SAP Concur Invoice Standard Edition

Concur Invoice allows you to capture and automate paper and electronic invoices, then integrate those payments into a single system for managing all of your spending. You’ll literally be able to track every penny in one, simple AP system—and access it anytime, anywhere with the Concur mobile app.


  • Automate all your invoice capture, processing and reporting
  • Mobile application for approvals on the move
  • OCR technology to remove the need for paper invoices
  • Easily integrates to your HR and Finance systems
  • Real Time Reporting
  • Three Way Matching tools


  • Full Visibility of spend with real time reporting
  • Improve user experience
  • Save costs by auomating by up to 60%
  • Increase invoice processing and approval times
  • Cloud Technology to allow quick and easy deployment
  • Simplify the process and automate approvals


£0.69 to £3.24 a unit

Service documents


G-Cloud 12

Service ID

2 4 0 0 7 6 8 7 1 8 6 9 4 5 4


Concur David Hipwell
Telephone: 07920 478721

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Our solution has reserved a standard maintenance window for the North America Data Centre customers every Saturday from 5pm to 9pm Pacific Time (PT) and for EMEA Data Centre customers every Saturday from 11pm to 3am Central European Time (CET). Monthly Travel and Expense release updates will also take place during this standard maintenance window. Concur operates a browser certification process for popular browser versions, un-certified browsers are unsupported (should an issue arise against an un-certified browser version it may not be addressed).
System requirements
  • Internet connectivity
  • HTML compatible
  • Javascript enabled web browser
  • Android and IOS supported for mobile application

User support

Email or online ticketing support
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
The following support levels are available: Enterprise Support, cloud editions: Foundational engagement support with focus on customer interaction and issue resolution. Provided at no additional cost. User Support Desk: End user support. Customers can have their end users receive support directly from SAP Concur. SAP Preferred Care: An add-on to SAP Enterprise Support, cloud editions that includes strategic guidance and customer-specific best practices to help drive user adoption and value realization (Representation below includes SAP Enterprise Support, cloud editions)
Support available to third parties

Onboarding and offboarding

Getting started
We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost
End-of-contract process
Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the Business Services Agreement between the parties

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
Service interface
What users can and can't do using the API
SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
API documentation
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.


Independence of resources
SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments


Service usage metrics
Metrics types
Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted FTPS or SFTP
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • Microsoft Excel
  • Text
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
PGP encryption of batch files, exchanged via SFTP/FTPS
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Guaranteed availability 99.5% System Availability percentage during each month, assured by contractual commitment
Approach to resilience
Available upon request
Outage reporting
Any unplanned downtime will be alerted to customer via email and customer support portals

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Concur provides SAML2 and HMAC based Single-sign-on options
Access restrictions in management interfaces and support channels
Channels Via IP filtering, multi factor authentication and further information available on request
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Americas
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
SAP Concur can share this information on request
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
What the PCI DSS doesn’t cover
SAP Concur can share this information on request
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC1 Type II - Annual audit • SOC2 Type II - Annual audit • PCI DSS. SAP Concur is a VISA Registered CISP Compliant Service Provider. • Sarbanes Oxley. • FISMA (Federal Information Security Management Act).
Information security policies and processes
Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre -

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2005 • ISO 20000 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) networks.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.69 to £3.24 a unit
Discount for educational organisations
Free trial available

Service documents