Home » Choose

Concur Information Assurance Keeps Your Company's Data Secure

Concur’s best practices, certifications and attestations ensure that client information is safe and protected.

Concur Information Assurance is a layered defence strategy that helps protect Concur client information from unauthorised access by other company employees, other Concur customers, and non-customers. Concur leverages high-granularity access control, audit logs, security scanning and continuous monitoring, all backed by a best-in-class security architecture.

Unrivaled Security

Travel and expense management can account for up to 10% of operating expenses, so for most companies, it is financially relevant. In publicly traded companies, this means Concur’s solutions become an extension of a company’s financial operations. In response, Concur voluntarily and proactively subjects its solutions to a number of widely recognised standards including:

  • ISO 27001 Certification – The world standard for IT security management practices, Concur Expense has been ISO17799 certified since 2004, and is the 18th organisation in the U.S. to be audited against the newer ISO27001.
  • SAS70 – Concur has attestations for both its expense management solutions and the hosting facility:
    • Supported by national legislation and the guidance of the American Institute of Certified Public Accountants (AICPA), Concur's SAS70 Type II attestation provides assurance of the integrity of Concur Cliqbook Travel and Concur Expense and the operations and development processes supporting it.
    • Recognising the need for nothing less than a world class hosting facility, Concur's solutions are hosted by world standard hosting providers that have SAS-70 Type II attestations.
  • PCI Compliance – Concur is a VISA Registered CISP Compliant Service Provider. Both Concur Expense applications and Concur Cliqbook Travel are recognised by VISA as being PCI compliant

Concur is a public company and hence required to be compliant with Sarbanes-Oxley. This reinforces Concur’s top-down security management to ensure the integrity, reliability and security of Concur systems.

In addition to employing state-of-the-art technology and hosting facilities, Concur Information Assurance relies on a unique combination of trained personnel, secure business processes, and frequent audits against a variety of U.S. and international standards to deliver a level of security and confidence unmatched in the industry.

Access Control

Concur’s Employee Spend Management solutions, Concur Expense, Concur Cliqbook Travel, and Concur Meeting utilise highly-configurable access controls that enable the client to set up and manage a precise level of control based on their particular company's policy. Application administrators in your company can easily add users and assign specific roles and permissions that suit your business needs.

Audit Logs

All events in Concur’s solutions are recorded in audit logs. These logs specify precisely who performed what function against which data at what time. These logs permit corporate auditors to include Concur’s solutions in financial audits and investigate instances of suspected abuse or fraud.

Security Scanning

Concur utilises enterprise-class systems and tools to scan its software and its production environment. Each service update of Concur’s expense management solutions are scanned for vulnerabilities prior to release to production. Also, Concur frequently scans its online production environments to ensure that any new vulnerabilities are promptly identified and mitigated. This scanning provides assurance that Concur and its supporting infrastructure are free of potentially harmful vulnerabilities.

Continuous Monitoring

Concur utilises enterprise-class systems and tools to continuously monitor all aspects and layers of the Concur solutions infrastructure. From Intrusion Detection Systems to resource utilisation, Concur's solutions environment is fully monitored by world-class monitoring systems and trained operations centre personnel.

"