monday.com Logo

Security Compliance Hub

background-image
Start your security review
ControlK

Overview

This Compliance Hub forms a part of our Trust Center.
At monday.com, we secure the information of more than 245,000 customers worldwide with absolute transparency and 24/7 support.
Our security model and controls are based on international standards and industry best practices, such as ISO 27001, ISO 27018, SOC 2 and OWASP Top 10.

Searching and content cards

Use the 'search items' at the top of the hub to search through our content cards with information on the most important aspects of monday.com's security program.

Knowledge Base

Use this search at the bottom of the hub to explore our q/a answers to standardized questionnaires like the SIG, CAIQ and HECVAT

Documentation

If you want to review our documentation you can use bulk download, this will provide you with all our certifications, reports and policies ready for your review.

Documents

Featured Documents

REPORTSSecurity and Privacy Whitepaper
  • Carrefour
  • Coca-Cola
  • Canva
  • Lions Gate
  • Universal Music Group
  • Cat
Knowledge Base (FAQ)
  • Are policies and procedures requiring unattended workspaces to conceal confidential data reviewed and updated at least annually?
  • Are physical security perimeters established between administrative and business areas, data storage, and processing facilities?
  • Does a relocation or transfer request require written or cryptographically verifiable authorization?
  • Can backups be restored appropriately for resiliency?
  • Is system identity information and levels of access managed, stored, and reviewed?
View more

Security Compliance Hub Updates

New SOC reports for FY25

Copy link
Compliance

Exciting news! All new SOC reports are now updated and available (SOC 1, SOC 2, SOC 3) in our security compliance hub.

Penetration Test Updates

Compliance

Updated documentation has been added to our 2026 Penetration Test report, addressing all medium and above findings.

Updated Third Party Penetration Test

Compliance

Our latest 3rd party application penetration test for 2026 is now available.

CVE-2025-55182 React Vulnerability - Response

Vulnerabilities

monday.com can confirm that we are unaffected by React2 critical vulnerability CVE-2025-55182.
We have reviewed our software repositories to confirm we have no usage of this vulnerable react server side package in our code (react or next.js). We also confirmed with our service providers.
In addition, we tested our public endpoints using dedicated detection scripts, which verified that the platform is not exploitable.
As a precautionary measure, we have upgraded react packages in the platform to the latest version and deployed a WAF rule to block any potential exploit attempts.

Guardian Security add-on

General

Guardian is a security and governance add-on designed to enhance the protection of your enterprise data, optimize secure access, and comply with the most stringent security policies.
Features include:
• Tenent Level Encryption (TLE)
• Bring Your Own Key (BYOK)
• Data Leak Prevention (DLP)
• Single Sign-On (SSO) with multiple Identity Providers
Please see https://dapulse-res.cloudinary.com/image/upload/v1744284128/Guardian_add-on.pdf for more details

Built onSafeBase by Drata Logo