Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

Asana, Inc.

Asana

Asana helps teams orchestrate their work—from daily tasks to cross-functional strategic initiatives—while providing the alignment needed to hit their goals faster. As a living system of clarity for the entire organization, Asana helps bridge the gap between strategy and execution to ensure teams are focused on their most important work.

Features

  • Collaborative Work Management
  • Task Management
  • Project Management
  • Workflow Management
  • Portfolio Management
  • Goal Management
  • Enable Remote Working
  • Reporting
  • Forms
  • Approvals

Benefits

  • Streamline processes with predefined workflows
  • Report the status of work to executives
  • Adhere to deadlines with project plans and a central view
  • Reduce wasted effort and focus on key objectives
  • Understand where work is and group work into portfolios
  • Map the organisational goals so they can be tracked centrally
  • Work from anywhere and track any work
  • Create an organisation-wide view with universal reports
  • Centralise and standardise the work intake with custom forms
  • Review PDFs, images and requests with an approval task

Pricing

£9.49 to £41.99 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cammcneil@asana.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 2 4 1 7 9 7 0 2 1 5 6 5 3 4

Contact

Asana, Inc. Cameron mcneil
Telephone: +44 7802 807 017
Email: cammcneil@asana.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Asana is a cloud only SaaS solution. An on-premise deployment is not possible.
System requirements
  • The latest version of Chrome, Safari, Firefox or Edge browser
  • An email address is required

User support

Email or online ticketing support
Email or online ticketing
Support response times
For Asana Enterprise plan customers, Asana provides 24/7 English support and will respond to Customer support inquiries filed via https://asana.com/support within two (2) business hours of receipt of such inquiry (excluding US, Ireland, and Australia holidays). Please see https://asana.com/service-levels for full details.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
For our Asana Enterprise plan customers, we provide L1 (How to) through L4 (System Outage) support. Additionally Forum, Academy, Webinars, Guides and Developer resources are available. Customer Success may also be provided to Enterprise plan customers based on the size of deployment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Asana is designed to be used with minimal training and support. Self guided Forums, Academy, Webinars, Guides and Developer resources are available to all users. Customer Success may also be provided to Enterprise plan customers based on the size of deployment. For organisations that require additional support, there is an optional onboarding package, where an organisation can opt to purchase additional support in the form of consultation and training.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Asana will make Customer Data available to Customer for export in accordance with the Documentation as long as Asana receives written notice within thirty (30) days after the effective date of expiration or termination from Customer regarding its intent to import such Customer Data. After such thirty (30) day period, Asana will have no obligation to retain Customer Data and will thereafter, unless legally prohibited, be entitled to delete all Customer Data in its systems or otherwise in its possession or under its control. Subject to any limitations in Customer’s Subscription plan, upon Customer’s request at datadeletions@asana.com, Asana will, within one-hundred and eighty (180) days of receipt of such request, securely destroy all Customer Data from its systems; provided that all back-ups will be deleted within thirty (30) days after such one-hundred and eighty (180) day period.
End-of-contract process
Asana may immediately deactivate Customer’s account(s) associated with the Agreement. All Subscriptions and any other rights granted will immediately terminate, and Buyer shall immediately cease all use of the Service.

For the process related to data extraction at the end of the contract, please see our previous answer.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Most features are available on both platforms. Where there is imparity between the desktop and mobile service, we will aim to develop parity.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
The Asana API is a RESTful interface, providing programmatic access to much of the data in the system. It provides predictable URLs for accessing resources, and uses built-in HTTP features to receive commands and return responses. This makes it easy to communicate from a wide variety of environments: command-line utilities, gadgets, and even the browser URL bar itself.

The API accepts JSON or form-encoded content in requests and returns JSON content in all of its responses, including errors. Only the UTF-8 character encoding is supported for both requests and responses.

Please see https://developers.asana.com/ for documentation regarding Asana's API.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Many different fields, views and workflows can be built around the same underlying units of work, allowing every individual to customize their experience in Asana in a way that best suits them.

Scaling

Independence of resources
Our production infrastructure is secured so that only our load balancer machines are allowed to receive external web traffic. Each host is assigned a role; security groups are used to define the expected traffic between these roles. This makes Asana secure and scalable.

Analytics

Service usage metrics
Yes
Metrics types
The Asana Admin Insights dashboard provides details on who is using Asana, how many Teams, Projects and Tasks are in Asana. The Insights dashboard also shows the most active and influentials users in the platform. User reporting is also available within the Asana console to all users. This includes Status updates and Project reporting.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Individual projects can be exported via CSV, JSON and Calendar integrations. The APIs are also available to perform regular/ bulk exports.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Asana provides transparency into real-time and historical uptime status at our publicly facing platform status page. For Enterprise plan customers, Asana commits to a 99.9% service uptime.
Approach to resilience
Asana has a formal business continuity plan for extended service outages caused by unforeseen or unavoidable disasters in an effort to restore services to the widest extent possible in a reasonable time frame. Asana has a documented set of disaster recovery policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a disaster.

Asana’s primary data centers are hosted on AWS in Virginia, USA. Eligible customers (Enterprise tier) may request to have their data stored in Frankfurt, Germany; Sydney, Australia; or Tokyo, Japan. In the event of a single AWS data center loss, recovery procedures would bring up nodes in another data center. To account for major disasters, a disaster recovery (DR) site is hosted in an AWS data center in Ohio, USA (for USA-based data); Dublin, Ireland (for EU and Australia-based data); or Osaka, Japan (For Japan-based data).
Outage reporting
Customers can view and subscribe to system status updates at status.asana.com, which shares our web app, mobile app, and API availability over the previous 12 hours, 7 days, 30 days, and year.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Asana treats all customer data as confidential, regardless of classification. Access to applications, operating systems, databases, and network devices is provisioned according to the principle of least privilege. This policy restricts access to confidential information to those employees who are required to access such confidential information as a part of their job, and then only in those circumstances where access to such confidential information is required to provide a specific service to the customer. In such circumstances, the employee is directed to access only the minimum amount of confidential information necessary to perform the task at hand.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Cadence Assurance, LLC
ISO/IEC 27001 accreditation date
07/03/2024
What the ISO/IEC 27001 doesn’t cover
The scope of the ISO/IEC 27001:2013 certificate is limited to the ISMS supporting the provisioning, monitoring, and ongoing management of Asana in accordance with the Statement of Applicability.

Asana’s ISMS Scope includes the following elements:
• Products: The Asana Platform
• Assets, technologies, people, and processes employed by Asana for the development, operation, maintenance, and delivery of its Asana Platform

Locations:
• Asana Headquarters – 633 Folsom St, San Francisco, CA 94107, USA
• Asana New York – 3 World Trade Center, New York, NY 10007
• Asana Reykjavik – Borgartún 27, 4th floor, 105 Reykjavík, Iceland
• Asana Vancouver - 333 Seymour St 8th floor, Vancouver, BC V6B 5A6, Canada
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 Type II
  • ISO 27017
  • ISO 27018
  • ISO 27701

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC 2 Type II;
ISO 27017; ISO 27018; ISO 27701
Information security policies and processes
Asana maintains a formal information security management program with dedicated security personnel reporting to Asana's Head of Security. This organization is responsible for implementing security controls and monitoring Asana for malicious activity.

Our information security management program also includes a cybersecurity risk management process which aims to identify and assess material risks from cybersecurity threats, including from vulnerabilities within Asana systems and new and emerging threats to Company operations by using automated and manual tools, subscribing to and analyzing reports and services that identify certain cybersecurity threats, conducting scans of certain environments, evaluating our and our industry’s risk profile, evaluating threats reported to us, and conducting audits and threat assessments.

For additional details on Asana's Security program, please visit security.asana.com.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes made to systems follow Asana's Change Management Policy, where changes to our application, systems, databases, infrastructure, and services are appropriately documented, tested, and approved in accordance with our internal guidelines.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Asana maintains a vulnerability scanning process for production systems. The scope of vulnerability scans includes both external and internal systems in the production environment. Vulnerability priority is appropriately assigned based upon a number of factors, such as Risk and Asana-specific environmental controls. Risk is informed by industry standards such as the Common Vulnerability Scoring System (CVSS).

Asana’s Security team performs vulnerability scans at least quarterly and determines a severity rating for each vulnerability based on the assessment tools criteria such that high or higher-level ranked vulnerabilities require remediation.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Asana uses Amazon Cloudwatch combined with custom scripts that extract important data from logs and push them to its monitoring services. Asana monitors the capacity utilization of physical and computing infrastructure both internally and for customers to ensure service delivery matches service level agreements. We have automated security scans on our network and applications. A monitoring script runs weekly to validate code changes were properly reviewed. The results of monitoring issues are tracked to resolution.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response to security incidents and suspected security incidents involving the accidental or unlawful destruction, loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data transmitted, stored, or otherwise processed by Asana. These incident response procedures detail how Asana triages, investigates, remediates, and reports on security incidents. Asana has contracted with third party digital forensics and incident response firms in the case of a data breach.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality

Fighting climate change

Carbon neutrality. Our carbon-neutral boundary includes our direct emissions for Scope 1 and 2 as well as certain indirect emissions for Scope 3, namely business travel, employee commuting, and outsourced data centers. We intend to continue to purchase high quality nature-based and technology-based offsets while we reduce our emissions.

Creating a Sustainable Workplace. Through a concerted effort in FY23, Asana corporate headquarters diverted 80% or more of non-hazardous waste from landfills through our reuse, recycling, and composting program. We implemented several initiatives to prioritize bio-waste diversion. These initiatives included educating employees on the importance of appropriate disposal methods, implementing a comprehensive waste management program that emphasized the importance of sorting waste, and investing in appropriate infrastructure to manage organic solids.

LEED-certified facilities. Our 12-floor San Francisco HQ was designed and built to the U.S. Green Building Council’s Leadership in Energy and Environmental Design (LEED) standards. Its sustainable construction and energy-conserving design earned it a LEED Gold certification. Our Dublin office is LEED-certified at the Platinum level. We’re excited that Asana’s office at 3 World Trade Center in New York will also pursue LEED certification. We expect to continue investing in green buildings for our office locations, which typically have reduced operational costs and often have worker health and productivity benefits as well.

Tackling economic inequality

Targeted outreach. Representation is a core component of our talent attraction process. Our Talent Acquisition team leverages a portfolio of strategies including equitable sourcing, diversity events and partnerships, and emerging talent programs to reach candidates from historically marginalized communities and build equitable representation in our candidate pipeline.

The IDEAL policy. Our Inclusivity, Diversity, and Equity for Asana Leadership (IDEAL) policy requires that at least one candidate from an underrepresented ethnic group (in AMER) and at least one non-male candidate (global) is interviewed for every open people manager position.

Closing the opportunity gap. Asana helps expand tech opportunities for individuals from historically marginalized communities through a variety of programs:
Through our AsanaUP program, we partner with job training and career development programs including the Marcy Lab School and YearUP to offer apprenticeships to people entering tech from another field.
We also partner with organizations such as Techqueria, which empowers Latinx tech professionals to become leaders in the industry, and AfroTech, a networking platform, media outlet and annual conference that supports Black innovators and businesspeople.

Pricing

Price
£9.49 to £41.99 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free trial is available for Asana Starter or Advanced for up to 60 days. The trial period includes all features listed per paid product.
Link to free trial
https://asana.com/create-account

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cammcneil@asana.com. Tell them what format you need. It will help if you say what assistive technology you use.