Guides

Monday.com teams face tougher enterprise security questionnaires, CISA explains why

Enterprise security questionnaires are now gating bigger monday.com deals. CISA’s vendor template shows why buyers want reusable proof, not one-off reassurance.

Lauren Xu··2 min read
Published
Listen to this article0:00 min
Monday.com teams face tougher enterprise security questionnaires, CISA explains why
Photo illustration

Customers with more than $50,000 in annual recurring revenue represented 41% of monday.com’s total ARR in the fourth quarter of 2025. CISA published its Vendor Supply Chain Risk Management Template on April 12, 2021 to give buyers a standardized way to assess vendor and supplier security posture when they purchase ICT hardware, software and services.

The template came out of the ICT Supply Chain Risk Management Task Force’s Vendor SCRM Assurance Template Working Group. The ICT supply chain includes third-party vendors, suppliers, service providers and contractors, and weaknesses anywhere in that chain can affect the people using the technology or service. Enterprise buyers are asking how a company handles access control, incident response, data retention, subcontractors, encryption and risk management.

AI-generated illustration
AI-generated illustration

Sales, solutions engineering, product and security need the same evidence set if the company wants to move quickly through enterprise procurement. Engineers need to know which questions come up repeatedly so they can document controls and instrument the product before a deal stalls. Product managers need to see which asks keep returning, because those requests shape the roadmap just as much as feature demand from customers.

Zero trust centers on precise least-privilege access decisions and minimizing uncertainty across users, systems, data and assets.

More than 250,000 customers worldwide use monday.com’s platform, and the company bases its security model on ISO 27001, ISO 27018, SOC 2 and OWASP Top 10. monday.com says its systems run across multiple AWS Availability Zones with hosting in the US, the EU and Australia, plus a disaster recovery site in another AWS region. Enterprise plan customers can choose to host data in the Frankfurt, Germany, EU data center, and monday.com says its security program is reviewed annually and covers subsidiaries, employees, contractors, subcontractors, partners and others handling company or customer information.

In its FY2024 filing, monday.com said enterprise customers, defined as those with more than $50,000 in ARR, rose 39% year over year from 2,295 at Dec. 31, 2023 to 3,201 at Dec. 31, 2024. By February 2026, the company said fourth-quarter 2025 revenue reached $333.9 million and that it had a record number of customers above $100,000 in ARR.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More Monday.com News