EntryStandard

Security & Evidence

Integrity design of the record

A compliance record is only as strong as the answer to one question: how do you know it wasn't changed? EntryStandard's answer is structural, not procedural — the record's integrity properties are enforced by the system's design, and they are independently verifiable.

Append-only by construction

The event ledger accepts inserts only. Update, delete, and truncate operations are refused at the database layer — by revoked privileges and by triggers that reject the operation — not merely discouraged by application code. A correction is a new event that supersedes an earlier one, which means the act of correcting is itself documented, with its own timestamp and actor.

Per-property hash chain

Every event carries a SHA-256 hash computed over its semantic content — property, event type, method, time, party, signer details, document fingerprint, payload — and over the hash of the property's previous event. Each property's history is therefore a chain: altering any stored event, even with direct database access, produces a hash that no longer matches its successor's recorded lineage. A verification routine recomputes the chain for any property and reports any link that fails. The expected result of that verification, at any time, is zero discrepancies — and the verification itself can be run for an auditor.

Document fingerprinting

When a right-of-entry instrument is executed, the system renders the final document, computes its SHA-256 fingerprint, stores the fingerprint in the signature event, and archives the document to storage governed by a multi-year retention policy. The fingerprint in the tamper-evident ledger and the archived document can be compared at any point in the record's life: a match demonstrates the archived instrument is byte-identical to the document fingerprinted at the moment of execution. Uploaded field evidence (meter photographs, pre- and post-work photographs) is fingerprinted the same way, and an object whose stored bytes do not match the declared fingerprint is quarantined rather than accepted.

The electronic-signature ceremony

Signature events are bound to a structured ceremony aligned with ESIGN/UETA electronic-transaction practice: the disclosure is presented and affirmatively accepted before the signature step is offered; the acceptance is itself a ledger event; the ceremony is single-use and bound server-side to the session that performed it; and the signature event records the signer's typed legal name, claimed role, authority attestation, and connection facts (IP address as observed by the server, user agent, timestamps). Role rules are enforced at submission: ownership-authority roles may grant the property interest; occupants are routed to an acknowledgment flow instead.

Access design

Homeowner access uses single-property scoped links: the credential a resident receives is valid for exactly one property, is stored server-side only as a keyed hash (a database disclosure alone can neither verify nor forge one), expires, and is rate-limited. Administrative access is identity-gated infrastructure with no anonymous path. Evidence uploads go directly to retention-governed storage over single-use signed URLs; file bytes do not transit the application.

What this design is intended to support

These properties — contemporaneous capture, systematic recording, append-only storage, verifiable integrity — are chosen to support the use of the record where it matters: in primacy-agency review, in program audit, and in dispute. The record structure is designed to support admissibility as business records, to produce a complete, tamper-evident count of attempts and methods, and to rebut claims that outreach did not occur or that records were assembled after the fact.

Calibration note, stated deliberately: no record system can assure a particular legal outcome, and EntryStandard does not claim one. What the system provides is a record whose completeness and integrity can be demonstrated — which is the strongest position a documentation system can put a program in.

To evaluate ES-R records against your program's requirements: structured pilot review.