Migration Checklist: Moving to Asana

Phase 0

Decide & Plan

Lock the decisions that cause mid-migration scope creep when skipped.

• Document the migration scope by Asana object class: Workspaces or Organizations, Teams, Projects, Sections, Tasks, Subtasks, Custom Fields, Portfolios, Goals. Each class has different import paths and tier gating; list which are in scope and which are explicitly out.

  Risk if skipped: Discovering mid-cutover that Portfolios or Goals were assumed in-scope but were never planned for blocks executive reporting on day one.

• Decide between an Organization model and a Workspace model in the destination. Personal Projects organizations cannot be used as a source or destination domain, and Organizations cannot be migrated to Workspaces. Pick the destination shape before any other work.

  Risk if skipped: Choosing the wrong domain type forces a full re-do because the platform does not convert between the two.

• Decide the historical-data scope: how many years of completed tasks, how far back for comments, and whether deleted tasks are included. Deleted objects (teams, projects, tasks) are not copied during a platform-assisted migration, and completed-task history is often re-stamped on CSV import.

  Risk if skipped: Users expect to see closed work on day one and find a blank Completed view, eroding trust in the new system.

• Decide and document the strategy for record ownership: keep original assignees, reassign to a single migration user, or best-match by email. Asana matches assignees on the email address in the Assignee column at import time.
• Identify GDPR, SOC 2, HIPAA, and FERPA obligations that apply to the data set. Asana holds ISO 27018:2019, ISO 27701:2019, SOC 2 Type 1 with HIPAA, and SOC 2 Type 2 with Privacy attestations; confirm your DPA covers the source data.

  Risk if skipped: A regulated data set landing in an unconfigured tenant can trigger a reportable incident before users even log in.

• Decide whether EU data residency is required and confirm the destination domain is provisioned in the Frankfurt region if so. Data residency in the EU data center is an Enterprise add-on and an Enterprise+ inclusion; user authentication and seat-usage data remain outside the residency boundary.

  Risk if skipped: If residency is needed but not provisioned at sign-up, switching regions later requires re-migrating the domain through Asana's data migration request flow.

• Set the cutover date, the source-system freeze window, and the read-only date. Pick a low-activity window; communicate it in writing to all source-system users at least two weeks ahead.
• Assign a single accountable DRI for the migration project. One named owner for end-to-end execution; secondaries for export, transform, load, and validation.
• Document explicit success criteria for declaring the migration complete. Examples: zero variance in active task counts per team, all subtasks linked to their parent, all attachments accessible, three power users sign off per team.

  Risk if skipped: Without written criteria, the project never formally ends and the source system never gets decommissioned.

• List out-of-scope items explicitly in the project plan. Common out-of-scope items: deleted tasks, archived projects older than X years, board-only attachments, legacy integrations.

Phase 1

Pre-Migration Prep

Everything that must be true before the first byte leaves the source.

Phase 2

Source Export

Get everything out — including the things you didn't think of.

• Export every in-scope project as CSV including all standard and custom fields. Include task name, description, assignee email, due date, start date, completion status, completion date, section, dependencies, follower emails, and every custom field.

  Risk if skipped: A missing custom field column at export time means re-pulling the entire dataset later, often after the freeze has started.

• Export the subtask tree to a depth of 5 levels with explicit parent linkage. Asana caps subtasks at 5 levels; any deeper structure must be flattened before import.

  Risk if skipped: Subtasks at depth 6+ that are not flattened in the export are silently dropped at the importer.

• Export task dependencies as a separate junction file (predecessor task ID, successor task ID). The Asana CSV importer can set dependencies between tasks within the same import file when the column references the dependent task name or ID.

  Risk if skipped: Dependencies imported in separate files from their tasks fail to link because the importer needs the referent in the same file scope.

• Export task comments with author email, timestamp, and rich-text body. The Asana CSV importer does not import comments; record them as a CSV per task so they can be re-posted as historical context.

  Risk if skipped: Skipping comments at export time means losing every conversation thread tied to a task once the source is decommissioned.

• Export attachments with metadata: file name, size, MIME type, and the task ID it belongs to. Asana hosts up to 100 MB per file uploaded from local; larger files require Box, Dropbox, Google Drive, or OneDrive/SharePoint links.
• Download the binary contents of every Asana-hosted attachment in scope. External-storage links (Drive, Box, Dropbox, OneDrive) can be preserved as links; native uploads must be re-attached to the destination task.

  Risk if skipped: If source is decommissioned before binaries are pulled, every in-task uploaded file becomes irretrievable.

• Export the user roster with name, email, role, team membership, and reporting line where applicable. This becomes the input for the CSV user import on the destination.
• Export every custom field definition including type, options list, and default value. Include single-select, multi-select, text, number, percent, currency, date, people, formula, ID, time tracking, timer, and reference fields.
• Export every Rule, Bundle, Form, Approval, and Workflow definition as screenshots or structured notes. Rules and Bundles do not transfer through the CSV importer; they will be rebuilt manually in Phase 7.

  Risk if skipped: Without a captured definition, rebuilding a complex multi-trigger Rule from memory after cutover is error-prone and slow.

• Export Portfolio composition, Goal hierarchy, and report definitions. Portfolios and Goals are not part of CSV import; capture the structure so it can be recreated.
• Export Project status updates and Project descriptions as separate files. These do not move through the project CSV importer.
• Capture screenshots of every saved dashboard, report, and search filter in the source. Reporting layouts are recreated by hand in the destination.
• Record the exact UTC timestamp of each export. This is the baseline against which the cutover delta is computed.

  Risk if skipped: Without a recorded export timestamp, the delta load in Phase 5 either over-pulls or under-pulls and creates duplicates or gaps.

Phase 3

Transform & Map

Turn source exports into Asana-shaped files.

Phase 4

Sandbox Test Migration

Find every problem here, before it costs you in production.

• Load a 1–5% representative sample of each object class into the sandbox. Include at least one record with a long description, one with a subtask at depth 5, one with non-ASCII characters, and one with an at-limit dropdown value.

  Risk if skipped: A sample that does not exercise edge cases passes sandbox and then fails on the first odd row in production.

• Run the CSV Importer against a sandbox project and capture every parser warning and rejected row. The importer surfaces a preview screen before commit; document any column it failed to auto-map.
• Validate that subtasks landed at the correct depth and linked to the correct parents. Spot-check the deepest subtask in the sample to confirm depth-5 preservation.

  Risk if skipped: If the importer dropped depth-5 subtasks during the sample, the same will happen in production at scale.

• Validate that custom fields landed in dedicated columns, not in the task description. If field definitions were not created in advance on the destination project, the importer dumps custom field data into the description as free text.

  Risk if skipped: Description-dumped field data is invisible to filtering, formulas, and Portfolios.

• Confirm dropdown values are case-exact between source CSV and destination dropdown options. Case mismatches create parallel options; check the field's option list for newly-spawned entries.
• Confirm assignees resolved to existing destination users on every sample row. Filter the sandbox project by "No assignee" and investigate every result.
• Confirm dependency links landed: open the predecessor task and verify the successor appears in the blocking list. Dependencies set via the CSV column appear in the task pane under "Dependent on" / "Blocking".
• Confirm completion status set correctly via the post-import Rule. Imported tasks with Status = Complete should fire the Rule and mark the task complete; tasks without that flag should remain open.
• Test attachment re-upload on a small sample (5–10 files). Watch for file-too-large and unsupported-media-type errors; both indicate per-file fixes before bulk run.
• Test comment re-posting on a small sample. Confirm story timestamps are post-cutover (expected) and that the author-prefix text renders cleanly.
• Run a full-volume rehearsal in the sandbox or the largest available subset. Rehearsal surfaces throughput ceilings and timing issues well before production.

  Risk if skipped: Discovering throughput issues for the first time during the production cutover blows the cutover window.

• Time each step of the rehearsal and extrapolate to production volume. If the rehearsal extrapolates beyond the cutover window, either parallelize, batch larger, or expand the window.

  Risk if skipped: Underestimating cutover duration leaves users locked out of both systems for hours longer than planned.

• Have one power user per team spot-check 10–20 sandbox tasks for correctness. They know what "right" looks like; the migration team doesn't.
• Obtain written sandbox sign-off from each functional lead before scheduling production. An email or a signed task in Asana is enough; the point is creating a clear go/no-go artifact.

  Risk if skipped: Skipping sign-off means accountability for migration defects defaults back to the migration team forever.

Phase 5

Production Cutover

A tightly-sequenced execution window — densest cluster of risk.

• Confirm the source system is in the announced freeze and no writes occurred in the last hour. Pull an audit log or last-modified report from the source.

  Risk if skipped: Late writes in the source after the export point become an invisible delta that has to be reconciled by hand.

• Take a final full export of source data and compute the delta against the Phase 2 baseline. Only the delta needs to load if the bulk has already been loaded into a near-production environment.
• Re-confirm every Rule and integration on the destination is still paused. Someone may have unpaused something during sandbox testing; verify before the load.

  Risk if skipped: A single unpaused notification Rule firing during a multi-thousand-task load triggers an inbox flood that drowns first-responders.

• Load Users first via CSV user import. Every subsequent assignee lookup depends on users being present.
• Load Teams second, then Projects, then Sections, then Tasks, then Subtasks in depth order (depth 1 first), then Dependencies. Dependencies refer to task IDs that must already exist; loading them last avoids forward-reference failures.

  Risk if skipped: Loading in the wrong order forces re-runs that consume cutover time and increase the chance of conflicting writes.

• Load Custom field values immediately after Tasks but before Comments and Attachments. Comments and attachments reference task IDs; loading them later means task identity is already stable.
• Re-post comments as task stories using the prefix format from Phase 3. Batch with exponential backoff if the platform throttles bulk operations.
• Re-upload attachments to the destination task referencing the parent task identifier. External-storage links can be posted as attachment records with a URL without uploading bytes.
• Capture every job identifier, batch row count, and error log to a file. These become the audit trail for reconciliation and incident response.

  Risk if skipped: Without captured logs, diagnosing a missing record post-cutover means re-running the analysis from scratch.

• Cross-check destination row counts against source counts at each load step. Run a query after each step; investigate any variance before moving on.

  Risk if skipped: Treating partial-load failures as "fix later" means cascading failures in later steps that reference the missing rows.

• If any load step fails partway: halt, diagnose, fix the transform, and re-run idempotently. Use the external-ID custom field as the upsert key so re-runs update rather than duplicate.
• Re-enable Rules and integrations only after all loads complete and validation in Phase 6 is in flight. Stagger re-enabling: notification rules last.

Phase 6

Validate

Prove the migration was correct before letting users in.

Phase 7

Post-Migration Cleanup

Wrap up so the team can move on; the source is not retired until this phase closes.

• Announce go-live to every end user with login URL, day-one reference link, and the first-responder contact. Send the same content via email and via an Asana project status update so it is reachable from inside the new tool.
• Re-enable notifications progressively over the first 24 hours. Stagger to avoid notification floods: critical assignment notifications first, follower notifications later.

  Risk if skipped: Re-enabling everything at once on day one floods inboxes and burns user goodwill before adoption begins.

• Rebuild every Rule from the captured definitions in Phase 2. Where the same Rule applies to multiple projects, package it as a Bundle for centralized management.

  Risk if skipped: Rules rebuilt one-off per project drift over time and re-create the configuration sprawl the migration was meant to fix.

• Rebuild Forms from the captured definitions in Phase 2. Verify each form points at the right project and pre-fills the right fields.
• Rebuild Portfolios, Goals, and saved reports. Portfolio rollups depend on custom number fields existing in member projects; verify the source field is the same one populated by the import.
• Re-establish integrations: SSO provisioning, calendar sync, Slack, BI/reporting connectors. Use the platform's standard integration flows and rotate any credentials that were used for the migration run.

  Risk if skipped: Long-lived credentials left active after migration are a soft target for an audit finding against a freshly-loaded dataset.

• Run a one-hour training refresher 7 days after go-live to address surfaced questions. By day 7, users have hit real workflow questions the day-one training did not cover.
• Set the source system to read-only on the announced read-only date. Confirm no edit paths remain (UI, integrations).
• Archive source-system exports (CSV, JSON, attachment binaries) to long-term storage with restricted access. Retain per the data-retention policy decided in Phase 0; encrypt at rest.

  Risk if skipped: Source archives kept on the team drive without encryption are a soft target for an audit finding.

• Schedule a 30-day post-migration retrospective. Cover what went well, what surprised, what carried forward as known issues.
• Decide and document the source-system decommission date. Typically 60–90 days after read-only, after the final retention window passes.
• Close the migration project formally: final status report, lessons-learned log, sign-off recorded. Project closure ends the engagement and frees the team to move on.