{
  "docId": "019dd923-5efe-75c0-8dff-48e10af8a9a6",
  "docSlug": "27f56e392d468998",
  "documentTitle": "2025 ESG Report",
  "authorId": "Asana",
  "authorName": "Asana",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "landscape",
  "aspectRatio": 1.776,
  "pageNumber": 40,
  "pageCount": 59,
  "prevPage": 39,
  "nextPage": 41,
  "slideType": "other",
  "function": "present_solution",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "The slide uses a grid of lock icons as a visual motif for security/privacy.",
  "elementsJson": [
    "paragraph",
    "callout_box",
    "icon_grid"
  ],
  "metadataConfidence": 0.9,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5efe-75c0-8dff-48e10af8a9a6/40",
  "deckHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6",
  "deckJsonHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6.json",
  "deckAnchorHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6#slide-40",
  "components": [
    {
      "bbox": {
        "h": 0.15,
        "w": 0.17,
        "x": 0.23,
        "y": 0.45
      },
      "kind": "callout",
      "text": "Transparency in how we collect, process, and use personal data.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0bfebc57-1848-4439-9e58-b88ad3cfc155",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.36,
        "x": 0.6,
        "y": 0.62
      },
      "kind": "callout",
      "text": "Data Processing Addendum\nOur Data Processing Addendum, which outlines our contractual privacy obligations and facilitates the transfer of data globally by incorporating data privacy frameworks between the EU, UK, Switzerland, and the US, as well as applicable standard contractual clauses",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "111e165f-d86b-4a69-9b76-8338ff97db52",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.17,
        "x": 0.79,
        "y": 0.45
      },
      "kind": "callout",
      "text": "Privacy assessments\nincluding reviews of third-party vendors and new product features.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "22042ef2-8ba6-4c91-a990-4be6cefa95bc",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.35,
        "x": 0.41,
        "y": 0.45
      },
      "kind": "callout",
      "text": "SOC 2 Type 2 and SOC 2 Type 1 + HIPPA audits\nSOC 2 Type 2, including the privacy trust principle, and SOC 2 Type 1 + HIPAA audits to regularly evaluate our privacy program against privacy trust principles and the HIPAA Security Rule.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "a8cb6b4b-3f0b-4bf4-b0f8-d906703656f8",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.17,
        "x": 0.6,
        "y": 0.28
      },
      "kind": "callout",
      "text": "Privacy compliance terms\nwhich are available for those in the US healthcare, finance, and education sectors.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "cb258f08-e816-4523-b1be-d2638ee5ce63",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.27,
        "x": 0.31,
        "y": 0.62
      },
      "kind": "callout",
      "text": "Compliance with ISO 27018:2019 and ISO 27701:2019 certifications\nwhich demonstrate our commitment to global privacy standards.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e6a9bbb4-9d97-4793-bcf3-98ef04f74838",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.17,
        "x": 0.79,
        "y": 0.28
      },
      "kind": "callout",
      "text": "Employee training\non a mix of privacy policies, data governance, and privacy best practices upon hire and at least annually thereafter.",
      "attrs": null,
      "subkind": "primary",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e9a4edd4-ea5d-4558-bd00-6ac37d89f6da",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "callout",
      "text": "Asana's privacy practices take a global and customer-centric approach, focused on key areas including:",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-8f6d-7270-a7a6-2b9a745c47ad",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.55,
        "w": 0.21,
        "x": 0.03,
        "y": 0.28
      },
      "kind": "paragraph",
      "text": "Third-party data governance\nAsana has a formal process for reviewing third-party service providers and their processing of data, which facilitates contractual commitments to safeguard our data. The security, privacy, and IT teams perform vendor assessment reviews to assess risks related to security, privacy, availability, and confidentiality before bringing in new applications, tools, or suppliers. All vendors who Asana shares data with undergo a risk assessment that includes reviewing third-party security attestations (e.g., SOC 2, ISO 27001) and a security and privacy questionnaire to determine if security and privacy controls meet or exceed industry standards. Additionally, these vendors must enter into a Data Processing Agreement to ensure they're contractually required to protect information and meet minimum requirements.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "3b11cbab-2063-4a2b-8950-417214e3ad3d",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.25,
        "x": 0.27,
        "y": 0.28
      },
      "kind": "title",
      "text": "Asana's privacy practices take a global and customer-centric approach, focused on key areas including:",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4565c2b4-c033-4926-b5d7-56442a1fa3c9",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 40,
      "from": 10,
      "beatId": "019dd95a-07a7-7579-bd63-7d61f5ebffb7",
      "arcName": "The Golden Circle",
      "arcSlug": "golden-circle",
      "beatName": "How",
      "beatSlug": "golden-circle-how",
      "evidence": "Four pillars in action: People, Product, Planet, Trust & Governance.",
      "position": 2,
      "confidence": 70,
      "parentBeatName": "Turn",
      "parentBeatSlug": "turn"
    }
  ],
  "loops": [
    {
      "to": 40,
      "from": 34,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-08f8-7619-ac2c-be5f95562317",
      "evidence": "Divider p.34 then 6 distinct, non-overlapping governance sub-themes p.35-40.",
      "position": 5,
      "objective": "Decompose Trust & Governance into ethics, risk, supply chain, privacy, data governance",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}