When choosing for a digital signature solution, security and legal validity is key. If you sign a document with a digital signature, there is no doubt that it is legally valid. Although, it does not mean that every digital signature is on an equal footing if it is challenged in court. To provide additional legal evidence many providers offer the possibility to keep up an audit trail of every digital signature transaction. As an Audit trail captures and preserves information concerning the delivery and signing process for each record presented, it can serve a particularly vital role when the authenticity of an electronic signature is in dispute.
What is an audit trail?
An audit trail, also often called audit log or certificate of completion, is a file which preserves information relating the delivery and signing process of each document uploaded in a digital signatures tool. In this means, it is possible to track and audit the digital signatures transparently, so that each transaction can be traced. Thanks to this audit trail the user can easily keep track and report user data, furthering the validity of the signature process.
With an audit trail the level of validity of the document increases significantly given the fact that all the transactions can be traced. This is because the audit trail ensures the integrity of the information at all times. Secondly, manipulation of any kind can be avoided by using an audit trail. And third, the audit trail can also serve as legal evidence.
What should be logged in an audit trail?
The audit should contain the details of all transactions of the signing process. This means that the action taken, the person who took this action, and the timing of this action should be accessible in the audit trail.
According to an article written by global law firm DLA Piper, its recommended that transaction audit trails track at least the following information whenever feasible:
- The date and time the signer(s) accesses the signing platform
- The date and time when alterations are made to the electronic record and by whom
- Confirmation that the person accessing the signing platform has successfully completed the authentication process (eg, entering an authorized user ID and password)
- The date, time and system identifier of each electronic record accessed by the person on the signing platform
- The date and time each electronic record is signed, the platform identifier for the electronic record being signed and the identity of the person signing the electronic record (based on the completed authentication process)
- The signer’s IP address
- Data on any tamper-seal information applied to the electronic record
Connective eSignatures provides an audit trail so that our customers can track the signing-process of their uploaded documents. As mentioned before, some data are a must have in an audit trail. Connective’s audit trail shows the following data:
- Package information, including name and date of package, e-mail and IP-address of the initiator, package status, document names, etc.
- In case the document is refused: datetime, name, email, and IP address of the refuser.
- In case of approval: datetime, name and email of the approver;
- In case of reassignment approver: datetime, name, email, and IP-address of the one who reassigned and the one who is reassigned.
- Viewers: datetime, name, email, and IP address of the viewers.
- In case of reassignment signer: datetime, name, email, and IP-address of the one who reassigned and the one who is reassigned.
- In case of signing: datetime, name, email, and IP-address of the signer
- In case of receivers: datetime, name and email of the receiver
Finally, protecting the integrity of the audit trail itself is also of utmost importance. When creating a perfect audit log and then fail to protect the audit trail against alteration it will create doubt that the information in the audit log accurately reflects the steps in the transaction. For Connective this is paramount, therefore we ensure the audit trail is protected against modifications and tampering.
Questions? Don't hesitate to contact us!