Tracking H&S sign-offs in a spreadsheet: where it quietly breaks

A spreadsheet works for tracking H&S sign-offs right up until you need to prove one. The moment someone asks "can you show that Sam read the current version of this risk assessment, and when?", the cracks show. A spreadsheet records what you typed into it — not an acknowledgement from the person themselves. It doesn't tie a sign-off to the exact version of the document they saw. And while a cloud spreadsheet does keep an edit history, it isn't built to be relied on as evidence — the whole trail resets the moment someone saves a clean copy. It's a tracker, not a record you can stand behind.

That's not an argument against spreadsheets in general. For day-to-day visibility — who's done what this month — a spreadsheet is genuinely fine, and free. It's an argument about what you can safely rely on. If a sign-off might one day need to stand up in a dispute, three specific weaknesses are worth understanding before you lean on it.

In short — the three places a spreadsheet quietly breaks:

  • It isn't tamper-evident. Even where there's an edit history, it isn't built as evidence and can be reset with a single clean copy.
  • It doesn't link to the document version. A row says "signed" — not which version of the document was actually seen.
  • It records your typing, not their acknowledgement. Every entry depends on you remembering to record it accurately, at the time.

This builds on the four-part test for proof of acknowledgement — the four questions any record has to answer.

Weakness 1 — it isn't tamper-evident, even with version history

It's a common assumption that a spreadsheet keeps no record of who changed what. That's not quite true any more — cloud spreadsheets like Google Sheets and Excel for the web do keep a version history, and on Google Sheets you can't simply delete it. So credit where it's due.

The problem is what that history is for. It exists to help collaborators undo mistakes, not to stand up as evidence — and it has gaps that matter the moment a record is questioned:

So "the record can't be quietly changed" isn't a claim you can stand behind with a spreadsheet. A record you can rely on is written once and tamper-evident — once an entry exists, it can't be altered, and if anyone tried, it would show.1

Weakness 2 — it doesn't tie the sign-off to a document version

A spreadsheet row says: Sam — signed — 12 March. What it doesn't say is which version of the risk assessment Sam actually saw.

That matters because documents change. If you've updated the risk assessment since March — even a small wording change — the row no longer tells you what Sam agreed to. You're left asserting that Sam saw "the policy", when the only honest answer is "a policy, at some point". Evidence of acknowledgement is only ever as strong as its link to a specific, locked version of the document. A spreadsheet has no way to hold that link.

Weakness 3 — it records your typing, not their acknowledgement

This is the quiet one. A spreadsheet doesn't capture anything by itself. Every entry exists because you — or whoever owns the sheet — remembered to type it in, accurately, at the time.

That means the record isn't an acknowledgement from the employee at all. It's your own note that they acknowledged. Those are very different things in a dispute: one is the person's own confirmed action, the other is your account of it. And because it's manual, the gaps are invisible — miss a few entries, or fill them in later from memory, and nothing flags it until someone goes looking.

When a spreadsheet is genuinely fine — and when it isn't

A spreadsheet is a reasonable start if you're a handful of people, lower-risk, and you mainly need a quick view of who's done what this month. There's no shame in it, and for plenty of small teams it's proportionate.

It stops being enough at the point where the cost of not being able to prove a sign-off — a civil claim, a tribunal, a health & safety consultant's visit — outweighs the cost of doing it properly. The trouble is that you rarely get to choose that moment; it chooses you. So the sensible question isn't "is a spreadsheet wrong?" — it's "would this still hold up if someone challenged it in two years?"

What you need vs what a spreadsheet gives you

What proof requiresWhat a spreadsheet actually gives you
Who — the named person's own confirmationYour note that they confirmed — typed in by you
Which version — tied to the exact document seen"Signed", with no link to a document version
When — recorded at the moment of confirmationThe date you typed in, whenever you typed it
Unaltered — written once, tamper-evidentAn edit history that resets on a clean copy

The pattern is consistent: a spreadsheet can track all four, but it can't prove any of them.

How Provenly closes the three gaps

Provenly is built to produce the record a spreadsheet can't — without the manual upkeep.

You upload your documents and assign them to your team. Each person reads what's theirs and ticks to confirm, and that confirmation is captured from them — written once, tied to the exact version they saw, and stamped with the date and time. Update a document and the old version stays locked, just as it was, for everyone who already signed it. The result is a complete, contemporaneous, tamper-evident record that builds in the background — so the three gaps simply don't open.

You can see the flow on how it works, and how the record holds together on trust.

Get early access

We're opening access to UK businesses now — no card, no sales call, no obligation.


Frequently asked questions

Doesn't Google Sheets or Excel version history solve this?

Not for evidence. Version history is built to help collaborators undo mistakes, not to prove a sign-off — it tracks cell edits rather than a person's acknowledgement, isn't tied to which document version was seen, and the whole trail resets the moment someone saves a clean copy of the file. It's useful, but it isn't a record you can stand behind.

Can't I just lock or password-protect the spreadsheet?

Locking helps a little, but it doesn't tie sign-offs to document versions, doesn't capture confirmations from the people themselves, and a determined edit — or a fresh copy — still leaves no reliable trace. It addresses the symptom, not the gap.

Is a spreadsheet good enough if we're a small, low-risk team?

For day-to-day visibility, often yes — it's proportionate to keep a simple tracker. The line to watch is the point where you'd need to prove a specific sign-off, not just see it; that's when a tracker stops being enough and a record starts to matter.

What's the simplest step up from a spreadsheet?

A tool that records each acknowledgement as a locked entry — captured from the person, tied to the exact version they saw, with the date and time — so you're not relying on manual upkeep or memory. That's the whole job Provenly is built to do.

Written by Matt McAllen, Chartered Member of IOSH (CMIOSH). Matt spent nine years as a health & safety consultant before building Provenly. The spreadsheet that "tracked everything" — right up until someone needed to prove one line of it — was a pattern he saw on visit after visit.

Last updated 3 June 2026.

Related guides

1 Technically, each entry is hash-chained (SHA-256) to the one before it, which is what makes any later change detectable. The point isn't the cryptography — it's that, unlike a spreadsheet, the record can't be edited or reset without it showing.