SFC: Treasury Operations | Security Alliance — Security Checklist

Governance, access control, transaction verification, DeFi/staking risk, operational security, monitoring, vendor risk, and accounting.
Org:
Owner:
Date:

1. Governance & Treasury Architecture

  • Treasury Operations Owner
    Is there a clearly designated person or team accountable for treasury operations?
  • Treasury Registry and Documentation
    Do you maintain a complete, current record of all treasury wallets, accounts, and their configurations?
  • Custody Architecture Rationale
    Do you have documented rationale for your treasury custody architecture?
  • Treasury Infrastructure Change Management
    Do you have change management procedures for treasury infrastructure modifications?
Notes:

2. Risk Classification & Fund Allocation

  • Treasury Wallet Risk Classification
    Do you classify your treasury wallets and accounts by risk level and assign security controls accordingly?
  • Fund Allocation Limits and Rebalancing
    Do you enforce fund allocation limits and rebalancing triggers across your treasury?
Notes:

3. Access Control & Platform Security

  • Custody Platform Security Configuration
    Do you configure and maintain security controls on your custody platforms?
  • Credential and Secret Management
    Do you securely manage all credentials and secrets used in treasury operations?
  • Access Reviews for Treasury Systems
    Do you periodically review who has access to treasury systems?
  • Personnel Operational Security
    Do you enforce operational security requirements for treasury personnel?
Notes:

4. Transaction Security

  • Transaction Verification and Execution
    Do you have a defined process for verifying and executing treasury transactions?
  • Signer and Approver Knowledge
    Are treasury signers and approvers knowledgeable in the security practices relevant to their role?
  • Secure Communication Procedures
    Do you have secure communication procedures for treasury operations, including standard identity verification?
Notes:

5. Protocol Deployments

  • Protocol Evaluation and Exposure Limits
    Do you evaluate external protocols and enforce exposure limits before deploying treasury funds?
  • Position Lifecycle Management
    Do you have procedures for managing the lifecycle of your positions in external protocols?
Notes:

6. Monitoring & Incident Response

  • Monitoring and Threat Awareness
    Do you monitor your treasury for anomalous activity, external threats, and operational risks?
  • Incident Response Plan
    Do you have an incident response plan for treasury security events, and do you test it?
Notes:

7. Vendor & Infrastructure

  • Vendor Security Management
    Do you evaluate and monitor the security of third-party services used in treasury operations?
  • Backup Infrastructure and Alternate Access
    Do you have backup infrastructure and alternate access methods for treasury operations?
Notes:

8. Accounting & Reporting

  • Financial Recordkeeping and Reconciliation
    Do you maintain accurate treasury records and conduct periodic reconciliation?
  • Insurance Coverage
    Do you maintain insurance coverage appropriate for your treasury operations?
Notes: