Trust at Asana
More than 100,000 of the world's most innovative enterprises trust Asana to keep their data safe.
Loved by more than a million teams in 190 countries
How Asana earns trust
Asana covers these essential needs, so teams can succeed with peace of mind.
Security
Data protection is key to support teams’ success, so we incorporate security into our product and operations.
Reliability
We invest in our infrastructure to support deployments of 100 or 100,000 and beyond.
Privacy
We're committed to protecting your privacy through our product, infrastructure, and data governance.
Compliance
We adhere to global, regional, and industry regulations to help you meet compliance standards.
Protect your work
Asana takes a security-by-design approach to protecting your data. We build our platform using best practices for highly available, scalable, and secure cloud applications.
Security infrastructure
Our approach to security starts at the foundational level and includes protocols such as password hashing, routine security assessments, least privilege access, security-focused software development, and a public bug bounty program.
Operational security
Our information security team continuously implements new security controls and monitors Asana for malicious activity across physical data centers, networks, and IT devices.
Product security
Asana provides a robust set of in-product data protection and admin controls for greater visibility and control over your data. Enterprise admins can securely deploy Asana to their organizations with two-factor authentication, SSO, and SAML 2.0.
Monitor your system
We offer full transparency into system status and performance.
Uptime and availability
Asana offers 24/7 priority support and a 99.9% uptime commitment to Enterprise customers, and provides transparency into real-time and historical platform status.
Business continuity
Asana’s infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures.
Protect what matters
We have a comprehensive privacy compliance program that aligns our practices with regulations such as the General Data Protection Regulation and California Consumer Privacy Act.
Privacy controls
Asana provides in-product admin controls, both user and object-level permissions, and the ability to define which third-party applications are accessible to your team.
Data governance
Asana allows customers to export and delete data at the organization level and automate full-domain exports through our API.
Data residency
Asana offers global data residency options to ensure customers have more control over where their data is stored.
Enterprise Key Management
Gain more control over your data and meet your organization’s most critical compliance needs by using your own encryption key on information stored in Asana.
Certifications and attestations
Asana adheres to global privacy laws and security standards with measures in place to help you meet your compliance obligations.
SOC 2 (Type 2)
Security, availability, and confidentiality trust services criteria
SOC 3
Overview of Service Organization Controls
GDPR
Data protection and data subject rights for EU residents
CCPA
Privacy rights and consumer protection for California residents
ISO/IEC 27001:2013
Global standard for information security management systems
ISO/IEC 27017:2015
Code of practice for information security controls for cloud services
ISO/IEC 27018:2019
Code of practice for protecting personally identifiable information (PII)
ISO/IEC 27701:2019
Privacy information management standard supporting compliance with global privacy laws
GLBA
Privacy Rule and Safeguards Rule for financial institutions
FERPA
Privacy rights for educational information and records
(Coming soon) HIPAA
Protection of patient health information in the United States
More on Asana security
Take a deeper dive into Asana’s security practices and philosophy by downloading our trust and security whitepaper today.