Certified Persons
When do you need this
When you lose time with the follow-up of safety tests for your drivers.
When it is hard to put your compliance processes in practice because it is difficult to organize.
When you want to blacklist drivers
When drivers should be on a ātrusted listā / āwhitelistā to enter a site or pick-up goods
Necessary for TAPA sites
Necessary for Known Consigner customs flows
Main idea
When registering a driver must have a specific set of valid certificates to be able to enter the site.
Thera are 2 ways to assign a certificate to a driver:
manually: this is the equivalent of manually whitelisting a driver
by self-certification: the certificate is assigned after the driver completes a safety test successfully.
There are 2 ways to identify a driver:
Unique number (such as social security number): this is the less secure solution.
Passport scan: Both European id cards and international passports are supported (as long as they have a āhuman readable zoneā.
How to use
Certified person vs. visitor
Logistics | Office visitors & contractors |
|---|---|
The visitor is the transport, identified by a reference. The certified person is the driver, identified by a passport or a phone number. | The visitor is the expected person, identified by an email or E-ticket. The certified person is the also the expected person, identified by a passport or a phone number. |
Register as a certified person on the kiosk
A visitor will follow these steps in the registration process:
Step | How it will look for the visitor |
|---|---|
The visitor identifies either with a unique number (like phone number) or passport. | Unique number  Passport:  |
Visitor is informed about the required certifications. It shows missing certificates and available certificates (incl their expiry date). |   |
Only in case of missing certifications, the flow will continue for each missing certification | |
Next, for the first missing certificate the one or more briefings are shown. (html text & images or videos) Note: if the certificate does not allow for self-certification, an error will be shown.  |  |
Then the visitor should answer one or more test questions. |  |
Based on the answers the result is shown to the visitor. If the visitor passes, the certification is added to this visitor with the pre-configured expiry date. Registration will continue. If the visitor fails, they will have to redo the test. Note: after a certain amount of retries, the visitor will run out of retries. The retries should be reset by an employee of the site, before the visitor can continue. |   |
Next the visitor is shown the summary once more, with the updated certification information. | |
View, create and edit certified persons
Certified persons overview
Navigate to the certified persons overview via the left hand navigation.
You can search for certified persons. Be aware, the default filter is set on active certified persons only.
Certifications overview
To view certifications, open a certified person and navigate to the certifications tab. There is no overview of certifications across multiple certified persons.
Create and edit a certified person
A new certified person can be added upon successfully certification during kiosk registration, via API or manually via the Portal (as displayed below).
Add Certification to a Certified Person
A certified person can be linked to one or more Certificates. Certification would be automatically added to Certified person upon successful certification test during kiosk registration, but can be also manually added to Certified person.
Delete Certification
Certificates can be expired after defined certification expiration period, but can also be manually deleted.
Reset attempts
Certificate tests can be configured with a max amount of attempts after a failure. After this maximum amount of attempts is exceded, visitor is blocked for further certificate tests. Users can reset this attempts so visitor can retry certification.
Known limitations
Randomising questions: both asking different questions per test and putting the questions in a different order are not supported.
Allow drivers to complete a certificate / training up-front so they can win time on site. This comes very close to typical e-learning functionality. In case this is required, an integration (pushing certificates to Peripass using the public API) should be considered.
Advanced work permit management, including follow-up notifications of expiry dates of work permits (such as Limosa etc.). For these kind of challenges, specific solutions exist such as contract management and work permit management systems. See more information about a possible integration strategy here: Integrating with an LMS / Contractor management system / Work permit management system
From experience, we have learned that it is essential to have a fallback plan in case the scanner is unable to read a passport. Various factors can cause this issue, such as a dirty or bent passport or the driver still using paper IDs. In fact, it is completely normalāan industry standardāfor around 10% of drivers to be unable to complete a passport scan.
To ensure a smooth process, it is crucial to establish a clear procedure for drivers who are unable to pass the passport scan successfully.
More information
Validity periods
A certification can be limited in time. The certification validity is not linked to the visitor validity, meaning a visitor can be invited for specific dates, but the system will always check if the entered passport number has still valid certifications. If not, then the visitor will be asked to renew his/her certification.
Allowlist (white lists)
When linking a profile to a certification without a quiz, certifications must be manually added to individuals. This allows you to create a custom list of authorized drivers who can access your site. For sites following TAPA regulations, this is a standard safety requirement. More information: Certified Persons | Tapa-compliance-checks-&-documents
Disallowlists (Blacklists)
In some cases, you may want to permit all drivers except those with whom you've had negative experiences. To do this, you can manually add a āBlacklistā certificate to a certified person (driver). This certificate overrides all other certifications and displays an alert to the driver when they attempt to register at the kiosk."
Identification of the visitor: unique number vs. passport scan
The systems supports 2 ways of identifying the visitor:
Based on passport number using a passport scanner | Based on a self chosen text identifier (which could also be a passport number) |
|---|---|
This is the most secure way. During the registration the driver is asked to scan his passport. Both European id cards and international passports are supported (as long as they have a āhuman readable zoneā. | If passport verification is not that much of an issue, the customer can choose to work with any text identifier they want to use. This can be a personal phone number or email address. |
| |
Security levels of the passport scan
When using passport scanners, itās essential to set clear expectations for customers regarding the levels of identification that can be achieved. Identification processes can be categorised into three levels:
Level 1: Basic Passport Data Reading SUPPORTED
This involves extracting the national identification number from a passport using Optical Character Recognition (OCR). This level is the primary capability currently supported by Peripass.
Level 2: Document Authenticity Verification NOT SUPPORTED
At this level, the passport is verified to confirm it is an authentic document, rather than a reproduction or forgery. While this process can be automated using paid online services, Peripass does not currently support Level 2 verification.
Level 3: Identity Matching NOT SUPPORTED
This highest level of verification confirms that the individual presenting the passport is indeed the person identified by it. Level 3 verification requires biometrie checks or human intervention and is also not currently supported by Peripass.
The decision to incorporate additional levels of verification involves weighing the added security against the potential cost.
Fastlane kiosks
When you have a lengthy certification test, you might want to avoid long waiting times for already certified visitors. Therefore we have the possibility to reserve self-service kiosks for visitors that already have certification. Visitors trying to register without certification will be directed towards another kiosk, using a warning screen similar to this:
GDPR and privacy
Requiring visitors to scan their passport could result in privacy and GDPR questions. Some of these questions and how we answer them?
What personal information is stored?
By default we only store the passport number. As this number is not linked to a personal name and there is no public database, this number can not be linked to an individual (except when the government is involved, like the police in case of an accident).
Does Peripass store a copy or a picture of my passport?
No. By default we only store the passport number. We take a picture to read out the passport number and immediately remove the picture afterwards. This happens on the hardware itself, so the picture wonāt even reach the servers of Peripass.
Is it legal to scan a passport?
Yes. GDPR helps to make sure that you take privacy into account in your processes. A lot of organisations are legally obliged by local regulations to verify a passport before allowing visitors onsite. There are also organisations that made a risk assessment (DPIA) in which it turned out that safety measures require to scan a passport. It is important though that the benefits justify the need for storing personal data. It is also important to always ask for consent from drivers. Asking for consent can be part of the flow.
The Peripass implementation team can assist you with designing your processes in a GDPR compliant way.
What with personal information on the visitor that is linked to a certified person?
In Peripass we typically store phone numbers per visitor. There is a link between a visitor and the person who is certified for this visitor, which means there is a link between the passport number and a phone number. The combination of those 2 is much more sensitive data.
However, the moment the visitor leaves the premises, the phone number can be anonymised and therefore the sensitive data will only be saved during a very limited time, which is justifiable in most organisations.
The Peripass implementation team can assist you with designing your processes in a GDPR compliant way, including ensuring that some information is anonymised at the right time.
How to set up
Create a certificate and require the visitor to take a test
Create a certification test: Configuration > Certification tests > Add certification test
Configure how many attempts the visitor has to complete the test. Itās recommended to allow visitors to retry the test a few times.
Add safety briefing: ā¦ > Edit certification test > Briefings > Add briefing
Use the briefing to inform visitors about the safety regulations they need to adhere to.
Add questions: ā¦ > Edit certification test > Questions > Add Question
Each question can only have one correct answer.
Update how many questions the visitor must answer correctly in order to be granted the certificate.
Create a certification type: Configuration > Certification types > Add certification type
Select to which profile(s) the certificate should be linked
Select the test(s) the visitor must complete
Specify the validity period of the certification
Configure the self service kiosk on which visitors can identify themselves and take the test: Configuration > Self Service Kiosks > Edit a kiosk > Certified Person
Create a certificate to deny people access.
Create a certification type: Configuration > Certification types > Add certification type
Select to which profile(s) the certificate should be linked
Specify the validity period of the certification
Toggle Blacklist on.