SlideShare a Scribd company logo

Escrow Presentation Final

Download as PPT, PDF
T
Tony_Clarke

The document discusses NCC Group's escrow and verification services. It provides an overview of the company and describes escrow as an arrangement where critical digital assets are held in a third party in case the supplier becomes unavailable. It outlines the benefits of escrow for both licensees and suppliers. Various types of escrow solutions are described for software, SaaS, and other information. Verification services provide assurance that deposited materials are complete and can be rebuilt. Risk assessment and escrow policy documents help clients determine appropriate protection levels.

1 of 10
Downloaded 42 times
1
2
3
4
5
6
7
8
9
10
NCC Group Escrow INSERT PRESENTATION TITLE Tony Clarke Account Manager Telephone: +44 (0) 161 209 5338 Mobile: +44 (0) 75953 32020 e-mail: [email_address]
Agenda About NCC Group About NCC Group Escrow Escrow – a simple explanation Benefits of Escrow Escrow – types of solutions Verification Services – a simple explanation Verification Services – types of solutions Risk Assessment Guide & Escrow Policy Document
About NCC Group The world’s leading independent IT Assurance provider: Largest provider of escrow Largest team of Ethical Security Testers Multinational customer base with15,000 customers including 94 out of the FTSE 100 The Group has two complementary division Group Escrow & Assurance Testing 10 offices in the UK, North America, the Netherlands, Switzerland & Germany Formed June 1999, a secure, stable, well respected plc listed on the London Stock Exchange with a group revenue of £53.7m (2009:2010) Independence from hardware & software providers ensures that unbiased & impartial advice is always offered
About NCC Group Escrow 30+ years experience of providing high quality escrow services Most comprehensive escrow services available protecting customers worldwide Strong relationships with over 5,000 software suppliers Over 2,000 multi-licensee agreements in place Over 200 escrow employees in 5 countries Expert in house legal & technical team Experienced, high quality, security cleared, in-house testing team with 15 engineers   Highest levels of quality assurance ISO 9001 accredited: formal quality assurance ISO/IEC 27001accredited: information security standard
Escrow – a simple explanation Most organisations are dependent on third party supplied software applications /business processes to run their day to day operations However, depending on third parties to always be around to support and maintain business critical software applications and services brings about a high element of risk Escrow is a simple and effective arrangement designed to minimise this risk and protect the interests of all parties involved The terms of the arrangement are defined in a straight forward legal agreement between supplier, licensee & escrow provider NCC Group as the escrow provider holds a copy of the assets on which an organisation depends but does not own NCC Group ensures source code & other business critical materials are protected & accessible ‘ Trigger Events’ defined in the agreement where business critical material is released to licensee include; liquidation, ceasing to trade, failure to meet maintenance obligations & IPR assignment (if new owner provides no escrow protection)
Benefits of Escrow Licensee ‘ Insurance policy’ against the unpredictable IT market Allows continuing maintenance of critical applications in event of release of code Provides protection during investment in IT development Essential part of business continuity and disaster recovery planning Provides leverage e.g. where supplier defaults on contractual obligations or IPR’s assigned to a new supplier Supplier/distributor Demonstrates commitment to clients & stability of company Illustrates that the relationship is viewed as long term Confirms active support of best practice & proactive stance to risk management Provides competitive edge - particularly for niche suppliers Helps protect IPR Helps protects distributors’ business
Escrow – types of solutions Software Escrow Protects software application source code – including web site applications Available where a software application has been specifically written or amended (single licensee) and for standard ‘off-the-shelf’ applications where same software used by several licensees (multi licensee) NCC Group maintains template escrow agreements to cover different licensing arrangements e.g. to include outsourcers or distributors Software-as-a-Service Escrow Enables organisation to balance risk & protect its investment in SaaS Ensures required executable application, infrastructure architecture, subscriber data and source code material can be accessed & released Staged release process Information Escrow Protects product design, manufacturing processes, marketing material & industrial formulae Often as business critical as software applications
Verification Services – a simple explanation Verification of source code is a key element of mitigating risk for critical business applications NCC Group verification service provides confirmation that material held is correct and complete Verification ensures the material held includes the information & components required to re-create systems from raw source code NCC Group’s verification & escrow services are designed to complement each other – assisting companies dependent on crucial assets Customers include end-users & suppliers End users – in the event that they need to take over maintenance of source code it can be re-constructed Software suppliers – use to reassure customers of their best practice commitment
Verification Services – types of solutions Full Verification Provides assurance that the deposited source code under an Escrow agreement is correct & complete and can be rebuilt NCC Group observes complete application build at supplier’s site Build is fully documented & a report is produced describing every step Build Assured Verification Recommended where source code maintenance is to be undertaken by third party of behalf of end user in event of a release Provides benefits of Full Verifications with additional assurance that build completed at independent secure location (NCC Group test laboratory) User Assured Verification Recommended when source code maintenance is transferred to end user All benefits of Full Verification, with additional assurance of build repeated at end user Collect source code, build at supplier’s site - fully documenting build, then using the documentation build & install at end user’s site
Risk Assessment Guide & Escrow Policy Document NCC Group’s Risk Assessment Guide has been developed to assist in identifying the applications that are at most risk and in planning your escrow requirements for each application You can find out what level of protection you need based on how business critical your applications are We advise that an Escrow Risk Assessment should take place: At initial procurement of application After any major upgrade Every 12 months Following the Risk Assessment, our Escrow Policy Document will act as a useful tool for all business users, outlining how your escrow protection will be managed moving forward including responsibilities, contact details and key timelines

More Related Content

PPT
Escrow Presentation
lucydavidson
 
PPT
Escrow Presentation
ejervis
 
PPT
Escrow Presentation2010
simongreaves
 
PPT
Source Code Escrow Agreements 2010.02.12
Richard Austin
 
PPT
NCC Group Software Escrow Services
philomole
 
PDF
Ncc Group Escrow Overview 2010
Jonnyhyde
 
PPT
Industry Reliability and Security Standards Working Together
EnergySec
 
PPTX
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 
Escrow Presentation
lucydavidson
 
Escrow Presentation
ejervis
 
Escrow Presentation2010
simongreaves
 
Source Code Escrow Agreements 2010.02.12
Richard Austin
 
NCC Group Software Escrow Services
philomole
 
Ncc Group Escrow Overview 2010
Jonnyhyde
 
Industry Reliability and Security Standards Working Together
EnergySec
 
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 

What's hot (20)

PPTX
CMMC rollout: How CMMC will impact your organization
Infosec
 
PPTX
Isaca career paths - the highest paying certifications in the industry
Infosec
 
PPTX
CompTIA Security+: Everything you need to know about the SY0-601 update
Infosec
 
PDF
Anajli_Synopsis
Anjali Arora
 
PDF
1588245852 epdf
SaadiaMobeen1
 
PDF
Gpc case study_eng_0221
SALIH AHMED ISLAM
 
PDF
CompTIA cysa+ certification changes: Everything you need to know
Infosec
 
PPTX
Securing your supply chain & vicarious liability (cyber security)
Ollie Whitehouse
 
PDF
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
 
PDF
SIEM brochure A4 8pp FINAL WEB
Merlin Govender
 
PPTX
Software Contract and Liability
Mohamad Sani
 
PPT
Information Security Seminar
Acend Corporate Learning
 
PDF
CMMC case study: Inside a CMMC assessment
Infosec
 
PPTX
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
PDF
Digital Ethical Risk Assessment
Marc St-Pierre
 
PDF
Third Party Network Webinar Slide Deck 110718 FINAL
DVV Solutions Third Party Risk Management
 
PPTX
PCI DSS Compliance in the Cloud
ControlCase
 
DOCX
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PDF
Facility Environmental Audit Guidelines
amburyj3c9
 
PDF
___2360_SP_VMAN---Screen
Manuel Sanchez Lopez
 
CMMC rollout: How CMMC will impact your organization
Infosec
 
Isaca career paths - the highest paying certifications in the industry
Infosec
 
CompTIA Security+: Everything you need to know about the SY0-601 update
Infosec
 
Anajli_Synopsis
Anjali Arora
 
1588245852 epdf
SaadiaMobeen1
 
Gpc case study_eng_0221
SALIH AHMED ISLAM
 
CompTIA cysa+ certification changes: Everything you need to know
Infosec
 
Securing your supply chain & vicarious liability (cyber security)
Ollie Whitehouse
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
 
SIEM brochure A4 8pp FINAL WEB
Merlin Govender
 
Software Contract and Liability
Mohamad Sani
 
Information Security Seminar
Acend Corporate Learning
 
CMMC case study: Inside a CMMC assessment
Infosec
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
Digital Ethical Risk Assessment
Marc St-Pierre
 
Third Party Network Webinar Slide Deck 110718 FINAL
DVV Solutions Third Party Risk Management
 
PCI DSS Compliance in the Cloud
ControlCase
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Facility Environmental Audit Guidelines
amburyj3c9
 
___2360_SP_VMAN---Screen
Manuel Sanchez Lopez
 
Ad

Similar to Escrow Presentation Final (20)

PDF
Holding Trust Inc. - Escrow Overview
Raoul Gomes
 
PDF
Source code escrow and continuity in the cloud
Ernst-Jan Louwers
 
PDF
Software Escrow Services
National Software Escrow, Inc.
 
PPTX
What is Software Escrow?
escrowsoftware
 
PPTX
Escrowtech Services in Chennai | Software Escrow Agreement Company
escrowsoftware
 
PDF
NCHICA - Contracts with Healthcare Cloud Computing Vendors
WhitmeyerTuffin
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
KEY
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
 
PPTX
Software Licensing In The Cloud (CloudWorld 2009)
Stuart Charlton
 
PPT
Understanding Minimizing And Mitigating Risk In Cloud Computing
Janine Anthony Bowen, Esq.
 
PPTX
Ethics and Security of Cloud Computing for Lawyers
Robert Ambrogi
 
PDF
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
PPT
Mining IT Summit Nov 6 2014
Lisa Abe-Oldenburg, B.Comm., JD.
 
PPT
Lefkowitz Innovation
guest4d7807
 
PDF
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Novell
 
PDF
SaaS Platform Securing
Leo TechnoSoft
 
PDF
Sentinel Software Monetization Solutions - Family Brochure
LicensingLive! - SafeNet
 
PDF
Cloud Computing for Lawyers: Practical and Ethical Uses of the Cloud
Robert Ambrogi
 
PPSX
The security of SAAS and private cloud
Azure Group
 
PDF
Secure Cloud Computing
Alasdair Kilgour
 
Holding Trust Inc. - Escrow Overview
Raoul Gomes
 
Source code escrow and continuity in the cloud
Ernst-Jan Louwers
 
Software Escrow Services
National Software Escrow, Inc.
 
What is Software Escrow?
escrowsoftware
 
Escrowtech Services in Chennai | Software Escrow Agreement Company
escrowsoftware
 
NCHICA - Contracts with Healthcare Cloud Computing Vendors
WhitmeyerTuffin
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
 
Software Licensing In The Cloud (CloudWorld 2009)
Stuart Charlton
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Janine Anthony Bowen, Esq.
 
Ethics and Security of Cloud Computing for Lawyers
Robert Ambrogi
 
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
Mining IT Summit Nov 6 2014
Lisa Abe-Oldenburg, B.Comm., JD.
 
Lefkowitz Innovation
guest4d7807
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Novell
 
SaaS Platform Securing
Leo TechnoSoft
 
Sentinel Software Monetization Solutions - Family Brochure
LicensingLive! - SafeNet
 
Cloud Computing for Lawyers: Practical and Ethical Uses of the Cloud
Robert Ambrogi
 
The security of SAAS and private cloud
Azure Group
 
Secure Cloud Computing
Alasdair Kilgour
 
Ad

Escrow Presentation Final

  • 1. NCC Group Escrow INSERT PRESENTATION TITLE Tony Clarke Account Manager Telephone: +44 (0) 161 209 5338 Mobile: +44 (0) 75953 32020 e-mail: [email_address]
  • 2. Agenda About NCC Group About NCC Group Escrow Escrow – a simple explanation Benefits of Escrow Escrow – types of solutions Verification Services – a simple explanation Verification Services – types of solutions Risk Assessment Guide & Escrow Policy Document
  • 3. About NCC Group The world’s leading independent IT Assurance provider: Largest provider of escrow Largest team of Ethical Security Testers Multinational customer base with15,000 customers including 94 out of the FTSE 100 The Group has two complementary division Group Escrow & Assurance Testing 10 offices in the UK, North America, the Netherlands, Switzerland & Germany Formed June 1999, a secure, stable, well respected plc listed on the London Stock Exchange with a group revenue of £53.7m (2009:2010) Independence from hardware & software providers ensures that unbiased & impartial advice is always offered
  • 4. About NCC Group Escrow 30+ years experience of providing high quality escrow services Most comprehensive escrow services available protecting customers worldwide Strong relationships with over 5,000 software suppliers Over 2,000 multi-licensee agreements in place Over 200 escrow employees in 5 countries Expert in house legal & technical team Experienced, high quality, security cleared, in-house testing team with 15 engineers   Highest levels of quality assurance ISO 9001 accredited: formal quality assurance ISO/IEC 27001accredited: information security standard
  • 5. Escrow – a simple explanation Most organisations are dependent on third party supplied software applications /business processes to run their day to day operations However, depending on third parties to always be around to support and maintain business critical software applications and services brings about a high element of risk Escrow is a simple and effective arrangement designed to minimise this risk and protect the interests of all parties involved The terms of the arrangement are defined in a straight forward legal agreement between supplier, licensee & escrow provider NCC Group as the escrow provider holds a copy of the assets on which an organisation depends but does not own NCC Group ensures source code & other business critical materials are protected & accessible ‘ Trigger Events’ defined in the agreement where business critical material is released to licensee include; liquidation, ceasing to trade, failure to meet maintenance obligations & IPR assignment (if new owner provides no escrow protection)
  • 6. Benefits of Escrow Licensee ‘ Insurance policy’ against the unpredictable IT market Allows continuing maintenance of critical applications in event of release of code Provides protection during investment in IT development Essential part of business continuity and disaster recovery planning Provides leverage e.g. where supplier defaults on contractual obligations or IPR’s assigned to a new supplier Supplier/distributor Demonstrates commitment to clients & stability of company Illustrates that the relationship is viewed as long term Confirms active support of best practice & proactive stance to risk management Provides competitive edge - particularly for niche suppliers Helps protect IPR Helps protects distributors’ business
  • 7. Escrow – types of solutions Software Escrow Protects software application source code – including web site applications Available where a software application has been specifically written or amended (single licensee) and for standard ‘off-the-shelf’ applications where same software used by several licensees (multi licensee) NCC Group maintains template escrow agreements to cover different licensing arrangements e.g. to include outsourcers or distributors Software-as-a-Service Escrow Enables organisation to balance risk & protect its investment in SaaS Ensures required executable application, infrastructure architecture, subscriber data and source code material can be accessed & released Staged release process Information Escrow Protects product design, manufacturing processes, marketing material & industrial formulae Often as business critical as software applications
  • 8. Verification Services – a simple explanation Verification of source code is a key element of mitigating risk for critical business applications NCC Group verification service provides confirmation that material held is correct and complete Verification ensures the material held includes the information & components required to re-create systems from raw source code NCC Group’s verification & escrow services are designed to complement each other – assisting companies dependent on crucial assets Customers include end-users & suppliers End users – in the event that they need to take over maintenance of source code it can be re-constructed Software suppliers – use to reassure customers of their best practice commitment
  • 9. Verification Services – types of solutions Full Verification Provides assurance that the deposited source code under an Escrow agreement is correct & complete and can be rebuilt NCC Group observes complete application build at supplier’s site Build is fully documented & a report is produced describing every step Build Assured Verification Recommended where source code maintenance is to be undertaken by third party of behalf of end user in event of a release Provides benefits of Full Verifications with additional assurance that build completed at independent secure location (NCC Group test laboratory) User Assured Verification Recommended when source code maintenance is transferred to end user All benefits of Full Verification, with additional assurance of build repeated at end user Collect source code, build at supplier’s site - fully documenting build, then using the documentation build & install at end user’s site
  • 10. Risk Assessment Guide & Escrow Policy Document NCC Group’s Risk Assessment Guide has been developed to assist in identifying the applications that are at most risk and in planning your escrow requirements for each application You can find out what level of protection you need based on how business critical your applications are We advise that an Escrow Risk Assessment should take place: At initial procurement of application After any major upgrade Every 12 months Following the Risk Assessment, our Escrow Policy Document will act as a useful tool for all business users, outlining how your escrow protection will be managed moving forward including responsibilities, contact details and key timelines