Rest assured – our data security platform isn't confusing

The Concur Trust Platform is founded on two key elements necessary in any business, good security and service management, both based on a process framework that helps protect information from unauthorised access. Concur leverages industry best practices in cloud computing, high granularity access control, audit logs, vulnerability management, security scanning and continuous monitoring, all backed by a best-in-class Security and Service Management policy and process architecture.

In addition to employing best-in-class Service Management processes, state-of-the-art technology and hosting facilities, Concur’s Trust Platform relies on a unique combination of trained personnel, mature business processes, and frequent audits against a variety of international standards to deliver a high level of security. Review the Concur Trust Platform brochure. Ultimately, the security measures taken by Concur assure our clients that their business and corporate financial data remain secure within the cloud.

Service management

Concur’s Service Management processes are modelled on the time-proven ITIL (IT Infrastructure Library) process family and audited to the ISO 20000 Service Management standard. These processes assure that Concur’s cloud computing services operate to meet or exceed published service levels with the highest possible reliability in the most efficient manner. Periodic management review and continuous improvement processes mean that Concur’s Trust Platform is continually honed to provide best in class service delivery. Review our Security Overview document.

Privacy management

Concur collects only the minimum necessary personally identifiable information (PII) and uses it only for stated purposes. Sensitive PII is encrypted when transmitted and stored on Concur systems. PII is transmitted to third parties only when specifically required to provide agreed upon business services. PII is never used for marketing or other purposes.

Security management

Concur’s Information Assurance processes are founded on and audited to the internationally recognised ISO 27001 Security Management standard. This ensures that Concur’s cloud computing services are operated to meet the international standards for security management and provides the assurance that Concur’s services provide confidentiality, integrity and availability. Periodic management assessment and continuous improvement processes mean that Concur’s Trust Platform is continually honed to provide best in class security management.

Access management

Concur’s solutions utilise highly configurable access controls that enable you to set up and manage a precise level of control based on your company’s policy. Application administrators in your company can easily add users and assign specific roles and permissions that suit your business needs.

Vulnerability management

Concur utilises industry recognised third party security specialists, enterprise-class systems and tools to scan its software and its production environment. Concur frequently scans its online production environments to ensure that any vulnerabilities are promptly identified and mitigated. This vulnerability management provides assurance that Concur and its supporting cloud computing infrastructure are free of potentially harmful vulnerabilities.

Continuous monitoring

Concur utilises enterprise-class systems and tools to continuously monitor all aspects and layers of the Concur solutions infrastructure. From Intrusion Detection Systems to resource utilisation, Concur’s environment is fully monitored by world class monitoring systems and trained operations centre personnel.

Compliance management

Travel and expense management in most companies is financially relevant. In publicly-traded companies, this means Concur’s cloud computing solutions become an extension of a company’s financial operations. In response, Concur voluntarily and proactively subjects its travel and expense management solutions to a number of widely recognised standards including:

  • ISO 27001. The world standard for IT security management practices, Concur has been BS 7799 certified since 2004, and is among some of the first organisations in the U.S. to be audited against the newer ISO 27001.
  • ISO 20000. The world standard for IT Service Management practices, Concur is audited bi-annually.
  • SAS70 – Concur has attestations for both Concur expense management solutions and supporting hosting facilities.
  • PCI Compliance. Concur is a VISA Registered CISP Compliant Service Provider. As a Level II Service Provider, Concur is audited annually by a PCI approved assessor.