Compliance Audit Trail
The compliance audit trail provides a complete, tamper-proof history of every action taken within the compliance and e-signature system. Every document view, signature, packet send, completion, and verification is permanently recorded with full details. The audit trail is essential for regulatory audits, legal proceedings, and internal compliance reviews.
What Is Recorded​
The audit trail captures every significant action in the compliance system. Each record is immutable -- once created, it cannot be modified or deleted.
Audit Event Types​
| Event Type | Description | Example |
|---|---|---|
| Template Created | A new compliance template was created. | "Confidentiality Agreement v1.0 created by Admin User." |
| Template Edited | A compliance template was modified. New version created. | "Confidentiality Agreement updated from v1.0 to v1.1 by Admin User." |
| Template State Changed | A template's lifecycle state was changed. | "Confidentiality Agreement moved from Draft to Active by Admin User." |
| Packet Created | A compliance packet was created. | "Pre-Deployment Packet created by Admin User with 5 documents." |
| Packet Sent | A compliance packet was sent to one or more caregivers. | "Pre-Deployment Packet sent to 47 caregivers by Admin User." |
| Packet Resent | A packet was resent to a specific caregiver. | "Pre-Deployment Packet resent to Jane Smith by Admin User." |
| Packet Closed | A compliance packet was closed. | "Pre-Deployment Packet closed by Admin User." |
| Document Viewed | A caregiver opened and viewed a document in the signing portal. | "Confidentiality Agreement viewed by Jane Smith." |
| Document Signed | A caregiver signed a document. | "Confidentiality Agreement signed by Jane Smith." |
| Packet Completed | A caregiver completed all documents in a packet. | "Pre-Deployment Packet completed by Jane Smith." |
| Verification Approved | A signed document was verified and approved by a reviewer. | "Jane Smith's Confidentiality Agreement verified by Admin User." |
| Verification Rejected | A signed document was reviewed and rejected. | "Jane Smith's Background Check Consent rejected by Admin User -- signature mismatch." |
| Reminder Sent | An automatic reminder was sent to a caregiver. | "First reminder sent to Jane Smith for Pre-Deployment Packet." |
| Export Generated | An audit data export was generated. | "Audit trail exported by Admin User -- date range: 01/01/2026 to 02/14/2026." |
Viewing the Audit Trail​
Accessing the Audit Trail​
- Navigate to Compliance > Audit Trail in the main navigation.
- The audit trail displays a chronological list of all compliance events, most recent first.
Audit Trail Columns​
| Column | Description |
|---|---|
| Timestamp | The exact date and time the event occurred (in UTC with local time conversion). |
| Event Type | The category of the event (see Event Types above). |
| Description | A human-readable description of what happened. |
| Actor | The user who performed the action. For caregiver actions, this is the caregiver's name. For system actions (e.g., automatic reminders), this shows "System." |
| Caregiver | The caregiver the event relates to, if applicable. |
| Packet | The compliance packet the event relates to, if applicable. |
| Document | The specific template/document the event relates to, if applicable. |
| IP Address | The IP address from which the action was performed. |
| Details | A link to view the full event detail record. |
Filtering the Audit Trail​
The audit trail supports comprehensive filtering to help locate specific records:
| Filter | Description |
|---|---|
| Date Range | Show events within a specific date range. Default is the last 30 days. |
| Event Type | Filter by one or more event types (e.g., show only "Document Signed" events). |
| Caregiver | Filter by a specific caregiver to see all compliance activity for that person. |
| Packet | Filter by a specific compliance packet. |
| Document / Template | Filter by a specific document template. |
| Actor | Filter by the user who performed the action. |
| Event | Filter by event (for multi-event views). |
To prepare for a regulatory audit, filter by the event and date range in question, then export the results. This provides a complete compliance record for the audit period.
Viewing Event Details​
Click the Details link on any audit trail entry to view the full event record:
| Field | Description |
|---|---|
| Event ID | A unique, system-generated identifier for the audit event. |
| Timestamp | The exact date, time, and timezone of the event. |
| Event Type | The category of the event. |
| Description | Detailed description of the action. |
| Actor | The user who performed the action, including their user ID, name, and role. |
| Caregiver | The caregiver involved, including their BlueSky ID and name. |
| Packet | The compliance packet, including packet name and ID. |
| Document | The document template, including template name, version, and ID. |
| IP Address | The IP address from which the action was performed. |
| User Agent | The browser and device information of the actor. |
| Session ID | The session identifier, linking this event to the user's login session. |
| Document Hash | For signature events, the SHA-256 hash of the document at the time of signing. This verifies the document was not altered after the caregiver signed it. |
| Signature Data | For signature events, metadata about the signature (type: typed or drawn, dimensions, timestamp). The actual signature image is stored separately. |
Document Signature History​
The audit trail provides a complete history of every signature on every document.
Viewing Signature History for a Document​
- Navigate to Compliance > Audit Trail.
- Filter by Event Type = "Document Signed" and the specific Document / Template.
- The results show every caregiver who signed that document, with timestamps and IP addresses.
Viewing Signature History for a Caregiver​
- Filter by the specific Caregiver.
- The results show every compliance action for that caregiver -- documents viewed, signed, packets completed.
Signature Verification​
Each signed document includes a document hash that can be used to verify integrity:
- The hash is calculated at the moment of signing from the document content and merge field values.
- The hash is stored in the audit trail.
- To verify a signed document has not been tampered with, the system recalculates the hash and compares it to the stored value.
- If the hashes match, the document is verified as authentic.
Packet Completion Records​
The audit trail records the full lifecycle of each compliance packet:
- Packet Created -- When the packet was built and by whom.
- Packet Sent -- When the packet was sent, to how many caregivers, and by whom.
- Individual Document Activity -- Each document view and signature event for every caregiver.
- Packet Completed -- When each caregiver completed all documents.
- Reminders Sent -- Each automatic reminder sent, to whom, and when.
- Packet Closed -- When the packet was closed and by whom.
Verification Status​
Signed documents can be verified by compliance reviewers to add an additional layer of assurance.
Verification Workflow​
Document Signed --> Pending Verification --> Verified or Rejected
| Status | Description |
|---|---|
| Pending Verification | The document has been signed by the caregiver but not yet reviewed by a compliance officer. |
| Verified | A compliance officer has reviewed the signed document and confirmed it is complete, accurate, and acceptable. |
| Rejected | A compliance officer has reviewed the signed document and found an issue (e.g., signature does not match, fields incomplete, wrong document version). |
Performing Verification​
- Navigate to Compliance > Verification Queue (or filter the audit trail for pending verifications).
- Open the signed document.
- Review the document content, signature, and completed fields.
- Click Verify to approve or Reject to flag an issue.
- If rejecting, enter a Rejection Reason (required). The caregiver and event coordinator are notified.
Each verification action is itself recorded in the audit trail, creating a chain of accountability.
Exporting Audit Data​
Audit trail data can be exported for external review, regulatory submission, or archival purposes.
How to Export​
- Navigate to Compliance > Audit Trail.
- Apply any desired filters (date range, event type, caregiver, packet, etc.).
- Click Export in the toolbar.
- Configure the export:
| Setting | Description |
|---|---|
| Format | CSV, Excel (.xlsx), or PDF. |
| Columns | Select which columns to include in the export. Default is all columns. |
| Include Details | Whether to include full event detail records or summary-level data only. |
| Include Signatures | Whether to include signature images in the export (PDF format only). |
| Date Range | Confirm or adjust the date range for the export. |
- Click Generate Export.
- The system generates the export file. For large data sets, the export runs in the background and a notification is sent when the file is ready for download.
Export File Contents​
The exported file includes:
- All audit trail events matching the applied filters.
- Full event details for each record (if "Include Details" is selected).
- Signature images embedded in the PDF (if "Include Signatures" is selected and PDF format is chosen).
- A summary page showing total event counts by type.
- A hash of the export file itself, which can be used to verify the export has not been tampered with.
Audit trail exports are themselves recorded in the audit trail. This provides traceability for who accessed audit data and when.
Scheduled Exports​
For organizations that require regular compliance reporting, automated exports can be configured:
- Navigate to Compliance > Audit Trail > Scheduled Exports.
- Click Create Schedule.
- Configure the schedule:
- Frequency -- Daily, Weekly, or Monthly.
- Filters -- The filters to apply to each export.
- Format -- The export file format.
- Recipients -- Email addresses to receive the export file.
- Click Save.
Scheduled exports run automatically at the configured frequency and are emailed to the specified recipients.
Data Retention​
Audit trail data is retained permanently. It is not subject to the event archival process -- even when an event is archived, its compliance audit trail remains fully accessible and searchable.
Compliance audit trail data should never be manually deleted. It is a regulatory requirement to maintain these records. If you have concerns about data retention, consult your compliance officer or legal team.
Next Steps​
- Compliance Packets -- Create and send compliance packets.
- Compliance Templates -- Create and manage compliance templates.
- Compliance Overview -- Return to the compliance overview.