Has your latest deposit undergone the correct level of testing? This is a question that every organisation utilising Escrow protection for their applications needs to be asking.
Escrow provides the mechanism for end users of critical software to legally access source code and supporting material in the event that their third party software owner is no longer available to continue with development or support and requirements can vary across organisations and applications.
For some, Escrow is merely a tick the box exercise, meeting internal policy or to achieve certain certifications. For others, Escrow protection plays a key role in business continuity planning and has to be effective if required. For either, Testing is an integral part of the Escrow solution.
The below sections are commonly used by SES in consultation with clients as a helpful guide to assessing business needs and Escrow priorities in order to make sure the right level of testing is being performed as part of their coverage.
Testing from SES can come in several different options:
- Basic Validation Testing
- Install Validation Testing
- Code Validation (Remote)
- Code Validation (Complete)
Has your latest deposit of code been subject to the correct Validation?
Is Basic Validation sufficient?
|Do you intend to continue with the software should a release event occur?||No||Yes|
|Has the software been specifically customised for your business?||No||Yes|
|Has the software been significantly invested in?||No||Yes|
|Does the software integrate with any other software/ website?||No||Yes|
If you have answered “No” to all questions above Basic Validation will likely be sufficient for the level of coverage your organisation requires. If you have answered ‘’Yes’’ to any of the questions in this section please proceed to Section 2.
If Basic Validation may not be sufficient, what level of testing is appropriate?
#1 #2 #3
|How critical is the software to your business?||Non-critical||Important||Critical|
|What would be the likely impact of the software failing?||Minimal||Short term||Long term|
|How quickly would a failure impact your organisation?||Never||Overtime||Immediately|
|Number of users of the software?||1 > 20||21 > 99||100+|
|Do you have a list of associated materials required to build or maintain the software (such as additional 3rd party software required)?||Yes||Limited||No|
|Do you have the knowhow to rebuild the software from source code without any build documentation or 3rd party listings?||Yes||Limited||No|
For Section 2, if the majority of answers were;
#1 – Basic Validation may well meet your concerns and further levels of testing are unlikely to be necessary unless requested as part of an accreditation or to satisfy any other need or requirement.
#2 – It is advisable that Code Validation (Remote) is included as part of your Escrow coverage.
#3 – Strongly recommend that Code Validation (Remote) is included as a minimum protection and Code Validation (Complete) may well be required to provide adequate coverage for your organisation.
For further information and to properly investigate the testing level required to protect your organisation, please use the form below to get in touch and one of our specialists will get back to you within one business day.
If you found this article useful and interesting, please follow our blog and you will be notified as soon as we publish new content.
Find us at:
Call us on:
+44 (0) 161 488 1400