Software escrow in a SaaS world
27 - 08 - 2019
Traditional escrow entails the deposit of your highly confidential source code with a trusted third party, with this being released on certain events occurring – drastically, the software company shutting up shop and being unable to maintain the code - and other lesser circumstances.
In a SaaS world though, the issues are different, because it’s not just about the code – which the user isn’t hosting anyway – but also about the data, with the provider often being the primary host. The go-to escrow provider for most businesses in the UK is NCC Group based in Manchester (other providers are available!) and we’ve had discussions with them about this issue. Their current solution can be found here, though we’re yet to see how this works in a SaaS environment, but we think there are significant remaining risks.
We have worked with clients to create a series of obligations between customers, providers, hosts and an additional agent to close the loop on this. If escrow is a concern, we can and have constructed a solution together with NCC, but this goes beyond their present service offering and will currently require some level of negotiation.