Understanding Software Escrow and Risk Mitigation with Escode

by Elena Kriek.

Introduction

Escode, formerly known as NCC Group Research & Development, is a leading provider of software escrow and cybersecurity solutions. Their presentation introduced the company and its services, particularly in the context of mitigating risks associated with third-party software dependencies.

Services Provided

Escode offers various services, including:

  •  Cybersecurity Consulting: Providing expertise in protecting IT systems and data.
  •  Software Escrow: Ensuring business continuity and protecting against vendor failure by securely storing source code and vital software materials.
  •  Vendor Assessment: Evaluating the financial stability and technical capabilities of third-party software vendors.

Working with Banks and Fintechs

Escode works closely with banks and fintech companies to minimize risks associated with third-party software dependencies. This involves:

  • Creating a stakeholder team within the bank to ensure alignment and meet business objectives.
  • Understanding the bank’s software needs, vulnerabilities, and risk tolerance.
  • Collaborating with the software vendor to design and implement escrow solutions that meet both the bank’s and vendor’s requirements.

Case Study: Escrow for a Dutch Bank

Escode worked with a Dutch bank to protect against risks associated with a critical loan system. The solution involved:

  • Verifying the source code of the software through collaborative efforts with both the bank and software vendor.
  • Establishing a two-phase verification process to ensure the accuracy and completeness of the source code deposit.
  • Providing a legal contract (Single License Agreement) outlining the roles and responsibilities of the bank, software vendor, and Escode.
  •  Integrating with the vendor’s git repository for continuous source code updates.

Benefits for Banks

Escode’s escrow services provide banks with several benefits:

  • Business Continuity: Access to source code and materials allows banks to recover and continue operations in the event of vendor failure.
  • Risk Mitigation: Escrow solutions reduce the impact of vendor-related risks on the bank’s business, reputation, and compliance.
  • Trust Building: Demonstrating the bank’s commitment to risk management fosters trust between the bank and its software vendors.

Future Topics

Escode plans to host future events with The Banking 50 discussing advancements in risk mitigation, such as:

  •  Escrow as a Service (EscaaS): Innovative solutions for protecting cloud-based applications.
  •  Data Regulation and Escrow (DORA): How escrow supports compliance with upcoming data regulations.
Share: