---
title: "Carrier Vetting Audit Trails in 2026: TMS Platforms, Highway, Descartes MyCarrierPortal, and Cipher & Row Compared"
description: "Who actually keeps a record of your carrier vetting? A sourced July 2026 comparison of TMS platforms, Highway, Descartes MyCarrierPortal, RMIS, and Cipher & Row."
author: John Nowlan
published: 2026-07-10
updated: 2026-07-10
category: Compliance
canonical: https://www.cipherandrow.com/blog/carrier-vetting-audit-trails-2026-tms-highway-descartes-cipher-row
---

# Carrier Vetting Audit Trails in 2026: TMS Platforms, Highway, Descartes MyCarrierPortal, and Cipher & Row Compared

By John Nowlan · Published 2026-07-10 · Cipher & Row Blog

For most of the last decade, the question a broker heard after a bad load was: did you vet this carrier? In 2026 the question has changed. Now it is: show me what you checked, show me when you checked it, and show me that nobody edited the file afterward. Plaintiff attorneys ask it. Shippers ask it during RFPs. Insurers ask it at renewal. The vendors have noticed. On June 23, 2026, Descartes launched a feature called AuditLog for its MyCarrierPortal onboarding platform, and its announcement framed the release around the Montgomery v. Caribe Transport II broker liability ruling. Highway has been citing the same case in its fraud messaging since spring.

### Key takeaways

- The big TMS platforms run the vetting workflow but delegate the vetting itself. McLeod's own integrations page lists carrier monitoring as a category of third party add-ons: DAT CarrierWatch, Highway, MyCarrierPortal, RMIS, and SaferWatch.

- Where a TMS markets an audit trail, it usually means invoices and freight bills, not carrier vetting evidence.

- Highway is the deepest carrier identity network in the market, but as of July 2026 it does not advertise vetting records or audit logs, and its published plans page lists No Export capabilities on every tier.

- Descartes MyCarrierPortal validated the category in June 2026 with AuditLog: a persistent, snapshot-based log of risk assessments and onboarding decisions. The feature page does not mention export or independent verification.

- [Cipher & Row](https://www.cipherandrow.com/) seals every packet scan into a signed record with an immutable event log and a public verify link, so anyone can confirm months later that the record has not changed. Published pricing starts at $49 per month for dispatchers and $149 for brokerages.

> The vetting itself is table stakes in 2026. The differentiator is whether you can produce evidence of it in eighteen months, and whether anyone outside your company can trust that evidence.

## What a vetting record has to prove

Before comparing vendors, it helps to define the job. A carrier vetting record that holds up under scrutiny needs five properties, and they are harder to combine than they sound.

First, it has to be a snapshot from decision time. FMCSA profiles change weekly. A record that shows the carrier's status today says nothing about what you saw when you booked them in March. Second, it has to be tamper evident. A record your own team can quietly edit is an exhibit against you, not for you. Third, it has to capture the human decisions, not just the data: who reviewed the flag, what they decided, and why. Fourth, you have to be able to get it out of the system, because the moment you need it is the moment you are handing it to an auditor, an insurer, or opposing counsel. And fifth, ideally, someone outside your company should be able to verify it independently, without taking your word or your vendor's word for it.

Hold those five up against each platform and the market sorts itself quickly.

## The TMS platforms: vetting is a plug-in

McLeod, Trimble, and MercuryGate (which now operates as Infios after the Korber acquisition and rebrand) are where brokered freight actually gets executed. They own the workflow. What they do not claim to own is the vetting.

McLeod is refreshingly direct about this. Its PowerBroker integrations page maintains a carrier monitoring category listing DAT CarrierWatch, Highway, MyCarrierPortal, RMIS by Truckstop, and SaferWatch as supported third party integrations, and its carrier management page describes pulling third party data to assess risk. Trimble's TMW.Suite catalog lists RMIS as a plug-in module, and the TMW.Suite product page is silent on carrier vetting entirely. Trimble did announce its own AI powered carrier vetting in November 2025, but inside its Freight Marketplace product, with a rollout planned through 2026. Infios' transportation management page mentions carrier onboarding as a workflow and says nothing about vetting depth.

The audit trail story is similar. Where these platforms use the phrase, it is financial. McLeod markets a complete audit trail for carrier invoice processing. In the MercuryGate lineage, audit means freight bill audit. The one genuine exception we found is Turvo, which since September 2025 has marketed an immutable event trail with chain of custody language: who viewed or changed data, previous values, timestamps, source. It is real audit trail engineering, and it is scoped to shipment records, not carrier vetting evidence. Turvo also publishes its pricing, which starts at $5,000 per month.

None of this is a knock on the TMS platforms. Orchestrating execution is a hard, valuable job. But if the question is who keeps the evidence of your carrier vetting, the honest answer from the TMS tier is: the specialist you plugged in, if it keeps any.

## Highway: the deepest identity graph, the thinnest paper trail

Highway has earned its position. Founded in 2022, it reported more than 1,050 broker customers including 70 of the top 100 US brokers in its August 2025 funding announcement, and a June 2026 FreightWaves profile put its monitoring at roughly 2.5 million loads per month. Its chief commercial officer told FreightWaves flatly: Highway is Plaid. The pitch is carrier identity, verified at the connection level, increasingly backed by ELD data that confirms the truck asking for your load is the truck on the authority.

For tender time identity fraud, that model is genuinely strong, and we say that as a competitor. If your primary bleed is impostor carriers slipping into your network, Highway's device level approach and its network scale are the draw, and features like Load Lock+ extend it into ELD based tracking of committed loads.

The record keeping story is different. As of July 2026, Highway does not advertise vetting records, onboarding audit logs, or exportable due diligence evidence anywhere in its public materials. Its published plans page lists three tiers, no dollar amounts, and the same line item on each: No Export capabilities. Its API documentation portal exists, but access is partner gated rather than self serve, and the export restriction sits on the customer side regardless. Highway's own blog acknowledges that documents can be forged, and its answer is architectural: route around documents with source data, certified insurance agencies, and policy level analysis through its Exclusion Intel add-on. That is a coherent philosophy. It also means the evidence of what you checked lives inside a platform that, by its own published terms, does not let you take it with you.

## Descartes MyCarrierPortal: the incumbent validates the category

MyCarrierPortal, which Descartes acquired in 2024 for roughly $24 million, is the onboarding workhorse of the industry. It claims 250,000 carriers onboarded, a certificate of insurance database it says covers over 90 percent of active carriers, and packet flows that customers report cut onboarding from 30 or 45 minutes to 2 or 3. It integrates with roughly 35 TMS platforms, including McLeod, Turvo, Tai, and Descartes' own Aljex, and it publishes pricing: the Standard plan starts at $515 per month, with a third party guide from March 2025 reporting volume tiers running from about $394 to $3,650.

The June 2026 AuditLog launch matters because of who shipped it. The largest onboarding platform in brokered freight looked at the liability environment and decided that vetting evidence is now a product requirement. AuditLog, per Descartes' own feature page, keeps a persistent log of carrier risk assessments, management reviews, and onboarding decisions, with snapshot based documentation that preserves results as they existed at review time. That is criteria one and three from our list, and it is a real step.

What the feature page does not mention, as of this writing, is any export capability, any signature or tamper evidence mechanism, or any way for a party outside the platform to verify a record independently. The records live in MyCarrierPortal, and Descartes' marketing describes them as defensible documentation you can show. For many teams that will be enough. It is worth being precise about what it is: an application log with snapshots, held by your vendor.

Truckstop's RMIS deserves a mention in the same breath, since it competes for the same onboarding budget. RMIS Lite starts at a published $340 per month, and its identity features are ahead of its record keeping: selfie to government ID comparisons for identity badges and flagging of VoIP callers, but no advertised vetting audit trail as of July 2026.

## Cipher & Row: the record is the product

We built [Cipher & Row](https://www.cipherandrow.com/) around the assumption that the record question was coming. Every packet scan on the platform produces its evidence as a side effect of doing the work, not as a separate feature you remember to turn on.

Here is what that means concretely. When a dispatcher or broker runs a carrier packet through the [Packet Scanner](https://www.cipherandrow.com/blog/cipher-row-packet-scanner-how-it-works), every extracted field carries a confidence rating and a pin to the exact page it came from. Each field is checked against FMCSA and Canadian registry records plus fraud signals, and the result is a 0 to 100 trust score with a PROCEED, CAUTION, or BLOCK recommendation and the specific reasons behind it. When the scan raises flags, the reviewer confirms, acknowledges, or clears each one with a recorded reason, and acknowledged risks stay visible on the verdict. Then the scan is sealed: a tamper evident Ed25519 signature over the record, an immutable event log that accepts no edits after sealing, and a time stamped custody timeline from upload to decision.

Two properties separate this from an application log. The record is exportable: sealed reports render to PDF, and the Compliance Vault lists every record your company holds with its decisions, seal timestamps, and signatures. And the record is independently verifiable: every sealed record carries a public verify link, so an auditor, a shipper, or opposing counsel can confirm for themselves that the record existed at the stated time and has not changed since, without a Cipher & Row account and without trusting us. Verification recomputes from the stored record itself, so it keeps working even if the original uploaded file is long gone.

One thing we are deliberate about: this is a verifiable record of the verification you performed. It is not legal advice, and no vendor's log makes a bad carrier decision defensible. What it does is settle the factual questions of what you checked, when, and what you decided, with mathematics rather than memory.

The vetting underneath the record covers both sides of the border, which matters more than most US teams expect. A lookup checks FMCSA federal data, and for Canadian carriers it reads the provincial registries directly: Ontario's MTO rated carrier list refreshed daily, Quebec's CTQ safety watch list weekly, British Columbia's monthly bulletin, and Manitoba pulled per lookup, with a cross border FMCSA merge when a Canadian carrier also runs US lanes. Anyone can try the lookup layer free at [cipherandrow.com/verify](https://www.cipherandrow.com/verify), no signup. The platform is also open by design: a REST API and a Model Context Protocol server for AI agents ship on published tiers, and your data exports.

## Side by side

Claims below reflect each vendor's published materials as of July 10, 2026. Not advertised means we could not find it in public pages or announcements; it does not prove a capability is absent.

| Capability | TMS built-ins | Highway | Descartes MyCarrierPortal | Cipher & Row |
| --- | --- | --- | --- | --- |
| Published pricing | Mostly quote only (Tai from $995/mo, Aljex from $699/mo, Turvo from $5,000/mo) | Not published, demo gated | From $515/mo Standard | Dispatchers from $49/mo, brokerages from $149/mo, free carrier tier |
| Vetting audit records | Not advertised (audit trail means financial documents) | Not advertised | AuditLog since June 2026, snapshot based | Sealed record per scan, on by default |
| Record export | Varies by module | Plans page lists No Export capabilities on every tier | Not mentioned on the AuditLog page | PDF reports plus Compliance Vault |
| Independent re-verification | Not advertised | Not advertised | Not advertised | Public verify link per sealed record, no account needed |
| Document forensics | Not advertised | Not advertised; model routes around documents | Not advertised | Packet Scanner with field pins, registry cross-checks, fraud flags |
| Identity approach | Delegated to integrations | Carrier identity network, ELD backed | FMCSA validation, duplicate identity detection, VIN checks | Registry verification, reincarnated carrier tracing, sanctions screening |
| Canadian registry coverage | Not advertised | Not a marketed focus | Not advertised | ON and QC published lists, BC and MB registries, cross border merge |
| API and agent access | Per vendor | Partner gated API, customer tiers exclude export | TMS integrations, no public self serve API pricing | REST API and MCP server on published tiers |

## The price-performance math

Comparing prices in this market means comparing entry points, because two of the four categories do not publish numbers. Here is what is public. A brokerage can start on Cipher & Row at $149 per month with 250 verification credits, onboarding, monitoring with alerts, the Packet Scanner, and the Compliance Vault included, and scale to $399 or $999 tiers before anything is custom. A dispatcher desk starts at $49. MyCarrierPortal's published Standard plan starts at $515 per month. RMIS Lite starts at $340. Highway requires a demo and a quote. The TMS platforms are either quote only or start around $699 to $5,000 per month, before any vetting add-on.

The like for like is imperfect, and bigger networks are worth real money; we would rather say that plainly than pretend the comparison is clean. But the pattern holds: the capabilities this article is about, sealed vetting records, document scanning, and independent verification, ship inside Cipher & Row's published tiers at a fraction of the incumbent entry prices, not as an enterprise add-on with a sales cycle.

## Where each one wins

If your problem is impostor carriers at tender time and you want the biggest identity network in the market, Highway is the strongest specialist, and its TMS integrations are everywhere. If you onboard carriers in volume inside a TMS workflow and want the packet process itself handled, MyCarrierPortal has been doing exactly that for fifteen years, and AuditLog now gives it a real record keeping story. If insurance certificate infrastructure is the priority, RMIS remains the established name. And your TMS should keep doing what it does; none of this replaces execution.

Pick [Cipher & Row](https://www.cipherandrow.com/) when the record itself matters: when you want every vetting decision to produce signed, exportable, independently verifiable evidence by default, when you move cross border freight and need Canadian registries checked for real, when you want the documents themselves scanned rather than trusted, and when you want all of it at a published price with an API and AI agent access included. That is the corner of this market we built for, and in 2026 it stopped being a niche concern.

## Quick answers

**What is a carrier vetting audit trail?** A timestamped record of what a broker or dispatcher checked before working with a carrier: the data reviewed, the flags raised, the human decisions made, preserved as they existed at decision time so they can be produced later.

**Does Highway offer one?** Not that it advertises as of July 2026, and its published plans page lists No Export capabilities on every tier. Its strength is identity verification at connection time, not evidence you can take with you.

**What does Descartes AuditLog do?** Launched June 23, 2026, it keeps a persistent, snapshot based log of carrier risk assessments, management reviews, and onboarding decisions inside MyCarrierPortal. Its public materials do not mention export or independent verification.

**How is a Cipher & Row sealed record different?** Every packet scan seals into a record with a tamper evident Ed25519 signature, an immutable event log, and a custody timeline, and each record carries a public verify link so anyone can independently confirm it has not changed since sealing.

**What do these platforms cost?** Published entry points as of July 2026: Cipher & Row from $49 per month for dispatchers and $149 for brokerages, MyCarrierPortal from $515, RMIS Lite from $340, Turvo from $5,000, Tai from $995, Aljex from $699. Highway, McLeod, Trimble, and Infios do not publish pricing.

## Frequently asked questions

**What is a carrier vetting audit trail?**

A timestamped record of what a broker or dispatcher checked before working with a carrier: the data reviewed, the flags raised, and the human decisions made, preserved as they existed at decision time so they can be produced later for audits, insurers, or disputes.

**Do the big TMS platforms keep carrier vetting records?**

Their published materials do not advertise it. McLeod, Trimble, and Infios (MercuryGate) delegate carrier vetting to integrations such as Highway, MyCarrierPortal, RMIS, and DAT, and where they market audit trails the phrase refers to financial documents like carrier invoices and freight bills.

**Does Highway provide vetting records or audit logs?**

As of July 2026 Highway does not advertise vetting records, audit logs, or exportable due diligence evidence, and its published plans page lists No Export capabilities on every tier. Its focus is carrier identity verification and fraud prevention at connection time.

**What is Descartes MyCarrierPortal AuditLog?**

A feature launched June 23, 2026 that keeps a persistent log of carrier risk assessments, management reviews, and onboarding decisions with snapshot based documentation preserved as it existed at review time. Its public materials do not mention record export or independent verification.

**How are Cipher & Row sealed records different from an application audit log?**

Each packet scan seals into a record with a tamper evident Ed25519 signature, an immutable event log that accepts no edits after sealing, and a time stamped custody timeline. Records export to PDF, live in a Compliance Vault, and carry a public verify link so anyone can independently confirm the record has not changed, without an account.

---

Read this article in your browser: https://www.cipherandrow.com/blog/carrier-vetting-audit-trails-2026-tms-highway-descartes-cipher-row

Cipher & Row verifies US and Canadian carriers and brokers, monitors them for changes, and seals every vetting decision into a verifiable record. Try a free lookup, no signup: https://www.cipherandrow.com/verify
