Audit system ensures data security when managing health and testing information for safety sensitive workers
DriverCheck Inc. has achieved SOC 2 Type II certification, a milestone that underscores the growing importance of data security for organizations that manage health and testing information for safety‑sensitive workers.
The certification follows a rigorous, internationally recognized audit designed to evaluate a company’s controls related to security, availability, processing integrity, confidentiality and privacy of customer data. The independent assessment verified that DriverCheck’s policies, procedures and controls meet or exceed the strict SOC 2 standards set by the American Institute of Certified Public Accountants (AICPA).
For health and safety leaders, particularly in regulated or high‑risk sectors, the announcement comes at a time when artificial intelligence and digital tools are increasingly central to managing fitness‑for‑duty programs, occupational health surveillance, and drug and alcohol testing programs.
Osvaldo Ros, vice president, technology at DriverCheck, said the certification is both a validation of existing practices and a foundation for further technology innovation.
“We are proud to be SOC 2 Type II compliant,” said Osvaldo Ros, Vice President, Technology at DriverCheck. “This milestone demonstrates our unwavering commitment to protecting our client data and is a testament to DriverCheck’s exemplary standards for handling health, compliance and testing information with the highest level of care, security and professional integrity. Knowing the safeguards behind eManda, our web-based fitness for duty program management software, meet the rigor of SOC 2 enables us to innovate with continued confidence to deliver a better client experience.”
Relevance for health and safety leaders
For employers, particularly those operating in transportation, resource extraction, construction, and other safety‑critical sectors, the certification means additional assurance that sensitive data – such as health records and testing results – is being handled under recognized industry‑leading controls.
The SOC 2 framework assesses how organizations secure systems that process client data, how they manage access, and how they monitor controls over time. A Type II report, in particular, looks not just at the design of controls but also at how effectively those controls operated over a defined period.
In practice, this can matter for health and safety leaders who are:
- Running fitness‑for‑duty and return‑to‑work programs that depend on timely, accurate medical and testing data.
- Coordinating drug and alcohol testing programs across multiple sites and jurisdictions.
- Demonstrating due diligence to regulators, boards, and workers’ representatives around the protection of medical and testing information.
DriverCheck’s SOC 2 Type II status is positioned as part of its broader push to accelerate technology innovation, including the use of eManda, the company’s web‑based fitness‑for‑duty program management software.
Position in the occupational health and testing market
Founded in 1996, DriverCheck describes itself as Canada’s “Fitness for Duty expert” and a leading provider of workplace medical testing and assessments. The company works with a national network of clinics and medical professionals and serves thousands of employers across safety‑sensitive industries including transportation, oil and gas, aviation, rail, mining, construction, healthcare, manufacturing and forestry.
Its services span drug and alcohol testing, pre‑employment medicals, physical abilities tests, regulated medical surveillance, medical cannabis reviews and on‑site medical staffing.
With the SOC 2 Type II certification now in place, DriverCheck is signaling to current and prospective clients that its occupational health and testing platforms are aligned with established standards for data protection. For health and safety leaders weighing vendor capabilities, the certification offers a third‑party benchmark they can reference when assessing risk, compliance, and long‑term digital strategy for managing worker health information.