Access into monday.com is performed via the following authentication methods:
We provide administrators with a choice of two passwords strength settings for their account:
Yes, monday.com uses the following methods to encrypt customer data:
monday.com is a fully cloud-based service. Our service is hosted on Amazon Web Services infrastructure in Northern Virginia
across multiple Availability Zones, with a DR site established in a different region. Enterprise plan customers can choose to host their data at our EU data center in Frankfurt, Germany. This data center employ leading physical and environmental security measures, resulting in highly resilient infrastructure.
More information about its security practices is available at:
AWS security page
We employ a microservices architecture to ensure minimal impact on system health in the case of failure of one or more components.
Multiple Availability Zones are used to provide further redundancy and we have alternative providers for some of the services we rely on.
Enterprise customers are provided with a 99.9% SLA, subject to terms of the SLA. Additionally, our service's availability can be monitored
through our status page, where you can also subscribe to receive updates via email or text messages.
We have the following certifications, reports and compliance programs:
ISO 27001, ISO 27017, ISO 27018, ISO 27032, ISO 27701
SOC 1 Type II, SOC 2 Type II, SOC 3
You can find all of our certificates here.
monday.com uses the services of a third party PCI-DSS certified billing processor; thus ,any credit card payments paid through
our billing processor are processed according to the PCI-DSS requirements. Therefore, PCI-DSS data is not stored on our service
and we are not required to be PCI-DSS certified.
Yes. Our security efforts are guided and monitored by our CISO and Security Team and wider Security Forum,
which is composed of representatives from Infrastructure, R&D, Operations, Legal and IT Teams.