I had to do this 10 years ago for a SAAS application. It was standard procedure from the customer in question (a large multinational corporation) for "critical applications" - and I could understand their motivation. However, on renewal of the contract, the escrow clause was dropped - I'm not sure if this was because we were more trusted, or their policies changed (I think the cost was a factor).<p>Many other large customers consumed our services, but none of those have asked for an escrow - some have contracted for "special ways" to remove their data (for example direct access to database backups and so on) in the case that we would go insolvent - I'm not sure that legal mechanism this used.<p>For the customer in question they had several "levels" of escrow - and in this case they wanted the full escrow, which is more than just a dump of the code - it required all code, all dependencies, all bootstrap data, all configuration files, all build tools, and detailed instructions for building and running the app. An external company worked with us so that they could independently build the application, and witness it running. It was very expensive, very disruptive, very time consuming (it took about 3 days of prep, and 5 days with the external company). I remember it felt like a life time. The customer picked up the bill for the Escrow, that included the cost of the independent company, and our time (but not the opportunity cost).<p>In my opinion they are of very little value (for example the code continually goes out of date, who's going to run the service because they don't have the skills). In my experience it was a total PITA, and personally I'd avoid it, and try as hard as I could to use a different device to provide the assurance that they need (e.g. contracting that they can access their data in the event of insolvency, or at a push putting the built artifacts and runtime configurations into escrow).