E-signature audit trail — what it should include
An audit trail is the single most important piece of evidence in an e-signature dispute. Here's exactly what yours should capture, and what to do if your platform doesn't.
Every e-signature platform claims to have an audit trail. Most have a sparse event log. Here's what a defensible audit trail actually includes.
The minimum viable audit trail
Every signature event must capture:
1. Timestamp — date and time, ideally from an external Timestamp Authority (RFC 3161) so it can't be spoofed 2. IP address — of the signer at signing time, plus geolocation 3. User agent — browser, OS, device type 4. Authentication method — email-verified, SMS-verified, SSO, ID check 5. Document hash — SHA-256 of the exact PDF that was signed (so any later modification is detectable) 6. Event chain — sent, viewed, signed, completed (with timestamps for each)
If your platform's audit trail lacks any of these six, you have a defensibility gap.
The strong audit trail
The platforms courts find most persuasive go further:
7. Multi-factor authentication log — SMS code used, time received, time entered 8. Session continuity — same IP and user agent throughout the signing session 9. Device fingerprint — browser canvas hash, font list, screen resolution 10. Consent capture — explicit "I intend to sign this document" checkbox with timestamp 11. Downstream access log — who accessed the signed document after signing, when 12. Chain of custody — cryptographic proof the document hasn't moved out of the platform's control
SignBolt captures all 12 by default. The audit trail is embedded in the signed PDF as an additional signed page, so it travels with the document forever.
The audit trail that fails in court
Missing timestamps. Missing IPs. Missing document hashes. Shared login credentials with no MFA. These are the failure modes that let opposing counsel argue "we can't prove who actually signed this."
What to check in your platform
1. Ask for a sample audit trail — not marketing copy, an actual PDF export 2. Verify the timestamp is from an external TSA, not just "our server clock" 3. Confirm the document hash is SHA-256 or stronger (SHA-1 is broken) 4. Check whether MFA is available AND logged 5. Verify the audit trail is cryptographically bound to the signed document
If any of those are "no" or "we're working on it", either switch platforms or accept that your signatures are vulnerable.
How to strengthen an existing signature retroactively
You can't go back and add audit data. But for future signatures on important documents:
- Always use MFA
- Always include an explicit consent statement
- Always verify signer identity via ID if stakes warrant
- Always retain the signed PDF + audit trail together
Related: SignBolt · PAdES explained · Prep documents on SnapPDF
Free, no signup, 5 ops per day.
All 6 tools, 25 MB files, zero ads. Go Pro for 100 MB + batches + unlimited.