Free GAQM ISO-QMS-13485 Exam Questions

Question 1

A medical device manufacturer is using a cloud-based software platform for managing its quality management system (QMS) documentation, including procedures, work instructions, and records. The manufacturer claims that since the cloud provider is ISO 27001 certified, they do not need to perform their own validation of the software's suitability for managing their QMS data. As a Lead Auditor, how should you respond?

A : Accept the manufacturer-s reasoning, as ISO 27001 certification of the cloud provider sufficiently addresses data security and integrity concerns.

B : Inform the manufacturer that ISO 27001 certification is irrelevant to the validation requirements of ISO 13485:2016, and full validation is always necessary.

C : Acknowledge the ISO 27001 certification but require the manufacturer to demonstrate through documented evidence that the software platform is suitable for managing QMS data and meets applicable regulatory requirements, focusing on data integrity, security, and accessibility.

D : Suggest that the manufacturer only needs to validate the interfaces between the cloud-based system and any local systems, as the cloud provider is responsible for validating the core functionality.

Answer: C

Question 2

A medical device company is undergoing an ISO 13485:2016 audit. They have a well-defined process for handling nonconforming product, which includes identification, segregation, review, and disposition. The company has clearly defined responsibilities for each step of the process. However, the Lead Auditor discovers that the procedure does not specify timeframes for completing each step, particularly the review and disposition of nonconforming product. What is the MOST significant concern for the Lead Auditor?

A : The lack of timeframes could lead to delays in addressing nonconformities, potentially resulting in the use of nonconforming product.

B : The nonconforming product may lose traceability to the production lot.

C : Without timeframes, the process becomes too rigid and inflexible, inhibiting the investigation of non-conformances.

D : The lack of defined responsibilities in the process, even with the lack of time frames, allows for a clear assignment of responsibilities.

Answer: A

Question 3

A medical device company is undergoing an ISO 13485:2016 audit. The company has a documented procedure for design verification. As the Lead Auditor, you discover that the company has not formally validated the computer software used to perform finite element analysis (FEA) during design verification, where the FEA is part of the QMS and Clause 4.1.6 applies. The output of the FEA software is used as objective evidence that the design meets safety and performance requirements. The FEA software is commercial off-the-shelf software and not developed by the medical device manufacturer. The company states that they check the FEA software inputs and outputs against hand calculations as a form of verification. As the Lead Auditor, what is your MOST appropriate course of action?

A : Accept the company-s approach because the software is commercially available and inputs and outputs are verified using hand calculations.

B : Consider the company-s approach as verification and ask for the documented procedure for verification, objective evidence, and acceptance criteria for these hand calculations.

C : Document the lack of software validation as a finding and follow up during the next surveillance audit.

D : Issue a nonconformity because the FEA software used for design verification must be validated for its intended use.

Answer: D

Question 4

A medical device company is undergoing an ISO 13485:2016 audit. The company uses a contract manufacturer to produce a critical component of their Class II medical device. The Lead Auditor reviews the medical device company's records pertaining to the oversight of the contract manufacturer. While the records show regular communication, agreed-upon specifications, and documented inspections of incoming components, the Lead Auditor discovers that the medical device company is performing no periodic on-site audits of the contract manufacturer's facility. The company claims that these audits are not required if the component meets all the specifications and regulatory requirements. What should be the Lead Auditor’s MOST appropriate next action?

A : Accept the company-s justification and move on to the next area of the audit, documenting the rationale.

B : Issue a nonconformity because on-site audits are always mandatory for contract manufacturers of critical components.

C : Investigate the company-s rationale for not conducting on-site audits, considering the risk associated with the component and the effectiveness of other controls.

D : Require the company to immediately schedule an on-site audit of the contract manufacturer, regardless of the risk assessment or other controls.

Answer: C

Question 5

A medical device company has implemented a system for monitoring and measuring key processes within its Quality Management System (QMS). The system generates various performance metrics, which are regularly reviewed by management. However, the Lead Auditor discovers that the company has not established specific, measurable, achievable, relevant, and time-bound (SMART) objectives for these metrics. As a Lead Auditor, what is the MOST significant concern?

A : The lack of SMART objectives indicates a potential lack of commitment to continual improvement within the QMS.

B : Without SMART objectives, it will be difficult to determine whether the monitoring and measurement system is effective in achieving its intended purpose.

C : The absence of SMART objectives will likely lead to inconsistencies in data collection and analysis across different departments.

D : The company is not fully utilizing the available data to identify areas for improvement and optimize process performance.

Answer: B