SaaS Escrow
Escrow protection for Software-as-a-Service applications
Software as a Service (SaaS) is a model of software deployment where an application is hosted as a service and provided to customers typically across the Internet. By eliminating the need to install and run the application on the customer’s own infrastructure, SaaS aims to alleviate the customer’s burden of ongoing operation and support.
However, along with these potential advantages comes an element of risk. Supplier failure or poor service and availability could seriously affect an organisation’s business continuity and its ability to carry out everyday operations.
In order to ensure that a SaaS solution is protected against such risk, an organisation must consider how it could carry on if the worst should happen.
What is Escrow?
Software escrow enables an organisation to balance risk and protect its investment in
SaaS, ensuring that if its SaaS supplier’s business fails or the supplier does not maintain its contractual obligations, the required application and data can be accessed and released or provided to the end user organisation quickly and legally, leaving them free to carry on without disruption.
Under the terms of the SaaS escrow agreement, NCC Group Escrow Germany as a trusted independent third party holds a copy of the application executables, end user data and source code which is held securely on behalf of the end user organisation. This should be updated at regular agreed intervals by the SaaS provider to ensure that the deposit held is always up to date and reflects the current version of the application.
Why NCC Group Escrow Germany?
NCC Group Escrow Germany is the world’s largest software escrow provider, protecting clients worldwide with the most comprehensive Escrow Solutions available. Our Escrow Solutions are designed specifically to assist organisations which are increasingly dependent on crucial assets which they do not own or control.
We have developed a modular SaaS Escrow Protection package to ensure that you have access to the Escrow solution that fits your exact needs and budget.
NCC Group Escrow Germany’s SaaS offering can be broken down into five simple modules:
Module A: SaaS Software Escrow with Integrity Testing
This escrow offering differs from our traditional software escrow offering by requiring the SaaS Provider to deposit the application executables and end user data, along with the source code as standard. Deposits should be made every three months at a minimum and following any major application change. Should the worst happen, this would allow the end user organisation to source an alternative infrastructure and get up and running quickly.
Module B: SaaS Full Verification Services
This module is built on the proven Full Verification offering, with an emphasis on ensuring that the infrastructure environment, support and maintenance processes are fully documented. An NCC Group Escrow Germany verification consultant would observe the complete build process at the SaaS Provider’s site and ensure that all files and information required to build the system are included in the deposit. Every detail of the infrastructure environment and the build process is documented in a comprehensive and easy to understand report.
Module C: Monthly Data Vaulting Service
This module would require the SaaS Provider to deposit a full copy of application executables, source code and end user data into Escrow every month. The deposit would be made physically or electronically via Escrow Live, our secure customer portal. As with all our escrow deposits, it would be stored in two separate geographic locations. Our verification consultants would integrity test each deposit weekly to ensure that pre-agreed markers are present in the database.
Module D: Weekly/Daily Data Vaulting Service
The SaaS Provider would deposit a full copy of application executables, source code and end user data into Escrow every week/day dependent according to the end user’s requirements. The deposit would be made electronically, using automated scripts to access Escrow Live. The deposit would then be stored in two separate geographic locations. Our verification consultants would integrity test the deposits weekly to ensure that pre-agreed markers are present in the database.
Module E: Real-time Database Replication
In some situations real-time replication of the database would be required. The SaaS provider would continually replicate changes of the database to NCC Group Escrow Germany’s secure storage infrastructure ensuring that an up to date copy of the database is always available. Our consultants would integrity test the database weekly ensuring that pre-agreed markers are present. The Full Verification module would be necessary for us to undertake database replication to ensure that the requirements and the infrastructure can be fully documented.
Environment Replication
NCC Group Escrow Germany has the capability dependant on the SaaS application that an organisation has purchased; there may be a significant dependence on one Provider. Dependent on an organisation’s business continuity planning and recovery time objectives for the application, NCC Group Escrow Germany could provide recovery of the application. on the necessary infrastructure to get an end user back up and running.
Escrow Release
Should you need it your data can be released at any point, which wont result in termination of the agreement. In the event of the worst happening we provide a staged release of the application executables and the source code.