Company

Asana completes SOC 2 Type 1 audit and more

At Asana, we continually invest in security best practices to ensure that your data stays safe. Today, we’re excited to announce that we’ve successfully completed our SOC 2 Type 1 audit. We’ve also achieved compliance with both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework and have added more administrative controls and security features for our Enterprise customers.

“Keeping our customers’ data safe and secure is our highest priority,” says Manoj Kasichainula, head of security at Asana. “Our aim is to enable teams to work together effortlessly, and our recent certifications show our ongoing commitment to protect our customers’ data so they can focus on the most important work for their businesses.”

What is SOC 2 Type 1 certification?

SOC 2 is considered the gold standard for security compliance for software-as-a-service (SaaS) companies. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, and confidentiality of customer data.

Achieving SOC 2 Type 1 certification means that our software development processes and practices meet required levels of oversight and monitoring, so that we can proactively identify and address any unusual activity. We will complete our SOC 2 Type 2 audit in 2019, which will further validate our controls and security framework.

GDPR, EU-US and Swiss-US Privacy Shield Frameworks

With a fast-growing customer base in Europe, we’re also focused on security and compliance requirements in the European Union and beyond. Asana remains committed to complying with its obligations under the GDPR, has established a comprehensive and ongoing compliance program, and is committed to partnering with its customers and vendors to help them in their GDPR compliance efforts. Asana also complies with and certifies under both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Frameworks, which provide a legal mechanism for the transfer data from the EU to other countries that do not have a similar data protection framework.

New Enterprise controls and security

For larger companies who use Asana, tight control over users, apps, and data is critical. As part of our focus on security, we’re continuing to build and improve on our administrative controls for Enterprise customers.

Enterprise admins have long been able to manage Asana usage with service accounts, automatic user provisioning and deprovisioning (SCIM), and SAML. We also provide advanced security controls like data export, data deletion, encryption at rest, and cross-regional backups.

Here’s what’s new:

  • Lock down apps. Control which apps or integrations have access to your Asana data. Admins can can create a list of apps that are authorized for use with Asana, and prevent users from connecting other apps.
  • Control guest invites. Restrict who is authorized to invite guests into your domain, and remove anyone who no longer needs access to keep company data safe.

Know your data is safe and secure

We hope these updates help you and your IT team rest easy knowing that your data in Asana is secure. To learn more about our security policies and initiatives, visit our security page or read Asana’s Statement on Security.

Special thanks to Manoj Kasichainula, Rowan Reynolds, Derrick Duggins, Justin Owen, Jaden Geller, Michiel Baird, Yannis, Eric Chen, Jason Smith, Melanie Epling, and Lawrence Han

Would you recommend this article? Yes / No