🔎

Find & compare security policies for thousands of companies using our new directory

Company logo

Asana

Asana—a way to easily communicate across teams, manage projects in one place, and reclaim more time with seamless collaboration.
  • Website
    https://asana.com
  • Trust Center
    https://asana.trust.page

  • Compliance

    • CCPA

      Privacy rights and consumer protection for California residents. Here is our privacy commitment.

    • CSA STAR - Level 1

      View Registry

      Cloud security controls compliance self-assessment

    • 11 more topics

  • Product Security

    • Audit Logs

      Asana’s Audit Log API allows Enterprise admins to detect security threats in Asana via Splunk, or any Security Information and Event Management (SIEM) provider of their choice with some development. With our out-of-the-box integration with Splunk, IT teams can view and monitor key compliance-related activities in Asana directly from Splunk’s dashboard. In addition, admins can proactively secure their organization’s data and take action when suspicious activities occur by using timely, customized alerts.

      We monitor the availability of our office network and the devices on it. We collect logs produced by networking devices such as firewalls, DNS servers, DHCP servers, and routers in a central place. The network logs are retained for the security appliance (firewall), wireless access points, and switches.

    • Multi-Factor Authentication

      Wherever possible, we use two-factor authentication to further secure access to our corporate infrastructure. Asana runs security scans on a regular basis.

    • 5 more topics

  • Data Security

    • Data Encrypted At-Rest

      Asana guarantees encryption at rest with AES 256 bit secret keys.

    • Data Encrypted In-Transit

      Connections to app.asana.com are encrypted with 128-bit encryption and support TLS 1.2 and above. Connections are encrypted and authenticated using AES128GCM and use ECDHE_RSA as the key exchange mechanism. Asana supports forward secrecy and AES-GCM and prohibits insecure connections using RC4 or TLS 1.1 and below. Logins and sensitive data transfers are performed over TLS only.

    • 1 more topic

  • Privacy

    • Privacy Policy

      Your privacy is important to us. It is Asana's policy to respect your privacy regarding any information we may collect from you across our website. Asana only collects data that we need and only retains it for as long as necessary.
      Asana does not share any personally identifying information publicly or with third-parties, except when required to by law.

    • Data Retention Policy

      Asana retains customer’s information for the period necessary to fulfill the purposes outlined in our Privacy Policy.

    • 3 more topics

  • Incident Management & Response

    • Data Breach Notification

      Asana will assist customers by notifying them of a confirmed Data Breach without undue delay or within the time period required under Applicable Law, and in any event no later than seventy-two (72) hours following such confirmation.

    • Incident Response Plan (IRP)

      Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response to security incidents and suspected security incidents. A security incident or suspected security incident involves the accidental or unlawful destruction, loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data transmitted, stored, or otherwise processed by Asana. These incident response procedures detail how Asana Security triages, investigates, remediates, and reports on security incidents. Asana has contracted with third party digital forensics and incident response firms in the case of a data breach.

  • Availability & Reliability

    • Data Redundancy

      Asana uses Amazon's relational database service (RDS) to manage all user data. The database is replicated synchronously so that Asana can typically recover from a database failure in a matter of seconds.

    • Infrastructure Redundancy
    • 2 more topics

  • Organizational Security

    • Confidentiality Agreements

      Asana team members are bound by confidentiality agreements, but may access your data to the extent necessary to diagnose and correct problems in the product.

    • Employee Background Checks

      Asana performs background verification checks on employees that have access to Customer Data in accordance with relevant laws, regulations, ethical requirements, and/or accepted local practices for non-US jurisdictions for each individual at least upon initial hire (unless prohibited by law). The level of verification shall be appropriate according to the role of the employee, the sensitivity of the information to be accessed in the course of that person’s role, the risks that may arise from misuse of the information, and the accepted local practices in non-US jurisdictions. The following checks shall be performed for each individual at least upon initial hire, unless prohibited by law or inconsistent with accepted local practices for non-US jurisdictions: (i) identity verification and (ii) criminal history.

    • 4 more topics

  • Business Continuity

    • Business Continuity Plan

      Asana’s infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures.

    • Disaster Recovery Plan

      Asana has documented a set of disaster recovery policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a disaster.

    • 1 more topic

  • Infrastructure

    • Multi-Tenant Architecture
    • ISO 27001 - Data Center
    • 1 more topic

  • Threat Management

    • Bug Bounty

      We maintain an external bounty program where we agree to pay security researchers who discover vulnerabilities.

    • Penetration Testing

      Asana maintains an information security program, which includes penetration testing performed by a qualified third party on an annual basis.

      Here is a summary of our latest penetration test.

    • 1 more topic

  • Subprocessors

    • Sign up to view Asana's Subprocessors

Sign up to see the rest of Asana's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
About
Join the community:
Copyright © 2022 Trustpage. All rights reserved.
Logos provided in part by Clearbit.