Concur’s Trust Platform – Service and Information Assurance keeps Your Company’s Information Secure and Services Available
Concur’s best practices, certifications and attestations ensure that client information is safe and protected and that services are available and perform properly
WHAT IS THE CONCUR TRUST PLATFORM?
Click here to receive your copy of the Concur Trust Platform brochure. The Concur® Trust Platform is founded on two key elements necessary in any business, good Security and Service Management, which is based on a framework of processes that helps protect Concur client information from unauthorized access. This ensures that Concur’s online services continue to operate to meet the service levels that Concur provides its customers. Concur leverages industry best practice Service Management processes, high granularity access control, audit logs, vulnerability management , security scanning and continuous monitoring, all backed by a best-in-class Security and Service Management policies and process architecture. In addition to employing best-in-class service management processes, state-of-the-art technology and hosting facilities, Concur’s Trust Platform relies on a unique combination of trained personnel, mature business processes, and frequent audits against a variety of U.S. and international standards to deliver a level of security and confidence unmatched in the industry.
SERVICE MANAGEMENT
Click here to receive your copy of the Security Overview document. Concur’s Service Management processes are modeled after the time-proven ITIL (IT Infrastructure Library) process family and audited to the ISO 20000 Service Management standard. These processes assure that Concur solutions operate to meet or exceed published service levels with the highest possible reliability in the most efficient manner. Periodic management review and continuous improvement processes mean that Concur’s Trust Platform is continually honed to provide best in class service delivery.
PRIVACY MANAGEMENT
Concur collects only the minimum necessary personally identifiable information (PII) and uses it only for stated purposes. Sensitive PII is encrypted when transmitted and stored on Concur systems. PII is transmitted to third parties only when specifically required to provide agreed upon business services. PII is never used for marketing or other purposes. Concur complies with the EU Directive 95/46 EC.
SECURITY MANAGEMENT
Concur’s Information Assurance processes are founded on and audited to the internationally recognized ISO 27001 Security Management standard. This ensures that Concur’s solutions are operated to meet the international standards for security management and provides the assurance that Concur’s services provide Confidentiality, Integrity and Availability. Periodic management assessment and continuous improvement processes mean that Concur’s Trust Platform is continually honed to provide best in class security management.
ACCESS MANAGEMENT
Concur’s corporate travel and expense management solutions, Concur®
Expense, Concur® Cliqbook Travel, Concur® Travel & Expense, and Concur® Meeting, utilize highly configurable access controls that enable the client to set up and manage a precise level of control based on their particular company’s policy. Application administrators in your company can easily add users and assign specific roles and permissions that suit your business needs.
VULNERABILITY MANAGEMENT
Concur utilizes industry recognized third party security specialists,
enterprise-class systems and tools to scan its software and its production
environment. Each of Concur’s expense management solutions are periodically
assessed for vulnerabilities and serious vulnerabilities are removed. Also, Concur frequently scans its online production environments to ensure that any new vulnerabilities are promptly identified and mitigated. This vulnerability management provides assurance that Concur and its supporting infrastructure are free of potentially harmful vulnerabilities.
CONTINUOUS MONITORING
Concur utilizes enterprise-class systems and tools to continuously
monitor all aspects and layers of the Concur solutions infrastructure.
From Intrusion Detection Systems to resource utilization, Concur’s solutions
environment is fully monitored by world class monitoring systems and trained
operations center personnel.
COMPLIANCE MANAGEMENT
Travel and expense management in most companies is financially relevant. In publicly-traded companies, this means Concur’s solutions become an extension of a company’s financial operations. In response, Concur voluntarily and proactively subjects Concur expense management solutions to a number of widely recognized standards including:
- ISO 27001. The world standard for IT security management practices, Concur has been BS 7799 certified since 2004, and is the 18th
organisation in the U.S. to be audited against the newer ISO 27001. - ISO 20000. The world standard for IT service management practices, Concur is audited bi-annually.
- SAS70 – Concur has attestations for both Concur expense management solutions and supporting hosting facilities.
- PCI Compliance. Concur is a VISA Registered CISP Compliant Service Provider. As a Level II Service Provider, Concur is audited annually by a PCI approved assessor. Additionally, Concur is a public company and hence required to be compliant with Sarbanes-Oxley. This reinforces Concur’s top-down security management to ensure the integrity, reliability and security of Concur systems.