2023 IT Examiner School

Software Escrow Agreements • Proprietary programs including those written in publicly available code are copyrighted and distributed through various licensing agreements. • Typically, an independent third party retains the source code as an escrow agent. • Organizations with escrow agreements should ensure correct version and that documentation is included. This should be specified in the contract and verified periodically. • Organizations that have escrow agreements should consider protecting their escrow rights by contractually. • Access to source code is allowed under very limited specific conditions , which must be specified in the agreement; for example:

• Discontinued product support • Financial insolvency of vendor

Change Management • Procedures should ensure that modifications do not disrupt operations or degrade a system's performance or security. • Involves ensuring that all changes to products, services; and procedures are approved, documented, and implemented. • Management should establish change controls that address major, routine, & emergency software modifications and software patches. • Procedures that include detailed steps & techniques for backing out.