An audit trail that can't be rewritten
The difference between an audit log and a tamper-proof audit log is whether the people running the system can edit it after the fact. In NxtAssets, nobody can — not a user, not a manager, not an administrator, not the vendor.
What's in the record
Three kinds of events go into the tamper-proof log automatically, as they happen:
- Chain-of-custody events — every handoff, with both parties, signatures, timestamp, GPS, and event reason.
- Seal events — every seal application, inspection, pass, fail, break, and replacement — with serial number and operator.
- Critical workflow transitions — the moments that matter legally: "Ready for Delivery," "In Transit," "Delivered," "Closed Out."
If it happened, it's in the log. If it's in the log, it's there to stay.
Why it can't be edited
The record lives in a part of the system that is write-once by design. Once a row is written, the system rejects any attempt to change it or remove it. That rule is enforced by the data layer itself — below the application, below the user interface, below any administrator account. Tampering isn't just forbidden by policy; it's physically blocked and, in the rare case someone tried, it would be immediately detectable.
For an auditor, the practical effect is simple: there's no need to prove the custody record wasn't edited. The question doesn't come up.
Retention matches the law
Texas statute sets specific preservation periods for election records. NxtAssets retention is configured to match:
- Seal and test-material records — 22 months (Texas Election Code §129.024(b)).
- Precinct records — 22 months (TEC §66.058).
- Electronic voting system records — per statute, including the Chapter 129 media that must be preserved in a secure container.
Retention policies are themselves protected — the window can be lengthened, but cannot be shortened on a whim and the records cannot be made to disappear before the clock runs out.
Nine months after an election, the county receives a public records request for chain-of-custody logs on a specific batch of voting machines. In NxtAssets, that's a report run — the records are right where they were written, in the form they were written, with the signatures and timestamps intact. The only thing that's changed since the handoff is the date on the calendar.
What this unlocks
- Audit response. When the Secretary of State asks, the office exports. It doesn't reconstruct.
- Public records requests. FOIA-style requests become a report, not a hunt through binders.
- Public confidence. Observers, the press, and the public can see the integrity of the record because the record can't be quietly rewritten.
- Internal accountability. Every person whose name is on the log knows their name is permanent — which tends to sharpen the quality of the work.
Security teams and IT evaluators looking for the specifics of how the immutable storage works will find them on the For security teams page and in the full security architecture.