What’s in a Name? Digital Signature vs. E-Signature (Part 2)
In part 1 of this blog series, we looked at how e-signature solutions apply digital signatures to documents as a way of protecting their integrity during and after the signing process. In this blog post, we’ll explore the role that digital signatures play in building comprehensive audit trails as part of the e-sign process.
Digital Signatures & Audit Trails
Unlike traditional paper-based processes, digital processes can help clear the many hurdles that the industry is facing, including the need for transparency to regulators. Going digital gives you full visibility into the who / what / when / where / how of the digital transaction – something that simply isn’t possible in the paper world.
Best-in-class e-signature solutions apply a digital signature to the document after each and every signer signs. And in doing so, a detailed audit trail is built as each recipient in the transaction completes an action. What you get at the end of the process is an embedded audit trail detailing who signed, in what order, when and where. Note, if the e-signature solution doesn’t apply a digital signature after each person signs, it isn’t capturing detailed information about the process and embedding it into the signed document.
We recommend using a solution that embeds the audit trail directly into the e-signed PDF rather than storing it exclusively in a separate audit log. Embedded audit trails also create a self-contained portable record, ensuring that signed documents securely travel through any content management or storage system and enabling you to manage transactions in a manner that meet your long-term records retention policies.
Long-term Validation (LTV)
Business documents such as contracts and agreements often need to be kept on hand and easily verifiable for several years (in regulated industries, some processes may require verification for 10+ years). Not all e-signature solutions are created equal in this regard and many do not offer a long-term validation (LTV) capability. Make sure that the solution you choose meets the following digital signing requirements:
- A distinct digital signature entry should be embedded into the e-signed PDF for each signer in the transaction.
- Each entry should provide details such as the signer's digital certificate (i.e., a local- or server-side signing certificate), timestamp, and the signer's information (e.g., email address and IP address).
- Signed documents should be able to be verified offline (independent of the e-signature solution) through a one-click verification process to validate the integrity of the signed document. Look for "Signature is LTV enabled" in the signature panel of the e-signed PDF.
What About Visual Audit Trails?
When regulated companies undergo a compliance audit, they are often asked to prove the exact business process they followed, including every time key documents were touched, when and by whom. Organizations in financial services, for example, must be able to demonstrate that customer documents are protected and cannot be changed after they are signed. As a result, there is increasing pressure to fully document processes and decisions.
While most e-signature solutions in the market provide some level of audit information associated with the digital transaction, many do not offer the level of detail needed to effectively support the most common compliance and legal scenarios. Based on our 20+ years of e-signature experience in regulated industries, we recommend leveraging visual audit trails to ensure you can easily demonstrate the process – right down to the specific web and mobile pages as seen and experienced by signers. This not only eases the burden of compliance, but also ensures you can clearly demonstrate all the actions that were taken by each signer – in a visual, screen-by-screen manner with date/time stamps – to support your audit and compliance needs.
Watch the 2-minute interview with VP of Product Strategy, Michael Laurie, to learn about the importance of audit trails and how they provide the ability to demonstrate compliance and prove not just what was signed, but HOW it was signed.
The e-signature solution you choose should be able to handle all aspects of the signing process – from authenticating signers to collecting consent and archiving the e-signed document and audit trails as part of the digital transaction. eSignLive is built with security, compliance and long-term verification in mind. Our customers gain peace of mind knowing that documents are secure throughout their lifecycle.
Visit our digital signature page to learn about the top 5 "must-have" criteria to keep in mind when evaluating solutions in the market. Look out for "Part 3" of this blog series where I’ll explore the topic of digital certificates and their role in the eSignature process.