About this series: The software / SaaS and technology escrow industry is unregulated but many states, industry organizations and corporations have implemented software escrow requirements to protect their investment in business critical software and SaaS applications. In this series of articles we will explore the different approaches taken to require escrow and discuss the challenges of ensuring compliance.
The state of Oklahoma has implemented stringent requirements governing the acquisition of customized computer software by state agencies, in order to ensure the protection and accessibility of the source code for business critical software. These requirements, as outlined in Section 250.3 of Title 75 of the Oklahoma Statutes, pertain to state agencies, the Purchasing Division of the Office of Management and Enterprise Services, and the Information Services Division of the Office of Management and Enterprise Services. Unless provided otherwise by federal law, these entities are prohibited from entering into contracts for the procurement of customized computer software that has been exclusively developed or modified for the agency or the state, unless the vendor agrees to deposit the source code for the software and any subsequent modifications into escrow with an independent third party.
To fulfill this obligation, the vendor must consent to placing the source code, as well as any upgrades supplied to the agency, into escrow. The choice of the third-party escrow agent must be agreeable to the agency. Moreover, the vendor is required to enter into a customary source code escrow agreement. This agreement should incorporate a provision granting the agency the right to access everything held in escrow under specific circumstances. These triggering events include:
- A genuine material default by the vendor in fulfilling its obligations under the agreement with the agency.
- An assignment by the vendor for the benefit of its creditors.
- A failure by the vendor to pay its debts as they mature or an admission of its inability to do so.
- The initiation of a bankruptcy petition, either by or against the vendor, when such a petition is not dismissed within sixty (60) days from its filing date.
- The appointment of a receiver, liquidator, or trustee for a substantial portion of the vendor’s assets.
- The vendor’s inability or unwillingness to provide maintenance and support services in accordance with the agreement with the agency.
- The discontinuation of maintenance and support services by the vendor for the software.
All expenses associated with the third-party escrow agent’s services, as mandated by this section, are to be borne by the vendor.
In addition to these escrow requirements, the State Purchasing Director or a procurement officer of a state agency is barred from processing any state agency request for the customization, modernization, or development of computer software unless the prospective vendor provides documentation that aligns with the stipulations detailed in subsections A and B of this section. This underscores the necessity for vendors to adhere to the escrow provisions and fulfill their obligations concerning source code protection.
Moreover, the State Purchasing Director is tasked with providing guidance and assistance, as needed, to enable state agencies to comply with the provisions delineated in this section. This support mechanism ensures that state agencies can navigate the complex landscape of software procurement while upholding the requirement for source code escrow.
In the context of this section, “state agency” encompasses all state agencies, regardless of their status under The Oklahoma Central Purchasing Act, except for the Oklahoma Lottery Commission. Additionally, the term “source code” is defined as the original form of programming instructions for a computer program. These instructions are created by a programmer using a text editor or a visual programming tool and are saved in a file. The definition clarifies that source code is the foundational code upon which the software is built and serves as the blueprint for its functionality.
Summary: The State of Oklahoma has taken a firm stance in requiring escrow protection for business critical applications. It is not clear when this requirement was written but it may need to be updated to include requiring escrow protection for SaaS applications and related data. Further, this language does not specifically reserve Oklahoma’s right to have the escrow deposit materials tested for completeness and functionality. Nonetheless, this is a positive, well written requirement that should result in better protection for the state. Read the State of Oklahoma’s software escrow requirement here:
About PRAXIS: Founded in 2016, PRAXIS Technology Escrow, LLC is a leading software and technology escrow services company known for providing innovative and flexible software and SaaS escrow solutions for business critical software. Learn more at: www.praxisescrow.com