Digital Asset Trust Center

Digital Asset understands and appreciates the importance
of security to our clients, which is reflected in how we
architect, design, develop, build and distribute our products
and services; and in how we protect our staff, our locations, our client’s confidential data, and our network and infrastructure.

Information Security Program

Our security team are active members of some of the most prominent security and privacy groups in the world: ISC2, ISACA, OWASP and IAPP, building on frameworks and guidelines provided by the Center for Internet Security, Cloud Security Alliance, International Standards Organization and the US National Institute of Standards and Technology for security, privacy, and global risk management.

Digital Asset has a full-time CISO and Security Team, who operate the InfoSec Program, covering all aspects of physical, logical, data, and technology security. All IT Security policies are reviewed and acknowledged by staff annually. Security training pumps through the arteries of the firm as foundational life-blood with regular, high-quality security awareness blogs and training distributed both internally and externally.

data and privacy 2

Data privacy & security
The privacy and security of data we collect about you or that you share with us, is very important to us. We use industry best practices to secure and protect the information and risk assess all service providers we use.

audit certifications 1

Audit certifications
Industry-leading ISO27001 Certification signals Digital Asset’s ongoing commitment to security, risk management, and best practices for data management across the organization.

associations 1

Digital Asset is a CIS SecureSuite® Member and supports the development of the CIS Benchmarks™ and is registered with the Cloud Security Alliance.

risk management 1

Risk management
As risk changes in our environment so do Digital Asset mitigation and remediation strategies, with department heads involved regularly every step of the way. Resources are focussed, or redirected as quickly and comprehensively as warranted. The Digital Asset Risk Committee meets regularly to review changes in business strategies, priorities, technology use and operating environment.

Securely integrating technology icon

Digital Asset security posture

Digital Asset has put together a document describing how we position the company and protect our data  and products.


secure SDLC 1

Registered with the Cloud Security Alliance

Digital Asset is committed to upholding the highest standards of security and privacy controls for cloud offerings.


Digital Asset is certified by industry-leading accreditation standards.
ISO 27001 Logo FINAL-Transparent

Secure products

Our customers include large enterprises with strict regulatory and compliance requirements, many of whom are systemically important to their markets. The security of our products and services is paramount.

daml 1

Daml is a platform for building multi-party applications. It extracts and simplifies business processes to make data accessible and optimizes workflows using smart contracts. Privacy and security provide the foundational guardrails for the Daml ledger model, offering secure transactions and privacy by design.


secure by design 2

Secure by design
At every stage of design, Digital Asset injects the principles of secure product development into Daml. Each design phase is modeled on cutting-edge best practices, with security as a key ingredient. We work with our customers to understand any nuances of their requirements or environments.


security expertise 1

Security expertise
Digital Asset has employed globally renowned experts who conceived the foundation for the language and ledger model, ensuring secure, private transactions. Independent, third-party security audit and examination confirm the process and procedures used and provide ongoing guidance. 

secure SDLC 1

Secure SDLC
Digital Asset constantly refines and redefines its Secure SDLC program to incorporate the latest security tooling and industry best practices. Our CI/CD pipelines include gated releases with mandatory peer reviews, restricted access to infrastructure, high security credentials and signing keys, ephemeral build nodes, vulnerability scanning, license checking, and change approval processes.

Resources, articles, and blogspots