Security at Asana
This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. We prioritize security as our highest-level product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.
Asana’s security and privacy programs are led by industry veterans with decades of experience: Sean Cassidy: Head of Security Whitney Merrill: Data Protection Officer (DPO)
Compliance
CCPA
CSA STAR
FERPA
GDPR
GLBA
HIPAA
ISO 27001
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 27701
Privacy Shield
SOC 2
SOC 3
VPAT
Documents
Penetration Testing
Security and Privacy Whitepaper
ISO 27001
SOC 2
CAIQ
Law Enforcement Transparency Report
Network Diagram
SOC 3 Report
GDPR
HIPAA
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 27701
SOC 3
VPAT
CAIQ Lite
HECVAT Full
HECVAT Lite
SIG Core
SIG Lite
VSA Full
Cyber Insurance
Security and Privacy Whitepaper
Information Security Policy
Architecture Overview
Business Continuity / Disaster Recovery
Penetration Testing
Product Security Features
Audit Logging
Data Security
Integrations
See more
Data Security
Access Monitoring
Data Backups
Data Erasure
See more
Access Control
Data Access
Logging
Password Security
Data Privacy
Cookies
Data Into System
Data Processing Addendum
See more
Terms
Subprocessors
Data Security Standards
Customer Audits
See more
Reports
Law Enforcement Transparency Report
Network Diagram
Penetration Testing
See more
Infrastructure
Network Security
Data Loss Prevention
Firewall
IDS
See more
Application Security
Code Analysis
Credential Management
Responsible Disclosure
See more
Corporate and Endpoint Security
Asset Management Practices
Dedicated Security Team
Disk Encryption
See more
Self-Assessment
CAIQ
CAIQ Lite
HECVAT Full
See more
Knowledge Base
- Is client scoped data collected, accessed, transmitted, processed or retained that can be classified as Cardholder Data (CHD) within a Cardholder Data Environment (CDE) for credit card processing?
- Are all transaction details i.e., payment card info and information about the parties conducting transactions, prohibited from being stored in the Internet facing DMZ?
- Are business licenses or registrations maintained in all jurisdictions where required?
- What is your organization's government/validation type?
- Please enter your organization's Country of Organization.
See more
If you need help using this portal, please contact our Cybersecurity Risk team.
If you think you may have discovered a vulnerability, please send us a note.