Licence Check Ltd

Driving Licence Checking - DAVIS

The DAVIS Licence Check solution, linked to the DVLA, is a cloud based service which enables organisations to actively manage driving licence eligibility. This ensures driver risk is reduced and compliancy assured. An essential process for organisations with employees that drive on work related business.


  • Direct Access to DVLA Data
  • Supports eApproval Process
  • Automated Recheck Facility
  • Dashboard Summary of Risk
  • Real Time Access to Driver Data, 24/7/365
  • DQ3/Nil Return Investigation
  • Dynamic Monitoring of ‘High Risk’ Drivers
  • Email Prompts and Reminders
  • API Development Version Available for Seamless Integration


  • References the Official DVLA Source Data
  • Results Available in Seconds
  • Extensive Reporting Suite
  • 3-year Effective Approval Period
  • Automatically Schedules Driving Licence Rechecks Without Human Intervention
  • Comprehensive Notifications and Immediate Warnings
  • Flexible User-Permission Settings
  • Customer Support Included Free of Charge


£2.50 per transaction

  • Free trial available

Service documents

G-Cloud 10


Licence Check Ltd

Terry Hiles

0330 660 7107

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints -
System requirements -

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response within 30 minutes.
Monday to Thursday, 8:30 to 17:30.
Friday. 8:30 to 17:00.
No support Saturdays, Sundays or Bank Holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Account Manager - Free of Charge;
Email - Free of Charge;
Phone - Free of Charge;
Initial One Hour Online Training - Free of Charge;
Additional Online Training - up to £50 + VAT per hour;
Onsite Training - Up to £450 + VAT per half day, £750 + VAT per full day. Transport, lodgings and subsistence charged separately, details upon request.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started At commencement of the on-boarding process, customers will be interviewed by their Account Manager with a view to determining their requirements relating to a number of areas including departmental and locational names and cost centres, the preferred method(s) of securing driver consent and any alternative default arrangements, the names of the nominated administrators and whether a data import will be required.

Once the account has been set up, the administrators will be contacted directly to set up a familiarisation and training session. This may require a second session, but will typically take no more than a couple of hours in total and is usually quicker than this due to the intuitive nature of the service. This training will usually take the form of a collaborative on-line session using GoToMeeting or similar terminal sharing software.

Customers will also be supplied with detailed and Quick Start User Guides in PDF format for internal use and re-distribution. The service also features online tool tips and information for users.

Onsite Training can be provided if specifically requested.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customers will be provided with a complete download of their records when their contract terminates in EXCEL or CSV format. Thereafter access to the service will be terminated and the customer records archived and held for a period of 2 years to comply with DVLA data audit requirements,

Upon expiration of the two year period, all records will be purged from the system.

Scanned images of driver consent forms and e-consent permissions will be kept for a period of 7 years to comply with DVLA contract requirements and will be securely deleted thereafter. This data will not be available to customers.
End-of-contract process Upon termination, customer access to the account will be suspended. Customer administrator credentials will be deleted and will cease to be effective as will all driver access to the service. Customer driver records will be made available by way of an EXCEL or CSV file (according to preference) and made available for secure download or sent by courier on digital media to a nominated contact to be signed for on delivery. Any files will at minimum have password protected access.

There are no additional fees for closing the account in this manner. The only time additional costs will be incurred is if the customer or their nominated replacement service contractor requests additional services or specific assistance with the transfer of the service. Any additional costs will be agreed with the customer in advance.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility -
Accessibility testing -
What users can and can't do using the API Users can:
Create drivers,
Get consent (either via paper document or pre-approved e-Consent process),
Remove consent,
Check a driving licence against the DVLA database,
Get licence check results,
Archive drivers,
Customise driver risk settings,
Get driver risk score,
Create organisation hierarchy,

One user login
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation User access control, Licence risk settings, Custom re-check schedules, Create departments and branches, Customised alerts and notifications.


Independence of resources As part of our ISO 27001 certification the Management Systems manual includes a formal review of service provision. There are formal quarterly reviews of system use and anticipated use to ensure there is suitable redundancy within systems as a standing agenda item. We also carry out regular simulated load testing far in excess of any anticipated loading on the service to ensure resiliency.

Systems are further actively monitored during office hours (this is when the system is under heaviest load) to check loads and response times as well as looking for any unusual or suspicious activity.


Service usage metrics Yes
Metrics types Total credits available (by cost centre), credits used (checks made) during selected period & driver name, driver nos. registered in service, invitations sent to drivers, invitations outstanding/responses waiting, mismatched and withheld records, credits required for next [X] days, number of drivers archived during period, number of mandated consents, number of e-consents, numbers of drivers by risk type, system performance, system uptime/downtime for period.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Information contained in specific data tables (for example "All Drivers" or subsets of information "High Risk Drivers") can be selected at the click of a button and thereafter re-ordered, filtered and sorted within the table and exported either in EXCEL or as a PDF file. A comprehensive selection of different reports is available to cover virtually all management information requirements.

Upon termination of the service DAVIS - Licence Check Support will arrange for a complete download of the customers data in EXCEL or CSV format.
Data export formats
  • CSV
  • Other
Other data export formats EXCEL
Data import formats
  • CSV
  • Other
Other data import formats EXCEL

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Portal and Service is intended to be available to
customers on a 24/7 basis 365 days per year. The Portal has
a target of 99.5% availability in any one calendar month.

The target does not include periods of planned
maintenance or any emergency maintenance that may
require the Service to be suspended on whole or in part
for a temporary period to effect repairs. The service is also dependent upon the availability of the secure link to the DVLA Access to Driver Data service and the functioning of that service. The DVLA do not offer any minimum service levels.

Because the DAVIS - Licence Check service is chargeable on a 'pay-per-check result' basis, there are no specific hosting or service fees payable for this service when used in isolation. Where other DAVIS chargeable services are provided, refunds are payable as service credits of 4% of the monthly fee for each 0.01% below the 99.5% threshold where the fault is attributable to Licence Check.
Approach to resilience Information available on request.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the administrative application tools used to set up and manage new customer accounts is limited to specifically nominated managers and helpdesk staff who will require an appropriately authorised user name and password to login in order setup and manage new and existing customer accounts. User names and passwords will be issued centrally by the Security Officer and Network Manager on a strict "need" basis. Passwords must include characters, letters and numbers, be of minimum length and changed every 90 days with controls on re-use.
Access restriction testing frequency Less than once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 03/12/2014
What the ISO/IEC 27001 doesn’t cover All aspects of the Statement of Applicability for 27001:2013 are fully covered with the sole exception of control references for cryptographic controls; removed following recommendation by external auditors as data is not stored or exported overseas.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ICO Registered
  • IASME Compliance

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes As part of the ISO 27001:2013 standard the company has a number of policies related to security that together form part of the Business Management System. These include an Information Security Policy that is directly supported by a number of other policy documents, including a policy for the regular formal review of Information Security, a Data Protection Policy and policies managing access to systems, destruction and retention of data, backup arrangements, business continuity and system resilience, clear desk and physical access to the building. Staff will be security checked on appointment and thereafter.

Policy documents are subject to regular review at quarterly management meetings and where necessary procedural change implemented. Internal and external audits are conducted to test compliance. Any non-compliances will be reported for action.

Responsibility for security rests primarily with the Licence Check Security Officer who reports directly to the Managing Director. The Commercial Director is responsible for HR vetting and reports directly to the board.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Quarterly review of physical infrastructure for capacity, performance and security stability.

Development update procedures of application services are followed to ensure performance stability and maintain compliance to security standards.

Future changes are reviewed and planned in advance during quarterly management reviews.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Weekly planned hardware scan provided by a 3rd party application. This scans for vulnerabilities based upon a daily updated database of threats.
Any threats are self-assessed by risk and critical patches are manually deployed based on the risk profile. Any non-critical patches are installed on a weekly cycle.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Potential compromises or scenarios of misuse are flagged by an internal application and alerts are delivered immediately to development and security personnel. Each compromise is assessed on an individual basis to determine a threat profile and time frame of resolution. Major compromises with regards data security are responded to within an hour.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach A Business Continuity Plan is in place to provide the correct resolution regarding common events.
Users can report incidents to our Support Team via telephone or email.
Support incidents are logged via an internal system, which can provide audit logs.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other


Price £2.50 per transaction
Discount for educational organisations No
Free trial available Yes
Description of free trial This allows access to a fully functional version of the service, but for a strictly limited and small number of checks by way of a proof of concept of the service. Because the service is live, consent from drivers will be required.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑