This Trust Center provides you with resources demonstrating Asana's continuous commitment to protecting customer data. Below you'll find information about Asana's trust practices including additional information related to security, privacy, AI, and general infrastructure documentation. We prioritize security in our product strategy and build our platform using best practices for highly available, scalable, and secure cloud applications. We regularly monitor and assess our program to ensure it meets or exceeds compliance and regulatory requirements.
Asana’s security and privacy programs are led by industry veterans with decades of experience: Sean Cassidy: Head of Security Whitney Merrill: Head of Global Privacy & Data Protection Officer (DPO)
New Security Assessment (Penetration Test) report published (August to November 2024)
VulnerabilitiesCopy linkPraetorian Security, Inc. just completed Asana's FY25 security assessment / penetration test. The scope of this test covers our web and mobile application, cloud infrastructure, Asana-owned integrations (subset selected by Asana Security), internal network, external network, and AI / Smart features. Please see the summary report on Asana's Trust Center: Penetration Testing
Asana has just publicly announced that we have committed to pursuing FedRAMP authorization - a commitment that will serve the complex needs of our customers in regulated industries.
By pursuing FedRAMP, we expect numerous benefits to be extended to our customers, including:
- Enhanced security and trust, especially among those in a regulatory environment
- Expanded access for our customers working with or aspiring to do business with the U.S. Federal Government
To learn more, check out our press release here and our blog post here.
Asana's SOC 2 Type 2 report for the period covering from February 2023 to January 2024 is now available to request for download from our Trust Center. This year, Asana was also assessed for SOC 2 + HIPAA compliance in a Type 1 audit - this report is available to request for download. Additionally, the Asana SOC 3 report for the same period is now publicly available.
Asana successfully passed its recertification against the ISO 27001 standard, and was audited against the most recent version of the standard: ISO 27001:2022. Our up to date certifications for ISO 27001, ISO 27017, ISO 27018 and ISO 27701 are all available publicly for download by following the respective links.
Asana has successfully achieved TX-RAMP Level 1 - our certification is available to request for download from the Asana Trust Center.
As part of Asana’s annual security compliance audits, Asana was audited against the updated version of the ISO 27001 standard (ISO 27001:2022). As part of preparing for this audit, Asana updated its Statement of Applicability (SoA) in line with the new version, defining which ISO 27001:2022 controls were applied into the organization. Please find this updated SoA at Asana’s Trust Center here: ISO 27001 SoA.
Asana just completed our annual Disaster Recovery Test in October 2023. The goal of this exercise is to model a worst case scenario where our infrastructure is completely lost and we are forced to bring up data from backup snapshots of our production environment, which we call snapshots. Please see the summary report on Asana's Trust Center: Disaster Recovery Summary
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.