Security Compliance Hub
This Compliance Hub forms a part of our Trust Center.
At monday.com, we secure the information of more than 245,000 customers worldwide with absolute transparency and 24/7 support.
Our security model and controls are based on international standards and industry best practices, such as ISO 27001, ISO 27018, SOC 2 and OWASP Top 10.
Searching and content cards
Use the 'search items' at the top of the hub to search through our content cards with information on the most important aspects of monday.com's security program.
Knowledge Base
Use this search at the bottom of the hub to explore our q/a answers to standardized questionnaires like the SIG, CAIQ and HECVAT
Documentation
If you want to review our documentation you can use bulk download, this will provide you with all our certifications, reports and policies ready for your review.
Carrefour
Coca-Cola
Canva
Lions Gate
Universal Music Group
Cat- Are access control records retained periodically, as deemed appropriate by the organization?
- Are policies and procedures requiring unattended workspaces to conceal confidential data reviewed and updated at least annually?
- Are policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location reviewed and updated at least annually?
- Are processes, procedures, and technical measures defined, implemented, and evaluated for the transfer and sub-processing of personal data within the service supply chain (according to any applicable laws and regulations)?
- Are utility services secured, monitored, maintained, and tested at planned intervals for continual effectiveness?
New SOC reports for FY25
Exciting news! All new SOC reports are now updated and available (SOC 1, SOC 2, SOC 3) in our security compliance hub.
Updated Third Party Penetration Test
Our latest 3rd party application penetration test for 2026 is now available.
CVE-2025-55182 React Vulnerability - Response
monday.com can confirm that we are unaffected by React2 critical vulnerability CVE-2025-55182.
We have reviewed our software repositories to confirm we have no usage of this vulnerable react server side package in our code (react or next.js). We also confirmed with our service providers.
In addition, we tested our public endpoints using dedicated detection scripts, which verified that the platform is not exploitable.
As a precautionary measure, we have upgraded react packages in the platform to the latest version and deployed a WAF rule to block any potential exploit attempts.
Guardian Security add-on
Guardian is a security and governance add-on designed to enhance the protection of your enterprise data, optimize secure access, and comply with the most stringent security policies.
Features include:
• Tenent Level Encryption (TLE)
• Bring Your Own Key (BYOK)
• Data Leak Prevention (DLP)
• Single Sign-On (SSO) with multiple Identity Providers
Please see https://dapulse-res.cloudinary.com/image/upload/v1744284128/Guardian_add-on.pdf for more details
DORA
At monday.com, we are committed to maintaining effective and up-to-date standards of security and data privacy. The introduction of the Digital Operational Resilience Act (DORA) regulation serves as an opportunity to demonstrate how monday.com’s processes are aligned with the required key provisions, particularly as a service provider for customers who are directly impacted by DORA. We continue to evaluate DORA impact on our services and operations to ensure that our processes are consistent with industry standards and support our customers in their own compliance efforts.
Please see https://monday.com/trustcenter/dora for more details.