monday.com
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II SOC 1 Type II and SOC 3 reports also listed; documents via the compliance hub at trust.monday.com. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 ISO/IEC 27001:2022. Also holds ISO 27017, 27018, 27032, and 27701. | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA HIPAA Business Associate Agreement offered. | Verified | vendor source ↗ | June 10, 2026 |
| TX-RAMP | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does monday.com have SOC 2?
Subprocessors
Subprocessor extraction for monday.com is pending.
Hosting & data residency
- InfrastructureAmazon Web Services
- Data residencyUS / EU / AU region options (vendor-published claim; not restated on the trust center overview page — pending region-page confirmation).
Trust documents & links
- Trust centerhttps://monday.com/trustcenter
- Security pagehttps://monday.com/trustcenter/security
- DPAnot yet recorded
- Status pagehttps://status.monday.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II (plus SOC 1/SOC 3), ISO 27001:2022 (plus 27017/27018/27032/27701), HIPAA BAA, and TX-RAMP confirmed against monday.com's trust center. Compliance documents are gated behind trust.monday.com.