Our systems are hosted on multiple Availability Zones at Amazon Web Services (AWS). We offer hosting in AWS data centers in the US, EU and AUS. This allows us to provide a reliable service and keeps your data available whenever you need it. We have also established a disaster recovery site in another AWS region.
This data center employ leading physical and environmental security measures, resulting in highly resilient infrastructure. For more information about its security practices, see below:AWS security page
monday.com implements a security oriented design in multiple layers, one of which is the application layer. The monday.com application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.
Our controlled CI/CD process includes static code analysis, vulnerability assessment, end-to-end testing, unit testing which addresses authorization aspects and more. monday.com developers go through periodic security training to keep them up-to-date with secure development best practices.
Independent third party assessments are crucial in order to get an accurate, unbiased understanding of your security posture. monday.com conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.
Additionally, monday.com is going through external auditing as part of the SOC2 Type II audit, the ISO certifications and other external audits.
monday.com is a cloud-based solution, with no part of our infrastructure retained on-premise. Our physical security in the offices include personal identification based access control, CCTV and alarm systems.
monday.com’s data centers are hosted on Amazon Web Services and Google Cloud Platform infrastructure, where leading physical security measures are employed.
monday.com is committed to providing continuous and uninterrupted service to all its customers. We consistently backup user data every 5 minutes. All backups are encrypted and distributed to various locations.
Our Disaster Recovery Plan is tested at least twice a year to assess its effectiveness and to keep the teams aligned with their responsibilities in case of a service interruption.