Monthly Archives: August 2017

What To Do If Your ELD Is Not Compliant

As the mandated December deadline approaches, it is more important than ever to ensure your ELD devices are compliant with FMCSA regulations. And yet, that doesn’t mean it’s easy to ensure.

The fact is, if your fleet invests in an ELD and it is found to not be in compliance, the carrier will be stuck dealing with a difficult option. While truckers on the fleet payroll will be able to temporarily use paper logs, motor carriers will have a scant eight days from the moment they receive the non-compliance notification to replace the non-compliant devices.

In a situation where a large fleet has outfitted a lot of vehicles with non-compliant devices, the FMCSA will work with the carrier to develop a reasonable timeframe to get the devices replaced. Still, this provides minor comfort for a carrier doing their best to stay within the bounds of the law.

Also, consider the business relationship at stake. If a motor carrier has invested large sums in equipment that is found to not be in compliance, they need to evaluate who they are working with, lest they get caught in a rip-and-replace situation that doesn’t actually resolve the problem.

Looking For Verified Vendors

Consider this: There are no more than 36 ELDs currently on the FMCSA-approved list. Even more interesting – and perhaps puzzling to some – is that some of the largest names in trucking telematics are still absent from the list.

Whether you are referring to Omnitracs or PeopleNet, these big vendors are notably absent. The primary reason for their absence lies in the fact that they are still going through a rigorous self-certification process.

The FMCSA ELD-certification guidelines comprise a whopping 500+ page document. There’s a slew of technical details to consider and major players want to make sure they get it right before arbitrarily placing their equipment on the list.

Whether you are referring to HOS rulesets, California ag rules or Texas oil field rules, there are a lot of different aspects to consider. Vendors must weigh all of this together and ensure their devices are compliant.

What is ERODS?

One of the primary issues vendors are reporting is with the law enforcement data reporting aspect. The majority of enforcement officers will be using a software called Electronic Record of Duty Status, or ERODS. This software will be designed to translate data from a file in the ELD to the enforcement officer’s own system.

The officer can make the transfer one of a few different ways:

  • Telematics
  • Uploaded via a web service
  • Sent as an attachment in an email
  • Peer-to-peer short distance transfer
  • Bluetooth transfer
  • USB File transfer

Still not every state will do a file transfer to ERODS. In those cases, a truck driver can either print a copy of the log and hand it to the officer or the actual ELD device itself can be given to the officer. The device display would then mimic how a traditional paper log grid looks.

The Fleet Recourse

With these disparate forces at play, what is a fleet to do to ensure the equipment they are using meets federal requirements? The simplest option is to initiate a dialog with the ELD vendor to ensure they have done their due diligence in ensuring the device is compliant.

They can also request that a provision be written into their supply agreement that requires compensation for damages should the device being used be delisted. This is especially important if fleet truck drivers have experienced lost time.

Consider that an ELD provider who does not meet the requirements likely won’t agree to that provision within the contract. In the end, it is vitally important that you go with a vendor who solidly stands behind their product without question.

Are You Sure Your ELD Meets FMCSA Regulations?

As the ELD mandate continues to make its headlong march to full implementation on December 17, it’s important to not be fooled into thinking that the term “FMCSA Certified” means that the FMCSA has done some type of testing to ensure that the ELD complies with specific regulations surrounding their build and use. Be forewarned against making that assumption, however.

The fact is, per the FMCSA, some device manufacturers are improperly placing a sticker or marking on their devices claiming that they are certified by the FMCSA, when, in fact, this is not true. Remember, the FMCSA keeps a registry of devices that are certified. Always make sure to check the registry before assuming that a particular device fits the bill.

Know the Difference

One thing to keep in mind is that there’s a difference between registration and verification. Although manufacturers conduct tests to certify the product, it doesn’t necessarily mean that the product was manufactured and performs per FMCSA specifications.

It doesn’t take much for a system to be compliant today, but removed from the list tomorrow. An even more important consideration is that there isn’t even a set-in-stone guarantee that the ones on the list will be compliant.

Why? Because the bar to get on the list is pretty low. It pretty much includes the manufacturer reporting that the device is a compliant ELD… and that’s it. Getting on the list is more of a registration process than a certification process. The FMCSA is not vetting documentation or conducting any of their own tests.

But is it as easy as throwing some terms into a document and then getting certified? Perhaps not.

The Process

There is a pretty comprehensive list of documents that a manufacturer must upload to the website to get registered. Currently that list includes:

  • Driver user card
  • Law enforcement data transfer instructions
  • Malfunction and diagnostics data
  • Equipment photos
  • Serial numbers

Still, there is some wiggle room for less scrupulous device manufacturers. Why? Mainly because there is an assumption of compliance, rather than a mandate. As with any rule issuance, there is an expectation of compliance, with consequences on the back end, rather than an enforcement aspect on the front end.

That fact is this: It will be up to the carrier to ensure that the device’s specs conform to what the FMCSA expects.

Some argue that the FMCSA has not fully considered that vendors may self-certify even if their products are not compliant. There is a major self-interest component at stake here.

Consider that some ELD manufacturers appeared on the list within a week or two of the list being made available. Is it possible that these manufacturers went through a rigorous vetting process within such a short period?

Doing Your Own Verification

So, what’s the answer? In many cases, it will be to conduct your own, independent verification of the device you plan on outfitting onto your vehicles. Fortunately, there are groups out there that now offer independent device testing.

Whether it be a large accounting auditing firm like KPMG, or smaller outfits, like Canada’s PIT Group, companies and organizations are stepping up to the plate to ensure there no discrepancies between what an ELD manufacturer says their device conforms to and what it conforms to.

Does this mean that there are no challenges with utilizing a third-party certification process? Certainly not. If a third-party tester is using one version of a software, yet the device ships with a different version, or an update occurs, it could entirely be possible that the results become skewed.

Therefore, it is important to not just verify, but double-check. As with anyone getting a medical diagnosis, a second opinion never hurts.

What You Need To Know About FMCSA Compliance Review Trends

When it comes to pre-trip inspections, it is now far easier for a safety auditor to see when a driver is not properly doing their job. Why? Consider that the FMCSA has now changed the process for completing a compliance review.

The revamped compliance review – which has been in place for some time – expands the interviews the FMCSA completes with specific members of the organization. Still, this doesn’t mean there has been a major overhaul in how the FMCSA completes a compliance review.

For some time now, the FMCSA has been moving away from full reviews and closer to focused reviews. Still, new trends are emerging as the FMCSA slightly shifts its focus.

CSA Scores or Complaints?

If you look at historical trends, the FMCSA has generally put complaints below CSA scores on their list of review priorities. Up until now, a BASIC alert was the primary factor for whether the FMCSA decided to complete a compliance review. Now, that is changing.

The main reason for the shift is in two areas. One is the truck driver coercion rule and another is how easy it has become for a complaint to be filed, which has dramatically increased the volume of complaints flooding into the office.

Many complaints are now treated as though some form of coercion has taken place, even if little to no evidence of coercion is found. This is leading to carriers who have no BASIC score alerts undergoing a focused review.

Hours of Service

Despite a move away from paper logs and toward electronic logging, hours of service violations still abound. This is especially the case where false logs are concerned.

Therefore, it is so important for fleets to ensure that the time being reported is cross referenced with the truck driver’s log. And this must go beyond a simple accounting for the date.

Whether the fleet looks at fuel reports, tolls or reimbursements receipts, there are several ways to cross-reference what is being reported.

Medical Card Changes

With the “grace” period ending, it is more important than ever that a motor carrier verify a physician’s license utilizing a national registry or running a CDLIS report.

Should you run a report from an arbitrary fleet system or utilize the CDLIS report? To avoid a potential focused review, it is very important to utilize a CDLIS report.

Consider that on your own internal report, you may not have all the necessary information at hand. The fact is, you don’t want to risk it, so why not run the report that you know will ensure you have all the boxes checked?

Managing Your DVIR Process

It is now easier than ever for an inspector to make a case against a truck driver who doesn’t have a proper vehicle inspection report on hand. The new rule now requires that a DVIR must be filled out when a defect has occurred, which makes it easier for an inspector to make a case for a focused audit.

This essentially means inspectors can use a roadside inspection with a maintenance issue listed and corroborate that issue with a DVIR that correspond with the date listed. It’s also important to pay close attention to breakdown reports, repair orders and maintenance records. If these show obvious problems that the truck driver should have been aware of – but weren’t listed – you could find yourself on the receiving end of a review.

Finally, it’s important to ensure your operators are not operating with a suspended or invalid CDL. While this may seem like a very basic requirement, it is resulting in even more violations than ever. Ensure an internal process is set up to monitor each of your truck drivers’ CDL statuses.

Are Private Toll Roads The Answer To The Infrastructure Spending Question?

There’s been a lot of talk, both within the Trump administration and within Congress regarding infrastructure spending. Promises have been made on both sides, but where will the money come from?

While the Trump administration wants to rely in private sector money to stabilize the Highway Trust Fund, this would also likely lead to more tolls, paid by both truckers and passenger drivers alike. After all, the private companies building out our nation’s new infrastructure will need to recoup this money from somewhere.

The Administration View

In his most recent address to a joint session of Congress, President Trump expressed an interest in a “national rebuilding” of the nation’s infrastructure.

He said, “President Eisenhower initiated the last truly great national infrastructure program, the building of the Interstate highway system. The time has come for a new program of national rebuilding.”

The President also referenced a discussion he had with a friend in the trucking industry during a speech to the National Governor’s Association. He was quoted as saying his friend mentioned trucks getting destroyed on the drive from New York to Los Angeles because the roads are so bad.

Per the administration, funding for the $1 trillion-dollar program should come from both public and private sources. But is this feasible, and where exactly would the money come from?

The Current Situation

Ask anyone with an insider’s view on the situation, and they’ll tell you we need a ton of money just to keep things at the status quo. According to Joung Lee of the American Association of State Highway and Transportation Officials, $110 billion would be needed in the next ten years just to keep infrastructure development from backsliding.

With infrastructure funding nowhere near that level currently, where can we expect the Trump administration to get this money? Up until now, the Highway Trust Fund has relied heavily on gas and diesel taxes to fund infrastructure improvements. Yet, the gas tax hasn’t been raised in over twenty years. As fuel efficiency increases, the problem is compounded.

Ask the Highway Users Alliance, and they will tell you that private funding would likely come in around 10 percent or less, a paltry number when it comes to funding the entire project. Are cheap financing and tax breaks the only answer or will funding must come from increased tolls?

Are Tolls the Answer?

When it comes to recouping funds on heavily used roads and highways, private infrastructure financiers will likely turn to toll roads, as this is generally the only way to generate a revenue stream from these projects.

The Alliance for Toll Free Interstates says that toll roads are the worst of all available funding options, but is this really the case? Others see no other way out. If private companies are to step in and provide some of the funding, increased tolls may be the only answer.

Fortunately, American policy-makers need only look across the pond for examples of where robust highway systems and vibrant trucking companies co-exist. From France to Italy and Spain, toll-supported highways help operate well-maintained, top-level super highways.

Still, while increased tolls provide one answer to the problem, they can’t be the only solution. Public-private partnerships must be bolstered and money has to come from almost every possible source if a true $1 trillion is going to be leveraged to complete the nation’s infrastructure upgrade needs.

The fact is, whether it’s significant federal investment through taxes, borrowing or increased tolls, it is neither wise nor feasible to say that there is one single silver bullet that will solve this problem. What will happen next is a matter for time to tell.

How To Manage Cybersecurity In The Age Of Telematics: Part II

In Part I of our series we looked at what it means to manage your data in the age of hacking. From what types of hacking you can expect to a general overview of methods and strategies, there’s a lot to cover on this topic.

Today we will dig a little deeper into the different aspects of data protection that you and your business can employ. It’s time to look at cybersecurity from an IT angle.

The Human Element

The integrity of a fleet’s data management system relies on how well you manage said system, as well as systems upkeep.

Beyond the technical aspects, it’s also important to address the human element. After all, you will be having employees and partners regularly interacting with these systems. If you don’t have a comprehensive telematics security program in place that addresses the human element, you aren’t as protected as you think.

There are generally four aspects of telematics security at play in any given situation:

  • Management: Do you have an established team of security experts and a management crew who understands the meaning of cybersecurity?
  • Policies: Does your organization have a set of comprehensive policies and procedures in place regarding cybersecurity?
  • Design: Are your systems designed with product safety and software development in mind?
  • Training: Are you regularly training your employees and management staff on the various cybersecurity policies, procedures and technical aspects you’ve put in place?

Once you’ve answered these questions, it’s important to address the resiliency of the platform itself. Let’s take a closer look at this topic.

Platform Resilience

The Federal Bureau of Investigation (FBI) has recommended that operators of commercial motor vehicles should not connect third-party devices to OBD II ports. The fact is, if you don’t know where a particular device was manufactured, you shouldn’t be connecting it to your expensive commercial motor vehicle.

Any fleet manager worth his or her salt in the field knows that there should be specific policies in place to ensure connected devices are safe. There are also a number of tried-and-true principles to follow to ensure your telematics platform and subsequent data collection efforts are safe.

They include:

  • Ensuring data transfers are secure
  • Signing updates digitally
  • Using proprietary hardware code protections
  • Assume codes are public, ensuring you are constantly changing or updating them
  • Employ the use of strong random numbers and encryption when transmitting information from one system to another
  • Compartmentalize critical security-related data
  • Do not use the same encryption key for multiple roles
  • Have a verified third-party audit your telematics security systems
  • Limit your server access to a need-to-know basis
  • Constantly test and verify your systems

If you don’t take a rigorous approach to your systems security, you are leaving the vital, digital lifeblood of your software and hardware systems vulnerable to attack. To ensure full redundancy and security, you must be constantly reviewing, improving, testing and validating your cybersecurity measures and telematics protection initiatives.

Design Security in the Cloud

Since most telematics systems store their data in the cloud, you have to make sure your systems are protected at both the beginning and end-points. Telematics systems relay their data to a storage or processing server, so they must be secured at the source on both ends.

Also, it is vitally important to remember that no system is ever perfect. Never rest on your laurels and assume that because you addressed it once, it’s addressed forever. Only constant vigilance will ensure that your systems remain ahead of potential attackers.

Once you have the right protection in place, ensure responsible parties stay up-to-date on its operation. Only through proper care and consideration can you ensure your telematics data remains safe over the long term.