Hi. I use monday for ny NPO that helping People with psychiatric disabilities. Our Regulation Requires compliance with the ISO 27799 information security standard. Does anyone have experience with this (Monday has only HIPAA compliance)?
Hi there! That’s a great initiative—thanks for the important work you’re doing. 
Regarding ISO 27799 compliance, you’re correct that Monday.com currently focuses on HIPAA for healthcare-related data in the U.S., but ISO 27799 (which builds on ISO/IEC 27002 with a healthcare focus) isn’t explicitly listed among their certifications.
If your NPO needs to fully comply with ISO 27799, it might be worth reaching out directly to Monday.com’s support or sales team to ask about any workarounds, upcoming compliance updates, or if they can provide documentation showing alignment with ISO 27001/27002, which are closely related.
Also, depending on how you use Monday (e.g., storing patient info vs. managing internal workflows), you might be able to minimize exposure of sensitive data on the platform and keep compliance risks low.
Has anyone here found success mapping Monday’s security controls to ISO 27799 requirements? Would love to hear your experiences too!
They have quite a few of the other ISO’s ISO security and privacy certificates