Trust center

At Digital Asset, we prioritize security at every level. Our commitment to safeguarding our clients' interests is evident in the meticulous way we architect, design, develop, and deploy our products and services. We ensure robust protection for our employees, facilities, clients' confidential data, and our entire network infrastructure.
abstract_shape

Dedicated security team

Digital Asset has a full-time CISO and Security Team that operates the InfoSec Program, covering all aspects of physical, logical, data, and technology security. Our security team are active members of some of the most prominent security and privacy groups in the world, including ISC2, ISACA, OWASP, and IAPP. They are building on frameworks and guidelines provided by the Center for Internet Security, Cloud Security Alliance, International Standards Organization, and the US National Institute of Standards and Technology for security, privacy, and global risk management.

All IT Security policies are reviewed and acknowledged by staff annually. Security training is at the very heart of the firm and we produce regular high-quality security awareness blogs and training that are distributed both internally and externally.

Certifications and affiliations 

Audit certifications

Industry-leading ISO27001 certification and SOC2 Type II assessment signal Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization. We were the first blockchain startup to successfully complete these security assessments. Digital Asset also attests to Hellios FSQS and Trusight assessments.

View our ISO27K certificate Right Arrow Meeting the highest standard of data protection Right Arrow First blockchain startup with SOC2 Type II Right Arrow Request a copy of the Trusight audit report Right Arrow

CIS SecureSite member

Digital Asset is a CIS SecureSuite® Member, supports the development of the CIS Benchmarks™, and is registered with the Cloud Security Alliance.

Learn more Right Arrow

Registered with the Cloud Security Alliance

Digital Asset is committed to upholding the highest standards of security and privacy controls for cloud offerings.

See our public V4.0.2 Right Arrow

Risk management and policies

Risk management

As risk changes in our environment, so do Digital Asset mitigation and remediation strategies, with department heads involved regularly every step of the way. The Digital Asset Risk Committee meets regularly to review changes in business strategies, priorities, technology use, and operating environment.

Data protection, privacy and security

Your privacy and the security of your data are our top priorities. We adhere to industry best practices to safeguard your information and conduct thorough risk assessments of all our service providers.

View our privacy policy

Digital Asset security posture

Digital Asset has assembled a document describing how we position the company and protect data and our products.

Download here

Our platform security

Our clients include prominent enterprises with stringent regulatory and compliance requirements, many of which hold significant positions within their respective markets. Ensuring the security of our platform and services is of utmost importance to us.

At Digital Asset, we embed secure product development principles into Daml at every design stage. Each phase follows cutting-edge best practices, ensuring security is a key focus. We collaborate closely with our customers to understand the nuances of their requirements and environments.

Digital Asset employs globally renowned experts who conceived the foundation of our language and ledger model, ensuring secure and private transactions. Independent third-party security audits and examinations validate our processes and procedures, offering ongoing guidance.

Digital Asset continuously refines its Secure SDLC program to incorporate the latest security tools and industry best practices. Our CI/CD pipelines feature gated releases with mandatory peer reviews, restricted infrastructure access, high security for credentials and signing keys, ephemeral build nodes, SCA and vulnerability scanning, license checking, and rigorous change-approval processes.

Resources & insights

TechNote - static analysis and Daml applications

This TechNote describes Digital Asset approach to source code scanning and the respective responsibilities of Digital Asset and Daml customers/developers with a focus on Static Analysis Security Testing (SAST).

Read more

Secure Daml infrastructure - part 1 PKI and certificates

Daml is a smart contract language designed to abstract away much of the boilerplate and lower-level issues allowing developers to focus on how to model and secure business workflows.
Read more

Secure DAML infrastructure - part 2 - JWT, JWKS and Auth0

In Part 1 of this blog, we described how to set up a PKI infrastructure and configure the DAML Ledger Server to use secure TLS connections and mutual authentication. This protects data in transit, and only authorized clients can connect.
Read more

Start building
with Daml

The tools, resources, online training and community that developers deserve.

Start Building with Daml