SAP Concur Reseller and Implementation Partner
The digitalisation of Expense, Travel and Invoice Management
Gavdi can enable you to simplify your travel, expense, and invoice management process by connecting the partners, tools, and data you need to control spend at every location. Gavdi is an award winning SAP Gold Partner in The United Kingdom.
Features
- Integrates to a single platform for travel and expense
- Mobile application allows users to submit, manage and approve
- OCR technology to automate submissions
- Online Travel Booking Tool
- Real time reporting of employee spend with over 200 report
- Inbuilt Expense Policy rules
- Request module for pre-approval of spend
- Receipt and Policy Audit service
- Accurate mileage capture via map and GPS technology
- Accurate VAT reclaim
Benefits
- Reduced Costs
- Mitigated Risk
- Improved Compliance
- Full Visibility of employee spend with real time reporting
- Improved user experience including mobile access
- Fully automated to remove much of the traditional manual processes
- Allow end user access to make Travel bookings
- Removes paper from the process of Invoices and expenses
- Accurate capture and reporting of expenses to allow VAT reclaim
- Accurate mileage capture to reduce cost and improve visibility
Pricing
£1.42 a transaction
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at aeh@gavdi.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 12
Service ID
2 4 3 5 6 0 0 9 1 0 7 0 9 2 2
Contact
Gavdi
Andy Hodges
Telephone: 00447557910330
Email: aeh@gavdi.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- SAP SuccessFactors
- Cloud deployment model
- Public cloud
- Service constraints
- As a cloud based solution you can configure it many ways to make it customer specific, but cannot bespoke the core platform.
- System requirements
- SAP Concur Subscription Licences
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times depend on the level of support outlined in the AV contract.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Application Value for SAP Concur is based on a well-defined but flexible structure, providing an agile, consistent and professional framework which caters for the support requirements of businesses of all sizes, industry sectors and complexity. The services are wrapped in three different contractual frameworks, which defines services, service levels and the associated commercial model. The three contract types are as follows:
Standard Tailored to fit the needs of small and medium sized organisations, with a limited deployment of SAP Concur.
Cost - fixed fee
Enterprise Tailored to fit the needs of organisations with a multi-modular deployment of SAP Concur, complex integrations and/or greater geographic coverage.
Cost -fixed fee
Preferred A bespoke support service for organisations with a complex deployment of SAP Concur, with multiple interfaces, regional/global coverage and/or special support requirements.
Cost - fixed fee - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost.
- End-of-contract process
- Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the Business Services Agreement between the parties.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
- API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.
Scaling
- Independence of resources
- SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- SAP Concur
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted FTPS or SFTP.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- HTML
- Text
- HXML
- Microsoft Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- PGP encryption of batch files, exchanged via SFTP/FTPS
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Guaranteed availability 99.5% System Availability percentage during each month, assured by contractual commitment.
- Approach to resilience
- Available upon request
- Outage reporting
- Any unplanned downtime will be alerted to customer via email and customer support portals
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Concur provides SAML2 and HMAC based Single-sign-on options
- Access restrictions in management interfaces and support channels
- Channels Via IP filtering, multi factor authentication and further information available on request
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI Americas
- ISO/IEC 27001 accreditation date
- 07/09/2016
- What the ISO/IEC 27001 doesn’t cover
- SAP Concur can share this information on request
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire Systems Inc
- PCI DSS accreditation date
- 31/07/2017
- What the PCI DSS doesn’t cover
- SAP Concur can share this information on request
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre - https://www.sap.com/uk/about/cloud-trust-center.html
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2005 • ISO 20000 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) network
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £1.42 a transaction
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- SAP Concur have created a sandbox account for you to take Concur’s Expense automation software for a spin and see how easy it is to use. Use the sample data provided or easily add your own by snapping a receipt from your phone with our mobile app.
- Link to free trial
- https://www.concur.co.uk/free-trial
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at aeh@gavdi.com.
Tell them what format you need. It will help if you say what assistive technology you use.