7 Steps to Setting Up a Software Escrow Agreement
A software escrow agreement is a critical tool for protecting intellectual property and ensuring business continuity when licensing software. It involves a tri-party arrangement between the software developer (depositor), the end-user (beneficiary), and Escrow London (soon to be rebranded globally as The Escrow Company), a neutral third-party escrow agent. This agreement ensures that essential materials, such as source code, deployment scripts, databases or entire cloud environments are securely stored, accessible and released under predefined conditions, around software vendor failure. Below, we outline seven essential steps to set up a robust software escrow agreement.
Step 1: Assess the Need for a Software Escrow Agreement
The first step is determining whether your organization requires a software escrow agreement. This involves assessing supply chain and business risks associated with your licensed software as well as the typical technical incidents traditional assessed when considering business continuity planning. Consider scenarios such as the software vendor going out of business, failing to provide updates, breaching the license agreement, discontinuing the product or selling the company. If your business relies heavily on the software for critical operations, a software escrow agreement can mitigate risks by ensuring access to the source code and other necessary materials in case of unforeseen events to recovery, maintain or manage the service.
Key considerations include:
- The criticality of the software to your operations.
- The risk associated to software vendor insolvency or critical failure.
- Your ability to maintain and support the software if the vendor cannot.
Step 2: Choose a Suitable Software Escrow Agent
Selecting the right software escrow agent is crucial for ensuring security, reliability, and confidentiality. The software escrow agent acts as a neutral third party responsible for safeguarding the deposited materials and verifying their completeness and usability. When evaluating a software escrow agent, look for:
- A proven track record in managing software escrow agreements with client references
- Experience in sensitively handling release events with robust processes for deposits and releases.
- ISO27001 and ISO27017 certifications.
- Professional liability / E&O insurance with suitable to coverage to protect the software escrow agent’s liabilities under a software escrow agreement. The Escrow Company / Escrow London maintains Professional liability / E&O insurance with coverage  of U$5 million / £5 million / A$10 million.
- Transparent verification options to provide assurance that deposited materials are usable.
- Variety of legal jurisdictions for agreements. The Escrow Company provides legally binding agreements under the laws of USA, Canada, UK, Australia, New Zealand, Hong Kong, Singapore, South Africa, Israel and all EU countries.
- Local presence with employees located where you do business. This ensures that you have a localised customer experience within your usual business time zone. The Escrow Company employs software escrow experts in the UK, USA and Australia.
Step 3: Define the Terms of the Agreement
Drafting a comprehensive software escrow agreement is essential to avoid disputes and ensure clarity among all parties. The agreement should include:
- Parties involved: Clearly identify the licensor, licensee, and escrow agent.
- Escrow materials: Specify what will be deposited (e.g., source code, documentation, build scripts).
- Release conditions: Outline scenarios under which materials will be released (e.g., vendor insolvency or breach of contract).
- Rights and obligations: Define each party’s responsibilities regarding deposits, updates, and usage of released materials.
- Dispute resolution: Include procedures for resolving disagreements over release triggers or other aspects of the agreement.
The terms should be negotiated upfront during or before the licensing agreement stage to prevent misunderstandings later.
Step 4: Deposit Source Code and Supporting Materials
Once the agreement is signed, the next step is depositing the required materials with the escrow agent. These typically include:
- Source code.
- Documentation explaining how to build, deploy, and maintain the software.
- Configuration files, libraries, dependencies, and deployment scripts.
Ensure that all components necessary for recreating and maintaining the software are included in the deposit. Missing items could render the escrow ineffective in fulfilling its purpose. Deposits can usually be made electronically or physically, depending on your chosen agent’s capabilities.
Step 5: Verify Deposited Materials
Verification ensures that deposited materials are complete, accurate, and functional. Without verification, there is no guarantee that the licensee will be able to use the released materials effectively if needed. The verification process typically involves:
- Checking that all required components have been deposited.
- Testing whether the source code can be compiled into a working application.
- Ensuring documentation is sufficient for maintenance and updates.
Verification should ideally occur soon after deposit submission—preferably within 30 days—to address any discrepancies promptly.
Step 6: Establish Maintenance and Update Procedures
Software evolves over time through updates and patches. To keep your escrow agreement effective, it is essential to establish procedures for regular deposits of updated materials. This ensures that:
- The escrow reflects the latest version of your software.
- Released materials remain relevant and usable if release conditions are triggered.
Periodic updates should align with your development cycle or major version releases. Additionally, some escrow agents offer monitoring services to track data usage and ensure compliance with update requirements.
Step 7: Trigger Release Conditions When Necessary
The final step involves activating release conditions when predefined scenarios occur. Common triggers include:
- Vendor bankruptcy or insolvency.
- Termination of maintenance or support services.
- Breach of licensing terms by the vendor.
When a release condition is met, notify your escrow agent as per the agreement’s terms. The agent will then verify compliance with release criteria before providing access to deposited materials. At this stage, licensees can use these materials to maintain or redeploy their critical applications without vendor dependency.
Conclusion
Setting up a software escrow agreement is an invaluable risk management strategy for businesses relying on third-party software solutions. By following these seven steps—assessing risks, selecting an escrow agent, defining terms, depositing materials, verifying completeness, maintaining updates, and triggering releases—you can safeguard your investment while ensuring continuity in case of unexpected disruptions.
A well-drafted agreement fosters trust between licensors and licensees by demonstrating commitment to long-term collaboration. As technology continues to play an integral role in business operations, investing in a robust software escrow arrangement becomes increasingly important for mitigating risks while maximizing operational resilience.