DAVIS - Driver Risk Assessor is a cost-effective online profiling solution which enables organisations to better manage occupational road risk.
By analysing attitude and behaviour, ‘at risk’ drivers are quickly identified, giving organisations the opportunity to tailor support and training provided for these individuals, rather than adopting a one-size-fits-all approach.
- A series of online tests
- Include multiple choice, interactive and video assessments
- 20 to 30-minute web-based survey
- Email Prompts and Reminders
- Supports Multiple Client Devices
- Dynamic Monitoring of ‘High Risk’ Drivers
- Secure Service with ISO 27001:2013 UKAS and Cyber Essentials Plus
- Rapidly profiles high, medium or low risk drivers
- Identifies the drivers that need further support and training
- Establishes a safer driver network
- Helps protect the safety of your employees the public
- Risk score is logged against a driver profile
- Further enhanced when incorporating DAVIS - Licence Check results
- No Training Required for Drivers, Encourages Use
- Health & Safety Compliance Addressed
- Extensive Reporting Suite for Management Information Requirements
- Online Cloud Based System, Always On, Always Accessible
£10.00 per unit
Licence Check Ltd
0330 660 7107
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
DAVIS - Licence Check
DAVIS - Grey Fleet Module
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response within 30 minutes.
Monday to Thursday, 8:30 to 17:30.
Friday. 8:30 to 17:00.
No support Saturdays, Sundays or Bank Holidays.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Account Manager - Free of Charge;
Email - Free of Charge;
Phone - Free of Charge;
Initial One Hour Online Training - Free of Charge;
Additional Online Training - up to £50 + VAT per hour;
Onsite Training - Up to £450 + VAT per half day, £750 + VAT per full day. Transport, lodgings and subsistence charged separately, details upon request.
|Support available to third parties||No|
Onboarding and offboarding
At commencement of the on-boarding process, customers will be interviewed by their Account Manager with a view to determining their requirements relating to a number of areas including departmental and locational names and cost centres, the names of the nominated administrators and whether a data import will be required.
Once the account has been set up, the administrators will be contacted directly to set up a familiarisation and training session. This may require a second session, but will typically take no more than a couple of hours in total and is usually quicker than this due to the intuitive nature of the service. This training will usually take the form of a collaborative on-line session using GoToMeeting or similar terminal sharing software.
Customers will also be supplied with detailed and Quick Start User Guides in PDF format for internal use and re-distribution. The service also features online tool tips and information for users.
Onsite Training can be provided if specifically requested.
|End-of-contract data extraction||Customers will be provided with a complete download of their records when their contract terminates in EXCEL or CSV format. Thereafter access to the service will be terminated and the customer records archived.|
Upon termination, customer access to the account will be suspended. Customer administrator credentials will be deleted and will cease to be effective as will all driver access to the service. Customer driver records will be made available by way of an EXCEL or CSV file (according to preference) and made available for secure download or sent by courier on digital media to a nominated contact to be signed for on delivery. Any files will at minimum have password protected access.
There are no additional fees for closing the account in this manner. The only time additional costs will be incurred is if the customer or their nominated replacement service contractor requests additional services or specific assistance with the transfer of the service. Any additional costs will be agreed with the customer in advance.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||-|
|Description of customisation||Create Drivers, Archive Drivers, User access control, Risk settings, Create departments and branches, Customised alerts and notifications.|
|Independence of resources||
As part of our ISO 27001 certification the Management Systems manual includes a formal review of service provision. There are formal quarterly reviews of system use and anticipated use to ensure there is suitable redundancy within systems as a standing agenda item. We also carry out regular simulated load testing far in excess of any anticipated loading on the service to ensure resiliency.
Systems are further actively monitored during office hours (this is when the system is under heaviest load) to check loads and response times as well as looking for any unusual or suspicious activity.
|Service usage metrics||Yes|
|Metrics types||Total credits available (by cost centre), credits used (Assessments completed) during selected period & driver name, driver numbers registered in service, invitations sent to drivers, invitations outstanding/responses waiting, incomplete Assessments, number of drivers archived during period, numbers of drivers by risk type, system performance, system uptime/downtime for period.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Imagitech Ltd.|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Information contained in specific data tables (for example "All Drivers" or subsets of information "High Risk Drivers") can be selected at the click of a button and thereafter re-ordered, filtered and sorted within the table and exported either in EXCEL or as a PDF file. A comprehensive selection of different reports is available to cover virtually all management information requirements.
Upon termination of the service Licence Check will arrange for a complete download of the customers data in EXCEL or CSV format.
|Data export formats||
|Other data export formats||EXCEL|
|Data import formats||
|Other data import formats||EXCEL|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The Portal and Service is intended to be available to
customers on a 24/7 basis 365 days per year. The Portal has
a target of 99.5% availability in any one calendar month.
The target does not include periods of planned
maintenance or any emergency maintenance that may
require the Service to be suspended on whole or in part
for a temporary period to effect repairs.
Because the DAVIS - Driver Risk Assessor service is chargeable on a 'per Assessment' basis, there are no specific hosting or service fees payable for this service when used in isolation. Where other DAVIS chargeable services are provided, refunds are payable as service credits of 4% of the monthly fee for each 0.01% below the 99.5% threshold where the fault is attributable to Licence Check.
|Approach to resilience||Information available on request.|
|Outage reporting||Email alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access to the administrative application tools used to set up and manage new customer accounts is limited to specifically nominated managers and helpdesk staff who will require an appropriately authorised user name and password to login in order setup and manage new and existing customer accounts. User names and passwords will be issued centrally by the Security Officer and Network Manager on a strict "need" basis. Passwords must include characters, letters and numbers, be of minimum length and changed every 90 days with controls on re-use.|
|Access restriction testing frequency||Less than once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus ISOQAR|
|ISO/IEC 27001 accreditation date||03/12/2014|
|What the ISO/IEC 27001 doesn’t cover||All aspects of the Statement of Applicability for 27001:2013 are fully covered with the sole exception of control references for cryptographic controls; removed following recommendation by external auditors as data is not stored or exported overseas.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||Cyber Essentials Plus|
|Information security policies and processes||
As part of the ISO 27001:2013 standard the company has a number of policies related to security that together form part of the Business Management System. These include an Information Security Policy that is directly supported by a number of other policy documents, including a policy for the regular formal review of Information Security, a Data Protection Policy and policies managing access to systems, destruction and retention of data, backup arrangements, business continuity and system resilience, clear desk and physical access to the building. Staff will be security checked on appointment and thereafter.
Policy documents are subject to regular review at quarterly management meetings and where necessary procedural change implemented. Internal and external audits are conducted to test compliance. Any non-compliances will be reported for action.
Responsibility for security rests primarily with the Licence Check Security Officer who reports directly to the Managing Director. The Commercial Director is responsible for HR vetting and reports directly to the board.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Quarterly review of physical infrastructure for capacity, performance and security stability.
Development update procedures of application services are followed to ensure performance stability and maintain compliance to security standards.
Future changes are reviewed and planned in advance during quarterly management reviews.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Weekly planned hardware scan provided by a 3rd party application. This scans for vulnerabilities based upon a daily updated database of threats.
Any threats are self-assessed by risk and critical patches are manually deployed based on the risk profile. Any non-critical patches are installed on a weekly cycle.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Potential compromises or scenarios of misuse are flagged by an internal application and alerts are delivered immediately to development and security personnel. Each compromise is assessed on an individual basis to determine a threat profile and time frame of resolution. Major compromises with regards data security are responded to within an hour.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
A Business Continuity Plan is in place to provide the correct resolution regarding common events.
Users can report incidents to our Support Team via telephone or email.
Support incidents are logged via an internal system, which can provide audit logs.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£10.00 per unit|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|