Free GAQM ISO-QMS-13485 Exam Questions

Question 1

During an ISO 13485:2016 surveillance audit, a Lead Auditor reviews the management review process of a medical device company. The company conducts management reviews quarterly, as required. However, the Lead Auditor notices that the documented outputs of these reviews consistently lack specific action items with assigned responsibilities and deadlines for addressing identified issues. Which of the following is the MOST significant concern regarding this situation?

A : The frequency of the management reviews is insufficient to address the company-s needs.

B : The lack of documented action items and responsibilities undermines the effectiveness of the management review process.

C : The documented outputs should also include a review of the company-s financial performance.

D : The management review process is compliant since the company is conducting reviews as frequently as documented.

Answer: B

Question 2

A medical device company is undergoing an ISO 13485:2016 audit. The company has a documented procedure for design verification. As the Lead Auditor, you discover that the company has not formally validated the computer software used to perform finite element analysis (FEA) during design verification, where the FEA is part of the QMS and Clause 4.1.6 applies. The output of the FEA software is used as objective evidence that the design meets safety and performance requirements. The FEA software is commercial off-the-shelf software and not developed by the medical device manufacturer. The company states that they check the FEA software inputs and outputs against hand calculations as a form of verification. As the Lead Auditor, what is your MOST appropriate course of action?

A : Accept the company's approach because the software is commercially available and inputs and outputs are verified using hand calculations.

B : Consider the company's approach as verification and ask for the documented procedure for verification, objective evidence, and acceptance criteria for these hand calculations.

C : Document the lack of software validation as a finding and follow up during the next surveillance audit.

D : Issue a nonconformity because the FEA software used for design verification must be validated for its intended use.

Answer: D

Question 3

A medical device company is undergoing an ISO 13485:2016 audit. The company has a well-defined process for handling customer complaints, including documentation, investigation, and corrective actions. The Lead Auditor discovers that the company is using an older version of a Customer Relationship Management (CRM) software to manage customer complaint records, where the software vendor no longer provides any security patches or updates. The company has a documented procedure for backing up the data stored within the CRM. What is the MOST appropriate response for the Lead Auditor?

A : Accept the situation since the company has a backup process in place.

B : Raise a minor nonconformity, as the risk is mitigated by the backup process.

C : Raise a major nonconformity because the lack of security patches poses a significant risk to data integrity and potentially patient safety.

D : Recommend the company migrate to a newer CRM system but do not issue a nonconformity.

Answer: C

Question 4

During an ISO 13485:2016 audit of a medical device company, the Lead Auditor discovers that the company has implemented a comprehensive training program for its employees. The program covers various aspects of the QMS, including document control, CAPA, and risk management. However, the effectiveness of the training is solely measured through post-training quizzes, with no documented evidence of how the learned knowledge and skills are applied in the employees' actual job performance. As a Lead Auditor, what is your PRIMARY concern?

A : The lack of a defined process for verifying the effectiveness of the training could lead to employees not applying the learned knowledge and skills in their work, potentially impacting product quality and safety.

B : The exclusive reliance on post-training quizzes is sufficient to demonstrate training effectiveness, as long as the quiz questions are comprehensive and cover all relevant aspects of the QMS.

C : The absence of documented evidence of training effectiveness is not a significant concern, as long as the training program is well-structured and covers all required topics.

D : The company should focus on improving the content of the post-training quizzes to better assess the employees' understanding of the QMS requirements.

Answer: A

Question 5

A medical device manufacturer is undergoing an ISO 13485:2016 audit. They utilize a contract manufacturer to produce a critical component for one of their Class III devices. During the audit, the Lead Auditor reviews the medical device company's records pertaining to the oversight of the contract manufacturer. While the records show regular communication, agreed-upon specifications, and documented inspections of incoming components, the Lead Auditor discovers that the medical device company is performing no periodic on-site audits of the contract manufacturer's facility. What type of conclusion should the Lead Auditor draw?

A : This is acceptable if the medical device company has a robust system for monitoring the quality of incoming components and the contract manufacturer maintains ISO 13485 certification.

B : This is a minor nonconformity because the medical device company is still communicating with the contract manufacturer.

C : This is a major nonconformity because the medical device company has not ensured compliance with ISO 13485:2016 requirements.

D : This is acceptable if the medical device company has a documented rationale explaining why on-site audits are not necessary.

Answer: C