Random testing is only defensible if the selection is truly random, correctly rated, and documented. Here is the rule, the math behind a valid draw, and exactly what an auditor looks for.
Federal DOT rules require that covered employees be selected by a scientifically valid random method, that every employee has an equal chance each time, and that selections are spread reasonably throughout the year and stay unannounced. The FMCSA statement is §382.305(i); FTA, FAA, FRA, PHMSA, and USCG carry parallel provisions.
Each covered employee has the same probability of selection in every cycle — being tested last quarter does not change the odds this quarter.
Selections come from a neutral, repeatable process — typically a computer RNG matched to a neutral employee identifier — never a supervisor choosing names.
Selections must be reasonably distributed across the year (§382.305(k)) and unannounced — you cannot cluster a year of tests into one month.
A valid method has four properties — and a good system makes each provable after the fact:
Every name in the pool has the same chance. No weighting, no bias toward or away from anyone.
One period’s result does not influence the next. Prior selections do not carry over.
The draw keys off an ID number, not names or roles an administrator could steer.
Given the stored pool snapshot and method, the same selection can be re-derived and defended.
Not all “random” is equal. A basic spreadsheet shuffle is pseudo-random — predictable and hard to defend under challenge. A cryptographically secure RNG (CSPRNG) draws from the operating system’s entropy: uniform and unpredictable, exactly the standard a valid random program needs. Random Pool Manager uses an OS-level CSPRNG and records the method plus a snapshot of the exact pool on every draw — so the selection is both valid and reproducible.
The rate is how much of your average covered population you must select each year. Under FMCSA §382.305(b) the baseline is 50% for controlled substances and 10% for alcohol (the Administrator may adjust these by annual notice; other modes set their own). Those selections must be spread reasonably across the year — most programs draw quarterly or monthly.
Tip: the DOT random testing rate calculator shows how many selections your pool size and rate require.
Evidence the selection used a scientifically valid random process, not manual picking.
Who was actually in the pool when the selection ran — new hires in, terminations out.
Total selections meet the annual minimum for your mode, spread through the year.
A certificate per draw, plus what happened to each selected employee (tested, or documented reason).
Disclaimer: Educational summary, not legal advice; cites FMCSA rules as representative — other DOT agencies have parallel provisions. Verify against the regulations that apply to your operation.
Random Pool Manager runs a valid CSPRNG selection, issues the certificate, and keeps the reproducible record — for every client you manage.
See Random Pool Manager