Conducting audits remotely.

This applies both to remote audits carried out by the competent authority and to remote audits carried out by approved organisations to their own suppliers and subcontractors. 
Authorities/organisations that decide to use remote audits should describe the functioning of remote audits in their procedures and should consider at least the following points:

• The use of an information technology methodology flexible enough to optimise the conventional audit process. 
• The definition and implementation of controls to avoid abuses that could compromise the integrity of the audit process. 
• Measures to ensure that security and confidentiality are maintained during audit activities (data protection and intellectual property of organisations must also be safeguarded). 

In addition, there must be an agreement between the auditor and the auditee that includes: 

• The platform to be used (e.g.: WebEx, Teams, Lync, etc.); 
• Pre-audit platform compatibility testing; 
• Consider the use of cameras when a physical evaluation is required; 
• Establish an audit plan that identifies the IT means to be used and the use to be made of them in order to optimise and, at the same time, maintain the integrity of the process; 
• If necessary, consider time differences in order to be able to coordinate at reasonable times for both parties; 
• A written statement that the auditee will cooperate to the fullest extent possible and provide the truthful information requested, including the cooperation of subcontracted companies if necessary; 
• Data protection aspects. 

Further information can be found at https://www.easa.europa.eu/faq/116561
Information is also provided in GM1 145.A.200(a)(6) on the use of information and communication technologies for remote audits.