Concur is an SAP Company

Be Assured: Data Security You Can Trust

Data Protection

Security is a top-priority for us. We know that it cannot be compromised, and that it is essential that your corporate, financial and personal data are protected at the highest levels, at all times.

We offer you world-class security. Our Concur Trust Platform protects your data so you have the peace of mind you need to get on with your business.

Assured World-Class Security with Concur

We invest in state-of the art data security software and hosting facilities. We also employ best-in-class processes to protect your corporate data from unauthorised access. Together: these combine to form our Concur Trust Platform.

Our Concur Trust Platform is always evolving to provide you with the latest developments in service delivery. All our services and solutions use the Concur Trust Platform, whether Web-based or mobile.

Service Management

The Service Management process models used are founded on the time-proven IT Infrastructure Library (ITIL) process family and are audited to the ISO20000 Service Management Standard.

These processes provide assurance that Concur data security solutions operate to meet or exceed published service levels with the highest possible reliability and in the most efficient manner possible.

Data Privacy Management

Concur takes data protection very seriously and complies with the EU Directive 95/46 EC regulating the processing of personal data.

Concur only collects the minimum amount of personal data necessary, and only uses this information for its stated purpose.

All sensitive personal data is encrypted when transmitted and subsequently stored on Concur systems. This data is only transmitted to third parties when specifically requested for agreed business services.

Data Security Management

The Concur Trust Platform is continually refined to provide best-in-class security management. Concur's Information Assurance processes are also established from the ISO 27001 Information Security Management System (ISMS) standard.

This ensures that Concur's data security protection solutions meet the standard and are regularly audited against the standard to provide utmost confidentiality, integrity and availability to our clients.

Access Management

Access control is highly configurable - enabling you to set up and manage a precise level of access control based on company policy.

Administrators can easily add users; assign specific roles and permissions that are consistent with your business requirements.

Vulnerability Management

Concur's Vulnerability Management provides assurance that Concur and its supporting data security infrastructure is free from potentially harmful vulnerabilities.

We use industry-recognised third party security specialists, enterprise-class security solutions and tools to regularly scan our data security software and production environments to ensure that any vulnerability is identified swiftly and mitigated.

Continuous Monitoring

Our solutions environment is fully monitored by world-class monitoring data security solutions and trained, operations centre personnel.

We use enterprise-class data protection and security software as well as tools such as intrusion detection systems and resource utilisation to continuously monitor all aspects and layers of our solutions infrastructure.

Compliance Management

We know that our travel and expense management solution is an extension of your financial operations and so we proactively subject our solution to a number of globally recognised standards.

The standards (audits) include:

  • ISO 27001. The world standard for IT security management practices, Concur has been BS 7799 certified since 2004, and is one of the first 20 organisation in the whole of the United States (US) to be audited against the newer ISO 27001.
  • ISO 20000. The world standard for IT Service Management practices. Concur is audited bi-annually.
  • Statement on Auditing Standards (SAS) 70. Within the US, Concur has had its expense management solutions controls audit certified. Concur's supported hosting facilities also meet the same attestations.
  • PCI Compliance. Concur is a VISA Registered CISP Compliant Service Provider. As a Level II Service Provider, Concur is audited annually by a PCI approved assessor.
  • As a US company; Concur is compliant with the Sarbanes-Oxley Act of 2002 (SOX) within the US. This reinforces Concur's top-down security management to ensure the integrity, reliability and security of Concur's data protection and security software.