Question 1

A medical device company is undergoing an ISO 13485:2016 audit. The company has a documented procedure for supplier evaluation, and the company has several suppliers used to produce critical components. The company’s procedure outlines initial evaluation, periodic evaluation, and performance monitoring, however, for some suppliers that are deemed “low-risk” there is no *documented rationale* for why those suppliers were classified as such. As the Lead Auditor, what is the MOST appropriate action to take?

Options :

A : Accept the company-s classification of the suppliers as "low-risk" without further investigation, as long as the products they supply consistently meet specifications.

B : Issue a minor nonconformity, and require that the company either conduct a risk assessment or generate a documented rationale for why the suppliers were classified as low risk.

C : Accept the classification if these suppliers provide components to Class I devices.

D : Issue a major nonconformity, since all supplier evaluations must be documented with a detailed, objective risk assessment.

Answer: B

Question 2

A medical device company is undergoing an ISO 13485:2016 audit. The company utilizes a software program to manage supplier qualifications and track supplier performance. The software is commercially available and is not specifically designed for medical device manufacturing. The company claims that the software is 'intuitive' and easy to use, and that all personnel received verbal instructions on its use. The Lead Auditor discovers that there are no documented training records or competency assessments for personnel using the software. What is the MOST appropriate action for the Lead Auditor?

Options :

A : Accept the company-s explanation, as the software is 'intuitive' and easy to use.

B : Issue a minor nonconformity requiring the company to document the verbal instructions.

C : Issue a major nonconformity requiring the company to implement a documented training program and competency assessments for personnel using the software.

D : Recommend the company switch to a software program specifically designed for medical device supplier management.

Answer: C

Question 3

A medical device company manufactures Class IIa devices and is undergoing an ISO 13485:2016 audit. The company performs internal audits. The Lead Auditor reviews the internal audit reports and discovers that the reports consistently lack objective evidence to support the audit findings and conclusions. The Quality Manager explains that while the audit reports may not contain direct objective evidence in the report, they maintain detailed working papers with all the objective evidence, that can be requested and reviewed upon request, and which support the report's findings. What should be the Lead Auditor's MOST appropriate course of action?

Options :

A : Accept the Quality Manager-s explanation and close the audit finding, as long as working papers are available upon request.

B : Issue a minor nonconformity, since the objective evidence is available even if not included in the report.

C : Issue a major nonconformity, as the lack of objective evidence in the audit report hinders the effectiveness of the audit process and the ability to demonstrate QMS compliance.

D : Recommend the company outsource their internal audit program to ensure impartiality and objectivity.

Answer: C

Question 4

A medical device company utilizes a cloud-based platform for managing its Quality Management System (QMS) documentation. The company’s documented procedure for software validation and data security, while comprehensive, does not address the specific requirements for verifying the ongoing data integrity and availability of QMS data on the cloud platform. The company does not perform independent backup of their cloud data. As a Lead Auditor, what is the MOST appropriate action to take?

Options :

A : Accept the company-s reliance on the cloud provider-s security measures as sufficient evidence of data integrity and availability.

B : Issue a minor nonconformity, provided the company has a disaster recovery plan in place.

C : Issue a major nonconformity, as the lack of verification directly impacts the reliability of the QMS and data security.

D : Request the company to provide documentation of the cloud provider’s security policies and procedures and assess their suitability.

Answer: C

Question 5

A medical device company is undergoing an ISO 13485:2016 audit. The company outsources the manufacturing of a critical component to a supplier. During the audit, the Lead Auditor discovers the supplier performs 100% automated inspection of the critical dimensions of the component, and the medical device company's quality group does not perform incoming inspection. The Lead Auditor reviews the process for controlling these outsourced processes and confirms the supplier's automated inspection system used to verify critical product dimensions is validated. What additional action must be verified by the Lead Auditor to ensure compliance?

Options :

A : The Lead Auditor should verify that the medical device company’s quality control personnel are trained on the supplier’s automated inspection system.

B : The Lead Auditor should verify there is a procedure for periodic calibration of the automated inspection system, and for reviewing the results to evaluate the ongoing validity of the automated inspection data.

C : The Lead Auditor should verify the supplier performs a manual inspection, in addition to the automated inspection, to serve as a comparison between the two.

D : The Lead Auditor should verify the medical device company performs on-site audits of the supplier’s facility and evaluates the performance of the automated inspection system.

Answer: B

Higher Test Marks with Free Online ISO-QMS-13485 Exam Practice

Buying Options: