Preparing for Fair Work Agency Audits: Building a Tamper-Evident Probation Record

The Fair Work Agency launched on 7 April 2026 with the power to proactively investigate UK employers — requesting employment records without waiting for a worker complaint. RSM's compliance guidance states that the agency's focus will be on whether employers can prove compliance quickly, clearly, and consistently. For probation records specifically, that means producing a complete, credible, and verifiable file on demand — not assembling one after the letter arrives. The employers who will walk into an FWA review with confidence are the ones whose records were built to withstand scrutiny from the day they were created.

ProbationWatch generates sealed review records and stores every document in a tamper-evident SHA-256 evidence chain — so your probation file is audit-ready before the Fair Work Agency asks for it. See how it works →

What Powers Does the Fair Work Agency Have?

The FWA was established under the Employment Rights Act 2025 as an Executive Agency of the Department for Business and Trade. It consolidates enforcement responsibilities that were previously distributed across multiple bodies — including enforcement of holiday pay, statutory sick pay, national minimum wage, and agency worker regulations.

Its powers go beyond those of the bodies it replaces in one critical respect: proactive investigation. The FWA does not only respond to individual worker complaints. It can initiate reviews of employers based on factors including industry sector, geographic location, and company size. An employer does not need to have received a complaint, a tribunal claim, or any prior warning to be subject to an FWA investigation.

Policy Pros' analysis of the FWA's launch describes it as a fundamental shift in enforcement approach — from reactive to proactive. The agency's stated purpose is to ensure compliance across the workforce, not just to resolve individual disputes.

For employers, the practical consequence is straightforward: your records need to be audit-ready at all times, not assembled in response to a specific request.

What Records Will the Fair Work Agency Request from Employers?

Published guidance from employment law firms and government sources indicates that the FWA's document requests will be broad. Employers should expect to produce:

Employment contracts — including probation clauses, notice provisions, hours, pay, and any restrictive covenants.

Payslips and pay records — demonstrating correct SSP calculation (now payable from Day 1), holiday pay compliance, and national minimum wage adherence.

Timesheets and attendance records — hours worked, absences recorded, and how sickness absence was managed and paid.

Meeting notes and review records — probation reviews, performance discussions, formal and informal conversations about conduct or capability. This is the category where most employers have the greatest gaps.

Termination letters and decision records — the reasons for any dismissal, the process followed, and the evidence relied upon.

Company policies — probation policy, absence policy, disciplinary and grievance procedures, and any other employment policies referenced during the employee's tenure.

Witness statements and correspondence — emails, letters, and other communications between managers and employees relevant to employment decisions.

Breathe HR's analysis of the FWA's powers notes that the agency's requests are designed to assess the employer's entire compliance posture — not just one specific issue. An investigation triggered by a holiday pay query, for example, could expand into a review of probation processes, absence management, and SSP compliance if the records reveal inconsistencies.

How Do You Prepare for a Fair Work Agency Audit?

Preparation is not a one-off exercise performed when a letter arrives. It is an ongoing standard of record-keeping that ensures you are ready at any point.

Step 1: Audit your current records

Before building a new system, understand what you have and where the gaps are. For every current and recent probationary employee, ask: can you produce a complete file containing their contract, probation objectives, review notes, feedback records, support documentation, and outcome decision? If any of those elements are missing, scattered across email inboxes, or stored in formats that cannot demonstrate when they were created, you have a gap the FWA will find.

Step 2: Centralise storage

Employment records should be stored in a single, secure, accessible location — not distributed across individual manager inboxes, desktop folders, shared drives, and filing cabinets. Centralisation ensures that a complete file can be assembled quickly and that records are not lost when a manager changes role or leaves the organisation.

Step 3: Standardise documentation

Every probation review should follow the same structure, covering the same fields, in the same format. Standardisation removes the variability that comes from different managers recording different things in different ways — and it ensures that the file presented to an auditor is consistent and credible.

Step 4: Implement tamper-evident storage

The credibility of a record depends not just on its content but on the assurance that it has not been altered since creation. Records that are date-stamped and sealed at the point of creation — and stored in a system that logs any access or modification — carry significantly more evidential weight than editable documents. This is where hash chain technology provides a measurable compliance advantage.

Step 5: Build review discipline

The best storage system in the world is useless if the reviews do not happen. Automated prompts at defined intervals — Day 30, 60, 90, 120, 150, 165, 175, and 182 — ensure that managers conduct reviews on schedule and that records are generated at the time of each event, not retrospectively.

Step 6: Test the system

Before an FWA investigation arrives, test your ability to produce a complete file. Pick a current or recent probationary employee and attempt to assemble every document listed in the FWA's expected request categories. Time how long it takes. Assess whether the file is complete, consistent, and credible. If it is not, you have identified the work that needs to be done.

ProbationWatch centralises every probation record, standardises review documentation, seals each record at creation, and produces a complete audit-ready export with one click. Compare plans →

What Is a Tamper-Evident HR Record?

A tamper-evident record is a document or data entry that has been stored in a way that makes any subsequent alteration detectable. The record itself is not prevented from being changed — it is stored so that if anyone changes it, the change is mathematically visible.

The distinction matters. "Tamper-proof" implies that a record cannot be altered, which is rarely achievable in any system. "Tamper-evident" means that any alteration leaves a trace that can be identified and verified. For employment compliance, tamper-evident records provide the assurance that a tribunal, auditor, or enforcement body needs: this document was created at this time, by this person, and it has not been changed since.

In practical terms, a tamper-evident HR record has three properties. It is date-stamped — the system records when the document was created, not when it was uploaded or filed. It is attributable — the system records who created or authorised the document. And it is integrity-verified — the system can prove that the content has not been altered since creation.

Traditional storage methods — Word documents, emails, shared drives — provide none of these properties reliably. A Word document can be edited and re-saved with no record of the change. An email can be forwarded, edited, and re-forwarded. A file on a shared drive can be overwritten. None of these methods can demonstrate, under challenge, that the version presented is the version that existed at the time of the event.

What Is SHA-256 in HR Documentation?

SHA-256 is a cryptographic hash function — a mathematical algorithm that takes any piece of data and produces a unique 256-bit "fingerprint" of that data. If even a single character of the original data is changed, the resulting hash changes completely. This property makes SHA-256 the foundation of tamper-evident record systems.

The analogy that captures it best: a SHA-256 hash works like a wax seal on a letter. The seal does not prevent someone from opening the letter — but if they do, the broken seal proves the letter was tampered with.

How hash chains work in practice

A hash chain extends this principle across a sequence of records. Each record's hash is computed from the record's own content combined with the hash of the previous record. This creates a mathematical chain: every record is linked to the one before it and the one after it.

If any single record in the chain is altered — even by a single character — its hash changes. That changed hash no longer matches the hash stored in the next record, breaking the chain from that point forward. The break is detectable by anyone who runs the verification, and it identifies exactly where the alteration occurred.

For employment documentation, this means an employer can prove not just that individual records exist, but that the entire sequence of records — from the first objective-setting session to the final probation decision — has been preserved intact and in order since each record was created.

What this means for audits and tribunals

When the Fair Work Agency requests probation documentation, or when an employer presents records at tribunal, the question is always: can you prove these records are genuine? A hash-chained evidence log answers that question with mathematical certainty. The records either verify or they do not — there is no ambiguity and no reliance on the employer's assertion that the records are accurate.

Legal and technical commentary describes tamper-evident logs as a building block for legal defensibility. They do not replace good management practice — a hash chain that preserves records of a poor process still evidences a poor process. But they eliminate the secondary challenge that employers otherwise face: proving that the records themselves are trustworthy.

How Do You Create an Audit Trail for Employment Decisions?

An audit trail is the complete, chronological record of every action taken and every document created in relation to an employment decision. For probation, that means the trail runs from the employee's first day to the final decision — and every review, conversation, objective, and outcome in between.

The components of a defensible audit trail

Contemporaneous records. Every document must be created at or near the time of the event it records. A review note dated the day of the meeting carries weight. A retrospective summary created three months later — after a dispute has arisen — does not.

Consistent format. Records created in the same structured format, covering the same fields, across all employees and all review stages, demonstrate a systematic process. Inconsistency — one employee has detailed records, another has nothing — invites the inference that documentation was selective or reactive.

Clear attribution. Every record should identify who created it, who was present, and who authorised or signed off on the content. Anonymous or unattributed documents are easy to challenge.

Unbroken sequence. The audit trail should be continuous from Day 1 to Day 182. Gaps — a missing Day 90 review, an unexplained jump from Day 60 to Day 165 — suggest that the process was not followed consistently, even if the records that do exist are sound.

Integrity assurance. The system storing the records must be able to demonstrate that documents have not been altered since creation. This is where sealed PDFs and hash chain verification provide a level of assurance that file-based storage cannot match.

What Does an Audit-Ready Probation File Look Like?

A complete probation file, ready for FWA inspection or tribunal disclosure, contains the following elements in chronological order:

The employment contract — with probation clause, start date, notice provisions, and any extension provisions.

The probation plan — objectives, success criteria, review schedule, and the employee's acknowledgement of receipt. Created within the first two weeks.

Review records from each checkpoint — Day 30, 60, 90, 120, 150, 165, 175, and 182 (or the applicable schedule). Each record covering objectives, performance assessment, feedback given, support provided, employee input, agreed actions, and the reviewer's signature.

Evidence of support — training completed, mentoring arrangements, reasonable adjustments made, resources provided. Referenced in the review records and supported by separate documentation where relevant.

Written communications about concerns — any emails, letters, or formal notes raising specific issues with the employee. Dated and stored alongside the relevant review records.

The extension record (if applicable) — reasons for extension, new objectives, defined end date, and the employee's acknowledgement.

The final decision record — confirmation, extension, or dismissal. With clear reasoning, reference to the review history, and the employee's right of appeal.

The evidence chain verification — a hash chain log or equivalent that demonstrates the integrity and sequence of all records in the file.

An employer who can produce this file — complete, chronological, consistent, and verifiable — is in the strongest possible position for any FWA review or tribunal proceeding.

ProbationWatch builds this exact file automatically. Every review, every objective, every decision — sealed, chained, and exportable. Start your free trial →

Frequently Asked Questions

What records will the Fair Work Agency request from employers?

The FWA can request employment contracts, payslips, timesheets, meeting notes, probation review records, termination letters, company policies, witness statements, and relevant correspondence. Its investigations can expand beyond the initial query if records reveal inconsistencies in other areas of compliance.

How do you prepare for a Fair Work Agency audit?

Audit your current records for gaps, centralise storage in a single secure system, standardise documentation across all employees and review stages, implement tamper-evident storage, build review discipline through automated prompts, and test your ability to produce a complete file on demand before an investigation arrives.

What is a tamper-evident HR record?

A record stored so that any subsequent alteration is detectable. Tamper-evident records are date-stamped at creation, attributable to a named author, and integrity-verified through mechanisms such as SHA-256 hash chains. They provide the assurance that a tribunal or auditor needs: this document has not been changed since it was created.

How do you create an audit trail for employment decisions?

Build contemporaneous records at the time of each event, use a consistent format across all employees and stages, ensure clear attribution for every document, maintain an unbroken sequence from Day 1 to Day 182, and store records in a system that can demonstrate they have not been altered. Sealed PDFs logged to a hash chain provide the highest standard of integrity assurance.

What is SHA-256 in HR documentation?

SHA-256 is a cryptographic hash function that produces a unique fingerprint of any piece of data. In a hash chain, each record's hash incorporates the hash of the previous record, creating a mathematical sequence. If any record is altered, the chain breaks — making the tampering detectable. It works like a wax seal: if someone breaks and reseals it, the tampering is visible.

What powers does the Fair Work Agency have?

The FWA can proactively investigate employers based on sector, location, and company size — without waiting for a worker complaint. It can request a broad range of employment records, issue compliance notices, and impose financial penalties. Its focus is on whether employers can demonstrate compliance quickly, clearly, and consistently.