Hi there,
The provider of the software licenses would not necessarily be considered critical if you could easily purchase the licenses from another third party (re-seller). If the software provider also provides the licensing, if they cease to exist, you will definitely have an issue if you are dependent on that software for your operations. This is always an important consideration when purchasing software and licenses; software re-sellers aren't typically considered critical. But if the software is unique and isn't offered through re-sellers, you may be in a situation where the software vendor is a single point of failure (SPOF). In that case, you need to have appropriate plans in place to ensure business continuity if the vendor fails or goes out of business.
Many organizations in that situation may ask for code to be put in escrow. To safeguard the strategic value of custom software applications, organizations may require developers to store their software code and documentation in a source code escrow. This is because software source code is a valuable asset that needs protection. Thus, a source code escrow agreement provides the necessary insurance for such companies.
Software escrow is a process where the developer deposits the source code and instructions with a trusted third party. This ensures that the client can access it in the event of a "release event," such as the developer going bankrupt.
After an agreement is made, clients can access and use the software's source code as they wish. Depending on the license agreement, they may also maintain the software without the supplier's help. This ensures smooth business operations and flexibility for the client.
I hope this information is helpful, and I would like to hear what other members might add on this topic.
Original Message:
Sent: 08-16-2023 10:01 AM
From: Anonymous Member
Subject: Criticality for Provider of Critical On-Prem Software
This message was posted by a user wishing to remain anonymous
I am curious how others are treating the criticality level of third parties that provide on-premise software licenses for a software that is critical the the organization's operations? Clearly the software is important, but if the third party experiences any issues or were to no longer exist, if the on-premise software were to continue to function (obviously patching, upgrades, etc. come into play longer term), how do others think about how critical that provider is? Are they still critical because they are the provider of the critical software, or are they deemed non-critical?