- CSA STAR
monday.com takes part in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices.
- EU-US Privacy Shield
- Swiss-US Privacy Shield
General Data Protection Regulation (GDPR). For the success of our customers and the protection of their personal data.
The Health Insurance Portability and Accountability (HIPAA) act.
- ISO 27001View Certificate
ISO/IEC 27001:2013 which is the most rigorous global security standard for Information Security Management Systems (ISMS).
- ISO 27017View Certificate
ISO/IEC 27017:2015 This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
- ISO 27018View Certificate
ISO/IEC 27018:2014 Establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII)
- ISO 27032View Certificate
ISO/IEC 27032:2012 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity, and its dependencies on other security domains.
- ISO 27701View Certificate
ISO/IEC 27701:2019 This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS)
- SOC 1 Type II
Ernst & Young conducted a SOC 1 audit on monday.com, providing a SOC 1 Type II Report following the audit.
- SOC 2 Type II
Ernst & Young conducted a SOC 2 audit on monday.com, providing a SOC 2 Type II Report following the audit.
- SOC 3View Report
Ernst & Young conducted a SOC 3 audit on monday.com, providing a SOC 3 Report following the audit.
- Audit Logs
- Multi-Factor AuthenticationView Instructions
- Google SSO
- SAML SSO
- Data Encrypted At-Rest
- Data Encrypted In-Transit
Availability & Reliability
- Status PageStatus Page
- Employee Security Training
- Physical Access Control
- Disaster Recovery Plan
- Data Backups
- Bug BountyView Program
- Responsible Disclosure
- NamePurposeLocationCloud computing providerUnited StatesContent-based firewallUnited StatesLog aggregation and correlationUnited StatesFile upload/view servicesUnited StatesCloud computing providerUnited StatesError monitoringUnited StatesError monitoringUnited StatesEmail notification servicesUnited StatesText notification servicesUnited StatesRealtime updatesUnited KingdomDatabase platform (hosted on AWS)United StatesEmail notification servicesUnited StatesText notification servicesUnited States