Concur is an SAP Company

Data Security

Even our passwords have passwords.

At Concur, we believe there is no compromise for security. The Concur Trust Platform provides data security by operating on a framework of audited processes and controls that protect your information from unauthorized access.

Concur's Cloud Computing Security Strategy

  • Service management - Periodic management reviews and continuous improvement processes mean that the Concur Trust Platform is continually honed to provide service delivery.
  • Privacy management - We collect only the minimum necessary personally identifiable information (PII) and use it only for stated purposes.
  • Security management - Concur Information Assurance processes are founded on and audited to the internationally recognized ISO 27001 Security Management standard.
  • Access management - Highly configurable access controls enable you to set up and manage a precise level of control based on your company's policy.
  • Vulnerability management - We utilize industry recognized third party security specialists, enterprise-class systems and tools to scan our software and production environment to ensure that any weaknesses are promptly identified and mitigated.
  • Continuous monitoring - Concur utilizes enterprise-class systems and tools to continuously monitor all aspects and layers of the Concur solutions infrastructure from Intrusion Detection Systems to resource utilization.
  • Compliance management - Concur voluntarily and proactively subjects its expense management solutions to a number of widely recognized standards including:
    • - ISO 27001 - The world standard for IT security management practices.
    • - ISO 20000 - The world standard for IT Service Management practices.
    • - SSAE 16 - For Concur expense management solutions and supporting hosting facilities.
    • - PCI Compliance - Concur is a VISA Registered, Level II CISP Compliant Service Provider.