EnableIT Technologies Ltd

monday.com Work OS - Project/Task/Process Management Software

monday.com is a Work Operating System (OS) that allows visual collaboration to transform the way teams work together. A Work OS is a cloud-based software platform for organisations of all sizes. A simple, but intuitive, tool that enables people to manage work, meet deadlines and build a culture of transparency.

Features

• Resource planning and workload allocation, including time tracking
• Management of project lifecycle from concept to delivery
• No-code automation for intelligent processes and workflows
• Native integrations and app marketplace connecting third-party solutions
• Kanban and sprint boards with calendar and timeline views
• Open API and no-code export of complete data set
• Dynamic dashboards with bar charts, pie charts, line graphs, pivot
• Collaboration and communication via platform, email and Microsoft Teams
• Flexible stakeholder interactions with forms and shareable content

Benefits

• Blending production workflows with agile and SCRUM methodology
• Enabling process automation for non-tech users
• Flexible low-maintenance platform with intuitive user experience (UX) design
• Effective and visually pleasing processing of data and communication
• Strong collaboration features drives adaption and organisational efficiency
• 360 degree view of projects and processes with integrated reporting
• Personalised experience for individuals but clear overview for managers
• Transparency, accountability, and process risk management
• Easy monitoring and management of tasks and deadlines

£18 to £38 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jbushnell@enable.services. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

953641745810181

Contact

Joseph Bushnell
01473618980
jbushnell@enable.services

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Monday.com software can only be run in the cloud by monday.com in AWS data centers.
• System requirements: An active license is required for each user

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our friendly UK Based support team are available on the phone Monday - Friday, 7.30am to 6pm. We also have strict Service Level Agreements within these times. SLA Response Times P1 Response Time: 30 mins (response), 1 hour (target fix), 1 hour (max fix) P2 Response Time: 4 hours (response), 24 hours (target fix), 40 hours (max fix) P3 Response Time: 8 hours (response), 50 hour (target fix), 70 hours (max fix)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have undergone intensive testing to alert users that a new chat has been opened and to also direct any chat visitors outside of office hours.
• Onsite support: Yes, at extra cost
• Support levels: We provide both Basic End User and Technical Support. All customers have a dedicated Technical Account Manager. We have our own team of Helpdesk & Infrastructure Engineers that are available to all customers. We also provide onsite or remote sessions to ensure that you are getting the very best out of your Marketing Automation system and that it is working well for you.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: You will be assigned a dedicated project manager to ensure the systems is ready for go-live and contains all the required functionality. We provide both onsite and online training, as well as documentation and recordings of how to use the system. You will also be assigned a dedicated account manager who will be able to assist with any queries once the system is up and running.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word Documents
  • Video
• End-of-contract data extraction: A full system data snapshot is provided to customers at the termination of any service.
• End-of-contract process: Various terms are available which can be discussed prior to contract agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service and browser are a little bit different when it comes to behaviour and feature availability. The mobile service is compact and thumb-friendly to give you an amazing on-the-go experience, while the desktop is horizontal and much larger. You cannot complete the following actions from your mobile device; change your password, change your time and date preferences, set which types of notifications you'd like to receive, change two-factor authentication method, set up or change your email integrations and view your past and current sessions.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: GraphQL structure, an alternative to REST based API's, which operates on the single URL/endpoint. The API rate limit is 10 million queries per minute.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Custom fields, as well as automations and naming conventions, can be managed by the user. Any other changes such as colours and functionality can be requested and discussed with their dedicated account manager. We have an in-house team of developers to execute these.

Scaling

• Independence of resources: Continuous monitoring of performance metrics, analysis, and provisioning.

Analytics

• Service usage metrics: Yes
• Metrics types: Data includes metrics such as emails sent, emails opened, emails clicked, content & campaigns created, campaign interaction, points changed, contacts created, contacts qualified.; This is not an exhaustive list.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Monday.com

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The exporting of data can be limited by users, roles, and teams. For example, a user can only export records assigned to them, or only admin users can export any data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • HTML
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Create security zones using subnets, gateways and access control lists.

Availability and resilience

• Guaranteed availability: Availability and contractual obligations thereof can form part of any contractual agreement.
• Approach to resilience: Full-stack redundancy and multiple routes to the internet backbone.
• Outage reporting: Public Dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We use security groups and public key authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The standards institution of Israel
• ISO/IEC 27001 accreditation date: 01/02/2018
• What the ISO/IEC 27001 doesn’t cover: The certificates validity is subject to the organisation maintaining their system in accordance with SII-QCD requirements for system certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC2 Type II security certification
  • ISO/IEC 27018 , Security techniques
  • ISO/IEC 27017:2015
  • ISO/IEC 27032:2012
  • ISO/IEC 27701:2019
  • HIPAA
  • GDPR Certified
  • EU-US Privacy Shield

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 27018; Cyber Essentials Certified
• Information security policies and processes: This is laid out in in out 27001/13 policies under POL_SEC_0023, all incidents are record by the compliance director who reports directly to the Board of directors

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The company uses monday.com as it change request platform, any changes to any internal or external systems. The change request is made by either the customer or employee via a downloadable form which is then summited to the compliance officer who then forwards to the appropriate person. If the change is agreed then the applicant will receive an email authorising to carry out the change within a set period. All services are both internal and external are subject to the change management policy.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Both internal and external systems are continually scanned from both inside and external from secure scan points. Manual scans are carried out using the Metasploit framework carried out by the infrastructure. s Snort and Open VAS network intrusion detection vulnerability & prevention servers are also deployed which provide updates real-time. All Equipment are scanned and patched automatically from a central server, updates are applied on as soon as a possible but within 4 hours. The company subscribes to industry standard NGIPS list and rule sets which update automatic both the Snort, Open VAS, and Metasploit servers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Both the internal and external facing ports are scanned one a week and the internal network is scanned daily. Once a month the external port are per tested and the report export and any vulnerabilities rectified. As soon as a potential compromise is found it is dealt with within 4 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: The company has a pre-defined policy for all incidents as laid out in our 27001/13 policy document.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  As the novel coronavirus (COVID-19) continues to spread around the world, our uncompromising priorities at enable.services remain the success of customers, the safety of our employees, and supporting efforts that combat this outbreak the best ways we can.; ; Our commitment to quality service ; ; As a company, we are committed to providing a safe environment for our employees and ensuring business continuity, to best serve our customers and partners.; ; We are confident that the effects of the coronavirus (COVID-19) will not impact our enable.services solutions and platforms and our commitment to our global community of users is unwavering. We thank you for your continued support and trust in us.; ; We have ensured that our team members have whatever they need to work remotely as needed, and to continue doing their jobs securely. We have increased channels of internal communication, and as always, prioritise communication with you, our customers, so you can remain focused on your business priorities.; ; What we’re doing to help; ; Today, hundreds of non-profit organizations, hospitals, and universities are using our solutions to accelerate their efforts to do good things in the world. ; ; In light of the ongoing outbreak, we want to help as many teams as we can to accomplish even more. We believe in the power of our solutions to help any team work better together, and especially in a remote environment, and we want to do our part to support the efforts combatting COVID-19.; ; Guidance on remote work, with more to come; ; Helping virtual teams overcome the communication and collaboration obstacles they face on a daily basis is an essential part of our solutions. Over the years, many remote teams have chosen to use our solutions to improve their daily workflows and relationships, but working as a remote team takes time to refine.

Pricing

• Price: £18 to £38 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free two-week trial
• Link to free trial: https://monday.com/?utm_source=Partner&utm_campaign=enable

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jbushnell@enable.services. Tell them what format you need. It will help if you say what assistive technology you use.