docusign signature audit trail

Author
Discussion

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
Not for me but someone i know...

someone in their company signed a contract they shouldn't have with a supplier, using docusign. They are now denying signing it.

I am assuming that as the contract is between companies, any empowered individual on the client side can ask docusign to provide audit trail including such things as date, time, IP address, signature image etc.

However, I bet proving that you are an empowered individual has challenges, and also as the client without a docusign license too...?

What's the best way to approach this please from people that have done this?

thanks

alscar

5,406 posts

220 months

Monday 1st July
quotequote all
Said individual would also have to be denying they then also received the completed document by email which arrives seconds later.
Presumably they have someone higher up than them who could check with Docusign and ask for a copy of said completion document.

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
yes i get that. I am asking how someone would go about it, because as the party A is not really known to docusign, what do they require from someone else working in party A to prove that they are empowered to view the sign history etc., and how to kick that off?

alscar

5,406 posts

220 months

Monday 1st July
quotequote all
Then I assume the supplier would need to be contacted by Party A’s company ?
If the person signed then the proof will be there.
If the person didn’t sign then it won’t.

Countdown

42,037 posts

203 months

Monday 1st July
quotequote all
Don't Docusign documents go to a specific email address?

e.g. when i sign them they come to my address and I upload a copy of my signature, and then click "submit". I don't see how anybody else could sign on my behalf confused

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
it's seriously crap if party A has to contact party B to get a copy of the contract party A signed.

That would be really, really poor.

alscar

5,406 posts

220 months

Monday 1st July
quotequote all
Blown2CV said:
it's seriously crap if party A has to contact party B to get a copy of the contract party A signed.

That would be really, really poor.
But isn’t that exactly how DS works ie it is specific to an individual at their email address ?
Why is the person denying signing it ?

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
alscar said:
Blown2CV said:
it's seriously crap if party A has to contact party B to get a copy of the contract party A signed.

That would be really, really poor.
But isn’t that exactly how DS works ie it is specific to an individual at their email address ?
Why is the person denying signing it ?
i mean it is yes, but it should be clear what type of signature it is i.e. signing as an individual in which case who cares what they are signing or why, or signing on behalf on a company in which case people will really care, and will likely want an accessible audit trail. If the latter there shouldn't have to be a need to get IT to access their email inbox or go contacting the other party to get the data.

In many ways it doesn't matter why they are now saying they didn't sign the contract, but as a proxy let's just assume it's because they are a tit.

alscar

5,406 posts

220 months

Monday 1st July
quotequote all
Blown2CV said:
i mean it is yes, but it should be clear what type of signature it is i.e. signing as an individual in which case who cares what they are signing or why, or signing on behalf on a company in which case people will really care, and will likely want an accessible audit trail. If the latter there shouldn't have to be a need to get IT to access their email inbox or go contacting the other party to get the data.

In many ways it doesn't matter why they are now saying they didn't sign the contract, but as a proxy let's just assume it's because they are a tit.
smile
The audit trail is there whether for individual or company use.
I guess DS are simply providing the mechanism and don’t expect a “ tit “ to be behaving unprofessionally and being economical with the truth.

FMOB

1,994 posts

19 months

Monday 1st July
quotequote all
Then get IT to search the email system for the confirmation email from DocuSign with the attached contract and signatures, the email system should have a full log of all relevant emails.

eeLee

856 posts

87 months

Monday 1st July
quotequote all
With DocuSign envelopes, there are two main concepts (user journeys) of signing - that is email-driven using a deeplink sent to an email address or by using SAML (and thus bringing in a higher bar of who-signed-what-when.

If someone signs an envelope with a link using the email-only journey, they could claim that someone else clicked the link.
If someone signs an envelope and they are authenticated by SAML, it's harder.

Besides the non-wet signature, you also have the question as to whether an individual has signatory rights and whether they are single or collective.

All that aside, it seems there is a basic contractual dispute here, has someone tried talking to somebody?

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
alscar said:
Blown2CV said:
i mean it is yes, but it should be clear what type of signature it is i.e. signing as an individual in which case who cares what they are signing or why, or signing on behalf on a company in which case people will really care, and will likely want an accessible audit trail. If the latter there shouldn't have to be a need to get IT to access their email inbox or go contacting the other party to get the data.

In many ways it doesn't matter why they are now saying they didn't sign the contract, but as a proxy let's just assume it's because they are a tit.
smile
The audit trail is there whether for individual or company use.
I guess DS are simply providing the mechanism and don’t expect a “ tit “ to be behaving unprofessionally and being economical with the truth.
electronic signatures are meant to be different from wet ones simply because they do provide non-repudiation

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
FMOB said:
Then get IT to search the email system for the confirmation email from DocuSign with the attached contract and signatures, the email system should have a full log of all relevant emails.
yes already started that off previously

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
eeLee said:
With DocuSign envelopes, there are two main concepts (user journeys) of signing - that is email-driven using a deeplink sent to an email address or by using SAML (and thus bringing in a higher bar of who-signed-what-when.

If someone signs an envelope with a link using the email-only journey, they could claim that someone else clicked the link.
If someone signs an envelope and they are authenticated by SAML, it's harder.

Besides the non-wet signature, you also have the question as to whether an individual has signatory rights and whether they are single or collective.

All that aside, it seems there is a basic contractual dispute here, has someone tried talking to somebody?
useful info cheers. As I say it's not my issue, I've only been asked to give my view on the tech side. I would imagine at some point A will discuss with B about it, however as it is signed then not sure what B will be prepared to do.

vaud

52,394 posts

162 months

Monday 1st July
quotequote all
Blown2CV said:
Not for me but someone i know...

someone in their company signed a contract they shouldn't have with a supplier, using docusign. They are now denying signing it.

I am assuming that as the contract is between companies, any empowered individual on the client side can ask docusign to provide audit trail including such things as date, time, IP address, signature image etc.

However, I bet proving that you are an empowered individual has challenges, and also as the client without a docusign license too...?

What's the best way to approach this please from people that have done this?

thanks
Having a conversation might be the first step to see if all can be settlef easily.

Contacting their companies lawyers and have them explore the apparent (or not) contract formation authority. It is likely a complex area from your description but one for the lawyers (obviously depending on the value at stake)

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
vaud said:
Blown2CV said:
Not for me but someone i know...

someone in their company signed a contract they shouldn't have with a supplier, using docusign. They are now denying signing it.

I am assuming that as the contract is between companies, any empowered individual on the client side can ask docusign to provide audit trail including such things as date, time, IP address, signature image etc.

However, I bet proving that you are an empowered individual has challenges, and also as the client without a docusign license too...?

What's the best way to approach this please from people that have done this?

thanks
Having a conversation might be the first step to see if all can be settlef easily.

Contacting their companies lawyers and have them explore the apparent (or not) contract formation authority. It is likely a complex area from your description but one for the lawyers (obviously depending on the value at stake)
see above, ta

vaud

52,394 posts

162 months

Monday 1st July
quotequote all
Blown2CV said:
see above, ta
I would avoid giving a technical opinion on the veracity of Docusign.

I would want a massive amount of info and to be forensically trained to give a formal opinion that might affect someones career.

For example:

  • Have they shared their login details with a PA / peer?
  • Is remote access allowed to their PC?
  • etc

eeLee

856 posts

87 months

Monday 1st July
quotequote all
The two companies have agreed, for a given purpose, to leverage DocuSign Envelopes for signing contracts. I would not dwell on the implementation given that it would appear that the Envelope is signed. DocuSign logs are likely not available to you unless you run a dedicated tenant and digging in that direction seems the wrong way to go.

In the end, the fact is person X appears to have signed in on date Y, end of.

This would come down to relationship management. I can imagine what might be going on but at the end of the day, this is contractual business and there are many ways to skin a cat without going nuclear.

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
vaud said:
Blown2CV said:
see above, ta
I would avoid giving a technical opinion on the veracity of Docusign.

I would want a massive amount of info and to be forensically trained to give a formal opinion that might affect someones career.

For example:

  • Have they shared their login details with a PA / peer?
  • Is remote access allowed to their PC?
  • etc
i know, and I wasn't asked to formulate a position on whether docusign is reliable

Blown2CV

Original Poster:

29,544 posts

210 months

Monday 1st July
quotequote all
eeLee said:
The two companies have agreed, for a given purpose, to leverage DocuSign Envelopes for signing contracts. I would not dwell on the implementation given that it would appear that the Envelope is signed. DocuSign logs are likely not available to you unless you run a dedicated tenant and digging in that direction seems the wrong way to go.

In the end, the fact is person X appears to have signed in on date Y, end of.

This would come down to relationship management. I can imagine what might be going on but at the end of the day, this is contractual business and there are many ways to skin a cat without going nuclear.
not the case. Party B have decided to use docusign, but party A haven't necessarily. They could have just sent their contract to Joe Bloke at party A, he signs and returns, and no one else has to know about it or even have a docusign license or account.