Concur Cloud for Public Sector Receives FedRAMP Authorized Status

In January 2024, SAP Concur announced Concur Cloud for Public Sector has received full Authorized status in accordance with the Federal Risk Assessment Management Program (FedRAMP®) for managed cloud applications and services. Concur Cloud for Public Sector has been issued a “Moderate” FedRAMP agency authorization, which now enables government customers to accelerate mission attainment with confidence at industry-leading security and availability levels.

Concur Cloud for Public Sector empowers government agencies and the commercial entities that support them to deliver secure, scalable, reliable, and sustainable spend management solutions by combining the benefits of cloud technology, cybersecurity, and risk management. By using a commercial Software-as-a-Service (SaaS) approach, it continually improves and leverages advanced security analytics, threat management, workflow automation, and orchestration tools to eliminate manual action.

Concur Cloud for Public Sector was built to protect sensitive government data and meet government security standards while providing the experience of a modern travel and expense management platform. The highly regulated needs of public sector organizations along with the desire for commercial functionality now come together in the Concur Cloud for Public Sector environment. A multi-tenant, end-to-end, fully integrated platform for travel and expense, Concur Cloud for Public Sector limits access to privileged customer data to approved resources on US soil and includes oversight by a team of security experts responsible for continuous monitoring, detection, and dynamic response to threats. This platform was architected with government agencies in mind to meet security standards based on the National Institute of Standards and Technology (NIST) 800-53 control framework and is now validated as FedRAMP Moderate Authorized.

In addition, Concur Cloud for Public Sector benefits the entire government workforce by providing a highly secure, mobile-friendly platform that reduces cumbersome processes and paperwork, increases employee satisfaction, and drives policy compliance. Government employees now will have access to the same great user experience as those booking travel and submitting expenses within large enterprise companies globally — proving that you don't have to sacrifice usability to achieve security. Lastly, through this new certification, the State of Texas Risk and Authorization Management Program office will grant Concur Cloud for Public Sector an Authorization to Operate, through full reciprocity.

FedRAMP was established in 2011 to provide a cost-effective, “do once, use many times” security assessment framework for the adoption and use of cloud services by the federal government. It empowers agencies to use modern cloud technologies with an emphasis on security and protection of federal information. It is a government-wide program that promotes the adoption of secure cloud services by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.

The program is meant to ensure the security of cloud services used by the U.S. government and standardizes the security assessments, authorizations, and continuous monitoring of cloud service offerings (CSOs) used by federal government agencies. The FedRAMP program is also designed to be dynamic, by deploying regular enhancements to the standard security framework to keep pace with security risks and threats over time in accordance with the Federal Information Security Management Act of 2002 (FISMA) and the Department of Homeland Security (DHS) guidance.

Additional benefits include:

- Reducing duplicative efforts, inconsistencies, and cost inefficiencies
- Establishing a public-private partnership to promote innovation and the advancement of more secure information technologies
- Enabling the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations and allowing agencies to leverage security authorizations on a government-wide scale

For more information, go to: https://www.concur.com/public-sector-cloud or explore the FedRAMP Marketplace