New Security Assessment (Penetration Test) report published (August to November 2024)

Trust Center

Search items
ControlK

This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. Below you'll find information about Asana's trust practices including additional information related to security, privacy, AI, and general infrastructure documentation. We prioritize security in our product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.

Asana’s security and privacy programs are led by industry veterans with decades of experience:  Sean Cassidy: Head of Security Whitney Merrill: Head of Global Privacy & Data Protection Officer (DPO)

Penetration Testing
Law Enforcement Transparency Report
Knowledge Base (FAQ)
    What IP addresses do I need to whitelist as a customer of Asana?
    Do you have an incident response process and reporting in place to investigate any potential incidents and report actual incidents?
    What is the source/origin/IP address of Asana webhooks to whitelist/add to an allow list for security purposes?
    Does Asana use DMARC, SPF, and/or DKIM to protect email?
View more
Trust Center Updates

New Security Assessment (Penetration Test) report published (August to November 2024)

VulnerabilitiesCopy link

Praetorian Security, Inc. just completed Asana's FY25 security assessment / penetration test. The scope of this test covers our web and mobile application, cloud infrastructure, Asana-owned integrations (subset selected by Asana Security), internal network, external network, and AI / Smart features. Please see the summary report on Asana's Trust Center: Penetration Testing

Published at N/A

Asana Announces Commitment to Pursuing FedRAMP Authorization

ComplianceCopy link

Asana has just publicly announced that we have committed to pursuing FedRAMP authorization - a commitment that will serve the complex needs of our customers in regulated industries.

By pursuing FedRAMP, we expect numerous benefits to be extended to our customers, including:

  • Enhanced security and trust, especially among those in a regulatory environment
  • Expanded access for our customers working with or aspiring to do business with the U.S. Federal Government

To learn more, check out our press release here and our blog post here.

Published at N/A

New Asana SOC Reports, ISO & TX-RAMP Certificates Available.

ComplianceCopy link

Asana's SOC 2 Type 2 report for the period covering from February 2023 to January 2024 is now available to request for download from our Trust Center. This year, Asana was also assessed for SOC 2 + HIPAA compliance in a Type 1 audit - this report is available to request for download. Additionally, the Asana SOC 3 report for the same period is now publicly available.

Asana successfully passed its recertification against the ISO 27001 standard, and was audited against the most recent version of the standard: ISO 27001:2022. Our up to date certifications for ISO 27001, ISO 27017, ISO 27018 and ISO 27701 are all available publicly for download by following the respective links.

Asana has successfully achieved TX-RAMP Level 1 - our certification is available to request for download from the Asana Trust Center.

Published at N/A*

New ISO 27001 SoA Published (February 2024)

ComplianceCopy link

As part of Asana’s annual security compliance audits, Asana was audited against the updated version of the ISO 27001 standard (ISO 27001:2022). As part of preparing for this audit, Asana updated its Statement of Applicability (SoA) in line with the new version, defining which ISO 27001:2022 controls were applied into the organization. Please find this updated SoA at Asana’s Trust Center here: ISO 27001 SoA.

Published at N/A

New Disaster Recovery Summary Published (October 2023)

ComplianceCopy link

Asana just completed our annual Disaster Recovery Test in October 2023. The goal of this exercise is to model a worst case scenario where our infrastructure is completely lost and we are forced to bring up data from backup snapshots of our production environment, which we call snapshots. Please see the summary report on Asana's Trust Center: Disaster Recovery Summary

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo