Security
Information Security & Compliance
We care about Information Security, therefore we work continuously to align our processes and services to the best practices and guidelines.
Monks has established a global Information Security Management System aligned with the ISO27001 standard, which is being certified in different offices around the globe. Below are our compliance achievements as well as the roadmap for improving our maturity level down the line.
Achievements
Our process and roadmap.
-
-
ISO27001:2022
Our global Information Security Management System has been certified under the ISO27001 standard. This certification means that Monks has implemented and maintains a rigorous security program in accordance with the ISO27001:2022 standard, has a systematic approach to managing sensitive information and has implemented controls to protect it against unauthorized access, misuse, disclosure, or destruction. This certification provides assurance to our customers, stakeholders, and partners that we have implemented adequate measures to protect their information.
ISO 27001 covers controls in 14 sections: information security policies, organization of information security, human resource security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier relationships, information security incident management, and information security aspects of business continuity management.
-
-
-
TISAX
We are committed to the automotive industry information security standards with the TISAX (Trusted Information Security Assessment Exchange) certification allowing us to process sensitive information from your customers as it follows.
The TISAX assessment covers a wide range of information security topics, including access control, data protection, incident management, business continuity, and physical security. The TISAX certification provides a standardized and recognized approach to information security assessment in the automotive industry, which helps to improve the overall security posture of companies working in this sector. It also facilitates the exchange of sensitive information between companies by providing a trusted platform for sharing data.
-
-
-
UK Cyber Security Essentials
Monks UK offices are certified under the UK Cyber Essentials scheme, a set of guidelines developed by the UK Government to help businesses and organizations protect themselves from common cyber threats. The guidelines are based on five key principles: secure your Internet connection, secure your devices and software, control access to your data and services, protect yourself from viruses and other malware, keep your devices and software up to date.
-
-
-
ProcessUnity (former CyberGRX) Tier 2 Report
Monks has successfully completed the ProcessUnity Tier 2 assessment proving an adequate security posture within this Third Party Risk Management framework.
-
-
-
Security Controls
We’ve set up safeguards to avoid and minimize any security risks. These protections cover four main areas: organizational security, internal security, infrastructure security, and data protection. Learn more about these controls in detail.
-
Organizational Security
Security policies established and reviewed
Our Information Security framework is aligned with the ISO27001 standard and it is formed with more than 20 policies and additional standards and procedures which are reviewed at least annually.
Information Security Management System
We maintain a global ISMS in compliance with the ISO27001 standard which guarantees continuous audits and improvement.
Cybersecurity risk management
We manage cybersecurity risk on a continuous basis, identifying, evaluating and treating risks that could impact on data protection.
Information Security team
A global team is fully dedicated to cybersecurity, information security compliance, governance and risk management.
Employee background checks performed
Background checks are implemented according to local legislation and roles criticality considering employee´s data access and handling.
Security awareness training implemented
The company requires employees to complete the mandatory security awareness training which is maintained and updated on a continuous basis. New joiners receive security training and best practices during the onboarding.
Confidentiality Agreement acknowledged
At the time of engagement or onboarding, the company mandates that contractors and employees sign a confidentiality agreement, affirming their commitment to maintaining the confidentiality of sensitive information. NDAs are also signed with third parties.
-
Internal Security Procedures
Vulnerability Management
At Monks we manage technical vulnerabilities implementing a process for continuous upgrade and updates in our infrastructure and endpoints. Periodic analysis (and necessary fixes) in our networks and equipment are performed.
Incident response policies established
The company has an incident response policy and a procedure in place to guide the security incident management. The defined processes include steps to log, track, resolve, and communicate security and privacy incidents to the relevant parties. Lessons learned are identified to prevent future incidents.
Improvement opportunities for incident management are identified, recorded, and subsequently followed up on.
Access control
Permissions are granted to users on a need-to-know basis. Privilege rights are only granted to the employees assigned to administration roles and closely followed up along the user´s life cycle. Periodic access reviews are performed to guarantee users have the correct access privileges in place.
Password policy enforced
The company requires adherence to its policy for configuring passwords on in-scope system components. Additionally, the policy establishes specific requirements regarding password complexity, length, and regular updates to ensure robust security measures are in place.
Backup methodology
Backup schemes are implemented to protect the valuable information against loss, based on risk, impact and business requirements.
Vendor management
The company maintains formal agreements with vendors and third parties, encompassing confidentiality and privacy commitments specific to each entity.
Third party risk is managed in order to ensure that these vendors take good care of Monks information during our relationship.
Change management procedure
Properly controlled change management is performed in productive environments to ensure that critical changes are appropriate, effective, properly authorized and carried out in such a manner as to minimize the unexpected impact.
Management roles and responsibilities defined
Monks has correctly identified and assigned the roles and responsibilities regarding information security for a correct segregation of duties and accountability.
Physical access controls
Security perimeters are defined in facilities and controls are implemented to authorize access on a need-to-know basis. Different perimeters are designated for general entrance, sensitive areas and server rooms. An access management process is in place to grant and revoke privileges accordingly.
Secure Development lifecycle
We implement a secure software development life cycle (SSDLC) in which we define security best practices based on OWASP top 10 and other widely recognized standards, and security controls such as code analysis. We also train our developers and technical experts on security best practices on a continuous basis.
Cybersecurity insurance maintained
The company has cybersecurity insurance to mitigate the impact of incidents.
-
Data Protection
Data classification
The company has an Information Sensitivity policy in place to help ensure that data is properly classified, secured and restricted to authorized personnel.
Data encryption
Sensitive data is encrypted in transit and at rest when processed in our systems following our Encryption and Hashing Standard. Endpoints disks are encrypted through MDMs policies and external disks used for business purposes are encrypted.
Data retention policy established
The company has a formal Data Retention Policy in place based on regulations and internal standards.
Client data
We protect client data under our policies, which includes segregation, classification, encryption, retention and access control.
-
Infrastructure Security
Intrusion detection system and monitoring
IDS and DDoS prevention capabilities are implemented on on-premise and cloud infrastructure. Endpoint firewalls are being enforced through MDM. Additionally, a SOC monitors the on-premise core equipment, the EDR solution and the cloud environments.
Production infrastructure access restricted
The company restricts privileged access to operating systems, databases, production networks and encryption keys to authorized users with a business need.
Remote working
Remote working is implemented in Monks in compliance with our Security Remote Working Policy to ensure a safe environment for our data and processes. Technical measures and user awareness are implemented to reach that objective.
Access revoked upon termination
The company diligently performs termination procedures to ensure timely revocation of access for terminated employees in accordance with service level agreements (SLAs).
Access control procedures established
We implement access control to all our environments —physical and logical—applying measures according to the current state of the art in terms of threats that could lead to unauthorized access. Control measures are reviewed periodically in order to update them to maintain their accuracy.
Log management utilized
The company records and correlates logs to detect events that could potentially impact the organization's ability to accomplish its security objectives.
Network segmentation implemented
The company's network is logically segmented to segregate critical services and data and to protect client data.
Anti-malware technology utilized
We implement an antimalware solution (next-generation antivirus [NGAV], endpoint detection and response [EDR], cyber threat intelligence, managed threat hunting capabilities and security hygiene) in all our equipment and it is configured to be updated automatically.
-
The Monks Information Security Team shall be reached out for any security related matter or question through security@mediamonks.com
Schedule a demo to talk marketing and AI with us.
Thanks! We'll get in touch shortly.
Keep an eye on your email. One of our monks will be in touch with you soon.
SubmitRequest a Meeting
Thanks! We'll be in touch shortly to discuss scheduling.
Keep an eye on your email. One of our monks will reach out to you shortly.
Book a MeetingMake our digital heart beat faster
Get our newsletter with inspiration on the latest trends, projects and much more.
Monks needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.