How can a 3rd-party auditor verify DocuSign-signed documents printed on paper?

Is it possible for a 3rd-party to simply verify the authenticity/legitimacy of the DocuSign-signed documents by looking up the "Envelop ID" or other alphanumerical identifiers that appear on the printed document?

Can an auditor go to a website or a DocuSign portal to type-in the alphanumerical "Envelop ID" or other identifiers that appear below the DocuSign signatures to see that these are indeed real?

The auditor simply wants to select some random samples to check and make sure that the printed pages of the PDFs are not some elaborate graphic creations by an artist.

Page 1 / 1

Hi there

No the Auditor would need to request the certificate of compliance from you to then complete the audit of the document.

The certificate will confirm the Envelope ID number of pages dates times and everyone involved in the process.

Regards

Dear DocuSign Folks, please add a feature that allows 3rd parties to authenticate printed/PDF documents. If someone is going to add elaborate graphics to simulate the appearance of a DocuSigned document, what is to stop them from simulating a Certificate of Compliance? It would be helpful to have the platform allow 3rd party reviewers/auditors to authenticate the package using the envelope ID through DocuSign and not through the person that is being audited.

Hello, please kindly advise if there has been an update or if something can be/will be built in to DocuSign in order to authenticate documents/PDF's for 3rd parties. Jessika raises a good a point.

Why on god's earth is it not possible to type in a DocuSign envelope ID into a website and verify signatures?

If you open the document in something like Acrobat or Foxit the properties will tell you the details about the signature and valid certificates that were issued. If you are a sender then you can view the certificate and history that will give you further information.

If you are a 3rd Party then you will only be able to check in a PDF program some information you would need access to the sending account to verify a lot more information.

It is not possible to open a printed document with any program, and even if scanned no PDF program will be able to tell whether electronic signatures are valid.

I think DocuSign severely underestimates how many documents are printed (without a certificate of completion) and afterwards are essentially worthless, because the signature can not be validated by putting in the envelope ID into some kind of web form. It would be very, very easy to do and I quite frankly have no idea why it has not yet been done.

It is fairly straight forward. If there was a dispute then this would be something between the Sender and Signer. The Sender has all the details that would need to be provided that confirm a number of pages were sent and signed by that person date time along with other metadata.

I guess the question is what are you looking for. Are you the Sender of the document or signer? Are you a third party trying to verify the identity of the document.

It would help to know more. As I say there is information available but its mainly on the sender who has access to the majority of information. The signer does have some level of detail.

In my case, I'm specifically asking about a third party (law firm) being able to verify the authenticity of documents. We serve as settlement agent for real estate matters and lender's counsel for banks and have instances where we are provided with DocuSigned resolutions or other documents and they are scanned in and e-mailed to us (in some cases they are a mixture of DocuSign and wet signatures). In the instances where the party or parties providing these documents are unrepresented we have no way of confirming with the sender/signer other than asking for a Certificate of Authenticity. If we are asking for that, its because we feel the need to confirm/verify the signatures. If wouldn't really work to request that the signer or sender obtain a Certificate of Authenticty in those cases because we (as the third party) are already wary of the document for whatever reason and would be wary that a Certificate of Authenticty could be easily manipulated as well. It would just be nice to have a transaction database where 3rd parties could type in an envelope ID and it would give them details of when it was signed, etc. that would help confirm the authenticity of whatever document we are reviewing.

Firstly let me say I am not a legal person I worked for DocuSign for a number of years understand a lot about the product and this is my own advice/thoughts to help.

I understand it can be difficult but it could open up a lot of issues should there be such a tool openly available as what is to stop someone entering the ID and getting a lot of information about the people involved (GDPR Issues spring to mind).

Looking at bigger picture a scanned PDF is not going to give you anything apart from a picture really that is what it is. As I said the sender would have a range of information to help with details. The signer would have some information like the email that was sent.

The best advice is to contact the Sender to query and request the information from them or at least obtain the actual PDF document and not a scanned copy.

To add to these great points: What happens if the person that has administrated the sending of a document has not properly stored the documentation in a document management system and leaves the firm/company? That would only be one of the many reasons where I am not able to retrieve a certificate of completion.

If the certificate is not available, and an electronic version is not available either, a scan is worth less than a wet-ink signature without being able to validate online.

Hi, data protection is of course a concern which would have to be dealt with, but there is lots of data that could easily be published which would help tremendously, first and foremost information on whether a document was actually signed through DocuSign, where the document was signed and how the signatures looked like when using DocuSign, for instance.

https://www.docusign.com/features-and-benefits/features

On this page if you scroll down you would see what the DocuSign signature looks like. It has the DocuSign by at top and an ID number that is linked to email address of the signer.

So you should quickly be able to see if it was signed in DocuSign. If they are on a mobile/touch device they may have the option to draw signature like you used to do with couriers on mobile devices. If they were on desktop/laptop typically they would select a style but essentially they would still contain the frame. There are some clients who do not have the frame but very limited and in special circumstances.

In terms of the Certificate this will always be available as you cannot delete a user account on DocuSign only close the account but the envelope and data is still stored and any admin would be able to obtain this. Also you have to have at least 1 admin on an account.

The best way forward is to obtain the actual PDF and not the scanned copy as I said essentially this is only a picture.

Happy to discuss further and assist and give an opinion if it would help.

As I said a lot of information is held by the Sender and the Signer would have some information but is limited.

Reply

Sign up

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Docusign Community

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Scanning file for viruses.

This file cannot be downloaded