A medical device company manufactures Class IIa devices and is undergoing an ISO 13485:2016 audit. The company performs internal audits. The Lead Auditor reviews the internal audit reports and discovers that the reports consistently lack objective evidence to support the audit findings and conclusions. The Quality Manager explains that while the audit reports may not contain direct objective evidence in the report, they maintain detailed working papers with all the objective evidence, that can be requested and reviewed upon request, and which support the report's findings. What should be the Lead Auditor's MOST appropriate course of action?

During an ISO 13485:2016 audit, the Lead Auditor is reviewing the effectiveness of the company's Corrective and Preventive Action (CAPA) system. The auditor notes that the company's CAPA procedure includes a requirement for effectiveness checks to verify that implemented corrective actions have been effective in addressing the root cause of the problem and preventing recurrence. However, the Lead Auditor discovers that the effectiveness checks consistently focus on confirming the immediate resolution of the problem, with limited consideration of the long-term sustainability and robustness of the implemented corrective action, or its potential unintended consequences. What is the MOST appropriate next step for the Lead Auditor to take?

A medical device company manufactures Class IIa devices and is undergoing an ISO 13485:2016 audit. During a review of the organization's change control process, the Lead Auditor discovers that the company's impact assessment for product changes only focuses on assessing the impact to the design and manufacturing processes. There is no documented procedure for assessing the impact of the change on device labeling, including IFU (Instructions for Use), warnings and precautions, symbols, or any regulatory labeling requirements. As the Lead Auditor, what is the MOST appropriate action to take?

A medical device company is undergoing an ISO 13485:2016 audit. The Lead Auditor observes that the company uses a software program to manage customer complaints and track corrective actions. The software program allows users to easily generate reports and analyze trends in customer feedback. The manufacturer has performed initial validation and has documented a process for regular preventative maintenance of the software. What additional action must be verified by the Lead Auditor to ensure compliance?

During an ISO 13485:2016 audit, the Lead Auditor is reviewing the Supplier Quality Agreement between the medical device company and a contract manufacturer of a critical component. The Supplier Quality Agreement details the product specifications, quality requirements, and acceptance criteria. The Lead Auditor confirms there is evidence of recent performance data trending showing sustained compliance. However, the Lead Auditor discovers that the Supplier Quality Agreement does not define how the contract manufacturer must manage changes to its own suppliers, including sub-tier supplier changes. As a Lead Auditor, what is the MOST appropriate determination regarding the company's approach?