The DAVIS Licence Check solution, linked to the DVLA, is a cloud based service which enables organisations to actively manage driving licence eligibility. This ensures driver risk is reduced and compliancy assured. An essential process for organisations with employees that drive on work related business.
- Direct Access to DVLA Data
- Supports eApproval Process
- Automated Recheck Facility
- Dashboard Summary of Risk
- Real Time Access to Driver Data, 24/7/365
- DQ3/Nil Return Investigation
- Dynamic Monitoring of ‘High Risk’ Drivers
- Email Prompts and Reminders
- API Development Version Available for Seamless Integration
- References the Official DVLA Source Data
- Results Available in Seconds
- Extensive Reporting Suite
- 3-year Effective Approval Period
- Automatically Schedules Driving Licence Rechecks Without Human Intervention
- Comprehensive Notifications and Immediate Warnings
- Flexible User-Permission Settings
- Customer Support Included Free of Charge
£2.50 per transaction
- Free trial available
Licence Check Ltd
0330 660 7107
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response within 30 minutes.
Monday to Thursday, 8:30 to 17:30.
Friday. 8:30 to 17:00.
No support Saturdays, Sundays or Bank Holidays.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Account Manager - Free of Charge;
Email - Free of Charge;
Phone - Free of Charge;
Initial One Hour Online Training - Free of Charge;
Additional Online Training - up to £50 + VAT per hour;
Onsite Training - Up to £450 + VAT per half day, £750 + VAT per full day. Transport, lodgings and subsistence charged separately, details upon request.
|Support available to third parties||No|
Onboarding and offboarding
At commencement of the on-boarding process, customers will be interviewed by their Account Manager with a view to determining their requirements relating to a number of areas including departmental and locational names and cost centres, the preferred method(s) of securing driver consent and any alternative default arrangements, the names of the nominated administrators and whether a data import will be required.
Once the account has been set up, the administrators will be contacted directly to set up a familiarisation and training session. This may require a second session, but will typically take no more than a couple of hours in total and is usually quicker than this due to the intuitive nature of the service. This training will usually take the form of a collaborative on-line session using GoToMeeting or similar terminal sharing software.
Customers will also be supplied with detailed and Quick Start User Guides in PDF format for internal use and re-distribution. The service also features online tool tips and information for users.
Onsite Training can be provided if specifically requested.
|End-of-contract data extraction||
Customers will be provided with a complete download of their records when their contract terminates in EXCEL or CSV format. Thereafter access to the service will be terminated and the customer records archived and held for a period of 2 years to comply with DVLA data audit requirements,
Upon expiration of the two year period, all records will be purged from the system.
Scanned images of driver consent forms and e-consent permissions will be kept for a period of 7 years to comply with DVLA contract requirements and will be securely deleted thereafter. This data will not be available to customers.
Upon termination, customer access to the account will be suspended. Customer administrator credentials will be deleted and will cease to be effective as will all driver access to the service. Customer driver records will be made available by way of an EXCEL or CSV file (according to preference) and made available for secure download or sent by courier on digital media to a nominated contact to be signed for on delivery. Any files will at minimum have password protected access.
There are no additional fees for closing the account in this manner. The only time additional costs will be incurred is if the customer or their nominated replacement service contractor requests additional services or specific assistance with the transfer of the service. Any additional costs will be agreed with the customer in advance.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||-|
|What users can and can't do using the API||
Get consent (either via paper document or pre-approved e-Consent process),
Check a driving licence against the DVLA database,
Get licence check results,
Customise driver risk settings,
Get driver risk score,
Create organisation hierarchy,
One user login
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||User access control, Licence risk settings, Custom re-check schedules, Create departments and branches, Customised alerts and notifications.|
|Independence of resources||
As part of our ISO 27001 certification the Management Systems manual includes a formal review of service provision. There are formal quarterly reviews of system use and anticipated use to ensure there is suitable redundancy within systems as a standing agenda item. We also carry out regular simulated load testing far in excess of any anticipated loading on the service to ensure resiliency.
Systems are further actively monitored during office hours (this is when the system is under heaviest load) to check loads and response times as well as looking for any unusual or suspicious activity.
|Service usage metrics||Yes|
|Metrics types||Total credits available (by cost centre), credits used (checks made) during selected period & driver name, driver nos. registered in service, invitations sent to drivers, invitations outstanding/responses waiting, mismatched and withheld records, credits required for next [X] days, number of drivers archived during period, number of mandated consents, number of e-consents, numbers of drivers by risk type, system performance, system uptime/downtime for period.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Information contained in specific data tables (for example "All Drivers" or subsets of information "High Risk Drivers") can be selected at the click of a button and thereafter re-ordered, filtered and sorted within the table and exported either in EXCEL or as a PDF file. A comprehensive selection of different reports is available to cover virtually all management information requirements.
Upon termination of the service DAVIS - Licence Check Support will arrange for a complete download of the customers data in EXCEL or CSV format.
|Data export formats||
|Other data export formats||EXCEL|
|Data import formats||
|Other data import formats||EXCEL|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The Portal and Service is intended to be available to
customers on a 24/7 basis 365 days per year. The Portal has
a target of 99.5% availability in any one calendar month.
The target does not include periods of planned
maintenance or any emergency maintenance that may
require the Service to be suspended on whole or in part
for a temporary period to effect repairs. The service is also dependent upon the availability of the secure link to the DVLA Access to Driver Data service and the functioning of that service. The DVLA do not offer any minimum service levels.
Because the DAVIS - Licence Check service is chargeable on a 'pay-per-check result' basis, there are no specific hosting or service fees payable for this service when used in isolation. Where other DAVIS chargeable services are provided, refunds are payable as service credits of 4% of the monthly fee for each 0.01% below the 99.5% threshold where the fault is attributable to Licence Check.
|Approach to resilience||Information available on request.|
|Outage reporting||Email alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access to the administrative application tools used to set up and manage new customer accounts is limited to specifically nominated managers and helpdesk staff who will require an appropriately authorised user name and password to login in order setup and manage new and existing customer accounts. User names and passwords will be issued centrally by the Security Officer and Network Manager on a strict "need" basis. Passwords must include characters, letters and numbers, be of minimum length and changed every 90 days with controls on re-use.|
|Access restriction testing frequency||Less than once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||03/12/2014|
|What the ISO/IEC 27001 doesn’t cover||All aspects of the Statement of Applicability for 27001:2013 are fully covered with the sole exception of control references for cryptographic controls; removed following recommendation by external auditors as data is not stored or exported overseas.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||Cyber Essentials Plus|
|Information security policies and processes||
As part of the ISO 27001:2013 standard the company has a number of policies related to security that together form part of the Business Management System. These include an Information Security Policy that is directly supported by a number of other policy documents, including a policy for the regular formal review of Information Security, a Data Protection Policy and policies managing access to systems, destruction and retention of data, backup arrangements, business continuity and system resilience, clear desk and physical access to the building. Staff will be security checked on appointment and thereafter.
Policy documents are subject to regular review at quarterly management meetings and where necessary procedural change implemented. Internal and external audits are conducted to test compliance. Any non-compliances will be reported for action.
Responsibility for security rests primarily with the Licence Check Security Officer who reports directly to the Managing Director. The Commercial Director is responsible for HR vetting and reports directly to the board.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Quarterly review of physical infrastructure for capacity, performance and security stability.
Development update procedures of application services are followed to ensure performance stability and maintain compliance to security standards.
Future changes are reviewed and planned in advance during quarterly management reviews.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Weekly planned hardware scan provided by a 3rd party application. This scans for vulnerabilities based upon a daily updated database of threats.
Any threats are self-assessed by risk and critical patches are manually deployed based on the risk profile. Any non-critical patches are installed on a weekly cycle.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Potential compromises or scenarios of misuse are flagged by an internal application and alerts are delivered immediately to development and security personnel. Each compromise is assessed on an individual basis to determine a threat profile and time frame of resolution. Major compromises with regards data security are responded to within an hour.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
A Business Continuity Plan is in place to provide the correct resolution regarding common events.
Users can report incidents to our Support Team via telephone or email.
Support incidents are logged via an internal system, which can provide audit logs.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£2.50 per transaction|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||This allows access to a fully functional version of the service, but for a strictly limited and small number of checks by way of a proof of concept of the service. Because the service is live, consent from drivers will be required.|