5 Ways E-Signatures Make It Easier to Prove Compliance

OneSpan Team,

The audit trail of an electronically signed document has become an essential feature of an electronic signature solution since the 2008 financial meltdown. Since then, laws and regulations have become stricter. Companies are being audited more frequently. Senior executives are now being held both legally and financially responsible for the decisions they make. Companies are now looking to capture as much detail as possible about the decisions their executives and employees make, and the transactions that take place with their customers and partners, in order to prove compliance when an auditor eventually comes knocking.

An e-signature solution can help increase an organization’s compliance by enforcing business rules throughout the signing workflow, while recording what took place as people were presented with documents for review and signing. However, not all electronic signature solutions are created equally with regards to their audit trail capabilities.

Here are five things to consider as you evaluate the audit trail capabilities of an electronic signature solution.

1. Static Audit Trails

Does the electronic signature solution capture and reliably reproduce basic information about what took place during the signing workflow? Does it enable you to prove who signed, what documents, when (date & time stamp), where (city), how (computer / IP address), in what order, and who authorized it? 


Static Audit Trail

2. Document & Signature Security

Does the electronic signature solution secure both the signatures and contents of a document? Does it prevent people from deleting signatures from the document, and copying and pasting signatures into other documents? Does it prevent people from deleting and modifying the contents of the document? Are signatures visibly invalidated if any changes are detected? 

Analyst Report: Key Evaluation Criteria for E-Signature Software

Key Evaluation Criteria for E-Signature Software

Technology Evaluation Centers (TEC) outlines 7 e-signature selection criteria and their importance to your digitization strategy.


3. Sectional Signing

Many business processes involve multiple participants, requiring each signer to complete their respective fields and apply a signature. Does the electronic signature solution digitally sign the document’s contents each time someone new signs? If a signer and co-signer e-sign a contract on different days, is that history reflected in the audit trail?

If the solution wraps one digital signature around the entire document at the end of the process, it’s not giving you the full picture of each signing event. If you can’t prove that different people signed at different times, what would that mean to your organization from a compliance or litigation perspective?

4. Vendor-independent Storage

Does the electronic signature solution embed the audit trail directly within the documents so that you can securely store and verify them wherever you choose? Or, do you have to go back to the e-signature vendor’s service in order to verify the authenticity of the e-signed document? If you have to go back to the e-signature vendor’s service to store and verify documents, how will that impact your business and operations, especially if they experience performance issues or service delays, or even go out of business?

As a test, check the signature panel of the e-signed PDF to see if and how much audit information is embedded into the document.

5. Active Audit Trails

Does the electronic signature solution enable you to replay what took place during the signing workflow as experienced by signers? MonitorVideo-Mockup2  

Does it capture screenshots and timestamps of the step-by-step process, including what people saw and every action they took from start to finish? Does it enable you to prove how documents were displayed to people when they were dynamically generated and displayed for review and signing within a web browser?

Active Audit Trail image  

The Bottom Line on How to Prove Compliance

An electronic signature solution should make it easier for your organization to prove compliance in a continuously evolving digital world. This requires more than just capturing document-level audit trail information. As increasingly more transactions are taking place online and documents are being dynamically generated each time for each person, an electronic signature solution should also capture active audit trail information about the process so that you can prove precisely what signers experienced and agreed to.

When it comes to e-signature audit trails, everyone will give you a static audit trail, so you know what was signed. But what’s really important is not just that you closed a contract – it’s to see how you got there. That’s where the active audit trail comes in. It shows you how the process happened. OneSpan Sign is unique in the industry to provide an active audit trail.

Whether you’re a government agency, or a bank or insurance company, you need to follow rules about how sign documents in a digital transaction with customers and business partners, and our dual audit trails give you the ability to easily demonstrate compliance and prove not just what was signed but HOW it was signed – and that’s always what people want to know.

Learn More

To learn more about audit trails and other selection criteria that will make you successful with e-signatures, read this new guide from Technology Evaluation Centers: Key Evaluation Criteria for E-Signature Software—Making the Right Choice for Cost-Saving Efficiency and Superior Service.  

This post is part of a Buyer's Guide blog series:

The OneSpan Team is dedicated to delivering the best content to help you secure tomorrow's potential. From blogs to white papers, ebooks, webinars, and more, our content will help you make informed decisions related to cybersecurity and digital agreements.