DAO Group Security Commitments

Last Updated: 11/30/2022

1. All Systems are monitored 24/7 for vulnerabilities and intrusions with automated alerting to a dedicated security team
2. All alerts are triaged and escalated based on a standard security policy and reviewed for compliance
3. Critical vulnerabilities identified will always be communicated clearly to customers potentially affected
4. Customer data and production systems are secured by robust access controls and least privileged access for all roles
5. Customer data is backed up nightly and stored in immutable offsite backup storage
6. Firewall rules are reviewed on a regular basis to ensure minimum access to the network is enforced
7. Security team meets on a weekly basis to define and track security objectives and continually improve system security
8. Software security assessments are consistently completed throughout the software release cycle
9. All changes to software follow a strict change management policy including complete documentation of every change, test cases and test completion, and standard source control practices.