read. It consists of a series of ones and zeros. Object code is generally created by taking proprietary source code and running it through a software program that transforms the source code into object code. Object code is then bound into executable code. 08445 60 70 80/www.ironmountain.co.uk 5

Intellectual Property Management Q. Why is it necessary to know what third-party software is required to support the deposited code? A. Third-party applications are utilised in nearly every software development environment and are needed to recreate the depositor s executable code. A beneficiary that does not know what additional third-party software is needed to run in conjunction with the source code will have an extremely difficult time learning this on its own. Iron Mountain s verification process helps to identify third-party applications that are required to build executable code. Q. What is executable code? A. Near the end of the software development process, object code is linked or bound together with other object code (which may be created by third parties) to create executable code. Typically, executable code is licensed to beneficiaries and installed in a live operating environment. Software developers feel confident in licensing executable code because it is extremely difficult to reverse the process and discover the nature of the source code by examining the object code. Q. How do typical software licensing arrangements creat risk for licensees? A. Most software licences involve the licensing of executable code and not source code, which is needed to modify the technology. Because of this, the software user (licensee) is only able to correct bugs in the software, upgrade the product, and maintain the software through the software developer (licensor) the only one who has access to the source code. This puts most software licensees in an extremely vulnerable position, especially if the software vendor goes out of business, is bought by a competitor, files for bankruptcy, or discontinues providing maintenance support for any reason. The most widely used solution to this problem is to establish a technology escrow account that contains a copy of the source code and maintenance materials needed to compile and support the program. Q. What unique risks do Software As A Service (SaaS) Application Providers create? A. Since SaaS applications are running in the cloud, and not on-premises in the beneficiary s environment, the operating environment is often unfamiliar. Therefore, for SaaS environments, information about the Application Service Providers (ASPs) operating environment should be included in the escrow deposit. In addition, your company s user data also must be placed in escrow (since this also lives in the cloud) or other arrangements need to be made ensure access to the data. If these additional steps are not taken, the escrow deposit will not be useful to you upon release. Iron Mountain offers specific SaaS escrow services designed at mitigating risks of doing business with SaaS companies by addressing application continuity, service sustainability and unfettered access to data. Q. What is included in a standard Iron Mountain inspection of deposit materials? A. Iron Mountain opens every sealed escrow deposit and visually checks the deposit materials against the documentation provided by the developer (depositor). This ensures that the description of materials matches the deposit (Exhibit B). For example, if the Exhibit B states that the deposit should include three CDs and that those CDs are labeled A, B and C, then Iron Mountain will count the number of CDs in the deposit and check that they are labeled correctly. Once the visual inspection is completed, notifications are sent to the parties according to the contract terms. Of course, this is only a visual inspection, and we recommend adding additional verification services for optimal protection. 6 08445 60 70 80/www.ironmountain.co.uk

Q. Verification next steps A. By establishing an escrow arrangement with Iron Mountain, you have recognised that your licensed missioncritical technology is an important aspect of your organisation s business operations. Complementing your escrow arrangement with verification services will help to mitigate potential risks by providing complete intellectual property protection and management, and ensuring a more rapid recovery for your organisation should circumstances require it. To find out more information or to request verification services for deposited escrow materials, contact your local Iron Mountain sales representative or call us on 08445 60 70 80. Note: Statistics in this document are being reviewed constantly and may change; these are accurate as of time of publication. 08445 60 70 80/www.ironmountain.co.uk 7

Intellectual Property Management About Iron Mountain. Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organisations lower the costs, risks and inefficiencies of managing their physical and digital data. Founded in 1951, Iron Mountain manages billions of information assets, including backup and archival data, electronic records, document imaging, business records, secure shredding, and more, for organisations around the world. Visit the company Web site at www.ironmountain.com for more information. 2014 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks are the property of their respective owners. 8 08445 60 70 80/www.ironmountain.co.uk

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information