Project Management Tools Monday cares deeply about the security and privacy of the data you entrust us with, and we understand that our information security practices are important to you. While we can’t reveal all the details of our practices, we feel it’s important to be as transparent as possible without giving a playbook to the people we’re protecting ourselves against. Below you will find some general information about how we implement our security and privacy safeguards.

Technical Security Measures

Project Management Tools Monday employs a range of technical security measures to protect its systems, including:

  • Servers and network traffic are monitored by industry-standard tools to detect and respond to any potential security breaches.
  • Project Management Tools Monday uses Amazon Web Service’s (AWS) infrastructure, using best-in-class instrumentation tools that continuously monitor the infrastructure to detect signs of a potential compromise.
  • TLS encryption is part of the standard security architecture at Project Management Tools Monday. Core transport services require encryption, such as SSH or HTTPS, to exchange information.
  • Encryption technology is used to provide security for online user authentication and administrator sessions.
  • Remote data access to production environments or our internal staff application requires a link to the company’s intranet or a connection via a VPN which is subject to a dual authentication mechanism.
  • Changes to the infrastructure and back-end environment, including changes to security tools, follow a Software Development Lifecycle (SDLC) that defines coding and release processes.
  • All committed code changes are reviewed by an individual that is different than the developer and are tested prior to commit to production.
  • To prevent unauthorized access, Project Management Tools Monday uses unified identity management, two-factor authentication, strong passwords, and periodic reviews of access lists to ensure that data is used only as intended.
  • Authorized access to internal support tools is controlled by means of a VPN, in addition to a user system requiring a unique, long password.
  • All employees that have access to live production infrastructure and applications are required to authenticate with two-factor authentication.
  • Unique personnel IDs are used to authenticate to systems.
  • Passwords are configured to enforce password length and complexity.
  • Login history and failures are tracked.
  • Project Management Tools Monday takes the following actions to ensure that the parties authorized to use a data processing system only have access to the data for which they have been specifically cleared, and that stored data or data being processed cannot be read, copied, changed or removed:
    • Authorization for Project Management Tools Monday services and internal applications is enforced at all times and at all levels of a given system, with access rights being granted or processed on the basis of the personnel member’s job responsibilities / need-to-know, which is provided via workflow tools.
    • Access to production systems is restricted to trained and specifically authorized personnel members. Such access is revoked in the event of an individual’s dismissal or termination of employment. All members of the team with access to production systems may access production solely behind a two-factor authenticated session.
    • Project Management Tools Monday uses a centralized logging system. Access to the logging system is restricted to authorized personnel and the logs are protected from modification and deletion from non-admin personnel.

Administrative Security Measures

  • Strict policies are in place to address and limit access to our systems. For certain data access tools, tool owners authorize the nature and extent of access privileges prior to granting access. The procedures for requesting and generating certificates to access data for development and production are documented.
  • Project Management Tools Monday employees are required to complete security training as part of their onboarding.
  • Project Management Tools Monday’s engineering team conducts company-wide security awareness activities to reinforce information security practices and policies.
  • Project Management Tools Monday has in place a security incident response process to respond to security issues and concerns.

Physical Security Measures

Among other measures, Project Management Tools Monday takes the following actions to prevent unauthorized access to personal information:

  • Physical access to Project Management Tools Monday’s facilities is restricted behind keycard access and our building is monitored 24/7.
  • All individuals must identify themselves to security personnel in order to be admitted to the Project Management Tools Monday offices during business hours and must have a valid employee badge to access outside of business hours.
  • There are documented processes in place for the issuance of Project Management Tools Monday building access badges; the possession as well as the return of such badges is tracked and verified
  • Only authorized Project Management Tools Monday visitors and building staff are granted access to the premise

Responsible Disclosure

If you come across a vulnerability in the Project Management Tools Monday Platform, please contact us instead of sharing it publicly. Project Management Tools Monday takes proactive steps to stay ahead of emerging security threats, and appreciates your cooperation in maintaining the security of our Platform.

If you believe the security of your account has been compromised or are seeing suspicious activity in your account, you should change your password immediately and contact us with any concerns.