monday.com

monday.com is a work OS that powers teams to run processes, projects and workflows in one digital workspace.
  • Website
    https://monday.com
  • Compliance
  • Product Security
  • Data Security
  • Privacy
  • Availability & Reliability
  • Organizational Security
  • Business Continuity
  • Threat Management
  • Subprocessors

  • Compliance

    • CCPA
    • CSA STAR

      monday.com takes part in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices.

    • EU-US Privacy Shield
    • Swiss-US Privacy Shield
    • GDPR

      General Data Protection Regulation (GDPR). For the success of our customers and the protection of their personal data.

    • HIPAA

      The Health Insurance Portability and Accountability (HIPAA) act.

    • ISO 27001

      ISO/IEC 27001:2013 which is the most rigorous global security standard for Information Security Management Systems (ISMS).

    • ISO 27017

      ISO/IEC 27017:2015 This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

    • ISO 27018

      ISO/IEC 27018:2014 Establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII)

    • SOC 1 Type II

      Ernst & Young conducted a SOC 1 audit on monday.com, providing a SOC 1 Type II Report following the audit.

    • SOC 2 Type II

      Ernst & Young conducted a SOC 2 audit on monday.com, providing a SOC 2 Type II Report following the audit.

    • SOC 3
      View Report

      Ernst & Young conducted a SOC 3 audit on monday.com, providing a SOC 3 Report following the audit.

  • Product Security

  • Data Security

    • Data Encrypted At-Rest
    • Data Encrypted In-Transit

  • Privacy

  • Availability & Reliability

  • Organizational Security

    • Employee Security Training
    • Physical Access Control

  • Business Continuity

    • Disaster Recovery Plan
    • Data Backups

  • Threat Management

  • Subprocessors

    • Primary Subprocessors
      Name
      Purpose
      Location
      Amazon Web Services
      Cloud computing provider
      United States
      Cloudflare
      Content-based firewall
      United States
      Coralogix
      Log aggregation and correlation
      United States
      Filestack
      File upload/view services
      United States
      Google Cloud
      Cloud computing provider
      United States
      Google Firebase
      Error monitoring
      United States
      Honeybadger
      Error monitoring
      United States
      Mailgun
      Email notification services
      United States
      Nexmo
      Text notification services
      United States
      Pusher
      Realtime updates
      United Kingdom
      Redis Labs
      Database platform (hosted on AWS)
      United States
      SendGrid
      Email notification services
      United States
      Twilio
      Text notification services
      United States