This G-Cloud 12 service is no longer available to buy.

The G-Cloud 12 framework expired on Monday 28 November 2022. Any existing contracts with Gavdi are still valid.
Gavdi

SAP Concur Reseller and Implementation Partner

The digitalisation of Expense, Travel and Invoice Management

Gavdi can enable you to simplify your travel, expense, and invoice management process by connecting the partners, tools, and data you need to control spend at every location. Gavdi is an award winning SAP Gold Partner in The United Kingdom.

Features

  • Integrates to a single platform for travel and expense
  • Mobile application allows users to submit, manage and approve
  • OCR technology to automate submissions
  • Online Travel Booking Tool
  • Real time reporting of employee spend with over 200 report
  • Inbuilt Expense Policy rules
  • Request module for pre-approval of spend
  • Receipt and Policy Audit service
  • Accurate mileage capture via map and GPS technology
  • Accurate VAT reclaim

Benefits

  • Reduced Costs
  • Mitigated Risk
  • Improved Compliance
  • Full Visibility of employee spend with real time reporting
  • Improved user experience including mobile access
  • Fully automated to remove much of the traditional manual processes
  • Allow end user access to make Travel bookings
  • Removes paper from the process of Invoices and expenses
  • Accurate capture and reporting of expenses to allow VAT reclaim
  • Accurate mileage capture to reduce cost and improve visibility

Pricing

£1.42 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aeh@gavdi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 4 3 5 6 0 0 9 1 0 7 0 9 2 2

Contact

Gavdi Andy Hodges
Telephone: 00447557910330
Email: aeh@gavdi.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
SAP SuccessFactors
Cloud deployment model
Public cloud
Service constraints
As a cloud based solution you can configure it many ways to make it customer specific, but cannot bespoke the core platform.
System requirements
SAP Concur Subscription Licences

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times depend on the level of support outlined in the AV contract.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Application Value for SAP Concur is based on a well-defined but flexible structure, providing an agile, consistent and professional framework which caters for the support requirements of businesses of all sizes, industry sectors and complexity. The services are wrapped in three different contractual frameworks, which defines services, service levels and the associated commercial model. The three contract types are as follows:

Standard Tailored to fit the needs of small and medium sized organisations, with a limited deployment of SAP Concur.
Cost - fixed fee

Enterprise Tailored to fit the needs of organisations with a multi-modular deployment of SAP Concur, complex integrations and/or greater geographic coverage.
Cost -fixed fee

Preferred A bespoke support service for organisations with a complex deployment of SAP Concur, with multiple interfaces, regional/global coverage and/or special support requirements.
Cost - fixed fee
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide end-user, approver and administrator training to the client project team as part of every professional implementation project. This is provided at no additional cost and follows a train the trainer methodology. This training is delivered as a combination of self-paced online training and remote, web-based, instructor led training. This training is provided by the consultants assigned to the project. Most of our clients take the training provided as a part of the implementation project and then in turn, provide training to their end users, approvers and administrators. Additional training options are available, if interested at extra cost.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data will be returned in accordance with the Business Services Agreement, alternatively, extended access for data extract purposes can be arranged at cost.
End-of-contract process
Customers may extend the Subscription Term for up to 90 days by notifying SAP Concur at least 30 days prior to the effective date of termination or expiration and paying subscription fees for such extension period. During this 90 day period, customers will be able to download their data. After 30 days, the data is purged from our systems. Data remains on encrypted backup tapes for one year until the tapes are rotated out. Upon termination of a customer relationship, we will destroy all customer data. We will also return data to a former customer in accordance with the terms of the Business Services Agreement between the parties.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The desktop and the mobile user functionality is highly aligned especially for the expense user. The mobile UI is rendered for the smaller screen and the ability to take a picture of a receipt on the mobile device cannot be achieved on a desktop. Likewise the GPS technology is utilised for our Geo-location services such as Drive. The processor and admin functionality is within our desktop version only.
Service interface
No
API
Yes
What users can and can't do using the API
SAP Concur's Web Service APIs enable the integration of on-premise, cloud-based, and third-party solutions with SAP Concur. With the prebuilt web services, users can leverage these to connect to 3rd party applications without the need for additional software.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The solution is a highly configurable application providing our customers the ability to quickly and easily modify data elements within Concur Travel & Expense. A business level administrator can modify expense types, account coding, mileage rates, business rules and policies, forms and fields, and workflow steps with UI driven configuration through the Concur Configuration Administrator.

Scaling

Independence of resources
SAP Concur's solution is structured such that scalability is unlimited. SAP Concur conducts exhaustive benchmark testing to establish requirements to sustain customer availability and performance commitments.

Analytics

Service usage metrics
Yes
Metrics types
Our Business Intelligence solution is an additional on demand reporting and analysis service, giving customers the ability to define specific metrics and track against those metrics. Many standard reports and dashboards are included in the service. Many clients will simply leverage these standards, or will work with us to tailor these metrics to meet your business needs
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
SAP Concur

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We support many integration points. By delivering flat files and/or utilising web services for integration, we allow our clients to easily determine their own approach for integration into their back-office systems. Electronic files are exchanged at our hosted FTP site, using PGP encrypted FTPS or SFTP.
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • Text
  • HXML
  • Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
PGP encryption of batch files, exchanged via SFTP/FTPS
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Guaranteed availability 99.5% System Availability percentage during each month, assured by contractual commitment.
Approach to resilience
Available upon request
Outage reporting
Any unplanned downtime will be alerted to customer via email and customer support portals

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Concur provides SAML2 and HMAC based Single-sign-on options
Access restrictions in management interfaces and support channels
Channels Via IP filtering, multi factor authentication and further information available on request
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI Americas
ISO/IEC 27001 accreditation date
07/09/2016
What the ISO/IEC 27001 doesn’t cover
SAP Concur can share this information on request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems Inc
PCI DSS accreditation date
31/07/2017
What the PCI DSS doesn’t cover
SAP Concur can share this information on request
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information security policies and processes Concur Technologies has established formal security policy documents as including: - Corporate Security Policy. This is a general policy document that describes fundamental security policies for all Concur personnel. - Technical Security Policy. This is a technical policy document intended primarily for Concur personnel who design, build, or operate information systems. - Sensitive Information Policy. This is an information classification policy and handling procedures document. - Privacy Policy. This is Concur’s public privacy policy statement. - Site Classification Policy. This is a site classification policy that specifies the controls required in various data centres and work centres. These policies and associated procedures are examined by Concur’s internal and external auditors, and are available for customer review. Assured by independent validation of assertion. Cloud Trust Centre - https://www.sap.com/uk/about/cloud-trust-center.html

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to any part of Concur’s infrastructure must pass a strict Change Control Process to ensure best practices and minimal service interruption for our clients. Concur’s formal Change Management Plan is based on the framework of: • ISO 27001:2005 • ISO 20000 • SOC 1 • PCI DSS Change management is described in the SOC 1 audit report that is completed annually and made available to customers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SAP Concur has lifecycle oriented vulnerability management processes, whose objectives are to keep all Concur services free from vulnerabilities that could lead to a security incident. Policy and process detail along with the associated audit information can be shared on request.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Security scans of SAP Concur applications and infrastructure are performed on a regular basis by approved third-party PCI assessment vendors, by SAP Concur Security Engineers, and by internal scanning appliances. These scans check for vulnerabilities in both our external (public-facing) Internet applications and our internal (private) network
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Concur has adopted incident management best practices as prescribed by the Carnegie Mellon (CERT) Computer Emergency Response Team and by the SANS Institute. Both are recognised authorities in information security throughout the world. Incident Management is divided into three disciplines: Proactive Services, Responsive Services, and Quality Management Services. Concur maintains detailed procedures covering all three disciplines that are shared with customers on request. These activities are audited by ISO 27001\SOC auditors.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.42 a transaction
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
SAP Concur have created a sandbox account for you to take Concur’s Expense automation software for a spin and see how easy it is to use. Use the sample data provided or easily add your own by snapping a receipt from your phone with our mobile app.
Link to free trial
https://www.concur.co.uk/free-trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aeh@gavdi.com. Tell them what format you need. It will help if you say what assistive technology you use.