Even our passwords have passwords.
The Concur Trust Platform provides data security by operating on a framework of audited processes and controls that protect your information from unauthorized access.
Concur's Cloud Computing Security Strategy
- Service management - Periodic management reviews and continuous improvement processes mean that the Concur Trust Platform is continually honed to provide service delivery.
- Privacy management - We collect only the minimum necessary personally identifiable information (PII) and use it only for stated purposes.
- Security management - Concur Information Assurance processes are founded on and audited to the internationally recognized ISO 27001 Security Management standard.
- Access management - Highly configurable access controls enable you to set up and manage a precise level of control based on your company's policy.
- Vulnerability management - We utilize industry recognized third party security specialists, enterprise-class systems and tools to scan our software and production environment to ensure that weaknesses are identified and mitigated.
- Continuous monitoring - Concur utilizes enterprise-class systems and tools to continuously monitor all aspects and layers of the Concur solutions infrastructure from Intrusion Detection Systems to resource utilization.
- Compliance management - Concur voluntarily and proactively subjects its expense management solutions to a number of widely recognized standards including:
- - ISO 27001 - The world standard for IT security management practices.
- - ISO 20000 - The world standard for IT Service Management practices.
- - SSAE 18 - For Concur expense management solutions and supporting hosting facilities.
- - PCI Compliance - Concur is a VISA Registered, Level II CISP Compliant Service Provider.