Concur

SAP Concur Expense Premium Edition

SAP Concur takes companies beyond automation to a completely connected expense management solution. As the global leader for Expense Management the premium edition provides customization and ensures Visibility and Compliance of spend whilst reducing cost and improving efficiency and reducing admin.

Features

• P-Card/Credit Card Integration
• Mobile application allows users to submit, manage and approve
• OCR technology to automate Expense submissions
• Easily integrates to your HR and Finance systems
• Real Time Reporting of employee spend with over 200 reports
• Inbuilt Expense Policy rules
• Accurate mileage capture via map and GPS technology
• Enables accurate VAT Reclaim

Benefits

• Full Visibility of spend with real time reporting
• Improve user experience including mobile access
• Ensure Compliance to policy to reduce risk and save money
• Digital capture and Storage of receipts to reduce cost
• Accurate capture and storage of receipts to reduce cost
• Accurate capture and reporting of expenses to allow VAT reclaim
• Accurate mileage capture to reduce cost and and improve visibility
• Cloud technology to allow quick and easy deployment
• Increase speed of reimbursement
• Automation of back office manual administration tasks

£0.21 to £7.75 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.goodenough@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

620773858683909

Contact

Gary Goodenough
07778 555150
gary.goodenough@sap.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our solution has reserved a standard maintenance window for the North America Data Centre customers every Saturday from 5pm to 9pm Pacific Time (PT) and for EMEA Data Centre customers every Saturday from 11pm to 3am Central European Time (CET). Monthly Travel and Expense release updates will also take place during this standard maintenance window. Concur operates a browser certification process for popular browser versions, un-certified browsers are unsupported (should an issue arise against an un-certified browser version it may not be addressed).
• System requirements:
  • Internet connectivity
  • HTML compatible
  • Javascript enabled web browser
  • Android and IOS supported for mobile application

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response level depends on severity of the issue and support package provided. Please Refer: https://www.sap.com/about/trust-center/agreements/cloud/cloud-services.html?search=Support&sort=latest_desc&tag=language%3Aenglish&pdf-asset=beea22a6-467e-0010-bca6-c68f7e60039b&page=1
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: SAP Concur Accessibility Standard - WCAG 2.2 A & WCAG 2.2 AA and EN 301 549
• Web chat accessibility testing: SAP's software is tested in their central accessibility testing unit in a combination of manual and automated testing. SAP’s follows globally recognized accessibility testing rules and practices to ensure reproducible test results. The exchange with external testing agencies and accessibility professionals is crucial to ensure a common understanding with regards to a successful accessibility support. Tests are performed with specific combinations of assistive technologies (such as screen readers like JAWS) and User Agents (such as browsers), together with tools like Colour Contrast Analyser. On mobile devices, we utilize VoiceOver (on iOS) and TalkBack (on Android).
• Onsite support: Yes, at extra cost
• Support levels: The following support levels are available: Enterprise Support, cloud editions: Foundational engagement support with focus on customer interaction and issue resolution. Provided at no additional cost. User Support Desk: End user support. Customers can have their end users receive support directly from SAP Concur. SAP Select Care: An add-on to SAP Enterprise Support, cloud editions that includes strategic guidance and customer-specific best practices to help drive user adoption and value realization (Representation below includes SAP Enterprise Support, cloud editions)
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost
• End-of-contract process: Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.; API documentation.; Developer Center:; https://developer.concur.com
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.

Scaling

• Independence of resources: SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments

Analytics

• Service usage metrics: Yes
• Metrics types: Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted SFTP
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • PDF
  • Microsoft Excel
  • Text
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • Restful API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: PGP encryption of batch files, exchanged via SFTP
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Guaranteed availability 99.7% System Availability percentage during each month, assured by contractual commitment
• Approach to resilience: Available upon request. See AWS : https://aws.amazon.com/compliance/data-center/controls/
• Outage reporting: Any unplanned downtime will be alerted to customer via email and customer support portals

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Concur provides SAML2 based Single-sign-on options
• Access restrictions in management interfaces and support channels: Channels Via IP filtering, multi factor authentication and further information available on request
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: All support access to Concur customer systems requires triple-factor authentication, regardless of the Concur staff member’s location (even if in a Concur worksite). This multi-factor authentication employs a digital certificate on a USB key, a one-time password (similar to SecureID), PIN, as well as the employee’s userid and password.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: MSECB
• ISO/IEC 27001 accreditation date: 07/09/2016
• What the ISO/IEC 27001 doesn’t cover: SAP Concur can share this information on request
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 21-12-2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: SAP Concur can provide information on request.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Inc
• PCI DSS accreditation date: 31/07/2017
• What the PCI DSS doesn’t cover: SAP Concur can share this information on request
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • ISO 22301
  • ISO 9001
  • BS 10012
  • SSAE18 SOC 1
  • SSAE18 SOC 2 (Type II)
  • PCI-DSS
  • SOX
  • CSA Star Level 1 (self-certified)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC1 Type II - Annual audit • SOC2 Type II - Annual audit • PCI DSS. SAP Concur is a VISA Registered CISP Compliant Service Provider. • Sarbanes Oxley. • FISMA (Federal Information Security Management Act).
• Information security policies and processes: Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre - https://www.sap.com/uk/about/cloud-trust-center.html

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2013 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.Please refer : https://www.sap.com/about/trust-center/security.html
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) networks.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SAP is committed to a future sustainable world and acts as both an exemplar and enabler of sustainability. For the 16th consecutive year, SAP was named the Software Industry Leader in the Dow Jones Sustainability Index - https://www.sap.com/sustainability/our-approach.html. SAP is committed to fighting climate change by reducing carbon and other emissions. SAP became Carbon Neutral by 2023 and will be Net Zero by 2030. ; On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. For fighting climate change, we expect that this plan will include:; • supporting your journey to Net Zero by ensuring renewable energy is used in the data centres providing the services and that all services will be 100% carbon neutral from the first day of service.; • offer a workshop to the buyer’s team on the sustainability features of the product that has been purchased and / or the wider SAP suite of sustainability offerings such as the Sustainability Control Tower.; • Work with the buyer’s team to promote the free, high-quality learning about sustainability that is available and free to any member of the public on the Open SAP learning portal at https://learning.sap.com.

  Covid-19 recovery

  On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. To help local communities to manage and recover from the impact of COVID-19, SAP can support buyers in several areas. As part of the Social Value Action plan, SAP will:; • To support re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP learning portal at https://learning.sap.com. Currently available courses include topics like Circular Economies, Opportunities from a Digitally Transformed Economy and New Work and Purpose.; • SAP offers buyers support in key areas for social value relating to COVID 19 Recovery – new ways of working to deliver services; support for the physical and mental health of people affected by COVID-19 and improved workplace conditions such as remote working and sustainable travel solutions. As part of the Social Value Action plan, we will offer a workshop to explain the support we can offer and add tasks to the plan where appropriate.

  Tackling economic inequality

  There are two themes outlined in the guidance relating to this area of social value - Create new businesses, new jobs and new skills; and increase supply chain resilience and capacity.; With respect to skills, as part of the annual Social Value Action plan: ; • SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP Learning portal at https://learning.sap.com. Currently courses cover a range of in demand skills in the IT industry such as Artificial Intelligence, Analytics and Application Development. For these courses, where relevant, SAP will also provide access to technical platforms at no charge so that students may complete the practical learning components of each course.; With respect to increasing supply chain resilience and capacity, as part of the annual Social Value Action plan:; • SAP will offer to brief the buyer’s procurement and finance teams on the opportunities relating to the SAP Ariba Procurement offering. This could include on-boarding the buyer’s suppliers to the SAP Business Network, a €3.2TN marketplace for suppliers where they can grow their businesses. SAP Ariba Procurement also offers capabilities around supplier risk management to ensure that the buyer’s supply chain achieves the desired level of resilience. The guided buying capabilities of SAP Ariba Procurement also allow the buyer to make it easy for staff to support and comply with organisational social objectives, for example spending with sustainable enterprises or local small businesses. SAP will also share our learnings from 5 by 5 in ’25, an initiative designed to encourage organizations across industries to direct more of their addressable spend toward certified social-enterprise and diverse-business suppliers. https://news.sap.com/2020/10/sap-launches-55by25-purposeful-procurement/

  Equal opportunity

  SAP is committed to being one of the most diverse and inclusive software companies in the world. We proactively promote diversity, inclusion, and social justice and work to ensure that our workforce reflects the gender parity and demographics of all the regions where we have employees. We make every effort to ensure that all stages of the employee lifecycle are inclusive to enable employee success. As part of the Social Value Action plan, SAP will propose a Social Innovation Workshop to explore areas of equal opportunity and look at how we approach diversity and inclusion to see how a shared approach with the buyer could help the buyer’s staff and communities that the buyer serves. For example, SAP supports the following organisations and initiatives:; Stemettes is an award-winning social enterprise working across the UK & Ireland and beyond to inspire and support young women and young non-binary people into Science, Technology, Engineering and Maths careers (known collectively as STEM).; Enactus UK – SAP is the Platinum technology partner for Enactus UK, giving access to one of the UK’s largest innovation and entrepreneur networks in the UK. Enactus allows teams of students all over the country to work together to find innovative solutions to social issues within their local and international communities;; Apps For Good believes that all young people should be empowered to take action on the things they care about most. They provide free tech innovation courses to schools, giving teachers ready-made education content, so young people from all backgrounds can develop computing and essential skills to create a brighter future through technology. Apps For Good partner with leading brands to keep their course content 100% free of charge to schools, as well as giving students the opportunity to directly benefit from their industry expertise.

  Wellbeing

  As part of the Social Innovation Workshop described in the Equal Opportunity section, SAP will include the theme of ‘Wellbeing’ to review optional initiatives that can be added to the Social Value Action plan. For example:; • Innovation – SAP offers clients the ability to run innovation workshops on themes that are important to clients. This is often in collaboration with users and communities who can codesign and create a proof of concept of solutions that would address specific challenges and opportunities. We will also offer free training on innovation topics via our SAP Learning portal - https://learning.sap.com. Current courses include Intrapreneurship – Employee-driven Innovation.; • Employee and community pulse – SAP is a leading provider of solutions relating to personal wellbeing. We offer to share our learnings of what works well for different challenges and situations that clients wish to explore. We can share examples of how organisations have supported the physical and mental health of their workforce. A current example would be around working practices and return to work in a post COVID pandemic world. ; • Self-service and a great user experience are key principles of SAP services. We will share insights learned from working with many public service organisations and the world’s most recognised brands on how digital services can bring people and communities together. These insights may then trigger actions that can be added to the Social Value Action plan.

Pricing

• Price: £0.21 to £7.75 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.goodenough@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.