Marketplace Security Program
Data Protection and Information Privacy are highly important concerns for us and for our customers.
As such, we are proud to introduce our new Marketplace Security Program.
In addition to the security checks that every app must pass in order to be public in our marketplace, we came up with the new and advanced Marketplace Security Program. The purpose of this program is to increase security awareness, improve security practices, and strengthen your confidence in our marketplace apps!
What's in it for the marketplace partner?
We highly recommend to our marketplace partners to participate in this program for few reasons:
- Having the security badge aside the app will increase user confidence significantly.
- Get trusted by monday.com's largest clients.
- Improve security standards, and decrease vulnerabilities.
To pass the program's requirements and successfully receive the Security Badge, the marketplace partner must provide sufficient answers to our advanced security questionnaire.
The advanced security questionnaire will include:
- Data Segregation
- Advanced Security Patches
- Security Breach Mechanism
- CSRF Protection
- XSS Encoding and Sanitization
- Customer Data Protection
- Multi-Factor Authentication (for internal employee access)
- Prevention from storing secrets or PII
- Protection against "Mass Parameter Assignment" attacks
- Redirection to trusted destinations only
All answers will be carefully reviewed by monday.com Review & Security teams.
The Security Badge will only be granted to marketplace partner who successfully meet our requirements.
What happens if my submission is rejected? When can I resubmit the questionnaire?
monday.com's app reviewers will share the reasons for rejection. The marketplace partner will be able to resubmit only 3 months later.
When will my Security Badge expire?
After successfully receiving the Security Badge, monday.com's review and security teams will carefully validate the entire information that was provided by the marketplace partner's side. The validation checks will take place once a year.
Updated 2 months ago