Safe2Drive Driving Licence Checking & Grey Fleet Service
UK driving licence checking and reporting solution that provides online status, entitlement, and conviction data for UK licence holders using the DVLA ADD service. For professional drivers, it returns CPC and tacho-card dates. Clients access their portal 24/7. The speed of a check response is immediate. A fully managed service.
Features
- UK Electronic Licence Checks
- Live UK GDPR Online Response
- ISO27001 Accredited - Security Management Certification
- Direct DVLA data
- Automated rechecks according to risk & frequency
- Immediate & upcoming warnings dashboard and email
- Driver risk scores
- Changes since previous check & history
- Foreign & Northern Irish Licence Verification
- Grey Fleet Service & Management
Benefits
- Real-time dashboards for real-time insights
- A comprehensive system that provides a friendly interface
- Supports UK GDPR data retention and deletion policy
- Self Check Facility
- Fastest Electronic Boarding of Client Data
- Multi User & Location Licence
- Automated rechecks reduces workload & errors
- Secure & encrypted cloud hosting
- API & Also Available -Mobile Applications - IOS & Android
- Email Alerts - Flags immediate actions to management & drivers
Pricing
£1.70 a transaction
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 8 3 8 4 2 4 9 6 9 7 7 0 3 5
Contact
SAFE 2 DRIVE SOLUTIONS LIMITED
Allan Gibbons | Sinead Moy | Scott McLennan
Telephone: 0141 260 7272
Email: admin@safe2drive.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Safe2Drive is a hosted agile solution that provides clients with a selection of different services according to their requirements. Services available include our mobile application "Driving for Work," Grey Fleet, Driver File, FileSafe, and also E-Driver Training & Fleet Management.
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- No Special System Requirements
- Client Internet Access
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Immediately during business hours
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide an all Tier support to all clients inclusive in the cost for the service.
Tier 1 Basic help desk resolution and service desk delivery.
Tier 2 In-depth technical support.
Tier 3 Expert product and service support.
Tier 4 Outside support for problems not supported by the organisation. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- As we are ISO 27001 certified, we provide clients with a boarding process that includes service and support along with online training (free) and, where required, onsite training (at an agreed fixed fee).
- Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- Video
- End-of-contract data extraction
- They export their data (CSV)
- End-of-contract process
- The client extracts their driver data (CSV) and then the driver data would then form part of our driver deletion policy as per UK GDPR & DVLA guidance.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There is a specific mobile application for Safe2Drive that provides modified reporting and supports driver licence & grey fleet capability for managers and drivers. We support Android and Apple devices.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- We provide an API that is available to return all driver licence data points & vehicle data and facilitate driver permission. Access to the API, test account, and integration notes is provided along with the API key.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The service can be customised, such as the User Hierarchy | User locations | Driver check frequencies | User defined filters & reporting
Scaling
- Independence of resources
- There is no restriction due to the scalability of the platform and the hosting provider.
Analytics
- Service usage metrics
- Yes
- Metrics types
- This is provided through the system audit trail and logins of the system users. This shows system utilisation as well as the dashboard providing all stats and priorities.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- As authorised, the user would be able to export their driver data from the reporting suit via a CSV file.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.5% SLA excluding notified downtime, by MS Azure or the DVLA but in practice, service availability is far greater than this.
- Approach to resilience
- The service is hosted in Tier 4 data centres (with 99,995% uptime, we can state that an Azure Datacentre exceeds the expectations of a tier 4 datacentre) located all within the UK, with an automated failover from the main data centre to the secondary data centre that replicates the service.
- Outage reporting
- If an outage on our service happened, we would report the service status by email or via the public website.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- The users credentials will be checked against active directory within the system
- Access restrictions in management interfaces and support channels
- The user name & password would be checked against the active directory
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 10 February 2023
- What the ISO/IEC 27001 doesn’t cover
- Third party data suppliers
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
- ISO 27001 security policies use internal auditors and an annual audit by an external certifying body.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All hardware and hosting are provided under contract with Microsoft Azure. The development of services uses agile methodology, with software development and testing policies requiring security assessment and review.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Potential threats form part of software development policy and code testing and review. Annually, an authorised third party scans internal and hosted service vulnerabilities and conducts external system penetration tests. All patches and updates are managed centrally. Potential threats are monitored.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Service uses full Microsoft Security Suite and other logging and monitoring services that run continuously. Any high-level vulnerabilities or incidents will be responded to immediately as a matter of urgency in accordance to our ISO 27001 ISMS.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our ISO 27001 policies cover incident management, and they are dealt with according to the nature of the incident. In the event of a data breach, they have a separate policy and notification process that are covered in the Data Breach Policy again part of our ISO 27001 standard.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
Our business supports the wellbeing of the workforce and the general public by ensuring that those driving vehicles for work-related purposes are suitably qualified to operate their vehicle, irrespective of the vehicle's ownership.
Pricing
- Price
- £1.70 a transaction
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Up to 10 UK electronic driving licence checks are to be used within 7 days.