Audit Trail refers to the automated process that happens in the backend of a website or a smartphone application.
It is instrumental in proving the veracity of an eDocument as it secures complete information from an electronic signature.
A person who has signed a document may claim not to have done so. The reason could be a greater gain or the signature could be a forged one.
Such issues have been addressed with the onset of eSignatures.
The eSignature has proven to be a much safer alternative to the physical signature.
However, there have been rare disputes where a party has claimed not to have made the eSign at all.
The Audit Trail provides comprehensive evidence in such cases.
Audit Trail For Electronic Signature
Audit Trail refers to the process of verifying extensive documentary evidence.
In the context of eSigning an online document, Audit Trail is a statutory process every eSigning authority has to adhere to protect the eSigner from a potential mishap.
Suppose Mr.A and Mr.B eSign a document online, complete information regarding the process of their documentation is secured in the best interests of all parties concerned.
Every eSignature issuing authority is expected to comply with the Audit Trail procedure.
While there are many authorities that offer electronic signature services in India, all of them are expected to follow an elaborate procedure.
This is done to ensure the signers’ are secured in a lawful manner.
It remains a challenge for all eSign issuing authorities to keep it simple for the signers.
SignDesk has been widely acclaimed for its’ simple interface that helps any person with a basic computer experience to upload relevant documents and make a eSignature.
Audit Trail – Security Procedure
A person who has never made a eSignature may wonder how secure it is to sign documents online.
He shall be convinced when he understands the following procedure that happens in the backend of every eSignature.
The Certifying Authority maintains an Audit log. It consists of the following information:
- Record of startup and shutdown of the system
- Record of startup and shutdown of the Certifying Authority’s application
- Attempts to manipulate with the passwords or tamper with the system privileges of the PKI Officer/Master Officer/Administrator
- Changes to the Digital Signature Certificate(DSC) creation policy
- Attempts to log in and log off
- Unwarranted attempt at network access to the Certifying Authority’s system
- Unauthorized attempts to access system files’
- Generating own keys
- Creation/Revocation of Digital Signature Certificate
- Attempts to enable/disable, start/remove and update/recover their keys
- Unsuccessful read and write operations on the Digital Signature Certificate and Certification Revocation List directory
While the Certifying Authority is responsible for recording the above details, the eSignature offering authority records the following:
- Date and Time of the event.
- Identity of the individual/entity that makes the eSignature
Audit Trail – Important Features
As a statutory requirement, an Audit Trail provides for the complete security of your documents attached by an eSignature.
The Audit Trail is a foolproof process as it has these features:
All information must be automatically backed up. It must be secured whenever a document is modified or deleted.
The Audit Trail must be secured in legal conformity. It shall not be editable by any person.
Each Audit Trail is expected to have either the local or a centralized time-stamp.
The timezone must be clear in case a local time is mentioned.
An Audit Trail must give sufficient proof to trace the identity of the individual editing or deleting the document. No detail is ever erased from an Audit.
Updates are still recorded while securing the previous version of the information.
The archived data must be presented for review upon authorized approval.
Audit Trail – Validity
According to the IT Act of 2000, An Audit Trail has to be available for a period of 7 years from the date of making the eSignature.
However, the veracity of the electronic signature remains until the lifetime of the document