Digital Asset
Trust Center

Digital Asset understands and appreciates the importance of security to our clients, which is reflected in how we architect, design, develop, build and distribute our products and services; and in how we protect our staff, our locations, our and our client’s confidential data, and our network and infrastructure.

Information Security Program

Our security team are active members of some of the most prominent security and privacy groups in the world: ISC2, ISACA, OWASP and IAPP, building on frameworks and guidelines provided by the Center for Internet Security, Cloud Security Alliance, International Standards Organization and the US National Institute of Standards and Technology for security, privacy and global risk management.

 

Digital Asset has a full time CISO and Security Team, who operate the InfoSec Program, covering all aspects of physical, logical, data and technology security. All IT Security policies are reviewed and acknowledged by staff annually. Security training pumps through the arteries of the firm as foundational life-blood with regular, high quality security awareness blogs and training distributed both internally and externally.

shutterstock_1756375439 1
Audit Certification
ISO27001 Certification
Industry-leading accreditation signals Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization.
View our Certificate
PRESS RELEASE
Digital Asset Meets Highest Standards of Data Protection with ISO 27001:2013 Certification
Read the announcement
Document
Digital Asset Security Posture
Digital Asset has put together a document describing how we position the company and protect our data and products.
Download Now
Association
CIS SecureSuite Member
Digital Asset is a CIS SecureSuite® Member and supports the development of the CIS Benchmarks™
Learn about CIS
Association
Registered with the Cloud Security Alliance
Digital Asset is committed to upholding the highest standards of security and privacy controls for cloud offerings.
SEE OUR PUBLIC V3.1 CAIQ
Program
Risk Management
As risk changes in our environment so do Digital Asset mitigation and remediation strategies, with department heads involved regularly every step of the way. Resources are focussed, or redirected as quickly and comprehensively as warranted. The Digital Asset Risk Committee meets regularly to review changes in business strategies, priorities, technology use and operating environment.
Policy
Data Privacy & Security
The privacy and security of data we collect about you or that you share with us, is very important to us. We use industry best practices to secure and protect the information and risk assess all service providers we use.
See our privacy policy

Secure Products

Our customers include large enterprises with strict regulatory and compliance requirements, many of whom are systemically important to their markets. The security of our products and services is paramountv

DAML
Daml
Daml is a platform for building multi-party applications. It extracts and simplifies business processes to make data accessible and optimizes workflows using smart contracts. Privacy and Security provide the foundational guardrails for the Daml ledger model offering secure transactions and privacy by design.
See our products
DAML
Secure by design
At every stage of design, Digital Asset injects the principles of secure product development into Daml. Each design phase is modelled on cutting edge best practices with security as a key ingredient. We work with our customers to understand any nuances of their requirements or environments.
Contact our team
DAML
Security Expertise
Digital Asset has employed globally renowned experts who conceived the foundation for the language and ledger model, ensuring secure, private transactions. Independent 3rd party security audit and examination confirm the process and procedures used and provide ongoing guidance.
Learn about CIS
DAML
Secure SDLC
Digital Asset constantly refines and redefines its Secure SDLC program to incorporate the latest security tooling and industry best practices. Our CI/CD pipelines include gated releases with mandatory peer reviews, restricted access to infrastructure, high security credentials and signing keys, ephemeral build nodes, vulnerability scanning, license checking, and change approval processes.

Resources, Articles, and Blogposts

Blog Post
Secure Daml Infrastructure – Part 1 PKI and certificates
In this post we focus on lower level infrastructure and connectivity concerns around how the processes making up the Ledger client and server components authenticate and authorize the connections and command submissions to a ledger.
Read the Blog
Blog Post
Secure Daml Infrastructure – Part 2 – JWT, JWKS and Auth0
Here we will provide a summary of the specification and how the Ledger Server uses custom claims to define allowed actions of an application.
Read the blog
DAML Forum
Weekly Security Awareness
Click through to our Forum to see our weekly roundup of security topics and articles
Access the Forum
TECHNICAL DOCUMENTATION
Daml Ledger Model
Daml Technical Documentation - description of the Daml Ledger Model
Access the Docs
Document
TechNote - Static Analysis and Daml Applications
This TechNote describes Digital Asset approach to source codescanning and the respective responsibilities of Digital Asset and Daml customers / developerswith a focus on Static Analysis Security Testing (SAST).
See our privacy policy
Digital Asset is certified by industry-leading accreditation standards.
ISO 27001 Logo FINAL-Transparent
ISO 27001
21972-312_SOC_NonCPA
AICPA Type 2 SOC 2