Generation Digital

Asana

Keep your teams coordinated, wherever they are. With Asana, remote teams can organise projects, manage shifting priorities, and get work done. It is a collaborative work management platform that helps teams and distributed, remote working teams, collaborate, manage work, project manage everything from daily tasks to strategic initiatives.

Features

  • Project Management
  • Organize Work (agile working with kanban boards)
  • Manage Tasks
  • Visualize Projects
  • Assign Tasks
  • Set due dates and times
  • Agile Working Boards
  • Streamline workflow and approvals
  • Manage workload across the team (avoid burnout)
  • Remote Access. Connect and collaborate while working remotely

Benefits

  • Easily manage team projects and tasks
  • Stay in sync, hit deadlines, and reach your goals
  • Map out each step and organize tasks
  • Visualize work through multiple stages quickly and easily
  • Use Timeline to create a project plan
  • Simplify workflows, reduce errors, and save time
  • Streamline work
  • Easily spot holes and overlaps in your schedule
  • Monitor the status of key initiatives in real time
  • Manage team workload.

Pricing

£0 to £49.99 a user a month

Service documents

Framework

G-Cloud 12

Service ID

1 9 1 8 4 3 9 8 7 1 9 5 2 4 5

Contact

Generation Digital Graham Mackay
Telephone: 0203 6379 776
Email: gcloud@gend.co

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Asana does not work with:
Internet Explorer 10
Internet Explorer 11
Opera
Developer or Beta versions of supported browsers
System requirements
Supported browsers: Chrome , Safari for Mac, Firefox, Microsoft Edge

User support

Email or online ticketing support
Email or online ticketing
Support response times
Expedited support ticket
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via the website.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
We provide the following support levels:

Onboarding plans: Work hand-in-hand with an expert on a custom onboarding plan, timeline, and kickoff.

Customer success managers (CSMs): A dedicated partner familiar with your goals, helping you hit them with coaching, calls, and training.

Professional services: Additional consulting sessions for on-site training, digital transformations, custom integrations, and more.

Custom resources: From onboarding to feature tips, we can provide the right content at the right time to help answer your team’s questions and needs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide Online Training, Onsite Training, User Guides, etc.

To help your team start using Asana, we’ve analyzed what the most successful teams in Asana have in common, channeled the expertise of our Customer Success Managers, and incorporated proven change management strategies all to craft the “Asana Way of Change” framework outlined in this article.

Asana Help: Get how-to help and step-by-step instructions for specific features in Help.

Asana Forum: Ask questions, get answers, and join our large community of Asana experts.

Asana Academy: Learn how to use Asana through trainings, webinars, and interactive courses hosted by Asana’s Customer Success team.

Asana Guide: Learn how to onboard your team and use Asana to its full potential with quick and easy tips.

Asana Use Cases: Learn how other teams like yours use Asana and how to build out projects specific to your team.

Asana Developer’s Guide: Learn how to customize the Asana experience, leverage your data with the Asana API, and join our developer community.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the admin console or by contacting support.
End-of-contract process
At the end of the contract, licences can be renewed or terminated.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The user experience is similar across desktop and mobile.
Service interface
No
API
Yes
What users can and can't do using the API
Asana’s API provides a means for software and scripts to read information from inside Asana, input information from outside Asana, and automatically react when things change. This can include: consistently doing repetitive or tedious tasks, creating reports on the state of tasks and projects, or staying in sync with other software such as Slack or Salesforce used in your organization.

Asana’s platform is built to be flexible and powerful and be intuitive enough for all teams to adopt and maintain clarity on the work being done.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Branding
Custom Fields
Display
Workflow
Templates
Integrations
Security

Scaling

Independence of resources
Asana is built on a scalable cloud platform used by millions of users.

Analytics

Service usage metrics
Yes
Metrics types
From withihin Insights you can understand how your organization is using Asana through high-level metrics
See recently added teammates
View the most influential members in your organization (active members with the most invites sent, teams created, and projects shared in Asana)
With Business, you can view detailed engagement activity over time to spot trends in your organizations usage of Asana
Report of projects status, work load, etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Asana (Generation Digital is an official partner providing additional services)

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
You can export your own data, per project to the text-based file formats JSON or CSV, the latter of which can be viewed in a spreadsheet application like Microsoft Excel or Google Sheets. This can be done via the console or a support ticket.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Text
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Monday.com
  • Trello
  • Airtable
  • Smartsheet
  • Wrike
  • Google Sheets

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Web connections to the Asana service are via TLS 1.1 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using TLS 1.0 and below or RC4.
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
SOC 2 (Type 1 and 2)
Asana has successfully completed its SOC 2 (Type I) and (Type II) audits for controls relevant to security, availability, and confidentiality. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.

Availability and resilience

Guaranteed availability
The Enterprise plan has a 99.9% uptime SLA.
Approach to resilience
Asana’s infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures.

Asana uses Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a regional Amazon failure.

We currently host data in secure SSAE 16 audited data centers via Amazon RDS in the United States.
Outage reporting
Asana offers transparency into real-time and historical platform status, and a 99.9% uptime commitment to our Enterprise customers.
Updates can be provided by:
a public dashboard
an API
email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
On a quarterly basis, management reviews user access to in-scope systems for continued
appropriateness and removes any access that is no longer required. Upon termination of employees,
access is removed.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
PCI Security Standards Council
PCI DSS accreditation date
30/6/2018
What the PCI DSS doesn’t cover
Face-to-face channels
Other security certifications
Yes
Any other security certifications
  • SOC 2 audits for controls
  • SSAE 16 certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards
SOC 2 (Type 1 and 2)
Asana has successfully completed its SOC 2 (Type I) and (Type II) audits for controls relevant to security, availability, and confidentiality.
Information security policies and processes
SOC 2 (Type I) and (Type II). This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.

Security in our Software Development Lifecycle
Asana uses the git revision control system. Changes to Asana’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Asana employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Asana engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.

In addition to a list where all access control changes are published, we have a suite of automated unit tests that check that access control rules are written correctly and enforced as expected. We also work with third-party security professionals to:

Test our code for common exploits
Use network scanning tools against our production servers

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Asana uses the git revision control system. Changes to Asana’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Asana employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Asana engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Asana maintains an ongoing risk management process to proactively identify vulnerabilities within systems and assess new and emerging threats to operations. Asana maintains a vulnerability scanning process both for external and internal systems in the production environment. Security team performs scans at least quarterly and remediates vulnerabilities based on rating. Vulnerability scans are also run after any significant change to the production environment as determined by the Head of Security.
We work with security professionals to test code for common exploits and use network scanning tools against our production servers. Penetration testing is performed annually. Vulnerabilities are remediated and re-tested.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Asana uses specialist monitoring services. Asana monitors the capacity utilization of physical and
computing infrastructure both internally and for customers to ensure service delivery matches service
level agreements. We have automated security scans on our network and applications. A monitoring
script runs weekly to validate code changes were properly reviewed.

Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response
to security incidents and suspected security incidents involving the accidental or unlawful destruction,
loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data
transmitted, stored, or otherwise processed by Asana.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Asana maintains an Incident Response Plan designed to establish a reasonable and consistent response
to security incidents and suspected security incidents involving the accidental or unlawful destruction,
loss, theft, alteration, unauthorized disclosure of, or access to, proprietary data or personal data
transmitted, stored, or otherwise processed by Asana.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0 to £49.99 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 Day Free Trial
Link to free trial
https://form-beta.asana.com/?hash=2536e9f2901b0772bb706373857b557ce568eaf36912cf33d5d67cb34ebba1b1&id=1184309215377039

Service documents