Digital Asset Trust Center

Digital Asset understands and appreciates the importance of security to our clients, which is reflected in how we architect, design, develop, build, and distribute our products and services; and in how we protect our staff, our locations, our clients' confidential data, and our network and infrastructure.

Information Security Program

Our security team are active members of some of the most prominent security and privacy groups in the world, including ISC2, ISACA, OWASP, and IAPP. They are building on frameworks and guidelines provided by the Center for Internet Security, Cloud Security Alliance, International Standards Organization, and the US National Institute of Standards and Technology for security, privacy, and global risk management.

Digital Asset has a full-time CISO and Security Team who operates the InfoSec Program, covering all aspects of physical, logical, data, and technology security. All IT Security policies are reviewed and acknowledged by staff annually. Security training is at the very heart of the firm, and we produce regular, high-quality security awareness blogs and trainings that are distributed both internally and externally.

data and privacy 2

Data privacy & security
The privacy and security of data we collect about you or that you share with us is important to us. We use industry best practices to secure and protect the information and risk-assess all service providers we use.

audit certifications 1

Audit certifications
Industry-leading ISO27001 certification and SOC2 Type II assessment signal Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization.

associations 1

Digital Asset is a CIS SecureSuite® Member, supports the development of the CIS Benchmarks™, and is registered with the Cloud Security Alliance.

risk management 1

Risk management
As risk changes in our environment, so do Digital Asset mitigation and remediation strategies, with department heads involved regularly every step of the way. The Digital Asset Risk Committee meets regularly to review changes in business strategies, priorities, technology use, and operating environment.

Securely integrating technology icon

Digital Asset security posture

Digital Asset has assembled a document describing how we position the company and protect data and our products.


secure SDLC 1

Registered with the Cloud Security Alliance

Digital Asset is committed to upholding the highest standards of security and privacy controls for cloud offerings.


Digital Asset is certified by industry-leading accreditation standards

Secure products

Our customers include large enterprises with strict regulatory and compliance requirements, many of whom are systemically important to their markets. The security of our products and services is paramount.

daml 1

Daml is a platform for building multi-party applications. It extracts and simplifies business processes to make data accessible and optimizes workflows using smart contracts. Privacy and security provide the foundational guardrails for the Daml ledger model, offering secure transactions and privacy by design.


secure by design 2

Secure by design
At every stage of design, Digital Asset injects the principles of secure product development into Daml. Each design phase is modeled on cutting-edge best practices, with security as a key ingredient. We work with our customers to understand the nuances of their requirements and environments.


security expertise 1

Security expertise
Digital Asset has employed globally renowned experts who conceived the foundation for the language and ledger model, thereby ensuring secure, private transactions. Independent, third-party security audits and examination confirm the process and procedures used and provides ongoing guidance. 

secure SDLC 1

Secure SDLC
Digital Asset constantly refines and redefines its Secure SDLC program to incorporate the latest security tooling and industry best practices. Our CI/CD pipelines include gated releases with mandatory peer reviews, restricted access to infrastructure, high security credentials and signing keys, ephemeral build nodes, vulnerability scanning, license checking, and change-approval processes.

Resources, articles, and blogs

Digital Asset Meets Highest Standards of Data Protection with ISO 27001:2013 Certification

Industry-leading accreditation signals Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization.




TechNote - Static Analysis and Daml Applications

This TechNote describes Digital Asset approach to source code scanning and the respective responsibilities of Digital Asset and Daml customers / developers with a focus on Static Analysis Security Testing (SAST).



Digital Asset is First Blockchain Startup to Successfully Complete AICPA Type 2 SOC 2 Examination

Digital Asset continues to demonstrate its commitment to meeting the security requirements of its customers and the integrity of its products and services



Secure Daml Infrastructure - Part 1 PKI and certificates

Daml is a smart contract language designed to abstract away much of the boilerplate and lower level issues allowing developers to focus on how to model and secure business workflows.



Secure DAML Infrastructure - Part 2 - JWT, JWKS and Auth0

In Part 1 of this blog, we described how to set up a PKI infrastructure and configure the DAML Ledger Server to use secure TLS connections and mutual authentication. This protects data in transit and only authorised clients can connect. 



CIS SecureSuite Member

Digital Asset is a CIS SecureSuite® Member and supports the development of the CIS Benchmarks™