INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

Similar documents
This Webcast Will Begin Shortly

What Contract Risks are Hiding in the Cloud?

Always On: Unitrends DRaaS Disaster Recovery Services

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

How to disasterproof critical. business data. 5 steps for keeping systems online and accessible in any scenario.

White Paper: Mitigating the additional risks of software-as-a-service applications.

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

FOUR BUSINESS CONTINUITY PLANNING ESSENTIALS

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Business Management System Evaluation Checklist

4 Business Continuity Planning Essentials

The Modern Office and You. 5 Ways to Capitalize on Cloud Opportunities

PLANNING TO SUCCEED: EXECUTING A BC/DR STRATEGY DURING A DIGITAL TRANSFORMATION

ESCAPE ALL LIMITATIONS. How to Capture a Bigger Share of. Strong Data Protection for Microsoft Server 2012: Unitrends Enterprise Backup

How to Choose a Managed Services Provider

Speed Business Performance, Lower Cost, and Simplify IT with Automated Archiving

ecommerce Back-Office System Evaluation Checklist

Strategies for Social

Business Management System Evaluation Checklist

Ensuring Petabyte-Scale Data Consistency in a Multicloud Environment

Disaster Recovery Service Guide

A beginners guide to moving to an ERP

A Cloud Migration Checklist

Recording TCO Cook Book 7 Ways to Reduce TCO and Improve Business Operations

Rapid Cloud Enablement for Software Companies

Accelerate your business with Microsoft Azure

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

RELIABLEIT. How to Choose a Managed Services Provider. Finding Peace of Mind

Your Business Needs Managed Services. Find out when your business will truly benefit from a technology provider.

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

20 Signs That Your Business is Ready for Managed Services. Find out when your business will truly benefit from a technology provider.

Pathways to the cloud. A quick guide for higher education institutions

Is It Time to Consider Kronos Cloud Services?

Veritas 360 Data Management Suite. Accelerating Digital Transformation Through Multi-Cloud Data Management.

5 Steps to Implementing Business Continuity Services. By David Davis, vexpert. Brought to you by Symantec Keeping Your Applications Running

Cloud Computing Starter Kit: Cost and Business Case Considerations

How Your Business Survival Depends On Disaster Recovery.

Business Continuity & IT Disaster Recovery

Your Cloud Action Plan: Five Steps to Readiness

How Paperless ERP in the Cloud Can Brighten Accounting Processes. Cloud-based ERP Enables Productivity, Reduces Costs and Boosts Revenues

Case Study: Prime Healthcare

EBOOK. BUILD VS. BUY: Calculate the TCO of BDR

Solutions We approach your solution from every point

COMPANY PROFILE.

2017 Oracle EBS Cloud Roadmap

Microsoft 365 Migration

Top 6 Things to Consider When Making the Transition to Microsoft Office 365

What are the key considerations for choosing cloud or on-premise budgeting software? How to determine what's the best for your organization.

ACUMATICA CLOUD KEY BENEFITS ACCESS YOUR ERP ANYTIME FROM ANY DEVICE, EASILY SCALE RESOURCES, AND CHOOSE YOUR DEPLOYMENT OPTION WORK THE WAY YOU WANT

PDM vs. PLM: It All Starts with PDM

PARTNER OPPORTUNITY PLAYBOOK. Cloud Migration and Modernization

IBM United States Software Announcement , dated August 21, 2018

Disaster Recovery as a Service (DRaaS) How innovation in the Cloud enables disaster recovery at minimal costs

THE INSIDE STORY DISCUSSING THE HOT TOPICS FROM ORACLE LICENSE MANAGEMENT OPEN WORLD 2016

The ABCs of BDR: A Primary on the Essentials of Backup and Disaster Recovery

How Much Will Serialization Really Cost? AN INTRODUCTION TO THE TOTAL COST OF OWNERSHIP

Disaster Avoidance If you can recover from a failure fast enough, did it really happen?

PDSA Special Report. Why Move to the Cloud

Viewpoint Transition to the cloud

4 Business Continuity Planning Essentials

Office 365 Backup as a Service for Service Providers

7 things to ask when upgrading your ERP solution

The Future of Workload Automation in the Application Economy

Fujitsu End User Services Delivering a service as mobile as your people need to be

Disaster Recovery Strategies for the BlackBerry Enterprise Solution

Considerations when Choosing a Managed IT Services Provider. ebook

Healthcare Guide to Virtual Card Payments Best practices for payers and providers to make virtual cards part of the payment mix

Advanced Support for Server Infrastructure Refresh

IBM Certified Managed Service Provider. A Joint Venture: ABC and Data Storage Corporation IBM Corporation

The Business Case for Disaster Recovery-as-a-Service Solution

Integrated IT Management Solutions. Overview

A Guide to Building a Healthy Dental Practice. technology mistakes that can damage or destroy 7 your dental practice - and how to avoid them

Top 35 Reasons You Need Contact Center Performance Management

Cloud is about how you do computing, not where you do computing. - Paul Maritz, CEO of VMware

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

Hosted UC: the Total Cost of Ownership

Discover the Difference

SafeNet Authentication Service:

One Source for Complete Telecom and IT Services

Switching from Basic to Advanced Accounting Software

IT Service Catalogue. every interaction is a personal journey...

HOW TO SELL MANAGED CLOUD SERVICES

Moving Beyond Information Life Cycle Management

When It Needs to Get Done at 2 a.m., That s when you can rely on CA Workload Automation

Act! in the Cloud. Finding your path to success with hosted CRM

A Framework Approach to Ensuring Application Recovery Readiness. White Paper

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

IT Support made simple

Realizing the Value of Cloud

Business Continuity and Disaster Recovery Overview

CISSP Certified Information Systems Security Professional (CISSP)

THINK YOU NEED A BYO STRATEGY? THINK AGAIN. Shift to a Digital Workspace Strategy in 5 Steps

White Paper. CPM On-Premise or Cloud Have it Your Way

Cutting through cloud choice

An Epicor White Paper. Understanding ERP Deployment Choices October 2014

SAP HANA Enterprise Cloud Power of Real Time Computing with Simplicity of the Cloud

An Academic Medical Center's Journey to the Cloud

www. modo networks.com

Compunnel Digital CLOUD MIGRATION

Transcription:

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

What is Mission Critical to You? Before you acquire mission-critical technology from a third-party software vendor, take a few minutes to review the costs and risks. What will happen to your company if your technology is unavailable? Learn strategies on how you can manage your risk with a technology escrow program. In this report, you will learn: How to implement specific escrow strategies to meet your company s individual needs. How the experts at Iron Mountain will work with you to simplify the escrow process and make you better prepared. How a best practice escrow program can reduce risks and costs to your company by ensuring your technology is available to you when you need it. 2 / Enterprise Escrow Best Practices Report

4 STEPS TO MANAGE RISK AND IMPROVE ROI WITH THIRD-PARTY TECHNOLOGY ACQUISITIONS Mission-critical technology is everywhere; you depend on it every day. Failing to protect this technology puts your business at risk. There s a good chance that a disruption of the thirdparty software or technology your company uses could have a catastrophic impact on your business. If your vendor went out of business or otherwise stopped supporting your technology, your company could suffer considerable losses in revenue and/or productivity. With the additional complexities of Software-as-a-Service (SaaS), you face additional challenges since your data is also at risk. Iron Mountain Technology Escrow Services enable a risk mitigation option when you negotiate a license for software or other mission-critical technology. When a software escrow contract is established, the proprietary development information for that software is placed within a secure escrow account held by Iron Mountain. If the developer defaults on their obligations to the user at any point in the future, the escrow materials may be released to the user, enabling them to recreate or maintain their mission-critical technology. When you acquire software or other technology, escrow and verification services should be an integral part of the licensing discussion from the start. Once an escrow agreement is established, it should be integrated into your risk management plan and reviewed on a regular basis. By safeguarding your technology assets, you are protecting your investment. Iron Mountain s Technology Escrow Services give you the ability to continue to use your technology even if your vendor is no longer able or willing to provide support or access. A technology escrow agreement also gives you leverage in discussions with your vendor if there are support issues. HERE ARE FOUR STEPS TO GUIDE YOU THROUGH THE PROCESS: 1. Evaluate Your Licensing Risks to Determine Your Organization s Specific Requirements 2. Reduce Risks with Verification Testing 3. Plan for Software-as-a-Service Contingencies 4. Establish a Program that Reflects Best Practices and Ties into Risk Management Goals Mission-critical applications need to be considered in your risk profile. 800-962-0652 / ironmountain.com / 3

1. EVALUATE YOUR LICENSING RISKS TO DETERMINE YOUR ORGANIZATION S SPECIFIC REQUIREMENTS WHAT S YOUR RISK? Many factors contribute to your risk. Operational dependencies on the product, investment of time into this solution, an assessment of the technology developer, and cost should all be determined when calculating your risk factor. Consider all the costs and risks of licensing the vendor s technology to determine the risk to your company in the event the developer is no longer able or willing to support the product. You need to determine your operational risk if the technology is unavailable. As your risk increases, your need for escrow protection and verification also increases. IDENTIFY YOUR RISKS WHEN USING ON-PREMISES (LICENSED) SOFTWARE Operational Dependencies Number of users Customer impact Lost productivity Lost revenue Public Safety Costs Initial investment License fee Installation Customization Reprogramming Hardware What level of escrow protection is needed based on the Risks of Licensed Software? Investment of Time Availability of substitute products Time to recode Time to identify new product Time to negotiate new license Vendor Assessment Vendor stability Management track record Subcontractor partnerships Breadth of product lines Commitment of staff How much do your operations depend on your technology? How much time is invested in your current technology solutions? What would happen to your technology if something happened to your vendor? What would your costs be to replace your current technology? How do you stack up? 4 / Enterprise Escrow Best Practices Report

2. REDUCE RISKS WITH VERIFICATION TESTING WILL YOUR TECHNOLOGY WORK WHEN IT IS NEEDED? Over 76 percent of all deposits sent in to Iron Mountain for analysis were determined to be incomplete. As a result, these deposits required additional input from the developer in order to be compiled. A thorough verification of the escrow materials provides assurance that, in the event of a deposit release, you would be able to more quickly and effectively read, recreate, and maintain the developer s software or technology in-house. These extra precautions maximize the payoff from investments in escrow deposits and protect the total investment in software assets. For escrow accounts to have maximum value, it takes more than simply depositing a set of source code files. That s why, on average, over 50 percent of all qualified escrow agreements are now verified. There are different levels of verification services from initial to comprehensive and each offers increasing levels of assurance that the technology can be recreated and used if predetermined events and conditions do occur. Iron Mountain s Escrow Verification levels include: IRON MOUNTAIN S VERIFICATION SERVICE LEVELS Level 4 Full Usability Test Level 3 Binary Comparison Test Does the software work properly? Verify and confirm that the built application works properly when installed Level 2 Compile Test Do the files match? Verify that the compiled files on deposit compare identically to the technology licensed Level 1 Inventory & Analysis Test Do the deposited materials compile? Verify the ability to compile the deposit materials and build executable code Can the environment be recreated? Verify that information required to recreate the depositor s development environment has been stored in escrow 800-962-0652 / ironmountain.com / 5

Unless you test the escrow deposit, there is no assurance that your escrow account contains complete, correct and usable materials. Iron Mountain can recommend the most appropriate levels of verification for your specific situation to strengthen the value of your escrow agreement. Are you protected? If something happens to your software vendor, will you be able to get your application back up and running? Is it worthwhile to implement escrow without verification? How do you stack up? 6 / Enterprise Escrow Best Practices Report

3. PLAN FOR SOFTWARE-AS-A-SERVICE CONTINGENCIES WHAT S YOUR SaaS RISK? Software-as-a-Service (SaaS) applications are rapidly being integrated into many of today s business operations, but contingency options for SaaS applications may be missing from your current business continuity plans. Many times, the SaaS subscriber assumes that the cloud provider has covered the contingencies, but often that is not the case. It s hard to proactively adopt new technologies, such as SaaS, when you acknowledge that your supplier may not be around long enough for you to realize the return on your investment. You need to consider the risks before you enter into such an arrangement, especially for cloud-based services. Another point to remember is that with SaaS deployments, you are accessing both your application and data via the cloud. Physically, you do not possess the provider s software or your data. Therefore, you need to make sure that if something goes wrong, you can still access the application and your data at least until you retrieve your data or migrate to another solution. IDENTIFY YOUR RISKS WHEN USING SaaS OR CLOUD-BASED (SUBSCRIPTION) SOFTWARE Operational Dependencies Number of users Customer facing impact/brand Lost productivity and Revenue Business Continuity / Disaster Recovery Planning (BC/DRP) Suitable interim alternatives Costs Security assessments Monthly subscription Retraining and ongoing training Integration with Legacy Apps Customization What level of escrow and data protection are needed based on the Risks of SaaS? Investment of Time Corporate Tolerance - Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) Availability of substitute SaaS products Time to identify new product Time to transition and negotiate Vendor Assessment Vendor stability Single vs. multi tenancy Subcontractor partnerships, i.e. hosting parties Acquisition risk/change in control 800-962-0652 / ironmountain.com / 7

As part of the contingency planning process, you should always communicate your concerns internally and externally. SaaS providers should proactively address those risks by conceiving, crafting and testing the contingency plan. Iron Mountain SaaSProtect Services deliver a suite of SaaS-focused contingency solutions that are tailored to meet specific levels of risk catered to your unique business risks. SaaSProtect Services offers the flexibility to customize protection against disasters or other unplanned outages as well as typical software escrow release events, such as bankruptcy or change in control. Did you know that 79% of SaaS providers do not guarantee application continuity, causing subscribers to have difficulty entrusting critical business processes to the cloud? SaaS PROTECT SERVICES SUITE GRADUATED SERVICES SaaSProtect High Availability SaaSProtect Continuity Services Full Subscriber Recovery & Provider Disaster Recovery Escrow Services Source Code Source Code Escrow Access to source code/maintenance materials only SaaSProtect Backup SaaS App & Data Backup Automated, continuous vaulting of app/data Access to data backup Subscriber Recovery After a Provider Failure Automated, continuous replication of app/data Automated recovery of app/data (standby recovery environment) Access to app and data Failover capability Automated, continuous replication of app/data Automated recovery of app/data (real-time, mirrored recovery environment) Access to app and data Seamless failover/failback Disaster recovery services FASTER RECOVERY TIME What types of recovery services do you have in place for your SaaS applications and data? How will you restore your SaaS application in case of an outage or provider failure? Will you be able to resume operations quickly if something happens to your SaaS provider? How do you stack up? 8 / Enterprise Escrow Best Practices Report

4. ESTABLISH A PROGRAM THAT REFLECTS BEST PRACTICES & TIES INTO RISK MANAGEMENT GOALS FOLLOW THESE BEST PRACTICE GUIDELINES Establish an escrow program that ties into your corporate risk management goals. The best way to do this is to follow these best practice guidelines. Set Your Terms Establish a master escrow agreement and be willing to cover the costs Start Early Introduce escrow requirements at the beginning of the licensing or subscription process Stay on Top of It Audit your escrow agreements annually to ensure they are up-to-date and adhere to best practices SET YOUR TERMS First, establish a master escrow agreement. If your company licenses software from more than one developer, vendor or supplier, you can simplify the process with the use of a master escrow agreement. A master agreement between your company and Iron Mountain will include the terms and conditions you specify and will govern the administration of escrow deposit accounts with multiple developers. If you plan to pay for the escrow rather than depend on your developer to cover the cost you will be able to drive the terms and conditions of the escrow agreement. A master agreement lets you set the terms and enroll new developers with ease while driving consistency and reducing cost. START EARLY You should introduce and determine the need for escrow early during the vendor selection process. By building escrow into your request for information (RFI) and request for proposal (RFP) processes, you can drive the escrow agreement, get the best terms, and ensure consistent use of your escrow terms. Here are some tips to help make this happen: Provide a copy of your executed Master Escrow Agreement to your potential software vendor along with your License Agreement and set expectations with the software vendor regarding items to be deposited and test level required Request that the software vendor provide the required information to Iron Mountain to obtain a quote for the specified level of verification testing required by your risk assessment Always strive to sign the escrow agreement at the same time as the license agreement Establish internal guidelines for deviating from your Master Escrow Agreement terms and consult with Iron Mountain to review your options and determine the best approach If your software is a SaaS application, you need to be ready to recover, restore and resume that application with continuity services Key terms of any software escrow agreement include: Deposit contents, update process and frequency Verification rights know what you have Release conditions Release mechanism, objection period, contrary instructions, etc. Rights to use following release Payment of fees and dispute resolution 800-962-0652 / ironmountain.com / 9

STAY ON TOP OF IT Escrow should be an integral part of your risk management plan, and you should review that plan annually to ensure the terms are appropriate and deposits are current. There s no sense in paying for escrow on technology that is no longer used, so regular check-ups are a good idea. As part of a sound Technology Asset Management program, you should audit your escrow accounts each year. Iron Mountain will review your current accounts with you, and let you know how your escrow plan compares to other companies in your industry. For instance, we ll review deposit frequency, confirm contact information on your accounts, and advise you of which accounts may not be adhering to your established best practices. Iron Mountain s escrow and verification services deliver real peace of mind for our IT and management teams, and provide assurances for the continuity of our business operations. IT Project Manager Enterprise customer An up-to-date, functional escrow plan will deliver a return on your investment, because you know your technology assets will be protected and available to you in the future. Our goal is to ensure that your escrow agreement offers you the best protection possible. Have you established a master escrow agreement? How many escrow agreements have used the master agreement vs. another form of agreement since the master was established? Is escrow part of your RFI and RFP processes? Do you feel that your escrow agreements reflect the best possible terms? Do you review your escrow agreements annually? Are your escrow deposits current? How do you stack up? 10 / Enterprise Escrow Best Practices Report

ARE YOU READY TO START IMPLEMENTING ESCROW BEST PRACTICES? Did you know that Iron Mountain created the technology escrow industry in 1982 to help companies protect software source code and other intellectual property? Today, more than 90 percent of Fortune 500 companies turn to Iron Mountain for software escrow protection. Our escrow best practices can help you ensure that your company s critical information is protected, your risk and your costs are reduced, and your investments in technology are preserved. ABOUT IRON MOUNTAIN Every day, companies big and small, in virtually every industry, trust Iron Mountain to store, protect and manage their information. We help businesses just like yours take advantage of cost savings, improved efficiency and reduced risks. With an Iron Mountain software escrow agreement in place, you ll gain peace of mind and protect your company s mission-critical technology. Your Iron Mountain account representative can assess your current escrow program, and make strategic recommendations to align it with our best practices. Talk to Iron Mountain at 800-962-0652 Learn more at www.ironmountain.com/escrow 800-962-0652 / ironmountain.com / 11

Enterprise Escrow Best Practices Report Please contact your Iron Mountain Intellectual Property Management Sales Representative to discuss the availability of a customized Enterprise Escrow Best Practices Report for your company. ABOUT IRON MOUNTAIN. Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organizations lower the costs, risks and inefficiencies of managing their physical and digital data. Founded in 1951, Iron Mountain manages billions of information assets, including backup and archival data, electronic records, document imaging, business records, secure shredding, and more, for organizations around the world. Visit the company Website at www.ironmountain.com for more information. 2014 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks are the property of their respective owners. US-EXT-ES-BP-010814-001 800 899 IRON (4766) / ironmountain.com 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback