Trust Center

Search items
ControlK

Trust at Asana

This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. We prioritize security as our highest-level product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.

Asana’s security and privacy programs are led by industry veterans with decades of experience:  Sean Cassidy: Head of Security Whitney Merrill: Data Protection Officer (DPO)

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
EU-US DPF Logo
EU-US DPF
FERPA Logo
FERPA
GDPR Logo
GDPR
GLBA Logo
GLBA
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 27701 Logo
ISO 27701
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
TX-RAMP Logo
TX-RAMP
VPAT Logo
VPAT
Penetration Testing
Security and Privacy Whitepaper
ISO 27001
SOC 2
CAIQ
Artificial Intelligence / AI / LLM
Law Enforcement Transparency Report
Network Diagram
SOC 3 Report
GDPR
HIPAA
ISO 27001 SoA
ISO 27017
ISO 27018
ISO 27701
SOC 3
TX-RAMP
VPAT
CAIQ Lite
HECVAT Full
HECVAT Lite
SIG Core
SIG Lite
VSA Full
Cyber Insurance
Security and Privacy Whitepaper
Transfer Impact Assessment
Architecture Overview
Business Continuity / Disaster Recovery
Information Security Policy
SOC 2 + HIPAA Type 1

Product Security Features

Audit Logging
Data Security
Integrations
View more

Data Governance

Access Monitoring
Data Backups
Data Erasure
View more

Access Control

Data Access
Logging
Password Security

Privacy & Data Protection

Cookies
Data Into System
Data Processing Addendum
View more

Reports

Law Enforcement Transparency Report
Network Diagram
Penetration Testing
View more

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Network Security

Data Loss Prevention
Firewall
IDS
View more

Application Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Corporate and Endpoint Security

Asset Management Practices
Dedicated Security Team
Disk Encryption
View more

Self-Assessment

CAIQ
CAIQ Lite
HECVAT Full
View more

Knowledge Base

  • Can you share the organization chart, mission statement, and policies for your information security unit?
  • Have you undergone a SSAE 18 / SOC 2 audit?
  • Do you have a formal incident response plan?
  • Will data regulated by PCI DSS reside in the vended product?
  • Does the hosting provider have a SOC 2 Type 2 report available?
View more

Trust Center Updates

New Asana SOC Reports, ISO & TX-RAMP Certificates Available.

ComplianceCopy link

Asana's SOC 2 Type 2 report for the period covering from February 2023 to January 2024 is now available to request for download from our Trust Center. This year, Asana was also assessed for SOC 2 + HIPAA compliance in a Type 1 audit - this report is available to request for download. Additionally, the Asana SOC 3 report for the same period is now publicly available.

Asana successfully passed its recertification against the ISO 27001 standard, and was audited against the most recent version of the standard: ISO 27001:2022. Our up to date certifications for ISO 27001, ISO 27017, ISO 27018 and ISO 27701 are all available publicly for download by following the respective links.

Asana has successfully achieved TX-RAMP Level 1 - our certification is available to request for download from the Asana Trust Center.

Published at N/A*

New ISO 27001 SoA Published (February 2024)

ComplianceCopy link

As part of Asana’s annual security compliance audits, Asana was audited against the updated version of the ISO 27001 standard (ISO 27001:2022). As part of preparing for this audit, Asana updated its Statement of Applicability (SoA) in line with the new version, defining which ISO 27001:2022 controls were applied into the organization. Please find this updated SoA at Asana’s Trust Center here: ISO 27001 SoA.

Published at N/A

New Disaster Recovery Summary Published (October 2023)

ComplianceCopy link

Asana just completed our annual Disaster Recovery Test in October 2023. The goal of this exercise is to model a worst case scenario where our infrastructure is completely lost and we are forced to bring up data from backup snapshots of our production environment, which we call snapshots. Please see the summary report on Asana's Trust Center: Disaster Recovery Summary

Published at N/A*

New Security Assessment (Penetration Test) report published (August to November 2023)

VulnerabilitiesCopy link

Praetorian Security, Inc. just completed Asana's FY24 security assessment / penetration test. The scope of this test covers our web and mobile application, cloud infrastructure, Asana-owned integrations (subset selected by Asana Security), internal network, and external network. Please see the summary report on Asana's Trust Center: Penetration Testing

Published at N/A

New Asana SOC 2 Type 2 and SOC 3 Reports Available for Download

ComplianceCopy link

Asana's SOC 2 Type 2 report for the period covering from February 2022 to January 2023 is now available to request for download from our Trust Center. Additionally, SOC 3 report for the same period is now available publicly for download.

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo