Licence Check Ltd

Driver Risk Assessments - DAVIS

DAVIS - Driver Risk Assessor is a cost-effective online profiling solution which enables organisations to better manage occupational road risk.

By analysing attitude and behaviour, ‘at risk’ drivers are quickly identified, giving organisations the opportunity to tailor support and training provided for these individuals, rather than adopting a one-size-fits-all approach.

Features

  • A series of online tests
  • Include multiple choice, interactive and video assessments
  • 20 to 30-minute web-based survey
  • Email Prompts and Reminders
  • Supports Multiple Client Devices
  • Dynamic Monitoring of ‘High Risk’ Drivers
  • Secure Service with ISO 27001:2013 UKAS and Cyber Essentials Plus

Benefits

  • Rapidly profiles high, medium or low risk drivers
  • Identifies the drivers that need further support and training
  • Establishes a safer driver network
  • Helps protect the safety of your employees the public
  • Risk score is logged against a driver profile
  • Further enhanced when incorporating DAVIS - Licence Check results
  • No Training Required for Drivers, Encourages Use
  • Health & Safety Compliance Addressed
  • Extensive Reporting Suite for Management Information Requirements
  • Online Cloud Based System, Always On, Always Accessible

Pricing

£10.00 per unit

Service documents

G-Cloud 10

424426360570085

Licence Check Ltd

Terry Hiles

0330 660 7107

terry@licencecheck.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to DAVIS - Licence Check
DAVIS - Grey Fleet Module
Cloud deployment model Private cloud
Service constraints -
System requirements -

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response within 30 minutes.
Monday to Thursday, 8:30 to 17:30.
Friday. 8:30 to 17:00.
No support Saturdays, Sundays or Bank Holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Account Manager - Free of Charge;
Email - Free of Charge;
Phone - Free of Charge;
Initial One Hour Online Training - Free of Charge;
Additional Online Training - up to £50 + VAT per hour;
Onsite Training - Up to £450 + VAT per half day, £750 + VAT per full day. Transport, lodgings and subsistence charged separately, details upon request.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started At commencement of the on-boarding process, customers will be interviewed by their Account Manager with a view to determining their requirements relating to a number of areas including departmental and locational names and cost centres, the names of the nominated administrators and whether a data import will be required.

Once the account has been set up, the administrators will be contacted directly to set up a familiarisation and training session. This may require a second session, but will typically take no more than a couple of hours in total and is usually quicker than this due to the intuitive nature of the service. This training will usually take the form of a collaborative on-line session using GoToMeeting or similar terminal sharing software.

Customers will also be supplied with detailed and Quick Start User Guides in PDF format for internal use and re-distribution. The service also features online tool tips and information for users.

Onsite Training can be provided if specifically requested.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customers will be provided with a complete download of their records when their contract terminates in EXCEL or CSV format. Thereafter access to the service will be terminated and the customer records archived.
End-of-contract process Upon termination, customer access to the account will be suspended. Customer administrator credentials will be deleted and will cease to be effective as will all driver access to the service. Customer driver records will be made available by way of an EXCEL or CSV file (according to preference) and made available for secure download or sent by courier on digital media to a nominated contact to be signed for on delivery. Any files will at minimum have password protected access.

There are no additional fees for closing the account in this manner. The only time additional costs will be incurred is if the customer or their nominated replacement service contractor requests additional services or specific assistance with the transfer of the service. Any additional costs will be agreed with the customer in advance.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility -
Accessibility testing -
API No
Customisation available Yes
Description of customisation Create Drivers, Archive Drivers, User access control, Risk settings, Create departments and branches, Customised alerts and notifications.

Scaling

Scaling
Independence of resources As part of our ISO 27001 certification the Management Systems manual includes a formal review of service provision. There are formal quarterly reviews of system use and anticipated use to ensure there is suitable redundancy within systems as a standing agenda item. We also carry out regular simulated load testing far in excess of any anticipated loading on the service to ensure resiliency.

Systems are further actively monitored during office hours (this is when the system is under heaviest load) to check loads and response times as well as looking for any unusual or suspicious activity.

Analytics

Analytics
Service usage metrics Yes
Metrics types Total credits available (by cost centre), credits used (Assessments completed) during selected period & driver name, driver numbers registered in service, invitations sent to drivers, invitations outstanding/responses waiting, incomplete Assessments, number of drivers archived during period, numbers of drivers by risk type, system performance, system uptime/downtime for period.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Imagitech Ltd.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Information contained in specific data tables (for example "All Drivers" or subsets of information "High Risk Drivers") can be selected at the click of a button and thereafter re-ordered, filtered and sorted within the table and exported either in EXCEL or as a PDF file. A comprehensive selection of different reports is available to cover virtually all management information requirements.

Upon termination of the service Licence Check will arrange for a complete download of the customers data in EXCEL or CSV format.
Data export formats
  • CSV
  • Other
Other data export formats EXCEL
Data import formats
  • CSV
  • Other
Other data import formats EXCEL

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Portal and Service is intended to be available to
customers on a 24/7 basis 365 days per year. The Portal has
a target of 99.5% availability in any one calendar month.

The target does not include periods of planned
maintenance or any emergency maintenance that may
require the Service to be suspended on whole or in part
for a temporary period to effect repairs.

Because the DAVIS - Driver Risk Assessor service is chargeable on a 'per Assessment' basis, there are no specific hosting or service fees payable for this service when used in isolation. Where other DAVIS chargeable services are provided, refunds are payable as service credits of 4% of the monthly fee for each 0.01% below the 99.5% threshold where the fault is attributable to Licence Check.
Approach to resilience Information available on request.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the administrative application tools used to set up and manage new customer accounts is limited to specifically nominated managers and helpdesk staff who will require an appropriately authorised user name and password to login in order setup and manage new and existing customer accounts. User names and passwords will be issued centrally by the Security Officer and Network Manager on a strict "need" basis. Passwords must include characters, letters and numbers, be of minimum length and changed every 90 days with controls on re-use.
Access restriction testing frequency Less than once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus ISOQAR
ISO/IEC 27001 accreditation date 03/12/2014
What the ISO/IEC 27001 doesn’t cover All aspects of the Statement of Applicability for 27001:2013 are fully covered with the sole exception of control references for cryptographic controls; removed following recommendation by external auditors as data is not stored or exported overseas.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • ICO Registered
  • IASME Compliance

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes As part of the ISO 27001:2013 standard the company has a number of policies related to security that together form part of the Business Management System. These include an Information Security Policy that is directly supported by a number of other policy documents, including a policy for the regular formal review of Information Security, a Data Protection Policy and policies managing access to systems, destruction and retention of data, backup arrangements, business continuity and system resilience, clear desk and physical access to the building. Staff will be security checked on appointment and thereafter.

Policy documents are subject to regular review at quarterly management meetings and where necessary procedural change implemented. Internal and external audits are conducted to test compliance. Any non-compliances will be reported for action.

Responsibility for security rests primarily with the Licence Check Security Officer who reports directly to the Managing Director. The Commercial Director is responsible for HR vetting and reports directly to the board.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Quarterly review of physical infrastructure for capacity, performance and security stability.

Development update procedures of application services are followed to ensure performance stability and maintain compliance to security standards.

Future changes are reviewed and planned in advance during quarterly management reviews.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Weekly planned hardware scan provided by a 3rd party application. This scans for vulnerabilities based upon a daily updated database of threats.
Any threats are self-assessed by risk and critical patches are manually deployed based on the risk profile. Any non-critical patches are installed on a weekly cycle.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Potential compromises or scenarios of misuse are flagged by an internal application and alerts are delivered immediately to development and security personnel. Each compromise is assessed on an individual basis to determine a threat profile and time frame of resolution. Major compromises with regards data security are responded to within an hour.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach A Business Continuity Plan is in place to provide the correct resolution regarding common events.
Users can report incidents to our Support Team via telephone or email.
Support incidents are logged via an internal system, which can provide audit logs.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other

Pricing

Pricing
Price £10.00 per unit
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑