Home Concur Premier Data Security

Data Protection & Security – Ensuring your company’s data stays safe & secure

Important to Concur, because it is important to you

The Concur® Trust Platform

Concur’s solutions, whether Concur Premier or Concur Breeze, (either Web-based or on our mobile platform), use the Concur Trust platform.

The Concur Trust platform is based on a process framework that protects information from unauthorised access embracing the two key elements required by businesses:

  • Security
  • Service management

Using industry-led best practice, high granularity access control, audit logs, vulnerability management, security scanning and continuous monitoring, all backed by a best-in class Security and Service management policy and process architecture, Concur is confident that it is employing best-in-class Service Management processes to protect your corporate data. Security is a top-priority for Concur.

To manage these processes, Concur has not only invested in state-of-the-art data security software and hosting facilities, it can also rely on a unique combination of trained personnel, mature business processes, and frequent audits against a variety of US and international standards to ensure the highest level of security is delivered.

At Concur, we want to assure you that whether you are a small business or a major corporation, your company’s financial & corporate data security is at the forefront of our minds.

Service Management

The Concur Trust Platform is continually evolving to provide a best-in-class service delivery. The Service Management process models used are founded on the time-proven IT Infrastucture Library (ITIL) process family and are audited to the ISO20000 Service Management Standard.

These processes assure that Concur data security solutions operate to meet or exceed published service levels with the highest possible reliability and in the most efficient manner possible.

Data Privacy Management

Concur takes data protection very seriously and complies with the EU Directive 95/46 EC regulating the processing of personal data.

Concur only collects the minimum personal data necessary, and only uses this information for its stated purpose.

All sensitive personal data is encrypted when transmitted and subsequently stored on Concur systems This data is only transmitted to third parties when specifically requested for agreed business services.

Personal data is never used for marketing, or other purposes.

Data Security Management

The Concur Trust Platform is also continually refined to provide best-in-class security management, and Concur’s Information Assurance processes are established from the ISO 27001 Information Security Management System (ISMS) standard. This ensures that Concur’s data security protection solutions meet the standard and are regularly audited against the standard to provide utmost confidentiality, integrity and availability to our clients.

Access Management

Access controls with Concur’s solutions are highly configurable enabling you to set up and manage a precise level of access control based on company policy.

Administrators can easily add users; assign specific roles and permissions that are consistent with your business requirements.

Vulnerability Management

Concur’s Vulnerability Management provides assurance that Concur and its supporting data security infrastructure is free from potentially harmful vulnerabilities.

We use industry recognised third party security specialists, enterprise-class security solutions and tools to regularly scan our data security software and production environments to ensure that any vulnerability is identified swiftly and mitigated.

Continuous Monitoring

Concur’s solutions environment is fully monitored by world-class monitoring data security solutions and trained, operations centre personnel. Concur uses enterprise-class data protection and security software and tools such as intrusion detection systems and resource utilisation to continuously monitor all aspects and layers of the Concur solutions infrastructure.

Compliance Management

At Concur, we understand that our travel and expense management solutions are an extension of your financial operations and as such we proactively subject our expense management solutions to a number of globally recognised standards (audits) including:

  • ISO 27001. The world standard for IT security management practices, Concur has been BS 7799 certified since 2004, and is the 18th organisation in the US to be audited against the newer ISO 27001.
  • ISO 20000. The world standard for IT Service Management practices.Concur is audited bi-annually.
  • Statement on Auditing Standards (SAS) 70. Within the US Concur has had its expense management solutions controls audit certified. Concur’s supported hosting facilities also meet the same attestations.
  • PCI Compliance. Concur is a VISA Registered CISP Compliant Service Provider. As a Level II Service Provider, Concur is audited annually by a PCI approved assessor.
  • As a US company; Concur is compliant with the Sarbanes-Oxley Act of 2002 (SOX) within the US. This reinforces Concur’s top-down security management to ensure the integrity, reliability and security of Concur’s data protection and security software.

    • Review our Security Overview document.