Turn File Integrity Into Audit-Ready Proof

Auditors want evidence, not assurances

When an auditor asks whether a record is the same one you produced last quarter, "trust us" is not an answer that survives review. A document integrity certificate for audit replaces the assurance with a fact: a cryptographic hash of the file, compared against the value you recorded, with an explicit MATCH or MISMATCH verdict. Instead of describing your controls, you hand over a document that lets the auditor confirm the file is unaltered for themselves. That shift — from claim to verifiable proof — is what makes integrity evidence hold up under scrutiny.

Signed, timestamped integrity certificates

Every certificate e-Dex produces records multi-algorithm hashes per file (MD5, SHA-1, SHA-256, SHA-512 and BLAKE3) and an overall verification result. Where you need stronger assurance, you can apply a PAdES digital signature using a Digital Signature Certificate on a USB token, binding a named signer to the document so any later edit is detectable, and attach an RFC-3161 trusted timestamp that seals the exact moment the certificate was produced against an independent Time-Stamping Authority. The result is a record that is not just readable but cryptographically defensible — the kind of artefact an audit file is built from. See a real audit evidence certificate for the full layout.

24+ certificate templates, including regulatory formats

e-Dex ships with more than 24 certificate templates so the document matches the context. Alongside file-integrity and digital-evidence formats, it includes a compliance verification certificate and an audit evidence certificate built for review workflows. You can use the integrity values these produce to support controls in frameworks such as ISO 27001 (information-asset integrity), SOC 2 (processing integrity) and the DPDP Act (demonstrating that retained personal data is intact). The certificate is the evidence; you map it to the clause your auditor is testing.

Map to your audit and retention needs

Most audit and retention regimes care about two things: that a record exists and that it has not changed. e-Dex addresses the second directly. Hash a dataset when it is created, store the certificate alongside it, and re-verify months or years later when an auditor, regulator or counterparty asks. Because each certificate carries its own hashes and verdict, it works as a standalone retention artefact — no dependency on the original tool, no database lookup, just a self-contained proof you can file with the records it covers.

Offline means no data-residency risk

e-Dex runs fully offline on your own Windows machine. Files are hashed locally, compared locally and certified locally; nothing is uploaded to a server and nothing crosses a border. For teams handling regulated or personal data, that removes an entire class of risk — there is no cloud processor to vet, no cross-border transfer to justify, and no third-party data-residency exposure. Only the optional trusted-timestamp step contacts an external authority, and even then it transmits a hash, never your file.

Frequently Asked Questions

What is a document integrity certificate for audit?
It is a one-page record that proves a specific set of files is unaltered, using cryptographic hashes and an explicit MATCH or MISMATCH verdict. e-Dex produces it offline, optionally signed with a Digital Signature Certificate and sealed with an RFC-3161 trusted timestamp, so an auditor can re-verify the files independently at any later date.

Does e-Dex certify regulatory compliance with ISO 27001, SOC 2 or DPDP?
No. e-Dex documents file integrity to support your compliance evidence; it does not certify regulatory compliance itself. The certificates give you defensible proof that records are unaltered, which you can map to controls in frameworks such as ISO 27001, SOC 2 or the DPDP Act, but the compliance determination remains with your auditor or regulator.

Is e-Dex really offline, and does that help with data residency?
Yes. e-Dex runs fully offline on your own Windows machine. Hashing, comparison and certificate generation all happen locally, so your audited files never leave your environment. Because nothing is uploaded, there is no cross-border transfer and no third-party data-residency risk; only the optional trusted-timestamp step contacts an external Time-Stamping Authority, and it sends a hash, not your file.

How many certificate templates does e-Dex include?
e-Dex ships with 24+ certificate templates, including Compliance Verification and Audit Evidence formats, alongside file-integrity, backup-validation and digital-evidence templates. You pick the template that fits the audit or retention need and produce a consistent, signed, timestamped document each time.