Digital Asset Trust Center
Digital Asset understands and appreciates the importance of security to our clients, which is reflected in how we architect, design, develop, build, and distribute our products and services; and in how we protect our staff, our locations, our clients' confidential data, and our network and infrastructure.
Information Security Program
Our security team are active members of some of the most prominent security and privacy groups in the world, including ISC2, ISACA, OWASP, and IAPP. They are building on frameworks and guidelines provided by the Center for Internet Security, Cloud Security Alliance, International Standards Organization, and the US National Institute of Standards and Technology for security, privacy, and global risk management.
Digital Asset has a full-time CISO and Security Team who operates the InfoSec Program, covering all aspects of physical, logical, data, and technology security. All IT Security policies are reviewed and acknowledged by staff annually. Security training is at the very heart of the firm, and we produce regular, high-quality security awareness blogs and trainings that are distributed both internally and externally.
Data privacy & security
The privacy and security of data we collect about you or that you share with us is important to us. We use industry best practices to secure and protect the information and risk-assess all service providers we use.
Industry-leading ISO27001 certification and SOC2 Type II assessment signal Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization.
VIEW OUR ISO27K CERTIFICATE >
As risk changes in our environment, so do Digital Asset mitigation and remediation strategies, with department heads involved regularly every step of the way. The Digital Asset Risk Committee meets regularly to review changes in business strategies, priorities, technology use, and operating environment.
Our customers include large enterprises with strict regulatory and compliance requirements, many of whom are systemically important to their markets. The security of our products and services is paramount.
Daml is a platform for building multi-party applications. It extracts and simplifies business processes to make data accessible and optimizes workflows using smart contracts. Privacy and security provide the foundational guardrails for the Daml ledger model, offering secure transactions and privacy by design.
Secure by design
At every stage of design, Digital Asset injects the principles of secure product development into Daml. Each design phase is modeled on cutting-edge best practices, with security as a key ingredient. We work with our customers to understand the nuances of their requirements and environments.
Digital Asset has employed globally renowned experts who conceived the foundation for the language and ledger model, thereby ensuring secure, private transactions. Independent, third-party security audits and examination confirm the process and procedures used and provides ongoing guidance.
Digital Asset constantly refines and redefines its Secure SDLC program to incorporate the latest security tooling and industry best practices. Our CI/CD pipelines include gated releases with mandatory peer reviews, restricted access to infrastructure, high security credentials and signing keys, ephemeral build nodes, vulnerability scanning, license checking, and change-approval processes.
Resources, articles, and blogs
Secure DAML Infrastructure - Part 2 - JWT, JWKS and Auth0
In Part 1 of this blog, we described how to set up a PKI infrastructure and configure the DAML Ledger Server to use secure TLS connections and mutual authentication. This protects data in transit and only authorised clients can connect.