INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE … · 2018-09-16 · developer’s software or...
Transcript of INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE … · 2018-09-16 · developer’s software or...
ENTERPRISE ESCROW BEST PRACTICES REPORT
IN
TELL
ECTU
AL
PR
OPER
TY
M
AN
AG
EM
EN
T
What is Mission Critical to You?
Before you acquire mission-critical technology from a third-party
software vendor, take a few minutes to review the costs and risks.
What will happen to your company if your technology is unavailable?
Learn strategies on how you can manage your risk with a technology
escrow program.
In this report, you will learn:
—How to implement specific escrow strategies to meet your company’s individual needs.
—How the experts at Iron Mountain will work with you to simplify the escrow process and make you better prepared.
—How a best practice escrow program can reduce risks and costs to your company by ensuring your technology is available to you when you need it.
2 / Enterprise Escrow Best Practices Report
800-962-0652 / ironmountain.com / 3
Mission-critical technology is everywhere; you depend
on it every day. Failing to protect this technology puts
your business at risk.
There’s a good chance that a disruption of the third-
party software or technology your company uses could
have a catastrophic impact on your business. If your
vendor went out of business or otherwise stopped
supporting your technology, your company could suffer
considerable losses in revenue and/or productivity. With
the additional complexities of Software-as-a-Service
(SaaS), you face additional challenges since your data is
also at risk.
Iron Mountain Technology Escrow Services enable a risk
mitigation option when you negotiate a license for
software or other mission-critical technology. When a
software escrow contract is established, the proprietary
development information for that software is placed
within a secure escrow account held by Iron Mountain. If
the developer defaults on their obligations to the user at
any point in the future, the escrow materials may be
released to the user, enabling them to recreate or
maintain their mission-critical technology.
When you acquire software or other technology, escrow
and verification services should be an integral part of
the licensing discussion from the start. Once an escrow
agreement is established, it should be integrated into
your risk management plan and reviewed on a regular
basis. By safeguarding your technology assets, you are
protecting your investment.
4 STEPS TO MANAGE RISK AND IMPROVE ROI WITH THIRD-PARTY TECHNOLOGY ACQUISITIONS
Iron Mountain’s Technology Escrow Services give you the
ability to continue to use your technology even if your
vendor is no longer able or willing to provide support or
access. A technology escrow agreement also gives you
leverage in discussions with your vendor if there are
support issues.
Mission-critical applications need to be considered in your risk profile.
HERE ARE FOUR STEPS TO GUIDE YOU THROUGH THE PROCESS:
1. Evaluate Your Licensing Risks to Determine
Your Organization’s Specific Requirements
2. Reduce Risks with Verification Testing
3. Plan for Software-as-a-Service Contingencies
4. Establish a Program that Reflects Best
Practices and Ties into Risk Management Goals
4 / Enterprise Escrow Best Practices Report
WHAT’S YOUR RISK? Many factors contribute to your risk. Operational
dependencies on the product, investment of time into
this solution, an assessment of the technology
developer, and cost should all be determined when
calculating your risk factor.
1. EVALUATE YOUR LICENSING RISKS TO DETERMINE YOUR ORGANIZATION’S SPECIFIC REQUIREMENTS
Consider all the costs and risks of licensing the vendor’s
technology to determine the risk to your company in the
event the developer is no longer able or willing to
support the product.
You need to determine your operational risk if the
technology is unavailable. As your risk increases, your
need for escrow protection and verification also increases.
— How much do your operations depend on your technology?
— How much time is invested in your current technology solutions?
— What would happen to your technology if something happened to your vendor?
— What would your costs be to replace your current technology?
How do you stack up?
IDENTIFY YOUR RISKS WHEN USING ON-PREMISES (LICENSED) SOFTWARE
Costs✓ Initial investment
✓ License fee
✓ Installation
✓ Customization
✓ Reprogramming
✓ Hardware
What level of escrow protection is needed
based on the Risks of Licensed
Software?
Operational Dependencies✓ Number of users
✓ Customer impact
✓ Lost productivity
✓ Lost revenue
✓ Public Safety
Investment of Time✓ Availability of substitute products
✓ Time to recode
✓ Time to identify new product
✓ Time to negotiate new license
Vendor Assessment✓ Vendor stability
✓ Management track record
✓ Subcontractor partnerships
✓ Breadth of product lines
✓ Commitment of staff
800-962-0652 / ironmountain.com / 5
WILL YOUR TECHNOLOGY WORK WHEN IT IS NEEDED? Over 76 percent of all deposits sent in to Iron Mountain
for analysis were determined to be incomplete. As a
result, these deposits required additional input from the
developer in order to be compiled. A thorough verification
of the escrow materials provides assurance that, in the
event of a deposit release, you would be able to more
quickly and effectively read, recreate, and maintain the
developer’s software or technology in-house.
These extra precautions maximize the payoff from
investments in escrow deposits — and protect the total
2. REDUCE RISKS WITH VERIFICATION TESTING
investment in software assets. For escrow accounts to
have maximum value, it takes more than simply
depositing a set of source code files. That’s why, on
average, over 50 percent of all qualified escrow
agreements are now verified.
There are different levels of verification services — from
initial to comprehensive — and each offers increasing
levels of assurance that the technology can be recreated
and used if predetermined events and conditions do
occur. Iron Mountain’s Escrow Verification levels include:
IRON MOUNTAIN’S VERIFICATION SERVICE LEVELS
Level 1Inventory &
Analysis Test
Can the environment be recreated?Verify that information required to recreate the depositor’s development environment has been stored in escrow
Do the deposited materials compile?Verify the ability to compile the deposit materials and build executable code
Level 2Compile Test
Level 3Binary
Comparison Test
Do the files match?Verify that the compiled files on deposit compare identically to the technology licensed
Does the software work properly?Verify and confirm that the built application works properly when installed
Level 4Full Usability
Test
6 / Enterprise Escrow Best Practices Report
Unless you test the escrow deposit, there is no assurance that your escrow account contains complete, correct and
usable materials. Iron Mountain can recommend the most appropriate levels of verification for your specific situation
to strengthen the value of your escrow agreement.
— Are you protected?
— If something happens to your software vendor, will you be able to
get your application back up and running?
— Is it worthwhile to implement escrow without verification?
How do you stack up?
800-962-0652 / ironmountain.com / 7
WHAT’S YOUR SaaS RISK? Software-as-a-Service (SaaS) applications are rapidly
being integrated into many of today’s business
operations, but contingency options for SaaS
applications may be missing from your current business
continuity plans. Many times, the SaaS subscriber
assumes that the cloud provider has covered the
contingencies, but often that is not the case.
It’s hard to proactively adopt new technologies, such
as SaaS, when you acknowledge that your supplier may
3. PLAN FOR SOFTWARE-AS-A-SERVICE CONTINGENCIES
not be around long enough for you to realize the return
on your investment. You need to consider the risks
before you enter into such an arrangement, especially
for cloud-based services. Another point to remember is
that with SaaS deployments, you are accessing both
your application and data via the cloud. Physically, you
do not possess the provider’s software or your data.
Therefore, you need to make sure that if something goes
wrong, you can still access the application — and your
data — at least until you retrieve your data or migrate to
another solution.
IDENTIFY YOUR RISKS WHEN USING SaaS OR CLOUD-BASED (SUBSCRIPTION) SOFTWARE
Costs✓ Security assessments
✓ Monthly subscription
✓ Retraining and ongoing training
✓ Integration with Legacy Apps
✓ Customization
What level of escrow and data protection are
needed based on the Risks of SaaS?
Operational Dependencies✓ Number of users
✓ Customer facing impact/brand
✓ Lost productivity and Revenue
✓ Business Continuity / Disaster Recovery Planning (BC/DRP)
✓ Suitable interim alternatives
Investment of Time✓ Corporate Tolerance - Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
✓ Availability of substitute SaaS products
✓ Time to identify new product
✓ Time to transition and negotiate
Vendor Assessment✓ Vendor stability
✓ Single vs. multi tenancy
✓ Subcontractor partnerships, i.e. hosting parties
✓ Acquisition risk/change in control
8 / Enterprise Escrow Best Practices Report
As part of the contingency planning process, you should
always communicate your concerns internally and
externally. SaaS providers should proactively address
those risks by conceiving, crafting and testing the
contingency plan.
Iron Mountain SaaSProtect Services deliver a suite of
SaaS-focused contingency solutions that are tailored to
meet specific levels of risk catered to your unique
business risks. SaaSProtect Services offers the flexibility
to customize protection against disasters or other
unplanned outages – as well as typical software escrow
release events, such as bankruptcy or change in control.
SaaS PROTECT SERVICES SUITE | GRADUATED SERVICES
Did you know that 79% of SaaS providers do not guarantee application continuity, causing subscribers to have difficulty entrusting critical business processes to the cloud?
— What types of recovery services do you have in place for your SaaS applications and data?
— How will you restore your SaaS application in case of an outage or provider failure?
— Will you be able to resume operations quickly if something happens to your SaaS provider?
How do you stack up?
Escrow ServicesSource Code
Source Code Escrow
✓ Access to source code/maintenance materials only
SaaSProtectBackup
SaaS App & Data Backup
✓ Automated, continuous vaulting of app/data
✓ Access to data backup
SaaSProtectContinuity Services
SaaSProtectHigh Availability
Subscriber Recovery After a Provider Failure
✓ Automated, continuous replication of app/data
✓ Automated recovery of app/data (standby recovery environment)
✓ Access to app and data
✓ Failover capability
Full Subscriber Recovery & Provider Disaster Recovery
✓ Automated, continuous replication of app/data
✓ Automated recovery of app/data (real-time, mirrored recovery environment) ✓ Access to app and data
✓ Seamless failover/failback
✓ Disaster recovery services
FASTER RECOVERY TIME
800-962-0652 / ironmountain.com / 9
FOLLOW THESE BEST PRACTICE GUIDELINES Establish an escrow program that ties into your
corporate risk management goals. The best way to do
this is to follow these best practice guidelines.
— Set Your Terms — Establish a master escrow
agreement and be willing to cover the costs
— Start Early — Introduce escrow requirements at the
beginning of the licensing or subscription process
— Stay on Top of It — Audit your escrow agreements
annually to ensure they are up-to-date and adhere to
best practices
SET YOUR TERMS First, establish a master escrow agreement. If your
company licenses software from more than one
developer, vendor or supplier, you can simplify the
process with the use of a master escrow agreement. A
master agreement between your company and Iron
Mountain will include the terms and conditions you
specify and will govern the administration of escrow
deposit accounts with multiple developers. If you plan to
pay for the escrow — rather than depend on your
developer to cover the cost — you will be able to drive
the terms and conditions of the escrow agreement.
A master agreement lets you set the terms and enroll
new developers with ease while driving consistency and
reducing cost.
Key terms of any software escrow agreement include:
✓ Deposit contents, update process and frequency
✓ Verification rights — know what you have
✓ Release conditions
✓ Release mechanism, objection period, contrary
instructions, etc.
✓ Rights to use following release
✓ Payment of fees and dispute resolution
4. ESTABLISH A PROGRAM THAT REFLECTS BEST PRACTICES & TIES INTO RISK MANAGEMENT GOALS
START EARLY You should introduce and determine the need for escrow
early — during the vendor selection process. By building
escrow into your request for information (RFI) and
request for proposal (RFP) processes, you can drive the
escrow agreement, get the best terms, and ensure
consistent use of your escrow terms. Here are some tips
to help make this happen:
✓ Provide a copy of your executed Master Escrow
Agreement to your potential software vendor along
with your License Agreement and set expectations
with the software vendor regarding items to be
deposited and test level required
✓ Request that the software vendor provide the
required information to Iron Mountain to obtain a
quote for the specified level of verification testing
required by your risk assessment
✓ Always strive to sign the escrow agreement at the
same time as the license agreement
✓ Establish internal guidelines for deviating from
your Master Escrow Agreement terms — and
consult with Iron Mountain to review your options
and determine the best approach
✓ If your software is a SaaS application, you need to
be ready to recover, restore and resume that
application with continuity services
10 / Enterprise Escrow Best Practices Report
STAY ON TOP OF IT Escrow should be an integral part of your risk
management plan, and you should review that plan
annually to ensure the terms are appropriate and
deposits are current. There’s no sense in paying for
escrow on technology that is no longer used, so regular
check-ups are a good idea.
As part of a sound Technology Asset Management
program, you should audit your escrow accounts
each year. Iron Mountain will review your current
accounts with you, and let you know how your escrow
plan compares to other companies in your industry.
For instance, we’ll review deposit frequency, confirm
contact information on your accounts, and advise you of
which accounts may not be adhering to your established
best practices.
An up-to-date, functional escrow plan will deliver a
return on your investment, because you know your
technology assets will be protected and available to you
in the future.
Our goal is to ensure that your escrow agreement offers
you the best protection possible.
“Iron Mountain’s escrow and verification services deliver real peace of mind for our IT and management teams, and provide assurances for the continuity of our business operations.”
— IT Project Manager Enterprise customer
— Have you established a master escrow agreement?
— How many escrow agreements have used the master agreement vs. another form of agreement since
the master was established?
— Is escrow part of your RFI and RFP processes?
— Do you feel that your escrow agreements reflect the best possible terms?
— Do you review your escrow agreements annually?
— Are your escrow deposits current?
How do you stack up?
800-962-0652 / ironmountain.com / 11
Did you know that Iron Mountain created the technology
escrow industry in 1982 to help companies protect
software source code and other intellectual property?
Today, more than 90 percent of Fortune 500 companies
turn to Iron Mountain for software escrow protection.
Our escrow best practices can help you ensure that your
company’s critical information is protected, your risk and
your costs are reduced, and your investments in
technology are preserved.
Your Iron Mountain account representative can assess
your current escrow program, and make strategic
recommendations to align it with our best practices.
ARE YOU READY TO START IMPLEMENTING ESCROW BEST PRACTICES?
ABOUT IRON MOUNTAIN Every day, companies big and small, in virtually every
industry, trust Iron Mountain to store, protect and
manage their information. We help businesses just like
yours take advantage of cost savings, improved
efficiency and reduced risks. With an Iron Mountain
software escrow agreement in place, you’ll gain peace of
mind and protect your company’s mission-critical
technology.
— Talk to Iron Mountain at 800-962-0652
— Learn more at www.ironmountain.com/escrow
US-EXT-ES-BP-010814-001
ABOUT IRON MOUNTAIN. Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organizations lower the costs, risks and inefficiencies of managing their physical and digital data. Founded in 1951, Iron Mountain manages billions of information assets, including backup and archival data, electronic records, document imaging, business records, secure shredding, and more, for organizations around the world. Visit the company Website at www.ironmountain.com for more information.
© 2014 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks are the property of their respective owners.
800 899 IRON (4766) / ironmountain.com 12
Enterprise Escrow Best Practices Report
Please contact your Iron Mountain Intellectual Property Management Sales Representative to discuss the
availability of a customized Enterprise Escrow Best Practices Report for your company.