This Webcast Will Begin Shortly

Similar documents
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

What Contract Risks are Hiding in the Cloud?

This Webcast Will Begin Shortly

White Paper: Mitigating the additional risks of software-as-a-service applications.

This Webcast Will Begin Shortly

E-Guide READING THE SIGNS FOR ERP CONSOLIDATION

Information Services & New Jersey Sales Tax

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

VDI VS. DAAS: HOW ARE CLOUD-HOSTED DESKTOPS DIFFERENT?

Contracts, Rights and Royalties. End-to-end management and monetization of your intellectual property

REQUIREMENTS QUESTIONNAIRE & CHECKLIST

COMPANY PROFILE.

Revenew s Cost Recovery and Cost Containment services return dollars to your budgets. We recover over $100 million for our clients annually.

One Size Doesn t Fit All Reinvent Your B2B E-Commerce Strategy

Always On: Unitrends DRaaS Disaster Recovery Services

This Webcast Will Begin Shortly

Defining and Managing an Optimal Sourcing Mix

EDI Services. Leveraging your investments in EDI for e-business advantage.

Government Services BUSINESS PLAN ACCOUNTABILITY STATEMENT THE MINISTRY

This Webcast Will Begin Shortly

The Modern Office and You. 5 Ways to Capitalize on Cloud Opportunities

Mobility at a Crossroads

On-premise vs. cloud-based solutions. A dilemma for businesses

Simplifying Data Protection with Next-Generation Converged Infrastructure

NCC Group plc Interim results for the period ended 30 November 2005

This Webcast Will Begin Shortly

HOW TO OPTIMIZE YOUR MDM STRATEGY

The software revenue recognition picture begins to crystallize

Our Business Is Knowing Your Business

Microsoft 365 Migration

Understanding SWIFT Corporate Access

Keeping the Lights On When No One Else Can

Diversified Services. Our Diversified Services include:

Business Management System Evaluation Checklist

How to disasterproof critical. business data. 5 steps for keeping systems online and accessible in any scenario.

Executives Beware: White Paper. Senior Vice President

White Paper. Managed IT Services as a Business Solution

The EU raises the bar on data privacy:

Measuring digital advertising revenue to infringing sites

Flying with IT through Market Turbulence

Procurement & Strategic Sourcing. Request for Proposal. and Specifications for. College Licensing Services 2016

OpenText RightFax. OpenText RightFax OnDemand. Product Brochure. Benefits

Corporate Overview HIGH-QUALITY SOLUTIONS

License Mobility through Microsoft Software Assurance. Licensing guide

Managed Services. New business opportunities that keep you ahead

RELIABLEIT. How to Choose a Managed Services Provider. Finding Peace of Mind

Information Technology Division Service Level Agreement (SLA) Description and Process

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

1 Microsoft Volume Licensing Basics

Whitepaper. Hospitals & Healthcare Facilities. Fixed Asset & Clinical Equipment. Inventories & Valuations. for

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

CUSTOMER FIRST FOR AVANTIS PROGRAM GUIDE

How to Choose a Managed Services Provider

Business Management System Evaluation Checklist

Welcome to. Facing the Challenges of Lease Administration Today and in the Future

Project Progress Report

Emerging Technology and Security Update

Third-Party Enterprise Software Support: Key Risks and Questions to Ask

S U R V E Y I D C O P I N I O N. Cushing Anderson

2017 EARNINGS PRESENTATION PeerStream, Inc. Ticker: PEER

Sentinel Software Monetization New Business Opportunities

ENSURING PCI DSS COMPLIANCE IN YOUR ADVANCEMENT SHOP. Is your shop maintaining PCI compliance in all of your efforts?

Business Intelligence Partner Program

Technology Consulting Services

Business Intelligence Partner Program

NEVADA STATE COLLEGE BOOKSTORE OPERATIONS Internal Audit Report July 1, 2011 through June 30, 2012

5 Important Questions to Ask Potential BPM Vendors

Legal Aspects of Software Agreements with Large Vendors. Robert Scott Scott & Scott, LLP

The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Internal Audit and Robotic Process Automation

Realize More with the Power of Choice. Microsoft Dynamics ERP and Software-Plus-Services

Carbonite Online Backup

ecommerce Back-Office System Evaluation Checklist

Integrated IT Management Solutions. Overview

Contract Risk and Compliance & Warranty Fraud. David Maberry Chief Risk Officer American Fidelity Assurance Company

Business Model Canvas Tool to structure new business models

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

6/14/ :41 PM 1

New revenue guidance Implementation in entertainment and media

BNA FIXED ASSETS. Expert software for managing fixed assets and depreciation. >>>>

Cyber Security Guidelines for Using OPEN SOURCE SOFTWARE

Service Delivery Group

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

Tax Solution Innovation in the Cloud

NTT DATA Service Description

INDUSTRY OUTLOOK OCTOBER Rethinking ERP for a More Agile World

SAP Fieldglass White Paper ESSENTIAL QUESTIONS TO INCLUDE IN A VENDOR MANAGEMENT SYSTEM RFP

Office 365 Backup as a Service for Service Providers

Business Continuity Management and Resilience Framework

Solution Brief: Enterprise Compliance Management

2014 Edition of the Branham300

The ABCs of BDR: A Primary on the Essentials of Backup and Disaster Recovery

Capgemini Cloud Platform. Migrate, operate, and innovate every aspect of your business in the cloud

PERSONAL INFORMATION

Enterprise asset management

ABRIA CORPORATE OVERVIEW

IBM Sterling B2B Integrator

George Lawrie Vice President & Principal Analyst at Forrester Research Ltd

From Peachtree to Microsoft Dynamics GP: A move that makes sense for growing businesses GROW

Transcription:

This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: accwebcast@commpartners.com Thank You!

Attorney Best Practices for Minimizing Risk for Technology Licensees and Licensors May 27, 2008 Presented by ACC Law Department Management Committee Sponsor Association of Corporate Counsel

Page 3 Presenters Jason Anderman, Vice Chair of ACC's Law Department Management Committee & Counsel of Becton, Dickinson and Company Tim Cummins, President and Executive Director, International Association for Contract and Commercial Management John Boruvka, Vice President, IPM, Iron Mountain Digital

Page 4 Part I: Technology Escrow Basics Part II: Advanced Technology Escrow

Page 5 Part I: Technology Escrow Basics Why today s information society is exposed to risk What is technology escrow? Why do licensees (buyers/users) need it? Why does a licensor (vendor/developer) need it?

Page 6 Information Society s Risk Exposure Why today s information society is exposed to risk Networked world creating rapid change & uncertainty Diversifying into new markets Assets more diverse Much innovation from small companies Trust at a premium

Page 7 Part I: What is Technology Escrow? The practice of securing conditional access to software source code and other proprietary materials for the benefit of all parties to a technology transfer license agreement. A safety net for investment in software, technology and other forms of intellectual property Provide controlled access to a licensor s proprietary code under specific release conditions with defined use rights Used to engender trust between two parties partnering in business. A pre-nup agreement for a software licensee s mission critical technology investments Parties include: the technology developer, also referred to as the licensor or depositor (a.k.a. seller ) the technology customer/partner/investor, also referred to as the licensee or beneficiary (a.k.a. buyer the escrow agent (Iron Mountain), trusted neutral party

Why is source code so critical? Page 8 Developer enters human readable source code Most developers do not provide the source code Compiler translates from source into computer readable language, object code System reads the object code to run program Since the compiler cannot convert object code back to source code... the licensee is unable to support the program Access to key development data is essential to support, upgrade or maintain the technology. Source Code is the key to a vendor maintaining a sustainable revenue stream.

Page 9 Identifying Technology Risk Operational Dependencies Number of users Customer impact Lost productivity Lost revenue Public safety Costs Initial investment License fee Installation Retraining Customization Reprogramming Hardware Investment of Time Time to identify new product Availability of substitute products Time to negotiate new license Time to recode Vendor Assessment Vendor stability Subcontractor partnerships Breadth of product lines Commitment of staff RISK FACTOR Determine what level of software escrow protection is needed

Page 10 Beneficiary s Pain Overview New technologies that may not be around in a few years Small software vendors where longterm viability is a concern Acquiring Intellectual Property Risks Associated with Not protecting business applications that can affect internal financial reporting/controls Access to proprietary data in a SaaS environment Large vendors that provide a great deal of software customization

Page 11 Why is Escrow necessary for: Developers Establishes Credibility with the Marketplace Shortens the Sales Cycle Levels the Playing Field Satisfies a Client Requirement Protects Your Intellectual Property Rights Reduce workload Beneficiaries Leverage After the License has been Signed Timely Access to Current Source Code and Maintenance Materials Have an Option to Control the Future Satisfies Legal Compliance Minimize Risk of Loss Avoid Litigation and the Courts

Page 12 Part II: Advanced Technology Escrow

Page 13 Part II: Advanced Technology Escrow What are the key issues that I can address to minimize client risk when licensing Software-as-a-Service (SaaS) applications? What are the challenges or risks surrounding off-shore development and licensing? What are the challenges or risks surrounding exclusive supply agreements? Why and when should I recommend verification of the content of an escrow deposit?

Changing Licensing Models SaaS Application and data hosted by SaaS provider On Premise Software developer delivers executable on media to the user Page 14 Internet User accesses Software via the internet (SaaS) User accesses software on local system End user does not have a copy of the object code (executable) & their data End user has a copy of the object code (executable) & their data

Risk with SaaS Licensing Model SaaS Application and data hosted by SaaS provider Internet User accesses Software via the internet (Saas) End user does not have a copy of the object code (executable) & their data Page 15 NO SOURCE CODE ACCESS Plus No copy of the executable code readily available to reload and run in a live production environment Generally, no access to usable data Often hosted through a third party, introducing additional risks DR/BC contingencies?

Page 16 Actionable Guidance: SaaS Providers & Subscribers Think Governance, Risk & Compliance (GRC) Review DR plan and ask what are the contingencies? Identify a failover back-up host to restore application Can they assume rights of SaaS provider in the event that they default on their obligations to the DR supplier Mandate a SaaS Protection strategy beyond traditional escrow to ensure long-term viability of the relationship and verify it! 1. Compile the source code, validate build instructions 2. DR test on the object code, restore data & validate procedures Establish a repeatable process to ensure consistency with each new enterprisewide subscription plan. www.ironmountain.com/ipm Craft a DR plan that is easily verifiable by prospective clients, which also includes succession planning. Think of it like a living will The SaaS escrow and verification testing is a part of the DR plan. The app is a responsibility that someone will inherit when something goes wrong Entrust a neutral 3 rd party escrow agent to vault the deposit materials and to verify the RTO & RPO Leverage the exercise to gain credibility and to create competitive advantage Embrace the marketing value by publishing verification reports on your website, issuing press releases, etc. Offer SaaS protection escrow services as a valued added premium service to offset the cost of implementing an escrow plan.

Case in Point: The Common Application Page 17 Background Challenge Solution Benefits The Common Application online, a non-profit site, lets students apply to nearly 300 colleges and universities using one common application over the web. It uses a 3 rd party technology partner to deliver the application online. As such, it needed some level of protection and security to ensure best user experience. The Common Application online acquired Iron Mountain s SaaSProtect Escrow Service and Verification testing. The Common Application now has the confidence that its systems will be kept up and running, in case of problems with the 3rd party technology partner provider. The primary benefit is the security that we get. We know that if catastrophe strikes - either catastrophe in terms of a business relationship going bad or a natural or personal catastrophe - there is a 'plan B' that we can avail ourselves of quickly and securely with Iron Mountain, and that's something we haven't had before. Rob Killion, Executive Director of The Common Application

Page 18 Risks & Challenges Offshore / Outsourced Development What are the challenges or risks surrounding such development and licensing? Ownership rights Preventing IP theft Ensuring access to methods, work in progress, records and data.. (recovery, transition)

Page 19 Risks & Challenges Exclusive Supply Arrangements (exclusivity usually because of financial or intellectual property reasons) Risk of Supply Interruptions (particularly bad for a reseller or an essential raw material) Need for Alternative Manufacturer (usually a third party) Escrowed Specifications, Manufacturing Process and Know-How, Properly Validated, Protects Against Supply Interruption

Page 20 What are Verification Services? Verification is the process of regularly auditing the materials deposited in an escrow account to provide assurance that, in the event of a deposit release, a licensee would be able to quickly and effectively read, recreate and maintain the developer s technology in-house. Ensure deposited technology assets are complete and in working order Duplicate the original development environment with information on utilities, compilers, operating systems Strengthen escrow value by enabling a fast, successful deployment of deposit materials

Page 21 Your Escrow Deposit Trust, but Verify! 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 97.4% of all deposits sent in for analysis did not contain the necessary software to build the media 87% of deposits reviewed required depositor contact for completion and confirmation An escrow arrangement is only as good as the quality of the deposit materials. VERIFICATION of materials provides assurance that, in the event of a deposit release, a licensee would be able to more quickly and effectively read, recreate and maintain the developer s technology in-house Key Benefits: Confirms that the technology can be successfully recreated and maintained Minimizes the risk of incomplete or corrupt deposit materials Strengthens the value of the escrow by ensuring a functional deposit Resolve deposit issues with the developer s assistance before crises arises

Page 22 Expected Industry Verification Levels File Listing Level 1 Inventory Level 2 Compile Test Level 3 Binary Comparison Level 4 Usability Test What does the deposit contain? Verify that all media is readable, virus free and contains a complete file listing Is the necessary information present? Verify that information required to recreate the Depositor s development environment has been stored in escrow Do those deposit materials compile? Verify the ability to compile the Deposit Materials and build executable code Do those deposit materials compile? Verify that the compiled files on deposit compare identically in your actual, on-premise licensed technology Does the software work properly? Verify and confirm that the built application work properly when installed

Case in Point: Trans World Entertainment (TWE) Background Operates 900 specialty music and video retail stores, such as FYE, Coconuts, Strawberries, Wherehouse Music, CD World, Spec s and Planet Music Challenge Solution Benefits Needed to protect a competitive-edge software. TWE worked with a software developer partner to create a proprietary listening viewing station (LVS) that allows customers in its stores to sample a CD or DVD by just swiping the bar code at the LVS. Established an escrow agreement that included Verification services TWE competitive-edge software is protected and it now has the assurance the software could be accurately recreated, should the circumstances occur that required it to be so. I would definitely use technology escrow and verification services from Iron Mountain again. Considering our investment in the software, the cost to protect these assets is trivial. Trans World Entertainment

Page 24 Regulatory Compliance Corporate compliance regulations, such as Sarbanes-Oxley, mandate that companies implement near real-time ability to report on all events that materially affect their business. Technology escrow protects applications that enable companies to meet compliance regulations Technology escrow tools provide real-time, secure access to critical vendor and strategic application data As part of the Sarbanes Oxley Act, organizations must establish a plan of action in the event a software vendor fails and discontinues the support and maintenance of its systems. LENNY SMITH, Director of Division Operations Fidelity National Information Services

Q & A

Page 26 Conclusion In information society, protecting knowledge assets is key Legal recourse not enough Escrow a core element of a best practice strategy

Page 27 White Papers: Email ipm-info@ironmountain.com info@ironmountain.com Technology Escrow: Who s Using It and Why Verification Services: Fulfilling the Promise of Technology Escrow Agreements

Page 28 Thank you for attending another presentation from ACC s Desktop Learning Webcasts Please be sure to complete the evaluation form for this program as your comments and ideas are helpful in planning future programs. You may also contact Sherrese Williams at williams@acc.com This and other ACC webcasts have been recorded and are available, for one year after the presentation date, as archived webcasts at www.webcasts.acc.com. You can also find transcripts of these programs in ACC s Virtual Library at www.acc.com/vl

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback