|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Jan. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
At MongoDB, cybersecurity risk management is an integral part of our overall information security program, which we review and update at least annually to reflect changes to our organization, business practices, technology and services, and applicable legislation and regulations. Our information security program is designed to align with the National Institute of Standards and Technology Cyber Security Framework and provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third parties. This framework includes steps for assessing the severity of a cybersecurity threat or incident, identifying the source of a cybersecurity threat or incident including whether the cybersecurity threat or incident is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. In addition, our information security team provides ongoing education to and requires mandatory training at least once annually of all employees. To bolster the security of our products and services, we have appropriate technical and organizational measures in place to protect data that our customers upload to MongoDB Atlas, which is certified against ISO 27001:2022, ISO 27017:2015, ISO 27018:2019, ISO 9001:2015, SOC 2 Type II, Payment Card Industry Data Security Standard v.4, and Cloud Security Alliance (“CSA”) Security, Trust, Assurance, Information Security Registered Assessors Program and Risk (“STAR”) Level 2. We also engage third parties to perform annual audits of our standards-based certifications and we have undergone a Health Insurance Portability and Accountability Act examination validated by a qualified third-party assessor.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|At MongoDB, cybersecurity risk management is an integral part of our overall information security program, which we review and update at least annually to reflect changes to our organization, business practices, technology and services, and applicable legislation and regulations.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Our board of directors has overall oversight responsibility for our enterprise risk management, and delegates cybersecurity risk management oversight to its Security Committee, which was established this past year.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our cybersecurity programs are under the direction of our CISO, who receives reports from our security teams and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and key security leaders are certified and experienced information systems security professionals, security engineers, and information security managers each with well over a decade of experience. Our CISO and security teams, along with our management, are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity programs.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Security Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks, including mitigation and remediation of cybersecurity threats and incidents. On a quarterly basis, the Security Committee meets with our Chief Information Security Officer, (“CISO”), and other senior executives to perform more in-depth reviews of the Company’s cybersecurity programs, as well as relevant cybersecurity risks and mitigation strategies. Ahead of each such quarterly meeting, management, including the CISO and our information security team, prepares and provides cybersecurity reports that cover, among other topics, developments in cybersecurity and updates to the company’s cybersecurity programs and mitigation strategies, legislative developments affecting MongoDB's information security program, and notable security incidents and investigations. The Security Committee subsequently reports material cybersecurity matters to our full board of directors. In addition, our management follows a risk-based escalation process to notify the Security Committee outside of the regular reporting cycle when they identify an emerging cybersecurity risk.
Our cybersecurity programs are under the direction of our CISO, who receives reports from our security teams and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and key security leaders are certified and experienced information systems security professionals, security engineers, and information security managers each with well over a decade of experience. Our CISO and security teams, along with our management, are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity programs.
|Cybersecurity Risk Role of Management [Text Block]
|The Security Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks, including mitigation and remediation of cybersecurity threats and incidents. On a quarterly basis, the Security Committee meets with our Chief Information Security Officer, (“CISO”), and other senior executives to perform more in-depth reviews of the Company’s cybersecurity programs, as well as relevant cybersecurity risks and mitigation strategies. Ahead of each such quarterly meeting, management, including the CISO and our information security team, prepares and provides cybersecurity reports that cover, among other topics, developments in cybersecurity and updates to the company’s cybersecurity programs and mitigation strategies, legislative developments affecting MongoDB's information security program, and notable security incidents and investigations. The Security Committee subsequently reports material cybersecurity matters to our full board of directors. In addition, our management follows a risk-based escalation process to notify the Security Committee outside of the regular reporting cycle when they identify an emerging cybersecurity risk.
Our cybersecurity programs are under the direction of our CISO, who receives reports from our security teams and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and key security leaders are certified and experienced information systems security professionals, security engineers, and information security managers each with well over a decade of experience. Our CISO and security teams, along with our management, are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
Our cybersecurity programs are under the direction of our CISO, who receives reports from our security teams and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and key security leaders are certified and experienced information systems security professionals, security engineers, and information security managers each with well over a decade of experience. Our CISO and security teams, along with our management, are responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining our cybersecurity programs.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CISO and key security leaders are certified and experienced information systems security professionals, security engineers, and information security managers each with well over a decade of experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Security Committee is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks, including mitigation and remediation of cybersecurity threats and incidents. On a quarterly basis, the Security Committee meets with our Chief Information Security Officer, (“CISO”), and other senior executives to perform more in-depth reviews of the Company’s cybersecurity programs, as well as relevant cybersecurity risks and mitigation strategies. Ahead of each such quarterly meeting, management, including the CISO and our information security team, prepares and provides cybersecurity reports that cover, among other topics, developments in cybersecurity and updates to the company’s cybersecurity programs and mitigation strategies, legislative developments affecting MongoDB's information security program, and notable security incidents and investigations. The Security Committee subsequently reports material cybersecurity matters to our full board of directors. In addition, our management follows a risk-based escalation process to notify the Security Committee outside of the regular reporting cycle when they identify an emerging cybersecurity risk.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef