Trust Center

Trust at Asana

This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. We prioritize security as our highest-level product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.

Asana’s security and privacy programs are led by industry veterans with decades of experience:  Sean Cassidy: Head of Security Whitney Merrill: Data Protection Officer (DPO)

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
FERPA Logo
FERPA
GDPR Logo
GDPR
GLBA Logo
GLBA
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 27701 Logo
ISO 27701
Privacy Shield Logo
Privacy Shield
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
VPAT Logo
VPAT
Penetration Testing
Security and Privacy Whitepaper
ISO 27001
SOC 2
CAIQ
Law Enforcement Transparency Report
Network Diagram
SOC 3 Report
GDPR
HIPAA
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 27701
SOC 3
VPAT
CAIQ Lite
HECVAT Full
HECVAT Lite
SIG Core
SIG Lite
VSA Full
Cyber Insurance
Security and Privacy Whitepaper
Transfer Impact Assessment
Information Security Policy
Architecture Overview
Business Continuity / Disaster Recovery
Penetration Testing
Artificial Intelligence

Product Security Features

Audit Logging
Data Security
Integrations
See more

Data Security

Access Monitoring
Data Backups
Data Erasure
See more

Access Control

Data Access
Logging
Password Security

Privacy & Data Protection

Cookies
Data Into System
Data Processing Addendum
See more

Reports

Law Enforcement Transparency Report
Network Diagram
Penetration Testing
See more

Infrastructure

Amazon Web Services
Anti-DDoS
See more

Network Security

Data Loss Prevention
Firewall
IDS
See more

Application Security

Responsible Disclosure
Code Analysis
Credential Management
See more

Corporate and Endpoint Security

Asset Management Practices
Dedicated Security Team
Disk Encryption
See more

Self-Assessment

CAIQ
CAIQ Lite
HECVAT Full
See more

Knowledge Base

  • Can you share the organization chart, mission statement, and policies for your information security unit?
  • Have you undergone a SSAE 18 / SOC 2 audit?
  • Do you have an incident response process and reporting in place to investigate any potential incidents and report actual incidents?
  • Do you have a formal incident response plan?
  • Will data regulated by PCI DSS reside in the vended product?
See more

Trust Center Updates

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered BySafeBase Logo