SAP Concur Invoice Standard Edition

Concur Invoice allows you to capture and automate paper and electronic invoices, then integrate those payments into a single system for managing all of your spending. You’ll literally be able to track every penny in one, simple AP system—and access it anytime, anywhere with the Concur mobile app.


  • Automate all your invoice capture, processing and reporting
  • Mobile application for approvals on the move
  • OCR technology to remove the need for paper invoices
  • Easily integrates to your HR and Finance systems
  • Real Time Reporting
  • Three Way Matching tools


  • Full Visibility of spend with real time reporting
  • Improve user experience
  • Save costs by auomating by up to 60%
  • Increase invoice processing and approval times
  • Cloud Technology to allow quick and easy deployment
  • Simplify the process and automate approvals


£0.69 to £3.24 per unit

Service documents

G-Cloud 11



David Hipwell

07920 478721

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Our solution has reserved a standard maintenance window for the North America Data Centre customers every Saturday from 5pm to 9pm Pacific Time (PT) and for EMEA Data Centre customers every Saturday from 11pm to 3am Central European Time (CET). Monthly Travel and Expense release updates will also take place during this standard maintenance window. Concur operates a browser certification process for popular browser versions, un-certified browsers are unsupported (should an issue arise against an un-certified browser version it may not be addressed).
System requirements
  • Internet connectivity
  • HTML compatible
  • Javascript enabled web browser
  • Android and IOS supported for mobile application

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels The following support levels are available: Enterprise Support, cloud editions: Foundational engagement support with focus on customer interaction and issue resolution. Provided at no additional cost. User Support Desk: End user support. Customers can have their end users receive support directly from SAP Concur. SAP Preferred Care: An add-on to SAP Enterprise Support, cloud editions that includes strategic guidance and customer-specific best practices to help drive user adoption and value realization (Representation below includes SAP Enterprise Support, cloud editions)
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost
End-of-contract process Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the Business Services Agreement between the parties

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
What users can and can't do using the API SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
API documentation
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.


Independence of resources SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments


Service usage metrics Yes
Metrics types Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted FTPS or SFTP
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • Microsoft Excel
  • Text
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks PGP encryption of batch files, exchanged via SFTP/FTPS
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Guaranteed availability 99.5% System Availability percentage during each month, assured by contractual commitment
Approach to resilience Available upon request
Outage reporting Any unplanned downtime will be alerted to customer via email and customer support portals

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Concur provides SAML2 and HMAC based Single-sign-on options
Access restrictions in management interfaces and support channels Channels Via IP filtering, multi factor authentication and further information available on request
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI Americas
ISO/IEC 27001 accreditation date 07/09/2016
What the ISO/IEC 27001 doesn’t cover SAP Concur can share this information on request
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Coalfire Systems Inc
PCI DSS accreditation date 31/07/2017
What the PCI DSS doesn’t cover SAP Concur can share this information on request
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SOC1 Type II - Annual audit • SOC2 Type II - Annual audit • PCI DSS. SAP Concur is a VISA Registered CISP Compliant Service Provider. • Sarbanes Oxley. • FISMA (Federal Information Security Management Act).
Information security policies and processes Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre -

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2005 • ISO 20000 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) networks.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.69 to £3.24 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑