The Anatomy of an Audit Trail: Electronic Signature Simplified
An audit trail can be the deciding factor between a valid and invalid electronic signature document. Going by the actively surging electronic signature adoption rates and growing number of online businesses, there’s no arguing that eSignatures are here to stay.
Since eSignatures are soon to be the new normal, we thought we should discuss what an audit trail is and why it’s an important part of an electronic signature.
You may be familiar with the difference between electronic signatures and digital signatures, in case you’re not, an electronic signature is information in electronic form (can be sound, symbol, process, etc.) that is associated or attached to a document. This means that as long one can demonstrate that the signature is associated with a person and that there was intent to sign, everything is legally binding and accepted.
A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is. It also ensures that the document cannot be tampered with, as the signature becomes invalid if the document is changed after signing. You can read about the differences between electronic signatures vs. digital signatures here.
Now that we have covered the basics, let’s get to what an audit trail is and why it plays an integral part in the process of validating of a document.
Technopedia, the IT education site defines an audit trail, in the context of information technology, “as a chain of evidence in the form of hard or electronic business transactions or communications resulting from business processes, functions or programming executions.”
In other words, an audit trail is a detailed list of critical data points, pertaining to the transaction, that are recorded and reported. These data points help verify the validity of the transaction.
In terms of Electronic Signatures, an audit trail helps keep track and reports user data, furthering the validity of the signature process. Most, if not all serious eSignature vendors out there — including Signority — provide an audit trail with every electronic signature transaction.
Below is a list of important components we display in Signority’s audit trail:
- Unique Document Title
- Secured seal (Digital Signatures)
- Email Address Of Signers And Viewers
- The IP address of the involved parties
- Documents viewed by each signer
- Signers consent to terms of service
- User authentication: SMS and Email
- Signature creation (by each signer)
- Party agreement to / acknowledgement of document
- Document downloads after signing
- Signer’s Status
- GUID (or ‘Globally Unique Identifier’)
For the sake of avoiding any form of confusion, let’s go over what these components mean and what value they add to the entire electronic signature validation process.
Breaking down the Audit Trail
Unique Document Title
A unique document title is the unique file name of the document that was originally created by the document creator. The unique document name can be found in the first page of Signority’s audit trail.
Secured seal (Digital Signatures)
The secured seal is native to Signority’s digital signatures audit trail, the Secured Seal is both “Tamper-proof” and “Digitally Encrypted”. Meaning that, if the audit trail document was tampered with or edited in a third-party software such as Adobe’s Photoshop, the seal would immediately break and be considered invalid.
Signority’s Secured Seal is only available with our digital signature plans. In order to make digital signatures available to our customers, we use a Hardware Security Module (HSM) provided by GlobalSign to help store and manage the digital keys used in the digital signing process.
Want to know more about digital signature? Check out our post on the difference between electronic signature vs. digital signatures to learn more!
Email Address Of Signers And Viewers
The audit trail records and displays the email addresses of all parties involved, which can be either signer or viewer.
- Signer: Signers’ are users who are required to sign a particular document. A signer could be a primary signer or a witness.
- Viewer: A viewer is a user with view-only capabilities.
The IP address of the involved parties
According to IP Location, an IP address or Internet Protocol is “A unique address that computing devices such as personal computers, tablets, and smartphones use to identify itself and communicate with other devices in the IP network.”
In terms of Signority’s audit trail, the IP address associated with a particular signer or viewer, at the time of viewing the document is recorded and reported — adding an extra layer of validity to electronic signature documents.
Documents Viewed By Each Signer
The Documents viewed by the signer or viewer is displayed in the name section in the Audit trail. The audit trail also displays the exact time the document was viewed.
GUID (or ‘Globally Unique Identifier’)
GUID’s of Globally Unique Identifiers, are defined by BetterExplained as “Large, enormous numbers that are nearly guaranteed to be unique.”
They usually look like this:
At Signority, every document created is assigned a Globally Unique Identifier and can be viewed in the audit trail.
Signers consent to terms of service
cSigners consent to use terms of service, refers to the signer or viewer agreeing to abide to the rules in order to use services provided by Signority.
User authentication: SMS and Email
Verifying the identity of a user before granting access to secured information is the main intention of the User Authentication feature.
With Signority there are two additional methods that can used to verify signers and viewers — i.e. SMS and email — when email and /or SMS password authentication is turned on by the user, Signority sends a randomly generated unique code to the recipient. The code is required to access the document.
The type of user authentication used is displayed in the “Authentication” section of the Signority’s Audit Trail.
Signature creation (by each signer)
The Signature Creation section is a critical component of the audit trail, it is the original signature of the required parties.
At Signority and most other eSignature providers, a party’s signature can be created by:
- Using a touch pad/screen or mouse
- Typing their signature using a keyboard
- Uploading a scanned copy of their signature
Document downloads after signing
Once the document is finalized by all of the signers, all parties involved are notified via email with an attached copy of the finalized document for safe keeping.
The signers status reflect the final action taken by all required signer’s, the status can be: “Rejected”, “Waiting to Open”, “In Progress”, “Finalized and “Viewed” — depending on the action taken by the signer.
Looking to take your business paperless? Sign-up now and get free access to Signority’s Business Plan.