Trust Center

Security at Asana

This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. We prioritize security as our highest-level product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.

Asana’s security and privacy programs are led by industry veterans with decades of experience:  Sean Cassidy: Head of Security Whitney Merrill: Data Protection Officer (DPO)

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
FERPA Logo
FERPA
GDPR Logo
GDPR
GLBA Logo
GLBA
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 27701 Logo
ISO 27701
Privacy Shield Logo
Privacy Shield
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
VPAT Logo
VPAT

Documents

All
Public
Private
Penetration Testing
Security and Privacy Whitepaper
ISO 27001
SOC 2
CAIQ
Law Enforcement Transparency Report
Network Diagram
SOC 3 Report
GDPR
HIPAA
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 27701
SOC 3
VPAT
CAIQ Lite
HECVAT Full
HECVAT Lite
SIG Core
SIG Lite
VSA Full
Cyber Insurance
Security and Privacy Whitepaper
Information Security Policy
Architecture Overview
Business Continuity / Disaster Recovery
Penetration Testing

Product Security Features

Audit Logging
Data Security
Integrations
See more

Data Security

Access Monitoring
Data Backups
Data Erasure
See more

Access Control

Data Access
Logging
Password Security

Data Privacy

Cookies
Data Into System
Data Processing Addendum
See more

Terms

SubprocessorsAmazonLookerSnowflakeTableauTray.io
Data Security Standards
Customer Audits
See more

Reports

Law Enforcement Transparency Report
Network Diagram
Penetration Testing
See more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
See more

Network Security

Data Loss Prevention
Firewall
IDS
See more

Application Security

Code Analysis
Credential Management
Responsible Disclosure
See more

Corporate and Endpoint Security

Asset Management Practices
Dedicated Security Team
Disk Encryption
See more

Self-Assessment

CAIQ
CAIQ Lite
HECVAT Full
See more

Knowledge Base

  • Is client scoped data collected, accessed, transmitted, processed or retained that can be classified as Cardholder Data (CHD) within a Cardholder Data Environment (CDE) for credit card processing?
  • Are all transaction details i.e., payment card info and information about the parties conducting transactions, prohibited from being stored in the Internet facing DMZ?
  • Are business licenses or registrations maintained in all jurisdictions where required?
  • What is your organization's government/validation type?
  • Please enter your organization's Country of Organization.
See more

If you need help using this portal, please contact our Cybersecurity Risk team.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Report Issue