Remote audits

This applies both to remote audits carried out by the competent authority and to audits carried out by organisations on their own suppliers and subcontractors.  
Authorities/organisations that decide to use remote audits should describe the functioning of remote audits in their procedures and should consider at least the following points:

• The use of an information technology methodology flexible enough to optimize the conventional audit process.
• The definition and implementation of controls to avoid abuses that could compromise the integrity of the audit process.
• Measures to ensure that security and confidentiality are maintained during audit activities (data protection and intellectual property of organisations must also be safeguarded).

Further information can be found in the guidance material “GM1 CAMO.A.200(a)(6) and CAMO.B.300 Management system and Oversight principles”.