Higher Test Marks with Free Online ISO-QMS-13485 Exam Practice

A medical device company manufactures Class IIa devices and is undergoing an ISO 13485:2016 audit. During a review of the organization's change control process, the Lead Auditor discovers that the company's impact assessment for product changes only focuses on assessing the impact to the design and manufacturing processes. There is no documented procedure for assessing the impact of the change on device labeling, including IFU (Instructions for Use), warnings and precautions, symbols, or any regulatory labeling requirements. As the Lead Auditor, what is the MOST appropriate action to take?

During an ISO 13485:2016 audit, the Lead Auditor discovers that a medical device company uses a cloud-based software to manage its training records. The software provider states the system is fully compliant with all relevant data privacy requirements such as GDPR and HIPAA. The manufacturer performs an annual review of the software provider’s SOC 2 Type II report to verify its compliance with relevant security standards. Considering the requirements of ISO 13485:2016 regarding the control of outsourced processes, what should be your MOST appropriate next action?

A medical device company uses a contract manufacturer to produce a critical component for one of their Class III devices. During an ISO 13485:2016 audit of the medical device company (not the contract manufacturer), the Lead Auditor reviews the records pertaining to the oversight of the contract manufacturer. The records show regular communication, agreed-upon specifications, and documented inspections of incoming components. However, there is no documented evidence of periodic on-site audits of the contract manufacturer's facilities. What is the MOST appropriate conclusion for the Lead Auditor to draw?

A medical device company is undergoing an ISO 13485:2016 audit. The company has a documented procedure for design verification. As the Lead Auditor, you discover that the company has not formally validated the computer software used to perform finite element analysis (FEA) during design verification, where the FEA is part of the QMS and Clause 4.1.6 applies. The output of the FEA software is used as objective evidence that the design meets safety and performance requirements. The FEA software is commercial off-the-shelf software and not developed by the medical device manufacturer. The company states that they check the FEA software inputs and outputs against hand calculations as a form of verification. As the Lead Auditor, what is your MOST appropriate course of action?

A medical device manufacturer is using a cloud-based software platform for managing its quality management system (QMS) documentation, including procedures, work instructions, and records. The manufacturer claims that since the cloud provider is ISO 27001 certified, they do not need to perform their own validation of the software's suitability for managing their QMS data. As a Lead Auditor, how should you respond?