Regulation (EU) 2022/203
(a) The Agency shall develop acceptable means of compliance (‘AMC’) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.
(b) Alternative means of compliance may be used to establish compliance with this Regulation.
(c) Competent authorities shall inform the Agency of any alternative means of compliance used by organisations under their oversight or by themselves for establishing compliance with this Regulation.
GM1 21.B.115 and 21.B.215 Means of compliance
ED Decision 2022/021/R
ALTERNATIVE MEANS OF COMPLIANCE — GENERAL
(a) A competent authority may establish means to comply with the regulation, which are different from the AMC that are established by EASA.
In that case, the competent authority is responsible for demonstrating how those alternative means of compliance (AltMoC) establish compliance with the regulation.
(b) AltMoC that are used by a competent authority, or by an organisation under its oversight, may be used by other competent authorities, or another organisation, only if they are processed by those authorities in accordance with point 21.B.115 or 21.B.215, and by that organisation in accordance with point 21.A.124A or 21.A.134A.
(c) AltMoC that are issued by the competent authority may cover the following cases:
(1) AltMoC to be used by organisations under the oversight of the competent authority and which are made available to those organisations; and
(2) AltMoC to be used by the authority itself to discharge its responsibilities.
AMC1 21.B.115(b),(c) and 21.B.215(b),(c) Means of compliance
ED Decision 2022/021/R
PROCESSING THE ALTERNATIVE MEANS OF COMPLIANCE
To meet the objective of points (b) and (c) of points 21.B.115 and 21.B.215:
(a) the competent authority should establish the means to consistently evaluate over time that all the AltMoC that are used by itself or by organisations under its oversight allow for the establishment of compliance with the regulation;
(b) if the competent authority issues AltMoC for itself or for the organisations under its oversight, it should:
(1) make them available to all relevant organisations; and
(2) notify EASA of the AltMoC as soon as it is issued, including the information that is described in point (d) of this AMC;
(c) the competent authority should evaluate the AltMoC that is proposed by an organisation by analysing the documentation provided and, if considered necessary, by inspecting the organisation; when the competent authority finds that the AltMoC is in accordance with the Regulation, it should:
(1) notify the applicant that the AltMoC is approved;
(2) indicate that this AltMoC may be implemented, and agree when the production organisation exposition (POE) is to be amended accordingly; and
(3) notify EASA of the AltMoC approval as soon as it is approved, including the information that is described in point (d) of this AMC; and
(d) the competent authority should provide EASA with the following information:
(1) a summary of the AltMoC;
(2) the content of the AltMoC;
(3) a statement that compliance with the regulation is achieved; and
(4) in support of that statement, an assessment that demonstrates that the AltMoC reaches an acceptable level of safety, taking into account the level of safety that is achieved by the corresponding EASA AMC.
(e) All these elements that describe the AltMoC are an integral part of the records to be kept, which are managed in accordance with point 21.B.55.
GM1 21.B.115(b) and (c) and 21.B.215(b) and (c) Means of Compliance
ED Decision 2022/021/R
CASES IN WHICH THERE IS NO CORRESPONDING EASA AMC
When there is no EASA AMC to a certain requirement in the regulation, the competent authority may choose to develop national guides or other types of documents to assist the organisations under its oversight in compliance demonstration. The competent authority may inform EASA so that such guides or other documents may be later considered for incorporation into an AMC that is published by EASA using the EASA rulemaking process.
21.B.120 Initial certification procedure
Regulation (EU) 2022/203
(a) Upon receiving an application for the issue of a letter of agreement for the purpose of demonstrating conformity of the individual products, parts and appliances, the competent authority shall verify the applicant’s compliance with the applicable requirements.
(b) The competent authority shall record all the findings issued, closure actions as well as recommendations for the issue of the letter of agreement.
(c) The competent authority shall confirm to the applicant in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the letter of agreement can be issued.
(d) When satisfied that the applicant complies with the applicable requirements, the competent authority shall issue the letter of agreement (EASA Form 65, see Appendix XI).
(e) The letter of agreement shall contain the scope of the agreement, a termination date and, where applicable, the appropriate limitations.
(f) The duration of the letter of agreement shall not exceed 1 year.
GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits
ED Decision 2022/021/R
This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:
— competent authorities when overseeing regulated organisations;
— regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.
In the context of this GM:
— ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;
— ‘auditing entity’ means the competent authority or organisation that performs the remote audit;
— ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);
It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.
The conduct of a remote audit
The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:
— The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.
— Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.
— Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).
Examples of the use of remote ICT during audits may include but are not limited to:
— meetings by means of teleconference facilities, including audio, video and data sharing;
— assessment of documents and records by means of remote access, in real time;
— recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;
— visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.
An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:
— determining the platform for hosting the audit;
— granting security and/or profile access to the auditor(s);
— testing platform compatibility between the auditing entity and the auditee prior to the audit;
— considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;
— establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;
— if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;
— a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and
— data protection aspects.
The following equipment and set-up elements should be considered:
— the suitability of video resolution, fidelity, and field of view for the verification being conducted;
— the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;
— the controllability of viewing direction, zoom, and lighting;
— the appropriateness of audio fidelity for the evaluation being conducted; and
— real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).
When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.
Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.
AMC1 21.B.120(a) Initial certification procedure
ED Decision 2023/014/R
INVESTIGATION TEAM AND PROCEDURES
(a) The competent authority should appoint a team for each applicant for, or holder of, a letter of agreement. This team is responsible for conducting all the relevant tasks related to the issuance of the letter of agreement. The team should consist of a team leader to manage and lead the team, and, if needed, one or more team members. The team leader should report to the manager who is responsible for the activities of the competent authority as defined in point 21.B.25(b).
(b) The competent authority should perform sufficient investigation activities for an applicant for, or holder of, a letter of agreement, to justify the recommendations for the issuance, maintenance, amendment, suspension, limitation or revocation of the letter of agreement.
(1) evaluation of the application received;
(2) appointment of the investigation team;
(3) preparation and planning of the investigation;
(4) evaluation of the documentation (manual, procedures, etc.);
(5) auditing;
(6) follow-up of corrective actions; and
(7) recommendations for the issuance, amendment, suspension, limitation or revocation of a letter of agreement; and
(8) oversight.
AMC2 21.B.120(a) Initial certification procedure
ED Decision 2023/014/R
The competent authority should ensure that the team leader and team members have received appropriate training in the relevant Subparts of Part 21 and in the related competent authority documentation before performing investigations in accordance with AMC1 21.B.25(a)(3). They should also have knowledge and experience at the appropriate level in aviation production and inspection activities related to the particular application for a letter of agreement.
AMC3 21.B.120(a) Initial certification procedure
ED Decision 2023/014/R
EVALUATION OF APPLICATIONS
(a) General
When applying Part 21 Section A, Subpart F and Section B, Subpart F, the competent authority should consider that these Subparts are only alternatives for production to Part 21 Section A, Subpart G and Section B, Subpart G. To meet the ICAO airworthiness obligations and to issue a certificate of airworthiness for an individual aircraft in a practical and efficient way, the competent authority should use a system of approval of production organisations (POA) under Part 21 Section A, Subpart G and Section B, Subpart G, providing to the competent authority the necessary confidence in the technical standards. The consistent standards of these approvals will also support the standardisation efforts by EASA. Nevertheless, it is recognised that it is not always practical, economical and/or advisable to use the POA.
Considering the ICAO airworthiness obligations as well, Part 21 Section A, Subpart F and Section B, Subpart F are provided for such a case on the basis of the following principles:
(1) Subpart F should be considered as an alternative option for particular cases.
(2) Its adoption should be done on an individual basis, as a consequence of an assessment by the competent authority (see point 21.A.121, and its associated AMC and GM).
(b) Application
The competent authority should receive an application for a letter of agreement on an EASA Form 60 (see AMC1 21.A.124) completed by the applicant. The eligibility of the application should be verified in relation to the competent authority procedures, based on point 21.A.121 and its associated AMC and GM. The applicant should be advised accordingly about the acceptance or rejection of the application.
An application may be accepted from:
— an individual applying on his or her own behalf; or
— in the case of an organisation, an individual with the authority to make agreements on behalf of the organisation.
(c) Location of the applicant
The location of the applicant seeking acceptance for production under Part 21 Section A, Subpart F determines which competent authority is responsible for issuing the letter of agreement.
AMC4 21.B.120(a) Initial certification procedure
ED Decision 2023/014/R
INVESTIGATION PREPARATION AND PLANNING
Following acceptance of an application for a letter of agreement and before commencing an investigation, the competent authority should:
(a) identify the site locations that they need to investigate;
(b) liaise with the competent authority of a Member State where the investigation of the organisation should include a facility in that Member State for one of the following reasons:
(1) where a production organisation has contracted part of the production to another organisation holding a POA and a need arises to ensure that the contract has the same meaning for all the parties to the contract, and the local competent authority of the Member State agrees;
(2) to inspect a product (or part or appliance) under production where the subcontractor does not hold a POA.
(c) coordinate with the competent authority of a third country and/or EASA where the investigation of the organisation should include a facility in that country for one of the following reasons:
(1) where a production organisation has contracted part of the production to another organisation holding a POA issued by EASA or accepted through a recognition agreement in accordance with Article 68 of Regulation (EU) 2018/1139, and a need arises to ensure that the contract has the same meaning for all the parties to the contract, and EASA and/or the competent authority agrees;
(2) to inspect a product (or part or appliance) under production where the subcontractor does not hold a POA.
GM1 21.B.120(c) Initial certification procedure
ED Decision 2023/014/R
During its investigation process, the competent authority may raise findings which should then be recorded. These may be non-conformities to the requirements, the manual as supplied by the production organisation describing its inspection procedures or non-conformities related to the items under inspection. The manner in which the findings will be handled by the competent authority before and during the validity of the letter of agreement, should be detailed in its procedures.
AMC1 21.B.120(d) Initial certification procedure
ED Decision 2023/014/R
ISSUE OF THE LETTER OF AGREEMENT
(a) Unless otherwise agreed by the competent authority, no production before the issue of the letter of agreement may be accepted under Part 21 Section A, Subpart F.
(b) The agreement should include or reference a predefined plan of inspection points established as part of the production inspection system and agreed with the competent authority to be used as a basis for the inspections described in points 21.A.129 and 21.B.120(a) and their associated AMC and GM. The plan should clearly identify the inspection points, places, inspection subjects (materials, processes, tooling documentation, human resources, etc.), as well as the focal points and the method of communication between the production organisation and the competent authority.
(c) The competent authority should detail the method by which it will assure itself that the production organisation is working in accordance with the manual and the agreed inspection procedures during the validity period of the agreement. For a renewal of this validity period, the procedure as defined in point 21.B.140 should be used.
(d) Any conditions under which the agreement will expire (such as the termination date and/or number of units to produce) should be clearly stated in the letter of agreement.
21.B.125 Findings and corrective actions; observations
Regulation (EU) 2022/203
(a) The competent authority shall have a system in place to analyse findings for their safety significance.
(b) A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of the letter of agreement which lowers safety or seriously endangers flight safety.
Level 1 findings shall also include:
1. any failure to grant the competent authority access to the organisation’s facilities referred to in point 21.A.9 during normal operating hours and after two written requests;
2. obtaining the letter of agreement or maintaining its validity by falsification of the submitted documentary evidence; and
3. any evidence of malpractice or fraudulent use of the letter of agreement.
(c) A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of the letter of agreement, which is not classified as a level 1 finding.
(d) When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate in writing the finding to the organisation and request corrective action to address the non-compliance(s) identified. Where a level 1 finding directly relates to an aircraft, the competent authority shall inform the competent authority of the Member State in which the aircraft is registered.
1. If there are any level 1 findings, the competent authority shall take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, it shall take action to revoke the letter of agreement or to limit or suspend it in whole or in part, depending on the extent of the level 1 finding, until successful corrective action has been taken by the organisation.
2. If there are any level 2 findings, the competent authority shall:
(i) grant the organisation a corrective action implementation period that is appropriate to the nature of the finding, and that in any case shall initially not be more than 3 months. The period shall commence from the date of the written communication of the finding to the organisation, requesting corrective action to address the non-compliance identified. At the end of that period, and subject to the nature of the finding, the competent authority may extend the 3‑month period provided that a corrective action plan has been agreed with the competent authority;
(ii) assess the corrective action plan and implementation plan proposed by the organisation, and if the assessment concludes that they are sufficient to address the non-compliance, accept them;
(iii) if the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to level 1 and action shall be taken as laid down in point (f)(1)(i).
(e) The competent authority may issue observations for any of the following cases not requiring level 1 or level 2 findings:
1. for any item whose performance has been assessed to be ineffective;
2. when it has been identified that an item has the potential to cause a non-compliance under points (b) or (c);
3. when suggestions or improvements are of interest for the overall safety performance of the organisation.
The observations issued under this point shall be communicated in writing to the organisation and recorded by the competent authority.
GM1 21.B.125(b) Findings and corrective actions; observations
ED Decision 2023/014/R
EXAMPLES OF LEVEL 1 FINDINGS
Examples of level 1 findings are non-compliance with any of the following points, which may affect the safety of the aircraft:
— point 21.A.126;
— point 21.A.127;
— point 21.A.128; and
— point 21.A.129.
It should be anticipated that non-compliance with those points is only considered a level 1 finding if there is objective evidence that that finding is uncontrolled non‑compliance that could affect the safety of the aircraft.
GM1 21.B.125(b) and 21.B.225(b) Findings and corrective actions; observations
ED Decision 2023/014/R
SIGNIFICANT NON-COMPLIANCE
Significant non-compliance includes uncontrolled non-compliance with applicable design data, which is non-compliance that:
(a) cannot be discovered through systematic analysis; or
(b) prevents the identification of the affected products, parts, appliances, or material.
GM2 21.B.125(b) and 21.B.225(b) Findings and corrective actions; observations
ED Decision 2023/014/R
EVIDENCE
A finding can only be raised on the basis of evidence.
Evidence is a fact that is, or can be, documented based on observations, measurements, or tests that can be verified. Evidence generally comes from the following:
(a) documents or manuals;
(b) examination of equipment/products; and
(c) information from interview questions and from observations of an organisation’s activities, as applicable.
AMC1 21.B.125(d) and 21.B.225(d) Findings and corrective actions; observations
ED Decision 2023/014/R
NOTIFICATION OF FINDINGS
In the case of a level 1 finding, confirmation should be obtained in a timely manner that the accountable manager has taken note of the finding and its details.
A finding requires effective oversight by the competent authority to monitor the timely completion of the corrective action. That oversight may include intermediate communication, such as letters, as necessary, to remind the approval holder to verify that the corrective action plan is followed.
GM1 21.B.125(e) and 21.B.225(e) Findings and corrective actions; observations
ED Decision 2023/014/R
DIFFERENCE BETWEEN A ‘LEVEL 2 FINDING’ AND AN ‘OBSERVATION’
(a) ‘Findings’ are issued for non-compliance with the regulation, with the organisation’s procedures and manuals, or with the certificate including the terms of approval, whereas ‘observations’ may be issued to an organisation that remains compliant with the regulation, while additional input to the organisation may be considered for continuous improvement (see points (1), (2), and (3) of point 21.B.125(e)).
The competent authority may decide to issue a ‘level 2 finding’ when the ‘observations’ process is not managed correctly or is overlooked (see points 21.A.125B(c) and 21.A.158(c)).
(b) Examples to help differentiate between a ‘level 2 finding’ and an ‘observation’ are provided below, based on the requirements for the control and calibration of tools in accordance with point 21.A.139(b)(1)(vii).
Example of a ‘level 2 finding’:
The organisation could not demonstrate compliance with some elements of point 21.A.145(a) regarding the control register of the tools and equipment, as evidenced by the fact that:
(a) some sampled tools that are physically available in the tool store were missing in the tool control register that is managed by the organisation; or
(b) one tool was not correctly identified (e.g. incorrect part number or serial number) in the tool control register.
Examples of ‘observations’:
(a) Accumulation of tools in the tool store, which have not been yet sent for calibration. This situation may have some consequences regarding the availability of tools and the operational capabilities during a peak of activities (ineffectiveness of the process).
(b) The process for managing the tool control register through the dedicated software is not detailed enough (potential to cause a ‘level 2 finding’).
(c) The colour of the ‘unserviceable’ tag of the tools may generate some confusion. The organisation should consider changing the colour of that unserviceable tag to better alert its staff to the particular status of the unserviceable tools (potential improvement).
21.B.135 Maintenance of the letter of agreement
Regulation (EU) No 748/2012
The competent authority shall maintain the letter of agreement as long as:
(a) the manufacturer is properly using the EASA Form 52 (see Appendix VIII) as a statement of conformity for complete aircraft, and the EASA Form 1 (see Appendix I) for products other than complete aircraft, parts and appliances; and
(b) inspections performed by the competent authority of the Member State before validation of the EASA Form 52 (see Appendix VIII) or the EASA Form 1 (see Appendix I), as per point 21.A.130(c) did not reveal any findings of non-compliance with the requirements or the procedures as contained in the manual provided by the manufacturer, or any non‑conformity of the respective products, parts or appliances. These inspections shall check at least that:
1. the agreement covers the product, part or appliance being validated, and remains valid;
2. the manual described in point 21.A.125A(b) and its change status referred in the letter of agreement is used as basic working document by the manufacturer. Otherwise, the inspection shall not continue and therefore the release certificates shall not be validated;
3. production has been carried out under the conditions prescribed in the letter of agreement and satisfactorily performed;
4. inspections and tests (including flight tests, if appropriate), as per points (b)(2) and/or (b)(3), have been carried out under the condition prescribed in the letter of agreement and satisfactorily performed;
5. the inspections by the competent authority described or addressed in the letter of agreement have been performed and found acceptable;
6. the statement of conformity complies with point 21.A.130, and the information provided by it does not prevent its validation; and
(c) any termination date for the letter of agreement has not been reached.
21.B.140 Amendment of a letter of agreement
Regulation (EU) No 748/2012
(a) The competent authority shall investigate, as appropriate, in accordance with point 21.B.120 any amendment of the letter of agreement.
(b) When the competent authority is satisfied that the requirements of Section A, Subpart F continue to be complied with, it shall amend the letter of agreement accordingly.
AMC 21.B.140 Amendment of a letter of agreement
ED Decision 2023/014/R
The competent authority must be satisfied that any change affecting a letter of agreement complies with the shows of Section A Subpart F before implementation can start. A plan for the change should be agreed with the applicant in accordance with AMC1 21.B.120(d). If the change affects the content of the letter of agreement, a new application should be filed, and an amended/revised letter of agreement should be obtained subsequently.
GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits
ED Decision 2022/021/R
This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:
— competent authorities when overseeing regulated organisations;
— regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.
In the context of this GM:
— ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;
— ‘auditing entity’ means the competent authority or organisation that performs the remote audit;
— ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);
It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.
The conduct of a remote audit
The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:
— The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.
— Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.
— Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).
Examples of the use of remote ICT during audits may include but are not limited to:
— meetings by means of teleconference facilities, including audio, video and data sharing;
— assessment of documents and records by means of remote access, in real time;
— recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;
— visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.
An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:
— determining the platform for hosting the audit;
— granting security and/or profile access to the auditor(s);
— testing platform compatibility between the auditing entity and the auditee prior to the audit;
— considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;
— establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;
— if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;
— a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and
— data protection aspects.
The following equipment and set-up elements should be considered:
— the suitability of video resolution, fidelity, and field of view for the verification being conducted;
— the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;
— the controllability of viewing direction, zoom, and lighting;
— the appropriateness of audio fidelity for the evaluation being conducted; and
— real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).
When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.
Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.