Data Security

Even our passwords have passwords.

At Concur, we believe there is no compromise for security. The Concur Trust Platform provides data security by operating on a framework of audited processes and controls that protect your information from unauthorized access.


Concur's Cloud Computing Security Strategy

  • Service management - Periodic management reviews and continuous improvement processes mean that the Concur Trust Platform is continually honed to provide service delivery.
  • Privacy management - We collect only the minimum necessary personally identifiable information (PII) and use it only for stated purposes.
  • Security management - Concur Information Assurance processes are founded on and audited to the internationally recognized ISO 27001 Security Management standard.
  • Access management - Highly configurable access controls enable you to set up and manage a precise level of control based on your company's policy.
  • Vulnerability management - We utilize industry recognized third party security specialists, enterprise-class systems and tools to scan our software and production environment to ensure that any weaknesses are promptly identified and mitigated.
  • Continuous monitoring - Concur utilizes enterprise-class systems and tools to continuously monitor all aspects and layers of the Concur solutions infrastructure from Intrusion Detection Systems to resource utilization.
  • Compliance management - Concur voluntarily and proactively subjects its expense management solutions to a number of widely recognized standards including:
    • - ISO 27001 - The world standard for IT security management practices.
    • - ISO 20000 - The world standard for IT Service Management practices.
    • - SSAE 16 - For Concur expense management solutions and supporting hosting facilities.
    • - PCI Compliance - Concur is a VISA Registered, Level II CISP Compliant Service Provider.