Use case

Tamper-evident audit trails for SEC 17a-4 recordkeeping

The SEC's audit-trail alternative to WORM storage requires a complete, time-stamped record of every modification and deletion, attributable to individuals, able to re-create original records. Sigilbase provides the integrity layer that makes such a trail defensible: every event hash-chained, sealed into signed checkpoints, and verifiable by an examiner without trusting the firm or us.

The problem
01

Since October 2022, Rule 17a-4 permits an audit-trail alternative to WORM, but the entire compliance claim then rests on the trail's own integrity.

02

An audit trail stored as ordinary database rows can be rewritten by anyone with sufficient access, and nothing would detect it.

03

Examiners ask the sharp question: prove the trail is complete and unaltered, not just that one exists.

How it maps

The Sigilbase event model, applied to a record amendment.

Record lifecycle events post to a Sigilbase stream as they happen. Each entry captures the individual, the action, the time, and the hashes that make prior states re-creatable.

POST /v1/events
{
  "actor":       "user:jmorton",
  "action":      "record.amended",
  "occurred_at": "2026-07-10T14:31:02.418260Z",
  "resource":    "record:acct-4471/kyc-form",
  "payload": {
    "reason":             "address correction",
    "prior_version_hash": "9c4e1ab27fd0…",
    "new_version_hash":   "5b02c9e4d811…"
  }
}
Chain

Sigilbase hashes every event with SHA-256 and chains it to the one before it, so modifying, deleting or reordering any historical entry breaks the chain at that exact sequence.

Seal and verify

Sigilbase seals recent events into Merkle checkpoints signed with Ed25519 every few minutes, and the standalone verifier recomputes the chain and signatures offline, so a break is detected by recomputation rather than by trust.

Why provable beats logged

A log records events. Sigilbase makes them provable.

How an ordinary audit table and a WORM archive compare with a Sigilbase trail.
Question Ordinary audit table WORM archive Sigilbase trail
Operator can silently rewrite history Yes No, for archived copies No, detectable at the exact record
Captures who, what, when per change If the application remembers to For what reaches the archive Enforced per event, attributed and timestamped
Original record re-creatable after changes Rarely Yes, as frozen copies Yes, prior states referenced by hash in the trail
Third party can verify integrity independently No No, trust in the platform Yes, offline, with an open-source verifier
Survives the vendor disappearing No Partially Yes, exported bundles verify without Sigilbase
The four requirements

Built for the audit-trail alternative's four requirements.

Rule 17a-4(f)(2)(ii)(A) asks four things of an audit trail. How each maps:

All modifications and deletions

Streams are append-only by construction, enforced at the database layer, so every change to a record is a new attributed event and no code path exists to alter history. The absence of a delete path is a property, not a policy.

Date, time and individual

Every event carries the acting identity and microsecond UTC timestamps from synchronised clocks, the fields an examiner samples first.

Authenticity and reliability

Hash chains link every event to its predecessors; checkpoints seal batches under Ed25519 signatures every few minutes; nightly verification confirms the chains end to end and alerts on the first broken sequence.

Re-creation of the original

Prior-state hashes in the trail bind each version of a record to its history, and evidence bundles export the full sequence, so the original of any amended record is identifiable and demonstrable, not merely asserted.

Sigilbase is the integrity layer of an audit-trail-alternative architecture, the part that makes the trail itself defensible to an examiner. Communications archiving, record classification and retention scheduling remain the firm's wider system; Sigilbase makes the change history of that system provable.

Read the full guide to the audit-trail alternative

FAQ

Questions about SEC 17a-4 audit trails.

Does the SEC still require WORM storage?

No, not exclusively. The October 2022 amendments to Rule 17a-4 kept WORM as one option and added an audit-trail alternative. A firm's electronic recordkeeping system must satisfy one of the two.

What must a 17a-4 audit trail contain?

A complete time-stamped record of all modifications and deletions, the date, time and individuals behind each action, and whatever else is needed to maintain the record's authenticity and permit re-creation of the original if it is altered or erased.

How does Sigilbase keep the audit trail itself from being tampered with?

Every event is hash-chained to the previous one and batches are sealed into signed checkpoints. Changing any historical entry breaks the chain detectably at that sequence. Verification runs nightly, and exported evidence verifies offline with an open-source verifier, so the check does not depend on trusting Sigilbase.

Is Sigilbase a complete 17a-4 compliance solution?

No. Sigilbase provides the tamper-evident audit trail within a firm's recordkeeping architecture. Communications capture, record classification, retention schedules and regulatory undertakings are separate parts of the rule that remain the firm's responsibility.

Can an SEC examiner verify the records without a Sigilbase account?

Yes. Evidence bundles export the events, hashes, checkpoints and signatures, and the standalone verifier checks them offline in three commands. A failed check names the exact sequence that does not verify.

Join the waitlist

Building now. Early access for firms modernising 17a-4 recordkeeping.

No spam, one email when it opens.

Privacy

This site runs no analytics and no trackers.

It collects one thing: an email address, if you choose to join the waitlist. That address is used to send one announcement when access opens, and nothing else.

To protect the waitlist form from automated abuse we use Cloudflare Turnstile, a privacy-preserving challenge from our hosting provider; it may set a temporary cookie for that purpose and is not used to track or profile you.

To have your email removed, contact [email protected].

Read the full privacy policy

Last updated July 2026