Escrow Protections and the importance of the right level of deposit testing

Has your latest deposit undergone the correct level of testing? This is a question that every organisation utilising Escrow protection for their applications needs to be asking.

Escrow provides the mechanism for end users of critical software to legally access source code and supporting material in the event that their third party software owner is no longer available to continue with development or support and requirements can vary across organisations and applications.

For some, Escrow is merely a tick the box exercise, meeting internal policy or to achieve certain certifications. For others, Escrow protection plays a key role in business continuity planning and has to be effective if required. For either, Testing is an integral part of the Escrow solution.

The below sections are commonly used by SES in consultation with clients as a helpful guide to assessing business needs and Escrow priorities in order to make sure the right level of testing is being performed as part of their coverage.

Testing from SES can come in several different options:

  • Basic Validation Testing
  • Install Validation Testing
  • Code Validation (Remote)
  • Code Validation (Complete)

Has your latest deposit of code been subject to the correct Validation?

Section 1:

Is Basic Validation sufficient?

                                                                                                                                         #1                 #2

Do you intend to continue with the software should a release event occur? No Yes
Has the software been specifically customised for your business? No Yes
Has the software been significantly invested in? No Yes
Does the software integrate with any other software/ website? No Yes

If you have answered “No” to all questions above Basic Validation will likely be sufficient for the level of coverage your organisation requires.  If you have answered ‘’Yes’’ to any of the questions in this section please proceed to Section 2.

Section 2   

If Basic Validation may not be sufficient, what level of testing is appropriate?

                                                                                                 #1                    #2                        #3 

How critical is the software to your business? Non-critical Important Critical
What would be the likely impact of the software failing? Minimal Short term Long term
How quickly would a failure impact your organisation? Never Overtime Immediately
Number of users of the software? 1 > 20 21 > 99 100+
Do you have a list of associated materials required to build or maintain the software (such as additional 3rd party software required)? Yes Limited No
Do you have the knowhow to rebuild the software from source code without any build documentation or 3rd party listings? Yes Limited No

For Section 2, if the majority of answers were;

#1 – Basic Validation may well meet your concerns and further levels of testing are unlikely to be necessary unless requested as part of an accreditation or to satisfy any other need or requirement.

#2 – It is advisable that Code Validation (Remote) is included as part of your Escrow coverage.

#3 – Strongly recommend that Code Validation (Remote) is included as a minimum protection and Code Validation (Complete) may well be required to provide adequate coverage for your organisation.

For further information and to properly investigate the testing level required to protect your organisation, please use the form below to get in touch and one of our specialists will get back to you within one business day.

If you found this article useful and interesting, please follow our blog and you will be notified as soon as we publish new content.

Find us at:

Call us on:

+44 (0) 161 488 1400

© Financechain Limited trading as SES and, 2017. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and, with appropriate and specific direction to the original content.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s