Asana
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II Report available via Asana's trust center (security.asana.com, gated). A SOC 3 report is also offered. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Certified against ISO/IEC 27001:2022. Also holds ISO 27017, 27018, and 27701. | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA Listed among Asana's compliance attestations; documentation via trust center. | Verified | vendor source ↗ | June 10, 2026 |
| CSA STAR Level 1 Self-assessment on the CSA STAR registry. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Asana have SOC 2?
Subprocessors
Subprocessor extraction for Asana is pending.
Hosting & data residency
- InfrastructureAmazon Web Services
- Data residencyData residency options with data centers in Europe, Australia, and Japan (confirmed on Asana's trust page, 2026-06-10).
Trust documents & links
- Trust centerhttps://security.asana.com
- Security pagehttps://asana.com/trust
- DPAnot yet recorded
- Status pagehttps://status.asana.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II, ISO 27001:2022 (plus 27017/27018/27701), HIPAA, and CSA STAR Level 1 confirmed against Asana's trust page. Status page and EU/AU/JP data residency recorded; trust center corrected to security.asana.com.