Technology Assurance Platform: SaaS Escrow
Trexcel Corporation is delivering its new Technology Assurance Platform mid-2025. This platform is being built to military-grade cybersecurity standards and will be targeted to the US and European Defense Industrial Base and highly-regulated commercial entities and their key vendors. The initial feature release will include several software, data, and cyber assurance features, including: SaaS Escrow.
Our CMMC XEnclave™, the foundation for our Technology Assurance Platform, is being initially certified by an independent Assessor at CMMC Version 2, Level 2, which is based on the NIST 800-171 cybersecurity standard shown on this relative coverage comparison chart. This is our starting point and our plan going forward is to improve our cybersecurity practices and capabilities and move to the right side of this chart. Any lower-coverage standards/certifications that are required by the markets we serve will be mapped into our proprietary Active Documentation™ system and obtained as needed.
The SaaS Escrow feature provides enhanced protection for businesses that rely on secure cloud-based software by safeguarding both the software and the client’s data in case the SaaS provider can no longer fulfill its obligations. Unlike traditional software escrow, where only the software source code is secured, SaaS escrow also addresses the critical risk that the provider holds both the software and client data. The platform offers a number of mechanisms to accept electronic deposits electronically, most supporting our military-grade security capabilities that are necessary for the Defense Industrial Base (DIB).
Key aspects of a SaaS Escrow Product:
Dual Coverage: The escrow agreement covers not just the software (source code, system configurations, etc.) but also the client’s data, ensuring the client can access both in the event of provider failure or disruption.
Risk Management: Since SaaS providers control both the software and customer data, this creates a dual risk scenario. The escrow solution mitigates the risk by enabling the client to recover both their software functionality and their stored data if a trigger event occurs.
Trigger Events: Common triggers for the release of escrowed materials include provider insolvency, breach of service-level agreements, or loss of data access. Upon triggering, both the software and data are made available to the client, allowing them to continue operations without service interruption.
Verification and Security: Regular deposits of software updates and real-time data backups into the escrow are continuously verified in various ways (including our AI-driven verification tools) to ensure that both elements can be deployed and accessed independently of the provider, ensuring business continuity.
This comprehensive approach ensures that organizations using SaaS platforms are protected from both software disruption and potential data loss, offering a complete safety net in critical service relationships.