Generation Digital

Asana Work Management Platform

Keep your teams coordinated, wherever they are. With Asana, remote teams can organise projects, manage shifting priorities, and get work done. It is a collaborative work management platform that helps teams and distributed, remote working teams, collaborate, manage work, project manage everything from daily tasks to strategic initiatives.

Features

• Project Management
• Organize Work (agile working with kanban boards)
• Manage Tasks
• Visualize Projects
• Assign Tasks
• Set due dates and times
• Agile Working Boards
• Streamline workflow and approvals
• Manage workload across the team (avoid burnout)
• Remote Access. Connect and collaborate while working remotely

Benefits

• Easily manage team projects and tasks
• Stay in sync, hit deadlines, and reach your goals
• Map out each step and organize tasks
• Visualize work through multiple stages quickly and easily
• Use Timeline to create a project plan
• Simplify workflows, reduce errors, and save time
• Streamline work
• Easily spot holes and overlaps in your schedule
• Monitor the status of key initiatives in real time
• Manage team workload.

£0 to £49.99 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gend.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

310604480379427

Contact

Thomas Sutton
0203 6379 776
gcloud@gend.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Asana does not work with:; Internet Explorer 10; Internet Explorer 11; Opera; Developer or Beta versions of supported browsers
• System requirements: Supported browsers: Chrome , Safari for Mac, Firefox, Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Expedited support ticket
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via the website.
• Web chat accessibility testing: None.
• Onsite support: Yes, at extra cost
• Support levels: We provide the following support levels:; ; Onboarding plans: Work hand-in-hand with an expert on a custom onboarding plan, timeline, and kickoff.; ; Customer success managers (CSMs): A dedicated partner familiar with your goals, helping you hit them with coaching, calls, and training.; ; Professional services: Additional consulting sessions for on-site training, digital transformations, custom integrations, and more.; ; Custom resources: From onboarding to feature tips, we can provide the right content at the right time to help answer your team’s questions and needs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide Online Training, Onsite Training, User Guides, etc.; ; To help your team start using Asana, we’ve analyzed what the most successful teams in Asana have in common, channeled the expertise of our Customer Success Managers, and incorporated proven change management strategies all to craft the “Asana Way of Change” framework outlined in this article.; ; Asana Help: Get how-to help and step-by-step instructions for specific features in Help.; ; Asana Forum: Ask questions, get answers, and join our large community of Asana experts.; ; Asana Academy: Learn how to use Asana through trainings, webinars, and interactive courses hosted by Asana’s Customer Success team.; ; Asana Guide: Learn how to onboard your team and use Asana to its full potential with quick and easy tips.; ; Asana Use Cases: Learn how other teams like yours use Asana and how to build out projects specific to your team.; ; Asana Developer’s Guide: Learn how to customize the Asana experience, leverage your data with the Asana API, and join our developer community.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the admin console or by contacting support.
• End-of-contract process: At the end of the contract, licences can be renewed or terminated.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user experience is similar across desktop and mobile.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Asana’s API provides a means for software and scripts to read information from inside Asana, input information from outside Asana, and automatically react when things change. This can include: consistently doing repetitive or tedious tasks, creating reports on the state of tasks and projects, or staying in sync with other software such as Slack or Salesforce used in your organization.; ; Asana’s platform is built to be flexible and powerful and be intuitive enough for all teams to adopt and maintain clarity on the work being done.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Branding; Custom Fields; Display; Workflow; Templates; Integrations; Security

Scaling

• Independence of resources: Asana is built on a scalable cloud platform used by millions of users.

Analytics

• Service usage metrics: Yes
• Metrics types: From withihin Insights you can understand how your organization is using Asana through high-level metrics; See recently added teammates; View the most influential members in your organization (active members with the most invites sent, teams created, and projects shared in Asana); With Business, you can view detailed engagement activity over time to spot trends in your organizations usage of Asana; Report of projects status, work load, etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Asana (Generation Digital is an official partner providing additional services)

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the console or a support ticket.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Text
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Monday.com
  • Trello
  • Airtable
  • Smartsheet
  • Wrike
  • Google Sheets

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Web connections to the Asana service are via TLS 1.1 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using TLS 1.0 and below or RC4.
• Data protection within supplier network:
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: SOC 2 (Type 1 and 2); Asana has successfully completed its SOC 2 (Type I) and (Type II) audits for controls relevant to security, availability, and confidentiality. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.

Availability and resilience

• Guaranteed availability: The Enterprise plan has a 99.9% uptime SLA.
• Approach to resilience: Asana’s infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures.; ; Asana uses Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a regional Amazon failure.; ; We currently host data in secure SSAE 16 audited data centers via Amazon RDS in the United States.
• Outage reporting: Asana offers transparency into real-time and historical platform status, and a 99.9% uptime commitment to our Enterprise customers.; Updates can be provided by:; a public dashboard; an API; email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: On a quarterly basis, management reviews user access to in-scope systems for continued; appropriateness and removes any access that is no longer required. Upon termination of employees,; access is removed.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Security Standards Council
• PCI DSS accreditation date: 30/6/2018
• What the PCI DSS doesn’t cover: Face-to-face channels
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 audits for controls
  • SSAE 16 certification
  • ISO/IEC 27001:2013
  • GDPR
  • CCPA
  • GLBA
  • FERPA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: SOC 2 (Type 1 and 2); Asana has successfully completed its SOC 2 (Type I) and (Type II) audits for controls relevant to security, availability, and confidentiality.
• Information security policies and processes: SOC 2 (Type I) and (Type II). This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.; ; Security in our Software Development Lifecycle; Asana uses the git revision control system. Changes to Asana’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Asana employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Asana engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.; ; In addition to a list where all access control changes are published, we have a suite of automated unit tests that check that access control rules are written correctly and enforced as expected. We also work with third-party security professionals to:; ; Test our code for common exploits; Use network scanning tools against our production servers

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Asana uses the git revision control system. Changes to Asana’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Asana employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Asana engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Asana maintains an ongoing risk management process to proactively identify vulnerabilities within systems and assess new and emerging threats to operations. Asana maintains a vulnerability scanning process both for external and internal systems in the production environment. Security team performs scans at least quarterly and remediates vulnerabilities based on rating. Vulnerability scans are also run after any significant change to the production environment as determined by the Head of Security.; We work with security professionals to test code for common exploits and use network scanning tools against our production servers. Penetration testing is performed annually. Vulnerabilities are remediated and re-tested.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Asana uses specialist monitoring services. Asana monitors the capacity utilization of physical and; computing infrastructure both internally and for customers to ensure service delivery matches service; level agreements. We have automated security scans on our network and applications. A monitoring; script runs weekly to validate code changes were properly reviewed.; ; Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response; to security incidents and suspected security incidents involving the accidental or unlawful destruction,; loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data; transmitted, stored, or otherwise processed by Asana.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response; to security incidents and suspected security incidents involving the accidental or unlawful destruction,; loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data; transmitted, stored, or otherwise processed by Asana.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to fighting climate change.
• Covid-19 recovery:

  Covid-19 recovery

  We are committed to Covid-19 recovery
• Tackling economic inequality:

  Tackling economic inequality

  We are committed to tackling economic inequality
• Equal opportunity:

  Equal opportunity

  We are committed to equal opportunity
• Wellbeing:

  Wellbeing

  We are committed to wellbeing

Pricing

• Price: £0 to £49.99 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 Day Free Trial
• Link to free trial: https://form-beta.asana.com/?hash=2536e9f2901b0772bb706373857b557ce568eaf36912cf33d5d67cb34ebba1b1&id=1184309215377039

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gend.co. Tell them what format you need. It will help if you say what assistive technology you use.