Trust Center

Search items
ControlK

Trust at Asana

This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. We prioritize security as our highest-level product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.

Asana’s security and privacy programs are led by industry veterans with decades of experience:  Sean Cassidy: Head of Security Whitney Merrill: Data Protection Officer (DPO)

Self-Assessment

Knowledge Base

  • Can you share the organization chart, mission statement, and policies for your information security unit?
  • Have you undergone a SSAE 18 / SOC 2 audit?
  • Do you have a formal incident response plan?
  • Will data regulated by PCI DSS reside in the vended product?
  • Does the hosting provider have a SOC 2 Type 2 report available?
View more

Trust Center Updates

New Asana SOC Reports, ISO & TX-RAMP Certificates Available.

ComplianceCopy link

Asana's SOC 2 Type 2 report for the period covering from February 2023 to January 2024 is now available to request for download from our Trust Center. This year, Asana was also assessed for SOC 2 + HIPAA compliance in a Type 1 audit - this report is available to request for download. Additionally, the Asana SOC 3 report for the same period is now publicly available.

Asana successfully passed its recertification against the ISO 27001 standard, and was audited against the most recent version of the standard: ISO 27001:2022. Our up to date certifications for ISO 27001, ISO 27017, ISO 27018 and ISO 27701 are all available publicly for download by following the respective links.

Asana has successfully achieved TX-RAMP Level 1 - our certification is available to request for download from the Asana Trust Center.

Published at N/A*

New ISO 27001 SoA Published (February 2024)

ComplianceCopy link

As part of Asana’s annual security compliance audits, Asana was audited against the updated version of the ISO 27001 standard (ISO 27001:2022). As part of preparing for this audit, Asana updated its Statement of Applicability (SoA) in line with the new version, defining which ISO 27001:2022 controls were applied into the organization. Please find this updated SoA at Asana’s Trust Center here: ISO 27001 SoA.

Published at N/A

New Disaster Recovery Summary Published (October 2023)

ComplianceCopy link

Asana just completed our annual Disaster Recovery Test in October 2023. The goal of this exercise is to model a worst case scenario where our infrastructure is completely lost and we are forced to bring up data from backup snapshots of our production environment, which we call snapshots. Please see the summary report on Asana's Trust Center: Disaster Recovery Summary

Published at N/A*

New Security Assessment (Penetration Test) report published (August to November 2023)

VulnerabilitiesCopy link

Praetorian Security, Inc. just completed Asana's FY24 security assessment / penetration test. The scope of this test covers our web and mobile application, cloud infrastructure, Asana-owned integrations (subset selected by Asana Security), internal network, and external network. Please see the summary report on Asana's Trust Center: Penetration Testing

Published at N/A

New Asana SOC 2 Type 2 and SOC 3 Reports Available for Download

ComplianceCopy link

Asana's SOC 2 Type 2 report for the period covering from February 2022 to January 2023 is now available to request for download from our Trust Center. Additionally, SOC 3 report for the same period is now available publicly for download.

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo