What an H&S audit trail has to prove — and why "we sent it round" fails

An H&S audit trail has to answer one question convincingly: can you show what each person was asked to acknowledge, the exact version they saw, and the moment they confirmed it — in a record that demonstrably hasn't been changed since? "We sent it round" fails because it proves an email left your outbox: not that the right person read the right version, and not that your account of it is still reliable years later.

This matters more than most people expect — and not for the reason they assume. The risk people picture is a regulator. The larger one, by a wide margin, is civil — a claim brought by an employee — and it turns almost entirely on what you can document.

In short — a trail that holds up shows four things for every acknowledgement:

  • The named person who confirmed
  • The exact version of the document they saw
  • The date and time they confirmed it
  • That the record is unaltered since — written once and tamper-evident

("Unaltered" is the one people forget — and it's the one that decides whether a record is believed or picked apart. It's the fourth of the four-part test for proof of acknowledgement.)

The one question an audit trail has to answer

Strip away the jargon and an audit trail exists to answer a single question, for any document, at any point in the future: what did this specific person acknowledge, which version was it, and when?

A trail that holds up shows the named person, the exact version, the date and time, and — the part most people overlook — that the record hasn't been altered since it was made. The first three are about capture. The fourth is about trust: a record that could have been edited after the fact invites exactly the challenge you don't want, which is someone arguing your evidence was written to suit the moment.

Why "we sent it round" isn't proof

"We sent it round" is the most common answer to "how do you know your team saw this?" — and it's the weakest. Sending proves dispatch. It doesn't prove receipt, it doesn't prove reading, and it certainly doesn't prove the person understood the current version.

An email thread can't reliably show which version of a document was attached months or years later. A "please reply to confirm" gets you a handful of replies and silence from everyone else. And informal records — a sent folder, a group chat, a spreadsheet — are easy to question precisely because they were never built to be relied on. When the question becomes "what did this person actually acknowledge, and when?", a sent folder is not an answer.

The risk people picture vs the one that matters

The risk most people picture is the regulator: an inspection that ends in an HSE prosecution. Those happen — but they're rarer than you'd think. The HSE completed 248 criminal prosecutions across the whole of Great Britain in 2023/24, and 246 in 2024/25.

The larger exposure is civil. In the same year, around 44,547 employers'-liability claims were registered with the government's Compensation Recovery Unit — roughly 180 for every HSE prosecution.

Two honest caveats, because they matter and they keep this in proportion. A registered claim is not a claim the employer lost — it's a claim brought. And the number of these claims has actually fallen by more than 40% since 2019, so this isn't a warning that claims are surging. The point is structural, not alarmist: the channel through which an H&S failing is most likely to be tested is civil, not regulatory. Civil claims are brought by employees, often years after the event, and they're decided largely on what each side can document. That's where an audit trail earns its keep — and it's the part informal methods leave exposed.

What an audit trail that holds up actually shows

A record you can rely on has a recognisable shape:

Put those together and you have a contemporaneous, tamper-evident record: the kind of thing that answers the question cleanly instead of inviting an argument about it.

How Provenly produces this

This is the whole job Provenly is built to do. You upload your documents and assign them to your team; each person reads what's theirs and ticks to confirm; and every confirmation is written once, tied to the exact version they saw, and stamped with the date and time. Update a document and the old version stays locked, just as it was, for everyone who already signed it. The entries are chained, so the log is tamper-evident. The result is the complete, contemporaneous audit trail described above — built quietly in the background.

When your health & safety consultant visits, you can give them read-only access to that record ahead of time, so the visit is a conversation rather than a paperwork hunt. You can see the flow on how it works, and how the record holds together — including what happens to it long-term — on trust.

Get early access

We're opening access to UK businesses now — no card, no sales call, no obligation.


Frequently asked questions

Is an H&S audit trail a legal requirement?

The law requires you to manage health and safety and to be able to demonstrate that you have — for example, that you informed and instructed your team. It doesn't mandate a particular product or format, but a good audit trail is simply how you demonstrate it. The question that gets asked is "can you show what was done?", and a trail is the answer.

Is the bigger risk an HSE prosecution or a civil claim?

By volume, civil. HSE prosecutions number a few hundred a year across all of Great Britain, while tens of thousands of employers'-liability claims are registered annually — and civil claims turn heavily on documentary evidence. A registered claim isn't a loss, but it is the channel where your records are most likely to be tested.

How long should I keep H&S acknowledgement records?

Long enough to cover the period a claim could be brought, which can be several years after the event — and longer for conditions that develop over time. That's a core reason a durable, unalterable record beats an email thread you'll struggle to reconstruct later.

Does an email or "sent" folder count as an audit trail?

Not really. It shows you sent something, not that the right person read the right version, and an inbox can't reliably prove which version was attached months later. It's evidence of dispatch, which is the weakest link in the chain.

Written by Matt McAllen, Chartered Member of IOSH (CMIOSH). Matt spent nine years as a health & safety consultant before building Provenly. "We sent it round" was an answer he heard often on visits — and the gap behind it, when a record was ever actually needed, is the reason Provenly exists.

Last updated 3 June 2026.

Sources

Related guides

1 Technically, each entry is hash-chained (SHA-256) to the one before it, so altering any earlier entry would break the chain and show. The point isn't the cryptography — it's that the record can't be quietly rewritten to suit a later moment.