21.B.115 Means of compliance

Regulation (EU) 2022/203

(a) The Agency shall develop acceptable means of compliance (‘AMC’) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.

(b) Alternative means of compliance may be used to establish compliance with this Regulation.

(c) Competent authorities shall inform the Agency of any alternative means of compliance used by organisations under their oversight or by themselves for establishing compliance with this Regulation.

ALTERNATIVE MEANS OF COMPLIANCE — GENERAL

(a) A competent authority may establish means to comply with the regulation, which are different from the AMC that are established by EASA.

In that case, the competent authority is responsible for demonstrating how those alternative means of compliance (AltMoC) establish compliance with the regulation.

(b) AltMoC that are used by a competent authority, or by an organisation under its oversight, may be used by other competent authorities, or another organisation, only if they are processed by those authorities in accordance with point 21.B.115 or 21.B.215, and by that organisation in accordance with point 21.A.124A or 21.A.134A.

(c) AltMoC that are issued by the competent authority may cover the following cases:

(1) AltMoC to be used by organisations under the oversight of the competent authority and which are made available to those organisations; and

(2) AltMoC to be used by the authority itself to discharge its responsibilities.

PROCESSING THE ALTERNATIVE MEANS OF COMPLIANCE

To meet the objective of points (b) and (c) of points 21.B.115 and 21.B.215:

(a) the competent authority should establish the means to consistently evaluate over time that all the AltMoC that are used by itself or by organisations under its oversight allow for the establishment of compliance with the regulation;

(b) if the competent authority issues AltMoC for itself or for the organisations under its oversight, it should:

(1) make them available to all relevant organisations; and

(2) notify EASA of the AltMoC as soon as it is issued, including the information that is described in point (d) of this AMC;

(c) the competent authority should evaluate the AltMoC that is proposed by an organisation by analysing the documentation provided and, if considered necessary, by inspecting the organisation; when the competent authority finds that the AltMoC is in accordance with the Regulation, it should:

(1) notify the applicant that the AltMoC is approved;

(2) indicate that this AltMoC may be implemented, and agree when the production organisation exposition (POE) is to be amended accordingly; and

(3) notify EASA of the AltMoC approval as soon as it is approved, including the information that is described in point (d) of this AMC; and

(d) the competent authority should provide EASA with the following information:

(1) a summary of the AltMoC;

(2) the content of the AltMoC;

(3) a statement that compliance with the regulation is achieved; and

(4) in support of that statement, an assessment that demonstrates that the AltMoC reaches an acceptable level of safety, taking into account the level of safety that is achieved by the corresponding EASA AMC.

(e) All these elements that describe the AltMoC are an integral part of the records to be kept, which are managed in accordance with point 21.B.55.

CASES IN WHICH THERE IS NO CORRESPONDING EASA AMC

When there is no EASA AMC to a certain requirement in the regulation, the competent authority may choose to develop national guides or other types of documents to assist the organisations under its oversight in compliance demonstration. The competent authority may inform EASA so that such guides or other documents may be later considered for incorporation into an AMC that is published by EASA using the EASA rulemaking process.

21.B.120 Initial certification procedure

Regulation (EU) 2022/203

(a) Upon receiving an application for the issue of a letter of agreement for the purpose of demonstrating conformity of the individual products, parts and appliances, the competent authority shall verify the applicant’s compliance with the applicable requirements.

(b) The competent authority shall record all the findings issued, closure actions as well as recommendations for the issue of the letter of agreement.

(c) The competent authority shall confirm to the applicant in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the letter of agreement can be issued.

(d) When satisfied that the applicant complies with the applicable requirements, the competent authority shall issue the letter of agreement (EASA Form 65, see Appendix XI).

(e) The letter of agreement shall contain the scope of the agreement, a termination date and, where applicable, the appropriate limitations.

(f) The duration of the letter of agreement shall not exceed 1 year.

AMC 21.B.120(a) Investigation team – Qualification criteria for the investigation team members

ED Decision 2012/020/R

The competent authority must ensure that the team leader and team members have received appropriate training in the relevant Subpart of Part 21 and in the related competent authority documentation before performing investigations. They must also have knowledge and experience at the appropriate level in aviation production and inspection activities relative to the particular application for a letter of agreement.

[This AMC will be updated with an upcoming ED Decision - 21.B.120 amended with Regulation (EU) 2022/203]

AMC 21.B.120(c)(1) Evaluation of applications

ED Decision 2012/020/R

1. General

When applying Part 21 Section A Subpart F and Section B Subpart F the competent authority must consider that these Subparts are only an alternative way for production to Part 21 Section A Subpart G and Section B Subpart G. To meet the ICAO airworthiness obligations and to issue a Certificate of Airworthiness for an individual aircraft in a practical and efficient way, the competent authority must use a system of approval of production organisations (POA) under Part 21 Section A Subpart G and Section B Subpart G, providing to the competent authority the necessary confidence in technical standards. The consistent standards of these approvals will also support the standardisation efforts by the Agency. Nevertheless it is recognised that it is not always practical, economical and/or advisable to use the POA.

Considering ICAO airworthiness obligations as well, Part 21 Section A Subpart F and Section B Subpart F is provided for such a case on the basis of the following principles:

a) Subpart F must be considered as an alternative option for particular cases

b) Its adoption must be done on an individual basis, as consequence of an assessment by the competent authority (see 21.A.121, 21.A.133(a) and their associated CS and GM).

2. Application

The competent authority must receive an application for a letter of agreement on an EASA Form 60 (see below) completed by the applicant. The eligibility of the application should be verified in relation to the competent authority procedures, based on 21.A.121 and its associated CS and GM. The applicant should be advised accordingly about the acceptance or rejection of the application.

3. Location of the applicant

The location of the applicant seeking acceptance for production under Part 21 Section A Subpart F determines which competent authority is responsible for issuing the letter of agreement.

EASA Form 60

Application for agreement of production under Part 21 Subpart F

Competent authority

of an EU Member State or

EASA

1. Registered name and address of the applicant:

 

 

 

 

2. Trade name (if different):

 

3. Location(s) of manufacturing activities:

 

4. Description of the manufacturing activities under application

 a) Identification (TC, P/N , … as appropriate):

 

 b) Termination (No. of units, Termination date, …):

 

5. Evidence supporting the application, as per 21.A.124(b):

 

6. Links/arrangements with design approval holder(s)/ design organisation(s) where different from Block 1. :

 

7. Human resources:

 

8.  Name of the person signing the application:

 

 

 

 

 

______________________________

Date

 

 

 

 

______________________________________

Signature

EASA Form 60 Issue 3

Block 1: The name of the applicant must be entered. For legal entities the name must be as stated in the register of the National Companies Registration Office. In this case a copy of the entry in the register of the National Companies Registration Office must be provided to the competent authority.

Block 2: State the trade name by which the applicant is known to the public if different from the information given in Block 1. The use of a logo may be indicated in this Block.

Block 3: State all locations of manufacturing activities that are covered by the application. Only those locations must be stated that are directly under the control of the applicant stated in Block 1.

Block 4: This Block must include further details of the manufacturing activities under the approval for the addresses indicated in Block 3. The Block ‘Identification’ must indicate the products, parts or appliances intended to be produced, while the Block ‘Termination’ must address any information on the limitation of the activity, e.g., by stating the intended number of units to be manufactured or the expected date of completion of the manufacturing activities.

Block 5: This Block must state evidence supporting the determination of applicability as stated in 21.A.121. In addition an outline of the manual required by 21.A.125A(b) must be provided with the application.

Block 6: The information entered here is essential for the evaluation of eligibility of the application. Therefore special attention must be given concerning the completion of this Block either directly or by reference to supporting documentation in relation to the requirements of 21.A.122 and AMC No 1 to 21.A.122.

Block 7: The information to be entered here must reflect the number of staff, or in case of an initial approval the intended number of staff, for the manufacturing activities under this application and therefore must include also any associated administrative staff.

Block 8: State the name of the person authorised to sign the application.

[This AMC will be updated with an upcoming ED Decision - 21.B.120 amended with Regulation (EU) 2022/203]

GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits

ED Decision 2022/021/R

This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:

      competent authorities when overseeing regulated organisations;

      regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.

In the context of this GM:

      ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;

      ‘auditing entity’ means the competent authority or organisation that performs the remote audit;

      ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);

It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.

The conduct of a remote audit

The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:

      The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.

      Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.

      Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).

Examples of the use of remote ICT during audits may include but are not limited to:

      meetings by means of teleconference facilities, including audio, video and data sharing;

      assessment of documents and records by means of remote access, in real time;

      recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;

      visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.

An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:

      determining the platform for hosting the audit;

      granting security and/or profile access to the auditor(s);

      testing platform compatibility between the auditing entity and the auditee prior to the audit;

      considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;

      establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;

      if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;

      a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and

      data protection aspects.

The following equipment and set-up elements should be considered:

      the suitability of video resolution, fidelity, and field of view for the verification being conducted;

      the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;

      the controllability of viewing direction, zoom, and lighting;

      the appropriateness of audio fidelity for the evaluation being conducted; and

      real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).

When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.

Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.

GM 21.B.120(c)(3) Investigation preparation and planning

ED Decision 2012/020/R

Following acceptance of an application and before commencing an investigation the competent authority should:

      identify the site locations needing investigation

      liaise with the competent authority of another Member State where there is seen to be a need to visit a production facility in that State for one of the following reasons:

a) where a manufacturer has contracted part of the production to another organisation holding a production organisation approval and a need arises to ensure the contract has the same meaning for all parties to the contract, and the local competent authority of the Member State agrees

b) to inspect a product (or part or appliance) under production where the sub-contractor is not holding a POA

      co-ordinate with the competent authority of a third country and/or the Agency where there is seen to be a need to visit a production facility in that country for one of the following reasons:

a) where a manufacturer has contracted part of the production to another organisation holding a production organisation approval issued by the Agency or accepted through an recognition agreement in accordance with Article 12 of the Basic Regulation and a need arises to ensure the contract has the same meaning for all parties to the contract, and the Agency and/or the competent authority agrees

b)  to inspect a product (or part or appliance) under production where the sub-contractor is not holding a POA.

[This GM will be updated with an upcoming ED Decision - 21.B.120 amended with Regulation (EU) 2022/203]

GM 21.B.120(c)(5) and (6) Auditing and investigation findings

ED Decision 2012/020/R

During its investigation process, the competent authority may make findings which should then be recorded. These may be non-conformities to the requirements, the manual as supplied by the manufacturer describing its inspection procedures or non-conformities related to the items under inspection. The manner in which the findings will be handled by the competent authority before and during the validity of the letter of agreement, should be detailed in its procedures.

[This GM will be updated with an upcoming ED Decision - 21.B.120 amended with Regulation (EU) 2022/203]

21.B.125 Findings and corrective actions; observations

Regulation (EU) 2022/203

(a) The competent authority shall have a system in place to analyse findings for their safety significance.

(b) A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of the letter of agreement which lowers safety or seriously endangers flight safety.

Level 1 findings shall also include:

1. any failure to grant the competent authority access to the organisation’s facilities referred to in point 21.A.9 during normal operating hours and after two written requests;

2. obtaining the letter of agreement or maintaining its validity by falsification of the submitted documentary evidence; and

3. any evidence of malpractice or fraudulent use of the letter of agreement.

(c) A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of the letter of agreement, which is not classified as a level 1 finding.

(d) When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate in writing the finding to the organisation and request corrective action to address the non-compliance(s) identified. Where a level 1 finding directly relates to an aircraft, the competent authority shall inform the competent authority of the Member State in which the aircraft is registered.

1. If there are any level 1 findings, the competent authority shall take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, it shall take action to revoke the letter of agreement or to limit or suspend it in whole or in part, depending on the extent of the level 1 finding, until successful corrective action has been taken by the organisation.

2. If there are any level 2 findings, the competent authority shall:

(i) grant the organisation a corrective action implementation period that is appropriate to the nature of the finding, and that in any case shall initially not be more than 3 months. The period shall commence from the date of the written communication of the finding to the organisation, requesting corrective action to address the non-compliance identified. At the end of that period, and subject to the nature of the finding, the competent authority may extend the 3‑month period provided that a corrective action plan has been agreed with the competent authority;

(ii) assess the corrective action plan and implementation plan proposed by the organisation, and if the assessment concludes that they are sufficient to address the non-compliance, accept them;

(iii) if the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to level 1 and action shall be taken as laid down in point (f)(1)(i).

(e) The competent authority may issue observations for any of the following cases not requiring level 1 or level 2 findings:

1. for any item whose performance has been assessed to be ineffective;

2. when it has been identified that an item has the potential to cause a non-compliance under points (b) or (c);

3. when suggestions or improvements are of interest for the overall safety performance of the organisation.

The observations issued under this point shall be communicated in writing to the organisation and recorded by the competent authority.

EXAMPLES OF LEVEL 1 FINDINGS

Examples of level 1 findings are non-compliance with any of the following points, which may affect the safety of the aircraft:

      point 21.A.126;

      point 21.A.127;

      point 21.A.128; and

      point 21.A.129.

It should be anticipated that non-compliance with those points is only considered a level 1 finding if there is objective evidence that that finding is uncontrolled non‑compliance that could affect the safety of the aircraft.

SIGNIFICANT NON-COMPLIANCE

Significant non-compliance includes uncontrolled non-compliance with applicable design data, which is non-compliance that:

(a) cannot be discovered through systematic analysis; or

(b) prevents the identification of the affected products, parts, appliances, or material.

GM1 21.B.125(b), 21.B.225(b) and 21.B430(b) Findings and corrective actions; observations

ED Decision 2022/021/R

EVIDENCE

Evidence is a fact that is, or can be, documented based on observations, measurements, or tests that can be verified. Evidence generally comes from the following:

(a) documents or manuals;

(b) examination of equipment/products; and

(c) information from interview questions and from observations of an organisation’s activities, as applicable.

NOTIFICATION OF FINDINGS

In the case of a level 1 finding, confirmation should be obtained in a timely manner that the accountable manager has taken note of the finding and its details.

Level 1 and level 2 findings require timely and effective oversight by the competent authority to ensure the completion of the corrective action. That oversight may include intermediate communication, such as letters, as necessary, to remind the approval holder to verify that the corrective action plan is followed.

DIFFERENCE BETWEEN A ‘LEVEL 2 FINDING’ AND AN ‘OBSERVATION’

(a) ‘Findings’ are issued for non-compliance with the regulation, whereas ‘observations’ may be issued to an organisation that remains compliant to the regulation, while additional input to the organisation may be considered for continuous improvement (see points (1), (2), and (3) of point 21.B.125(e)).

However, the competent authority may decide to issue a ‘level 2’ finding when the ‘observations’ process is not managed correctly or is overlooked.

(b) Examples to help differentiate between a ‘level 2 finding’ and an ‘observation’ are provided below, based on the requirements for the control and calibration of tools in accordance with point 21.A.139(b)(1)(vii).

Example of a ‘level 2 finding’:

The organisation could not demonstrate compliance with some elements of point 21.A.145(a) regarding the control register of the tools and equipment, as evidenced by the fact that:

(a) some sampled tools that are physically available in the tool store were missing in the tool control register that is managed by the organisation; or

(b) one tool was not correctly identified (e.g. incorrect part number or serial number) in the tool control register.

Examples of ‘observations’:

(a) Accumulation of tools in the tool store, which have not been yet sent for calibration. This situation may have some consequences regarding the availability of tools and the operational capabilities during a peak of activities (ineffectiveness of the process).

(b) The process for managing the tool control register through the dedicated software is not detailed enough (potential to cause a ‘level 2 finding’).

(d) The colour of the ‘unserviceable’ tag of the tools may generate some confusion. The organisation should consider changing the colour of that unserviceable tag to better alert its staff to the particular status of the unserviceable tools (potential improvement).

21.B.135 Maintenance of the letter of agreement

Regulation (EU) No 748/2012

The competent authority shall maintain the letter of agreement as long as:

(a) the manufacturer is properly using the EASA Form 52 (see Appendix VIII) as a statement of conformity for complete aircraft, and the EASA Form 1 (see Appendix I) for products other than complete aircraft, parts and appliances; and

(b) inspections performed by the competent authority of the Member State before validation of the EASA Form 52 (see Appendix VIII) or the EASA Form 1 (see Appendix I), as per point 21.A.130(c) did not reveal any findings of non-compliance with the requirements or the procedures as contained in the manual provided by the manufacturer, or any non‑conformity of the respective products, parts or appliances. These inspections shall check at least that:

1. the agreement covers the product, part or appliance being validated, and remains valid;

2. the manual described in point 21.A.125A(b) and its change status referred in the letter of agreement is used as basic working document by the manufacturer. Otherwise, the inspection shall not continue and therefore the release certificates shall not be validated;

3. production has been carried out under the conditions prescribed in the letter of agreement and satisfactorily performed;

4. inspections and tests (including flight tests, if appropriate), as per points 21.A.130(b)(2) and/or (b)(3), have been carried out under the condition prescribed in the letter of agreement and satisfactorily performed;

5. the inspections by the competent authority described or addressed in the letter of agreement have been performed and found acceptable;

6. the statement of conformity complies with point 21.A.130, and the information provided by it does not prevent its validation; and

(c) any termination date for the letter of agreement has not been reached.

21.B.140 Amendment of a letter of agreement

Regulation (EU) No 748/2012

(a) The competent authority shall investigate, as appropriate, in accordance with point 21.B.120 any amendment of the letter of agreement.

(b) When the competent authority is satisfied that the requirements of Section A, Subpart F continue to be complied with, it shall amend the letter of agreement accordingly.

AMC 21.B.140 Amendment of a letter of agreement

ED Decision 2012/020/R

The competent authority must be satisfied that any change affecting a letter of agreement comply with the shows of Section A Subpart F before implementation can start. A plan for the change should be agreed with the applicant in accordance with AMC 21.B.130. If the change affects the content of the letter of agreement, a new application should be filed and an amended/revised letter of agreement should be obtained subsequently.

GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits

ED Decision 2022/021/R

This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:

      competent authorities when overseeing regulated organisations;

      regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.

In the context of this GM:

      ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;

      ‘auditing entity’ means the competent authority or organisation that performs the remote audit;

      ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);

It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.

The conduct of a remote audit

The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:

      The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.

      Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.

      Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).

Examples of the use of remote ICT during audits may include but are not limited to:

      meetings by means of teleconference facilities, including audio, video and data sharing;

      assessment of documents and records by means of remote access, in real time;

      recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;

      visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.

An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:

      determining the platform for hosting the audit;

      granting security and/or profile access to the auditor(s);

      testing platform compatibility between the auditing entity and the auditee prior to the audit;

      considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;

      establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;

      if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;

      a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and

      data protection aspects.

The following equipment and set-up elements should be considered:

      the suitability of video resolution, fidelity, and field of view for the verification being conducted;

      the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;

      the controllability of viewing direction, zoom, and lighting;

      the appropriateness of audio fidelity for the evaluation being conducted; and

      real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).

When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.

Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.