Intersect WebsiteBecome a member

Technical Review Policy

1. Policy title: Technical Review Policy

2. Version: 1.0

3. Effective date: 15th June 2025

4. Review date: Annually, next applicable June 2026

5. Policy owner: Head of Operations

6. Policy sponsor: Intersect Executive Director

7. Purpose:

  • This Technical Review Policy outlines requirements, guidance where necessary, for review and technical audit of milestones (documents, designs, code, or other technical project artefacts) to ensure that the deliverables do not endanger the security, functionality, performance or long-term sustainability of the Cardano Blockchain.

8. Scope:

  • This policy applies to any deliverable which has the potential to affect the core code responsibilities under Intersects administration.

  • Specifically, any deliverable which affects crypto primitives, ledger, or consensus rules must abide by this policy and any artefacts referenced.

  • This policy does not replace any requirements set out by the Cardano Constitution. Where applicable, this must be completed in addition to anything set out in this policy

  • Where a deliverable does not affect any core code, this policy should be undertaken as best practice, where practically possible.

9. Principles:

  • To provide support to any constitutional requirements regarding technical audit, and, where necessary, further definition.

  • To ensure that deliverables do not endanger the security, functionality, performance, or long-term sustainability of the Cardano Blockchain.

  • Where deliverables do not potentially affect the security, functionality, performance, or long-term sustainability of the Cardano Blockchain; vendors should consider undertaking the practices defined to demonstrate trust and promote adoption of deliverables within the ecosystem.

10. Definitions:

  • Audit: An audit is an independently verifiable examination of information

  • Compliance: Adhering to the terms and conditions in the DRep approved funding allocated contract.

  • Ecosystem Risk: Where the security, functionality, performance, or long-term sustainability of the Cardano Blockchain may be affected.

  • Technical audit: Review of a technical aspect or deliverable undertaken by a capable third party to the creator.

  • Intersect: Intersect serves as an Administrator within Cardano’s funding ecosystem, helping to operationalize community-approved proposals by coordinating due diligence, contracting, and on-chain disbursements. This role is grounded in the principles of transparency, decentralization, and adherence to the Cardano Constitution.

11. Policy statements:

  • Where applicable, all deliverables must adhere to the rules within the Cardano Engineering Handbook, including any testing or reasonable disclosure requirements.

  • Where applicable, all deliverables must adhere to any policy contained within the code repositories under Intersect’s administration.

  • Prior to any mainnet integration, the following artefacts, or others reasonably requested, are expected to have been agreed in advance with Intersect or a chosen third party of Intersect, produced where practically possible and reviewed by Intersect as the administrator.

    • Functionality Tests

    • Security Reviews

    • Code Audits

    • Performance Tests

    • Integration Functionality Tests

    • Performance Tests

  • Any deliverable which affects crypto primitives, ledger, or consensus rules must seek prior agreement on technical audit and testing prior to commencement of any deliverable.

  • Because requirements for new features may not be able to be defined in this policy in advance, any other reasonable requirement for technical testing, auditing, or security review must be met.

12. Roles and responsibilities:

Intersect (administrator)

  • Intersect serves as an administrator, offering guidance. Intersect can advise but not enforce or amend constitutional requirements.

  • Where possible, offer audit coordination services and guidance, ensuring the initiation of necessary technical audits and reviews for each proposal under its administration.

  • Put in place reporting mechanisms to ensure clear and timely communication, including conducting Delivery Assurance checks and promptly escalating any identified issues, discrepancies, or risks.

Vendor

  • Responsibility for conducting any technical reviews or audits prior to commencement of deliverables, as deemed reasonable by the administrator.

  • Responsible for any remediation or retesting required, as reasonably requested by Intersect, until such time as the deliverable does not endanger the security, functionality, performance, or long-term sustainability of the Cardano Blockchain.

  • Responsible for reasonable disclosure to Intersect or the Security Council or community as appropriate; where practically possible, reducing the likelihood of duplicating effort, and reducing the likelihood of the risk to other deliverables.

13. Procedures (or referenced procedures):

  • Vendors should seek clarity and requirements prior to any proposal submissions (at the earliest opportunity).

  • Proposal vendors must agree required technical audits and reviews in advance, ahead of any contractual agreements.

  • Any cost associated with a proposals technical review or audit is the responsibility of the vendor

  • Where practically possible, all test results should be shared with the administrator and, as appropriate, logged by the Security Council.

  • Where practically possible, the outcomes of testing shall be shared with the community to build evidence of quality and encourage adoption.

14. Monitoring and compliance:

  • Monitoring: Intersect, as the administrator, will monitor the completion of milestones and documentation throughout the contract lifecycle, ensuring that the appropriate technical audits and reviews are undertaken.

  • Compliance: Compliance will be monitored by delivery assurance on a per-milestone basis. Non-compliance to a required technical audit or review risks a delay in the approval of milestones.

15. Review and amendment:

  • To ensure the policy remains current and effective, it will be reviewed at least annually. In response to significant organizational changes or regulatory updates, the policy will be updated by the Intersect Operational Services team and approved via the Intersect Executive team as required.

16. Related documents/references:

This policy should be read in conjunction with the following documents, guidelines and regulatory frameworks:

PreviousDue Diligence PolicyNextGeneral Glossary

Last updated

Was this helpful?