The Concur Trust Platform guarantees the highest level of data security by operating on a framework of audited processes and controls that protect your information from unauthorized access
Concur complies with a broad range of regulatory, national, and international standards. Concur meets NIST SP 800 53 security control requirements by using a strong framework of controls, leveraging national and international standards for security and service delivery, and developing secure software.
Concur voluntarily and proactively subjects its solutions to a number of widely recognized standards including:
These standards are augmented with additional controls to meet Office of Management and Budget (OMB) guidance, National Institute of Standards and Technology (NIST) security standards, and Privacy Act requirements.
Concur Government Edition is rated as Moderate using the NIST Federal Information Processing Security (FIPS) Publication200.
All data that is processed by Concur on behalf of the U.S. government within the accreditation boundary is stored encrypted using algorithms required by NIST. All data is encrypted using FIPS 140-2 specifications, including data at rest (DAR) and data moving between the Concur data center and the agency’s computing environment.
Concur operates a resilient, high-availability architecture to ensure that service performance continues to meet client expectations in the event of a failure. This means that every tier of the architecture has either multiple servers in a cluster or multiple network or storage area network (SAN) paths so that there is no single point of failure. Every key component is implemented in parallel.
Concur’s data centers are located at Tier 4 collocation facilities. Physical access is managed through state-of-the-art technology, and is audited by a third party bi-annually. Concur is also compliant and registered to ISO 27001 which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP).