DriverCheck Limited

Driving Licence Checking

UK Driver Licence Data clients. Drivers of these vehicles have varied Driving Licence histories, present different levels of risk to their employer. Reporting driver licence data electronically, clients access their Portal 24/7. The speed of a check response is immediate. Self Managed service, please enquire re fully managed services.

Features

  • UK Electronic Licence Checks
  • Immediate Online Response
  • ISO27001 Accredited - Security Management Certification
  • Direct DVLA Data
  • ADLV Approved
  • Foreign Licence Verification
  • Grey Fleet Service & Management
  • Northern Irish Licence Checks
  • GDPR Compliant
  • CPC & Tacho / Digi Card Data

Benefits

  • Accessible on Multiple Devices
  • Multi User Licence
  • Instant Results
  • Self Checking Available
  • Email Alerts
  • Risk Dashboard
  • Intuitive System Use - Drill Down Results
  • 24/7 System Access
  • Electronic Boarding of Client Data
  • Data Encryption "Transfer & Rest"

Pricing

£1.95 per unit

Service documents

G-Cloud 11

316104952840254

DriverCheck Limited

Allan Gibbons | Stuart Dallas

01414283448

allan@drivercheck.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No
System requirements No Special System Requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Immediately by Email
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels We provide 2nd line support to our clients.
Our support is free of charge and is included in our agreement.
We supply a technical account manager.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a free of charge conference facility along with webinar training.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data can be downloaded via a CSV file via our system export facility.
End-of-contract process At the end of the contract our clients have the ability to leave or renew their contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive Design - The browser automatically picks the best image based on actual viewport
API Yes
What users can and can't do using the API We provide a API.

We provide a client with a API v1 document - the API is served via HTTPs GET requests. The API requires the credentials of a valid DriverCheck account to be passed ith every request. By default, the API returns JSON formatted data however this can be altered to XML by appending a parameter onto each request.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation System Hierarchy | User Levers | Check Frequency | Reporting

System Administration | DriverCheck System Administrator

User Defined

Scaling

Scaling
Independence of resources Our service can be expanded through our cloud infrastructure at any time where additional system resources are required.

Analytics

Analytics
Service usage metrics Yes
Metrics types The system metrics are delivered through our client system demographics.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Data at rest is encrypted using Microsoft’s DEK (Database Encryption Key) process, utilising AES256 encryption).
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We provide and export facility for driver information via csv or onto a excel format.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability There would be no charge if we do not deliver the service we say.
Approach to resilience After analysis DriverCheck has implemented robust information / system security measures for all information / data stored and processed. A central aspect of the “Information stored and processed”, DriverCheck has focused on further data protection measures, cryptographic infrastructure such as encryption “in transit” & “at rest”.
Outage reporting Email or telephone

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels During the setup of the client interface.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS United Kingdom Ltd
ISO/IEC 27001 accreditation date 09/06/17
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes • DriverCheck Ltd – is registered with the ICO (Information Commissioners Office) our data protection number is Z9074119.
• DriverCheck Ltd – is ISO27001 registered certificate number is GB14/91511.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach DriverCheck will continue as an ongoing process to implement tools as appropriate, that support the management process of all client data, providing the necessary security and ongoing delivery of objectives.
Vulnerability management type Supplier-defined controls
Vulnerability management approach • DriverCheck is committed to review its cryptographic infrastructure in an ongoing basis.
• DriverCheck has other forms of security checks in place such as penetration testing, non-destructive tests, intrusion detection, protection against DDoS attacks, internal audits, an annual network vulnerability assessment plus an annual web application vulnerability assessment.
Protective monitoring type Supplier-defined controls
Protective monitoring approach • Microsoft’s password policy enforcement increases the security of traditional passwords by imposing length and complexity requirements, forced periodic rotation, and account lockout after failed authentication attempts.
Incident management type Undisclosed
Incident management approach Pre-defined processes in line with the ICO

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1.95 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Demonstration site and webinar plus free checks on application to test service.
Link to free trial On request

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑