ACME Inc. paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME Inc. does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening?
A.
Reciprocal agreement
B.
Software escrow
C.
Electronic vaulting
D.
Business interruption insurance
Explanation:
B: The protection mechanism that ACME Inc. should have implemented is called software escrow. Software escrow means that a third party holds the source code, and backups of
the compiled code, manuals, and other supporting materials. A contract between the software vendor, customer, and third party outlines who can do what and when with the source
code. This contract usually states that the customer can have access to the source code only if and when the vendor goes out of business, is unable to carry out stated responsibilities,
or is in breach of the original contract. If any of these activities takes place, then the customer is protected because it can still gain access to the source code and other materials
through the third-party escrow agent.
A is incorrect because a reciprocal agreement is an offsite facility option that involves two companies agreeing to share their facility in case a disaster renders one of the facilities
unusable. Reciprocal agreements deal with disaster recovery and not software protection when dealing with the developing vendor.
C is incorrect because electronic vaulting is a type of electronic backup solution. Electronic vaulting makes copies of files as they are modified and periodically transmits them to an
offsite backup site. The transmission does not happen in real time but is carried out in batches. So, a company can choose to have all files that have been changed sent to the backup
facility every hour, day, week, or month. The information can be stored in an offsite facility and retrieved from that facility in a short period of time. Electronic vaulting has to do with
backing up data so that it is available if there is a disruption or disaster.
D is incorrect because a business interruption insurance policy covers specified expenses and lost earnings if a company is out of business for a certain length of time. This
insurance is commonly purchased to protect a company in case a disaster takes place and they have to shut down their services for a specific period of time. It does not have anything
to do with protection or accessibility of source code.