Case Study - NCC Group

NCC Group is one of the world’s leading software escrow providers


The introduction of the General Data Protection Regulation (GDPR) has meant that companies need to be far more aware of the transferring, storage, location of the personal data they are holding and must, therefore, meet the requirements of the latest data privacy & GDPR compliance.

Gravicus, a London based company operating within the Information Technology and Services industry, helps organisations stay compliant with data privacy and GDPR regulations through their Gravicus Osprey application.

The purpose-built data analysis platform, enables its users to understand their current risk exposure by providing direct insight into the unstructured data that lives within the company, ensuring that the user can reduce any risks associated with GDPR. As a relatively new startup but confident in both their software and offering, Gravicus required an escrow provider that they could work in partnership with to offer its first client the best service of business continuity. As their first client, a large communications company who send over 4 million communications to their customers every single day, it was imperative for Gravicus to support their customer’s risk mitigation plan and provide them with peace of mind. Additionally, with the application still in development and changing frequently, the customer did not require verification at the present time and therefore required an escrow provider who could be flexible on agreement terms.

Gravicus recognise that as organisations reliance on IT continues to grow, they must provide assurance to its existing and future end users that they have the right mechanisms in place to protect their software assets.

The solution provided by NCC Group was instrumental in solidifying a new client relationship. We look forward to partnering with NCC Group in the future and bringing our new clients on board with the support of this business continuity solution

Ben Gowers, CEO – Gravicus


With more than 30 years’ experience protecting business-critical applications and currently protecting over 7,000 business-critical software applications under comprehensive escrow agreements, on the behalf of licensees worldwide, NCC Group was the escrow provider of choice for this customer.

Following the initial enquiry, NCC Group provided Gravicus with a dedicated point of contact from its Partner Management team. NCC Group’s Technology Partner Team are experts in understanding everything from product development cycles to marketing strategies in order to advise the right approach to escrow, verification and the depositing of source code.

After an initial scoping call, the Partner Manager recommended a multi licensee agreement which is a scalable solution that can benefit any Gravicus clients. As aforementioned, confident in both their application and offering, this agreement demonstrates Gravicus’ pro-active approach to their user’s business continuity solutions in addition to ensuring that the process of onboarding future clients is as easy and smooth as possible.

As with all escrow agreements, NCC Group carries out a Media Check on the material received to ensure that it is virus free, accessible and of the expected type. This process ensures that any obvious mistakes in the deposit are detected and resolved. While this provides the assurance that the source code is accessible and safe, it cannot guarantee that the building blocks required to continually maintain and support their end users business-critical applications have been captured.

Consequently, the escrow deposit will be verified as fit for purpose by an NCC Group Consultant at key points in the application development cycle. This verification process will ensure that not only can clients have full peace of mind that the escrow deposits are complete and correct, but in working closely with Gravicus development team, NCC Group are able to create build documentation to guide clients through an application rebuild, should the deposits ever need to be called upon.

With Gravicus continuing to develop the Osprey application until the end of the year, the Partner Manager worked with NCC Group’s expert legal team to construct a tailored agreement stating that deposit verification will take place within thirty days of the first and second anniversary of the agreement, as well as facilitating additional verification at the end user’s request.


Working proactively with its clients and NCC Group, Gravicus has clearly demonstrated its commitment to best practice and long term relationships. With the solution scoped out, the agreement was signed in a matter of days providing reassurance to both Gravicus and its end users. In the unlikely event that Gravicus is no longer available to support or maintain its products, the licensee can apply for the material held in escrow to be released quickly and safely. This will allow the licensee to continue to maintain the software in-house or transfer to an alternative provider minimising disruption and cost to its organisation.

Ben Gowers, the CEO at Gravicus commented ‘The solution provided by NCC Group was instrumental in solidifying a new client relationship. We look forward to partnering with NCC Group in the future and bringing our new clients on board with the support of this business continuity solution.

About NCC Group

With over 30 years’ experience, NCC Group is one of the world’s leading software escrow providers protecting business critical software, data and information through escrow, both traditional and secure verification testing and SaaS continuity services.

Over 18,000 organisations worldwide benefit from our ability to offer our services under a variety of international laws and the assurance that comes from our global network of secure storage vaults across the UK, North America and Europe. Our expertise, offering and global scale are backed up by in-house technical and legal teams, guaranteeing an independent and quality service.

The principle behind our offering is clear – to protect all parties involved in the development, supply and use of business-critical software applications, information and technology.