Operational controls address the human and procedural aspects of protocol security: endpoint security, multisig operations, access management, communications channel integrity, treasury management, and systems inventory.
Endpoint detection & response (EDR) and mobile device management deployed across all team devices. Timely OS patching, disk encryption, and other critical OS security controls are enforced. Offboarding procedures include device audit and remote wipe capability. Endpoint compliance is enforced, not just assumed.
Signers use hardware wallets on dedicated devices. Transactions are verified out-of-band before signing (e.g., via a separate channel confirming transaction details, alternative Squads UI, etc.). Signing procedures are documented with clear expectations for what signers must verify. Signer availability and backup procedures exist.
All internal systems behind SSO with hardware-backed 2FA. Access provisioned on a least-privilege basis. Onboarding, offboarding, and eviction checklists and procedures exist and are enforced. Access reviews are conducted periodically to catch stale permissions.
All protocol-controlled channels (Twitter/X, Discord, Telegram, email) secured with hardware 2FA where possible. Discord bot permissions and webhook access are audited and restricted. Admin access is restricted and logged. Shared credentials are avoided. Channel recovery procedures are documented in the event of a compromise.
Operational and reserve funds are held in multisig wallets with appropriate thresholds. Spending limits and approval workflows are defined. Fund movements are logged and reconciled. No single individual can unilaterally move protocol funds.
All systems (SaaS, on-prem, laptops, etc.) are inventoried and known, with clear system owners assigned. Sensitive data in each system should be understood, cataloged, and documented. Inventory is kept up-to-date through onboarding & offboarding processes and periodic review.