Software Verification

Integrity Testing

Integrity Testing is provided as standard on all material deposited under an escrow agreement. The process involves the testing of the deposit material to ensure that it is virus free, accessible and of the expected type, providing assurance that the source code will be accessible if a release event occurs.

The following checks are carried out on all deposits received:

  • Virus Check
  • Media Read Check
  • Compression Check
  • Password/Encryption Check
  • Source Code Check
  • Source Code Information Check

If the material tested fails any of the first five checks, NCC Group request that the software owner provides a replacement deposit, and the Integrity Testing process will start again from the beginning.

Integrity Plus

As well as providing reassurance that the material deposited in escrow is virus free, accessible and of the expected type, we visit the software owner’s site to carry out an audit and record the details of the deposit information in its native environment.

The independent audit records the environment including the architecture and third party utilities/software and provides a full inventory of the source code and documentation files.

Integrity Plus also provides the benefit of an independent party witnessing the process used for the creation of the material to be deposited in escrow and recording of the method used.

All these things can provide valuable reassurance when investing in business crititcal software.

Integrity Plus is often recommended for material which cannot be checked through a build process or during the development of software.

Further Levels of Verification

Integrity Testing and Integrity Plus provides valuable reassurance that the deposit material held in escrow is accessible and free from viruses.

However if your application is critical to your business then, as part of your disaster recovery & contingency planning activities, you should consider whether further reassurance would be beneficial.

For business critical applications, NCC Group recommends that further verification should also be carried out to guarantee that all the required files and instructions have been deposited to utilise the material effectively and speedily in the event of a release.

We offer three types of Verification Testing to ensure there is a service suitable to meet all your future requirements, whether you choose to carry out the maintenance and support of key applications in-house or whether you engage with another supplier. Full VerificationBuild Assured Verification and User Assured Verification.