Tamper-Evident Reports: Why Signed Evidence Matters

An integrity finding can change someone's career. That raises the bar: the record behind a decision has to be something nobody can quietly edit afterward — not the company, not a disgruntled reviewer, not an attacker. Cryptographic signing is what makes a report trustworthy after the interview ends.

The problem with an ordinary PDF

A normal report is just a file. It can be re-saved, re-worded, or back-dated, and there's no way for a third party to tell. If a candidate appeals, or HR or legal needs to rely on the record months later, "trust us, we didn't change it" isn't good enough. The evidence needs to prove its own integrity.

How signing makes tampering visible

When a report is finalised, its contents are run through a hash — a compact fingerprint that changes completely if even one character is altered. That fingerprint is then signed with a private key. Anyone can later re-hash the report and check the signature against the public key: if they match, the report is byte-for-byte the original; if they don't, it's been changed.

What it means in practice

• Independent verification — a third party can confirm authenticity without taking your word for it.
• Defensible decisions — the integrity record stands up in an appeal or audit.
• No silent edits — altering a single line invalidates the signature.
• Chain of custody — the verdict, its evidence, and its timing are sealed together.

Signing is what turns an explainable integrity score into evidence you can actually rely on later — the final link in a program built on consent, correlation, and accountability.