Concur is an SAP Company

Never compromise on security.

Safely and confidently leverage cloud computing.

Contact Me

Government: New Security page

Minimize risk, maximize security.

The Concur Trust Platform guarantees the highest level of data security by operating on a framework of audited processes and controls that protect your information from unauthorized access

Concur complies with a broad range of regulatory, national, and international standards. Concur meets NIST SP 800 53 security control requirements by using a strong framework of controls, leveraging national and international standards for security and service delivery, and developing secure software.

We have high standards.

Concur voluntarily and proactively subjects its solutions to a number of widely recognized standards including:

  • ISO 27001 - The world standard for IT security management practices.
  • ISO 20000 - The world standard for IT Service Management practices.
  • SSAE 16 - For Concur expense management solutions and supporting hosting facilities.
  • PCI Compliance - Concur is a VISA Registered, Level II CISP Compliant Service Provider.

These standards are augmented with additional controls to meet Office of Management and Budget (OMB) guidance, National Institute of Standards and Technology (NIST) security standards, and Privacy Act requirements.

Concur Government Edition is rated as Moderate using the NIST Federal Information Processing Security (FIPS) Publication200.

Data security.

All data that is processed by Concur on behalf of the U.S. government within the accreditation boundary is stored encrypted using algorithms required by NIST. All data is encrypted using FIPS 140-2 specifications, including data at rest (DAR) and data moving between the Concur data center and the agency’s computing environment.

Contingency planning and continuity of operations.

Concur operates a resilient, high-availability architecture to ensure that service performance continues to meet client expectations in the event of a failure. This means that every tier of the architecture has either multiple servers in a cluster or multiple network or storage area network (SAN) paths so that there is no single point of failure. Every key component is implemented in parallel.

Concur’s data centers are located at Tier 4 collocation facilities. Physical access is managed through state-of-the-art technology, and is audited by a third party bi-annually. Concur is also compliant and registered to ISO 27001 which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP).