Underwriters who provide insurance cover against loss of profits to corporate entities can improve their risk profile in this area by insisting that clients lodge mission-critical software source code in escrow.
The key advantage of doing so is to ensure that software applications which are vital to the profitable operation of the business could be recompiled and re-deployed, should the software supplier (for whatever reason) become unable to support or maintain their product(s).
Organisations who are reliant on computer technology, wholly or in part, for generating revenues and profits are at serious risk if their software supplier is liquidated, or merges with another business that is unable or unwilling to support the product (or wishes to do so only under commercially unacceptable terms), or otherwise stops servicing their product, says Andrew Stekhoven, Managing Director of Escrow Europe (South Africa), a leading provider of active software escrow and related services.
“The reason is organisations are at risk is because of two ‘languages’ – object and source,” explains Stekhoven.
“Object code is readable only by a machine (i.e. the computer system), and cannot be debugged, corrected, maintained or updated in this format. Source code, on the other hand, is readable by humans and is the language we use to write, debug, correct and update, and thereafter compile into object code for re-installation on the computer.
“Obviously, the source code is the intellectual property of the developer. So, the vast majority of software procurement agreements involve the licence for, or use of, the software in object code format only.
“The power of escrow is that, in the event of the supplier no longer being available, the escrow arrangement provides for access by the end-user to the source code of the product.”
Escrow agreements are already common cause in Europe and the US (even SAP end-users are protected by source code escrow arrangements). Uptake in South Africa has been slow despite the recommendations of King III but, with Gartner and COBIT(r) 5 also now acknowledging it as an elegant solution, this could change.
“It should be obvious to players in the insurance underwriting arena that software escrow could be a significant risk reduction tool, if it were made mandatory for clients seeking cover against loss of profits.
“Software escrow arrangements made by professional and knowledgeable escrow service providers lower the underwriter's risk by ensuring the end-user has access to source code under specified future conditions.
“In particular, escrow ensures that there is guaranteed access and legal right to the escrow material by the end-user; that the source code in escrow will be complete and recompilable in the event of such a release; and that the end-user, who has then had prior opportunity to ensure the availability of suitably qualified resources, will be able support and maintain the software in the absence of the supplier.
“Thus, in effect, the escrow agreement is a ‘technical insurance policy’ that guarantees end-user business continuity should the software provider be unable to continue supporting the product. As such, it should be attractive to all underwriters who seek to remove elements of doubt and uncertainty in framing policies involving profit-loss cover such as Multimark policies, Directors and Officers (D&O) policies etc,” concludes Stekhoven.