SlideShare a Scribd company logo

Escrow Presentation2010

Download as PPT, PDF
S
simongreaves

The presentation discusses NCC Group's escrow solutions and the need for software escrow agreements. It explains what software escrow is, the benefits for licensees, and primary components of escrow agreements. It also covers why testing is important, effects of the current economic climate, and how to assess risk and implement escrow policies.

1 of 22
Downloaded 47 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Escrow Solutions Presentation NCC Group Plc Manchester Technology Centre Oxford Road Manchester M1 7EF www.nccgroup.com Simon Greaves Key Account Manager Tel: +44 (0) 161 209 5190 e-mail: [email_address]
Agenda About NCC Group The need for software escrow What is software escrow? Benefits NCC Group Escrow Solutions Primary Components Of Escrow Agreement What Can You Do if a release event is triggered Why is testing important? NCC Group Verification Services Effect Of Current Economic Climate Risk assessment / escrow policy Current Agreements
About NCC Group What we do : independent IT assurance, security and consultancy services - over 15,000 clients worldwide including 94 of the FTSE 100 USP : no ties or relationships to hardware or software suppliers - focus on developing intelligent solutions & building lasting partnerships with clients Size : based in Manchester with offices throughout the UK, Europe & California, currently employ 350 + staff worldwide History : formed in 1999, listed on London Stock Exchange since July 2004, consistent track record of solid growth. July 2007 full listing Our business: three complementary divisions: Escrow Solutions, Assurance Testing and Consultancy NCC Group is the world’s largest Software escrow provider
Our services Escrow Solutions Ensure business-critical material or source code is protected and accessible should a key supplier fail Confirms material held is properly protected - verify it can be rebuilt from components Assurance Testing Test & monitor system, network & web site performance to ensure effective, robust and delivering optimum performance Ethical security testing of networks and applications and security policies in practice to ensure organisations safe from threat of unauthorised access Consultancy Provide advice at all levels to help organisations improve performance through effective use of IT & business processes Protect organisations against a variety of risks through development & implementation of effective plans and compliance with relevant standards
The need for software escrow The failure of any these applications would result in financial or operational loss Therefore organisations are reliant on the owner / supplier to provide support and maintenance BUT they will only supply the ‘object code’ - the ‘source code’ is required to support and maintain However if the owner is no longer willing / able to provide support in the event of failure….. And there is increasing scrutiny on corporate governance and risk management – Sarbanes Oxley, Basel II, FSA Rules and Regulations Source: Vision One Research 2007
What is software escrow? Legal agreement between supplier, licensee & escrow provider (distributor if applicable) Supplier obligated to deposit source code in escrow and to keep updated ‘ Trigger Events’ defined in the agreement where source code released to licensee such as: Liquidation Ceasing to trade Failure to meet maintenance obligations IPR assignment (if new owner provides no escrow protection)
Benefits for the licensee ‘ Insurance policy’ against the unpredictable IT market Allows continuing maintenance of critical applications in event of release of code Provides protection during investment in IT development Essential part of business continuity and disaster recovery planning Provides leverage against supplier who defaults on contractual obligations / IPR’s assigned to a new supplier
NCC Group Escrow Solutions Software Escrow Single and multi licensee agreements Holding Agreements Development agreements Specialised outsourcer and distributor agreements Staggered release agreements to protect distributors and end-users Web sites and web applications covered Information Escrow Product designs Manufacturing processes Marketing information Copyright Protection Agreement NCC Group Escrow Solutions are flexible and can cover all situations
Primary Components of Escrow Agreement Owners Duties and Warranties Initial deposit within 30 days Frequency of future deposits (yearly / quarterly) Scope of material to be deposited Warranty of IPR ownership in the material Licensee Responsibility Notify NCC Group if deposit update required Confidentiality undertaking in event of release Release Events Release Process Independent expert determination in the event of dispute Time bound process
Primary Components of Escrow Agreement Integrity Testing and Full Verification NCC Group Liability / Indemnity Termination Owner cannot terminate without licensee consent Schedules Package Name NCC Escrow Fees The proportion of fees paid by each party
What can YOU do if a release is triggered? Get a release of the source code deposit: Appoint another software supplier to take over maintenance OR Take over support and maintenance in-house i.e. be prepared in the case that the application subsequently fails or needs maintenance Use the potential option of release to negotiate a good deal with the new Owner of the IPR, introduced through NCC Group Remember that Escrow is a leverage tool in cases of: Issues with support and maintenance Change of IPR ownership, negotiate good terms with new supplier Software Owner liquidation – leading to change of IPR Ownership
Why is testing important? Only the depositor knows what’s stored on the deposited media Mistakes are often made when preparing the deposit Vital information such as build scripts can be left out The scope of the material to be deposited can be misunderstood It’s too late to ask questions if the supplier has gone out of business… All escrow deposits are integrity tested as standard to ensure accessible and virus free
NCC Group Verification Services Full Verification: We observe complete build of application at supplier's site Every detail of environment & build process detailed in a comprehensive report, describing every step involved in building the source code into the working application Escrow Now: Recommended where source code maintenance would be undertaken by a third party Full Verification with additional assurance of build in independent secure location - our secure test laboratory Report also provides information on timescales, technical skills & costs of rebuild to assist with selection of suitable third party
NCC Group Verification Services Escrow Complete: Recommended where source code maintenance would be undertaken by the licensee Full Verification with additional assurance of build repeated in licensee's environment Source code collected & built at supplier's site and then built & installed at user's site Integrity Plus: Recommended for other material which cannot be checked through build process / during software development Intelligent collection & audit of material at supplier’s site
Effect Of Current Economic Climate Software companies need cash to develop new applications to survive Access to credit is the lowest it’s ever been Small and mid size companies are under real threat of closure due to falling profits and not being able to finance debt Your company is reliant on those software owners If your supplier fails the effect on your business could be catastrophic... e.g. Zavvi uses EUK (Woolworths) EUK stops supplying Zavvi has to close online sales as they have no stock and are now being run by administrators with 22 stores already closed 200% increase in release events in last ¼ of 2008
Act on Escrow NOW Nortel has gone into Chapter 11: Nortel is the first major vendor in the ICT industry to have gone into administration as a direct result of the credit crunch. http://www.electronicsweekly.com/Articles/2009/01/14/45269/nortel-goes-into-administration.htm 1 in 5 software companies could go out of business according to a recent survey by Plimsoll http://www.computerweekly.com/Articles/2008/04/24/230427/recession-could-force-uk-software-firms-out-of-business.htm Autodesk has joined the growing number of technology companies to cut staff, announcing today that it will reduce its workforce by 750 http://www.vnunet.com/vnunet/news/2234114/autodesk-cuts-750-jobs
Risk assessment & escrow policy Assess business criticality of application (guidance sheet provided): Initial procurement Major upgrade Every 12 months Educate and involve business users in evaluating need for escrow & managing protection once in place Educate and involve sales staff in evaluating need for escrow protection to assist sales and protect distributor arrangements Check required protection is in place through regular risk management and business continuity audits
Escrow Clause The [owner] shall lodge the source code (documents, materials and any other relevant information) of the [software package as defined within the software contract] with NCC Escrow International Limited upon the attached terms and conditions. The escrow agreement shall be completed as soon as practicable and in any event within [30 days] from the date of this agreement. In addition, should the [licensee] require it, the [owner] hereby agrees to cooperate in carrying out full verification testing as defined in and in accordance with the terms of the escrow agreement.
Questions and Answers Simon Greaves NCC Group plc Manchester Technology Centre, Oxford Road,  Manchester M1 7EF UK +44 161 209 5327 [email_address] www.nccgroup.com
 
 
Your Account Manager NCC Group plc Manchester Technology Centre, Oxford Road,  Manchester M1 7EF UK +44 161 209 5190 Simon Greaves www.nccgroup.com

More Related Content

PPT
Escrow Presentation Final
Tony_Clarke
 
PPT
Escrow Presentation
lucydavidson
 
PPT
Industry Reliability and Security Standards Working Together
EnergySec
 
PPTX
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 
PPTX
The Economics of Security
Network Intelligence India
 
PPTX
7steps software-licensing
suyashawasthi
 
PPTX
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA
 
PPTX
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 
Escrow Presentation Final
Tony_Clarke
 
Escrow Presentation
lucydavidson
 
Industry Reliability and Security Standards Working Together
EnergySec
 
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 
The Economics of Security
Network Intelligence India
 
7steps software-licensing
suyashawasthi
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Flexera
 

What's hot (20)

PDF
ICT eGuide: Switching foundation technology for better cyber security
Niamh Hughes
 
PPTX
Smart grid in the Critical National Infrastructure
Ollie Whitehouse
 
PDF
Digital Ethical Risk Assessment
Marc St-Pierre
 
PPTX
CompTIA network+ | Everything you need to know about the new exam
Infosec
 
PDF
Broadening Your Cybersecurity Mindset
CSI Solutions
 
PDF
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Miriam L
 
PDF
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
 
PPT
Information Security Seminar
Acend Corporate Learning
 
PPT
Software Licensing & Compliance: Two Strategies, One Goal
Jeff Gustafson
 
PDF
Webinar–Why All Open Source Scans Aren't Created Equal
Synopsys Software Integrity Group
 
PPTX
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
PDF
Webinar–You've Got Your Open Source Audit Report–Now What?
Synopsys Software Integrity Group
 
PDF
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
PDF
Webinar–Open Source Risk in M&A by the Numbers
Synopsys Software Integrity Group
 
PDF
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Synopsys Software Integrity Group
 
PPTX
Insights into your IT Service Management - Middle East
Ivanti
 
PPTX
Isaca career paths - the highest paying certifications in the industry
Infosec
 
PDF
Webinar–The State of Open Source in M&A Transactions
Synopsys Software Integrity Group
 
PDF
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
 
PPTX
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Flexera
 
ICT eGuide: Switching foundation technology for better cyber security
Niamh Hughes
 
Smart grid in the Critical National Infrastructure
Ollie Whitehouse
 
Digital Ethical Risk Assessment
Marc St-Pierre
 
CompTIA network+ | Everything you need to know about the new exam
Infosec
 
Broadening Your Cybersecurity Mindset
CSI Solutions
 
Security in Mergers and Acquisitions - NTT Security - Miriam Levenstein
Miriam L
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
 
Information Security Seminar
Acend Corporate Learning
 
Software Licensing & Compliance: Two Strategies, One Goal
Jeff Gustafson
 
Webinar–Why All Open Source Scans Aren't Created Equal
Synopsys Software Integrity Group
 
Assuring the Security of the Supply Chain - Designing best practices for cybe...
Ollie Whitehouse
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Synopsys Software Integrity Group
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
Webinar–Open Source Risk in M&A by the Numbers
Synopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Synopsys Software Integrity Group
 
Insights into your IT Service Management - Middle East
Ivanti
 
Isaca career paths - the highest paying certifications in the industry
Infosec
 
Webinar–The State of Open Source in M&A Transactions
Synopsys Software Integrity Group
 
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Flexera
 
Ad

Similar to Escrow Presentation2010 (20)

PPT
Escrow Presentation
ejervis
 
PPT
NCC Group Software Escrow Services
philomole
 
PDF
Ncc Group Escrow Overview 2010
Jonnyhyde
 
PPT
Source Code Escrow Agreements 2010.02.12
Richard Austin
 
PPTX
What is Software Escrow?
escrowsoftware
 
PPTX
Escrowtech Services in Chennai | Software Escrow Agreement Company
escrowsoftware
 
PDF
Source code escrow and continuity in the cloud
Ernst-Jan Louwers
 
PPTX
Pitfalls of Software Licenses (2)
ravimohan2
 
PDF
NCHICA - Contracts with Healthcare Cloud Computing Vendors
WhitmeyerTuffin
 
PPT
Lefkowitz Innovation
guest4d7807
 
PDF
Software Escrow Services
National Software Escrow, Inc.
 
DOC
Elevator Up Software Licensing Issues Checklist
P. Haans Mulder, JD, MST, CFP®
 
DOC
Software Licensing Issues
haansmulder
 
DOC
Software Licensing Issues Checklist
P. Haans Mulder, JD, MST, CFP®
 
PDF
Holding Trust Inc. - Escrow Overview
Raoul Gomes
 
PDF
NewFile
Beenish Burhan
 
PDF
TestTitle
Beenish Burhan
 
PDF
testdata
Beenish Burhan
 
KEY
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
 
PPTX
ContinuíTeit Version 1
Ruud Ramakers
 
Escrow Presentation
ejervis
 
NCC Group Software Escrow Services
philomole
 
Ncc Group Escrow Overview 2010
Jonnyhyde
 
Source Code Escrow Agreements 2010.02.12
Richard Austin
 
What is Software Escrow?
escrowsoftware
 
Escrowtech Services in Chennai | Software Escrow Agreement Company
escrowsoftware
 
Source code escrow and continuity in the cloud
Ernst-Jan Louwers
 
Pitfalls of Software Licenses (2)
ravimohan2
 
NCHICA - Contracts with Healthcare Cloud Computing Vendors
WhitmeyerTuffin
 
Lefkowitz Innovation
guest4d7807
 
Software Escrow Services
National Software Escrow, Inc.
 
Elevator Up Software Licensing Issues Checklist
P. Haans Mulder, JD, MST, CFP®
 
Software Licensing Issues
haansmulder
 
Software Licensing Issues Checklist
P. Haans Mulder, JD, MST, CFP®
 
Holding Trust Inc. - Escrow Overview
Raoul Gomes
 
NewFile
Beenish Burhan
 
TestTitle
Beenish Burhan
 
testdata
Beenish Burhan
 
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
 
ContinuíTeit Version 1
Ruud Ramakers
 
Ad

Escrow Presentation2010

  • 1. Escrow Solutions Presentation NCC Group Plc Manchester Technology Centre Oxford Road Manchester M1 7EF www.nccgroup.com Simon Greaves Key Account Manager Tel: +44 (0) 161 209 5190 e-mail: [email_address]
  • 2. Agenda About NCC Group The need for software escrow What is software escrow? Benefits NCC Group Escrow Solutions Primary Components Of Escrow Agreement What Can You Do if a release event is triggered Why is testing important? NCC Group Verification Services Effect Of Current Economic Climate Risk assessment / escrow policy Current Agreements
  • 3. About NCC Group What we do : independent IT assurance, security and consultancy services - over 15,000 clients worldwide including 94 of the FTSE 100 USP : no ties or relationships to hardware or software suppliers - focus on developing intelligent solutions & building lasting partnerships with clients Size : based in Manchester with offices throughout the UK, Europe & California, currently employ 350 + staff worldwide History : formed in 1999, listed on London Stock Exchange since July 2004, consistent track record of solid growth. July 2007 full listing Our business: three complementary divisions: Escrow Solutions, Assurance Testing and Consultancy NCC Group is the world’s largest Software escrow provider
  • 4. Our services Escrow Solutions Ensure business-critical material or source code is protected and accessible should a key supplier fail Confirms material held is properly protected - verify it can be rebuilt from components Assurance Testing Test & monitor system, network & web site performance to ensure effective, robust and delivering optimum performance Ethical security testing of networks and applications and security policies in practice to ensure organisations safe from threat of unauthorised access Consultancy Provide advice at all levels to help organisations improve performance through effective use of IT & business processes Protect organisations against a variety of risks through development & implementation of effective plans and compliance with relevant standards
  • 5. The need for software escrow The failure of any these applications would result in financial or operational loss Therefore organisations are reliant on the owner / supplier to provide support and maintenance BUT they will only supply the ‘object code’ - the ‘source code’ is required to support and maintain However if the owner is no longer willing / able to provide support in the event of failure….. And there is increasing scrutiny on corporate governance and risk management – Sarbanes Oxley, Basel II, FSA Rules and Regulations Source: Vision One Research 2007
  • 6. What is software escrow? Legal agreement between supplier, licensee & escrow provider (distributor if applicable) Supplier obligated to deposit source code in escrow and to keep updated ‘ Trigger Events’ defined in the agreement where source code released to licensee such as: Liquidation Ceasing to trade Failure to meet maintenance obligations IPR assignment (if new owner provides no escrow protection)
  • 7. Benefits for the licensee ‘ Insurance policy’ against the unpredictable IT market Allows continuing maintenance of critical applications in event of release of code Provides protection during investment in IT development Essential part of business continuity and disaster recovery planning Provides leverage against supplier who defaults on contractual obligations / IPR’s assigned to a new supplier
  • 8. NCC Group Escrow Solutions Software Escrow Single and multi licensee agreements Holding Agreements Development agreements Specialised outsourcer and distributor agreements Staggered release agreements to protect distributors and end-users Web sites and web applications covered Information Escrow Product designs Manufacturing processes Marketing information Copyright Protection Agreement NCC Group Escrow Solutions are flexible and can cover all situations
  • 9. Primary Components of Escrow Agreement Owners Duties and Warranties Initial deposit within 30 days Frequency of future deposits (yearly / quarterly) Scope of material to be deposited Warranty of IPR ownership in the material Licensee Responsibility Notify NCC Group if deposit update required Confidentiality undertaking in event of release Release Events Release Process Independent expert determination in the event of dispute Time bound process
  • 10. Primary Components of Escrow Agreement Integrity Testing and Full Verification NCC Group Liability / Indemnity Termination Owner cannot terminate without licensee consent Schedules Package Name NCC Escrow Fees The proportion of fees paid by each party
  • 11. What can YOU do if a release is triggered? Get a release of the source code deposit: Appoint another software supplier to take over maintenance OR Take over support and maintenance in-house i.e. be prepared in the case that the application subsequently fails or needs maintenance Use the potential option of release to negotiate a good deal with the new Owner of the IPR, introduced through NCC Group Remember that Escrow is a leverage tool in cases of: Issues with support and maintenance Change of IPR ownership, negotiate good terms with new supplier Software Owner liquidation – leading to change of IPR Ownership
  • 12. Why is testing important? Only the depositor knows what’s stored on the deposited media Mistakes are often made when preparing the deposit Vital information such as build scripts can be left out The scope of the material to be deposited can be misunderstood It’s too late to ask questions if the supplier has gone out of business… All escrow deposits are integrity tested as standard to ensure accessible and virus free
  • 13. NCC Group Verification Services Full Verification: We observe complete build of application at supplier's site Every detail of environment & build process detailed in a comprehensive report, describing every step involved in building the source code into the working application Escrow Now: Recommended where source code maintenance would be undertaken by a third party Full Verification with additional assurance of build in independent secure location - our secure test laboratory Report also provides information on timescales, technical skills & costs of rebuild to assist with selection of suitable third party
  • 14. NCC Group Verification Services Escrow Complete: Recommended where source code maintenance would be undertaken by the licensee Full Verification with additional assurance of build repeated in licensee's environment Source code collected & built at supplier's site and then built & installed at user's site Integrity Plus: Recommended for other material which cannot be checked through build process / during software development Intelligent collection & audit of material at supplier’s site
  • 15. Effect Of Current Economic Climate Software companies need cash to develop new applications to survive Access to credit is the lowest it’s ever been Small and mid size companies are under real threat of closure due to falling profits and not being able to finance debt Your company is reliant on those software owners If your supplier fails the effect on your business could be catastrophic... e.g. Zavvi uses EUK (Woolworths) EUK stops supplying Zavvi has to close online sales as they have no stock and are now being run by administrators with 22 stores already closed 200% increase in release events in last ¼ of 2008
  • 16. Act on Escrow NOW Nortel has gone into Chapter 11: Nortel is the first major vendor in the ICT industry to have gone into administration as a direct result of the credit crunch. http://www.electronicsweekly.com/Articles/2009/01/14/45269/nortel-goes-into-administration.htm 1 in 5 software companies could go out of business according to a recent survey by Plimsoll http://www.computerweekly.com/Articles/2008/04/24/230427/recession-could-force-uk-software-firms-out-of-business.htm Autodesk has joined the growing number of technology companies to cut staff, announcing today that it will reduce its workforce by 750 http://www.vnunet.com/vnunet/news/2234114/autodesk-cuts-750-jobs
  • 17. Risk assessment & escrow policy Assess business criticality of application (guidance sheet provided): Initial procurement Major upgrade Every 12 months Educate and involve business users in evaluating need for escrow & managing protection once in place Educate and involve sales staff in evaluating need for escrow protection to assist sales and protect distributor arrangements Check required protection is in place through regular risk management and business continuity audits
  • 18. Escrow Clause The [owner] shall lodge the source code (documents, materials and any other relevant information) of the [software package as defined within the software contract] with NCC Escrow International Limited upon the attached terms and conditions. The escrow agreement shall be completed as soon as practicable and in any event within [30 days] from the date of this agreement. In addition, should the [licensee] require it, the [owner] hereby agrees to cooperate in carrying out full verification testing as defined in and in accordance with the terms of the escrow agreement.
  • 19. Questions and Answers Simon Greaves NCC Group plc Manchester Technology Centre, Oxford Road,  Manchester M1 7EF UK +44 161 209 5327 [email_address] www.nccgroup.com
  • 20.  
  • 21.  
  • 22. Your Account Manager NCC Group plc Manchester Technology Centre, Oxford Road,  Manchester M1 7EF UK +44 161 209 5190 Simon Greaves www.nccgroup.com

Editor's Notes

  • #5: Assurance testing – Ethical hacking worldwide Consultancy – Provided at all levels regarding security and advice – UK only
  • #6: BUT - object code provides you with a executable application and in order to maintain that you would need the source code 82% - Most organisations have a lot of there critical applications covered but a lot get missed because there is no organisation wide process covering critical apps
  • #7: Failure to Meet – Most important and less understood in the market. Breach of contractually obligations which result in material loss IPR – Maintenance goes up etc