A medical device company is undergoing an ISO 13485:2016 audit. The Lead Auditor observes that the company uses a software program to manage customer complaints and track corrective actions. The software program allows users to easily generate reports and analyze trends in customer feedback. The manufacturer has performed initial validation and has documented a process for regular preventative maintenance of the software. What additional action must be verified by the Lead Auditor to ensure compliance?
A medical device company uses a contract manufacturer to produce a critical component for one of their Class III devices. During an ISO 13485:2016 audit of the medical device company (not the contract manufacturer), the Lead Auditor reviews the records pertaining to the oversight of the contract manufacturer. The records show regular communication, agreed-upon specifications, and documented inspections of incoming components. However, there is no documented evidence of periodic on-site audits of the contract manufacturer's facilities. What is the MOST appropriate conclusion for the Lead Auditor to draw?
During an ISO 13485:2016 audit, the Lead Auditor is reviewing the process for design transfer. The design transfer documentation includes detailed specifications, drawings, and manufacturing instructions. However, the documentation does not explicitly define the verification activities required to ensure the design is correctly translated into production. As a Lead Auditor, what should be your PRIMARY concern?
A medical device company is undergoing an ISO 13485:2016 audit. The company utilizes a contract manufacturer for a critical component of their Class II medical device. The Lead Auditor reviews the company's process for controlling the outsourced process. The quality agreement with the contract manufacturer clearly defines the product specifications, quality requirements, and acceptance criteria. There is evidence of recent performance data trending showing sustained compliance, however, the quality agreement does not define how frequently the quality agreement itself is reviewed or updated. As a Lead Auditor, what is the MOST appropriate determination regarding the company's approach?
A medical device company is undergoing an ISO 13485:2016 audit. The company has a well-defined process for handling customer complaints, including documentation, investigation, and corrective actions. The Lead Auditor discovers that the company is using an older version of a Customer Relationship Management (CRM) software to manage customer complaint records, where the software vendor no longer provides any security patches or updates. The company has a documented procedure for backing up the data stored within the CRM. What is the MOST appropriate response for the Lead Auditor?