Skip to main content

Help us improve the Digital Marketplace - send your feedback

Concur

SAP Concur Expense Premium Edition

SAP Concur takes companies beyond automation to a completely connected expense management solution. As the global leader for Expense Management the premium edition provides customization and ensures Visibility and Compliance of spend whilst reducing cost and improving efficiency and reducing admin.

Features

  • P-Card/Credit Card Integration
  • Mobile application allows users to submit, manage and approve
  • OCR technology to automate Expense submissions
  • Easily integrates to your HR and Finance systems
  • Real Time Reporting of employee spend with over 200 reports
  • Inbuilt Expense Policy rules
  • Accurate mileage capture via map and GPS technology
  • Enables accurate VAT Reclaim

Benefits

  • Full Visibility of spend with real time reporting
  • Improve user experience including mobile access
  • Ensure Compliance to policy to reduce risk and save money
  • Digital capture and Storage of receipts to reduce cost
  • Accurate capture and storage of receipts to reduce cost
  • Accurate capture and reporting of expenses to allow VAT reclaim
  • Accurate mileage capture to reduce cost and and improve visibility
  • Cloud technology to allow quick and easy deployment
  • Increase speed of reimbursement
  • Automation of back office manual administration tasks

Pricing

£0.21 to £7.75 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.goodenough@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 2 0 7 7 3 8 5 8 6 8 3 9 0 9

Contact

Concur Gary Goodenough
Telephone: 07778 555150
Email: gary.goodenough@sap.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Our solution has reserved a standard maintenance window for the North America Data Centre customers every Saturday from 5pm to 9pm Pacific Time (PT) and for EMEA Data Centre customers every Saturday from 11pm to 3am Central European Time (CET). Monthly Travel and Expense release updates will also take place during this standard maintenance window. Concur operates a browser certification process for popular browser versions, un-certified browsers are unsupported (should an issue arise against an un-certified browser version it may not be addressed).
System requirements
  • Internet connectivity
  • HTML compatible
  • Javascript enabled web browser
  • Android and IOS supported for mobile application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response level depends on severity of the issue and support package provided. Please Refer: https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Support&sort=latest_desc&tag=language%3Aenglish&pdf-asset=beea22a6-467e-0010-bca6-c68f7e60039b&page=1
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
SAP Concur Accessibility Standard - WCAG 2.2 A & WCAG 2.2 AA and EN 301 549
Web chat accessibility testing
SAP's software is tested in their central accessibility testing unit in a combination of manual and automated testing. SAP’s follows globally recognized accessibility testing rules and practices to ensure reproducible test results. The exchange with external testing agencies and accessibility professionals is crucial to ensure a common understanding with regards to a successful accessibility support. Tests are performed with specific combinations of assistive technologies (such as screen readers like JAWS) and User Agents (such as browsers), together with tools like Colour Contrast Analyser. On mobile devices, we utilize VoiceOver (on iOS) and TalkBack (on Android).
Onsite support
Yes, at extra cost
Support levels
The following support levels are available: Enterprise Support, cloud editions: Foundational engagement support with focus on customer interaction and issue resolution. Provided at no additional cost. User Support Desk: End user support. Customers can have their end users receive support directly from SAP Concur. SAP Select Care: An add-on to SAP Enterprise Support, cloud editions that includes strategic guidance and customer-specific best practices to help drive user adoption and value realization (Representation below includes SAP Enterprise Support, cloud editions)
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost
End-of-contract process
Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
API documentation.
Developer Center:
https://developer.concur.com
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.

Scaling

Independence of resources
SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments

Analytics

Service usage metrics
Yes
Metrics types
Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted SFTP
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • Microsoft Excel
  • Text
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Restful API

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
PGP encryption of batch files, exchanged via SFTP
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Guaranteed availability 99.7% System Availability percentage during each month, assured by contractual commitment
Approach to resilience
Available upon request. See AWS : https://aws.amazon.com/compliance/data-center/controls/
Outage reporting
Any unplanned downtime will be alerted to customer via email and customer support portals

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Concur provides SAML2 based Single-sign-on options
Access restrictions in management interfaces and support channels
Channels Via IP filtering, multi factor authentication and further information available on request
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
All support access to Concur customer systems requires triple-factor authentication, regardless of the Concur staff member’s location (even if in a Concur worksite). This multi-factor authentication employs a digital certificate on a USB key, a one-time password (similar to SecureID), PIN, as well as the employee’s userid and password.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
MSECB
ISO/IEC 27001 accreditation date
07/09/2016
What the ISO/IEC 27001 doesn’t cover
SAP Concur can share this information on request
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
21-12-2023
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
SAP Concur can provide information on request.
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
31/07/2017
What the PCI DSS doesn’t cover
SAP Concur can share this information on request
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • ISO 27001
  • ISO 22301
  • ISO 9001
  • BS 10012
  • SSAE18 SOC 1
  • SSAE18 SOC 2 (Type II)
  • PCI-DSS
  • SOX
  • CSA Star Level 1 (self-certified)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC1 Type II - Annual audit • SOC2 Type II - Annual audit • PCI DSS. SAP Concur is a VISA Registered CISP Compliant Service Provider. • Sarbanes Oxley. • FISMA (Federal Information Security Management Act).
Information security policies and processes
Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre - https://www.sap.com/uk/about/cloud-trust-center.html

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2013 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.Please refer : https://www.sap.com/about/trust-center/security.html
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) networks.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

SAP is committed to a future sustainable world and acts as both an exemplar and enabler of sustainability. For the 16th consecutive year, SAP was named the Software Industry Leader in the Dow Jones Sustainability Index - https://www.sap.com/sustainability/our-approach.html. SAP is committed to fighting climate change by reducing carbon and other emissions. SAP became Carbon Neutral by 2023 and will be Net Zero by 2030.
On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. For fighting climate change, we expect that this plan will include:
• supporting your journey to Net Zero by ensuring renewable energy is used in the data centres providing the services and that all services will be 100% carbon neutral from the first day of service.
• offer a workshop to the buyer’s team on the sustainability features of the product that has been purchased and / or the wider SAP suite of sustainability offerings such as the Sustainability Control Tower.
• Work with the buyer’s team to promote the free, high-quality learning about sustainability that is available and free to any member of the public on the Open SAP learning portal at https://learning.sap.com.

Covid-19 recovery

On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. To help local communities to manage and recover from the impact of COVID-19, SAP can support buyers in several areas. As part of the Social Value Action plan, SAP will:
• To support re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP learning portal at https://learning.sap.com. Currently available courses include topics like Circular Economies, Opportunities from a Digitally Transformed Economy and New Work and Purpose.
• SAP offers buyers support in key areas for social value relating to COVID 19 Recovery – new ways of working to deliver services; support for the physical and mental health of people affected by COVID-19 and improved workplace conditions such as remote working and sustainable travel solutions. As part of the Social Value Action plan, we will offer a workshop to explain the support we can offer and add tasks to the plan where appropriate.

Tackling economic inequality

There are two themes outlined in the guidance relating to this area of social value - Create new businesses, new jobs and new skills; and increase supply chain resilience and capacity.
With respect to skills, as part of the annual Social Value Action plan:
• SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP Learning portal at https://learning.sap.com. Currently courses cover a range of in demand skills in the IT industry such as Artificial Intelligence, Analytics and Application Development. For these courses, where relevant, SAP will also provide access to technical platforms at no charge so that students may complete the practical learning components of each course.
With respect to increasing supply chain resilience and capacity, as part of the annual Social Value Action plan:
• SAP will offer to brief the buyer’s procurement and finance teams on the opportunities relating to the SAP Ariba Procurement offering. This could include on-boarding the buyer’s suppliers to the SAP Business Network, a €3.2TN marketplace for suppliers where they can grow their businesses. SAP Ariba Procurement also offers capabilities around supplier risk management to ensure that the buyer’s supply chain achieves the desired level of resilience. The guided buying capabilities of SAP Ariba Procurement also allow the buyer to make it easy for staff to support and comply with organisational social objectives, for example spending with sustainable enterprises or local small businesses. SAP will also share our learnings from 5 by 5 in ’25, an initiative designed to encourage organizations across industries to direct more of their addressable spend toward certified social-enterprise and diverse-business suppliers. https://news.sap.com/2020/10/sap-launches-55by25-purposeful-procurement/

Equal opportunity

SAP is committed to being one of the most diverse and inclusive software companies in the world. We proactively promote diversity, inclusion, and social justice and work to ensure that our workforce reflects the gender parity and demographics of all the regions where we have employees. We make every effort to ensure that all stages of the employee lifecycle are inclusive to enable employee success. As part of the Social Value Action plan, SAP will propose a Social Innovation Workshop to explore areas of equal opportunity and look at how we approach diversity and inclusion to see how a shared approach with the buyer could help the buyer’s staff and communities that the buyer serves. For example, SAP supports the following organisations and initiatives:
Stemettes is an award-winning social enterprise working across the UK & Ireland and beyond to inspire and support young women and young non-binary people into Science, Technology, Engineering and Maths careers (known collectively as STEM).
Enactus UK – SAP is the Platinum technology partner for Enactus UK, giving access to one of the UK’s largest innovation and entrepreneur networks in the UK. Enactus allows teams of students all over the country to work together to find innovative solutions to social issues within their local and international communities;
Apps For Good believes that all young people should be empowered to take action on the things they care about most. They provide free tech innovation courses to schools, giving teachers ready-made education content, so young people from all backgrounds can develop computing and essential skills to create a brighter future through technology. Apps For Good partner with leading brands to keep their course content 100% free of charge to schools, as well as giving students the opportunity to directly benefit from their industry expertise.

Wellbeing

As part of the Social Innovation Workshop described in the Equal Opportunity section, SAP will include the theme of ‘Wellbeing’ to review optional initiatives that can be added to the Social Value Action plan. For example:
• Innovation – SAP offers clients the ability to run innovation workshops on themes that are important to clients. This is often in collaboration with users and communities who can codesign and create a proof of concept of solutions that would address specific challenges and opportunities. We will also offer free training on innovation topics via our SAP Learning portal - https://learning.sap.com. Current courses include Intrapreneurship – Employee-driven Innovation.
• Employee and community pulse – SAP is a leading provider of solutions relating to personal wellbeing. We offer to share our learnings of what works well for different challenges and situations that clients wish to explore. We can share examples of how organisations have supported the physical and mental health of their workforce. A current example would be around working practices and return to work in a post COVID pandemic world.
• Self-service and a great user experience are key principles of SAP services. We will share insights learned from working with many public service organisations and the world’s most recognised brands on how digital services can bring people and communities together. These insights may then trigger actions that can be added to the Social Value Action plan.

Pricing

Price
£0.21 to £7.75 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.goodenough@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.