A medical device company uses a contract manufacturer to produce a critical component for one of their Class III devices. During an ISO 13485:2016 audit of the medical device company (not the contract manufacturer), the Lead Auditor reviews the records pertaining to the oversight of the contract manufacturer. The records show regular communication, agreed-upon specifications, and documented inspections of incoming components. However, there is no documented evidence of periodic on-site audits of the contract manufacturer's facilities. What is the MOST appropriate conclusion for the Lead Auditor to draw?

A medical device company uses a commercial off-the-shelf (COTS) software program for managing its training records. The software is not directly used in the manufacturing process but is integral to personnel training and demonstrating compliance with ISO 13485:2016. The Lead Auditor reviews the company's training procedure and notes the procedure indicates the company must perform testing of software used within the QMS, and validation is not required. Which of the following would be the MOST appropriate determination for the Lead Auditor?

A medical device company is undergoing an ISO 13485:2016 audit. The company uses a contract manufacturer to produce a critical component of their Class II medical device. The Lead Auditor reviews the medical device company's records pertaining to the oversight of the contract manufacturer. While the records show regular communication, agreed-upon specifications, and documented inspections of incoming components, the Lead Auditor discovers that the medical device company is performing no periodic on-site audits of the contract manufacturer's facility. The company claims that these audits are not required if the component meets all the specifications and regulatory requirements. What should be the Lead Auditor’s MOST appropriate next action?

During an ISO 13485:2016 audit, the Lead Auditor is reviewing the effectiveness of the company's Corrective and Preventive Action (CAPA) system. The auditor notes that the company's CAPA procedure includes a requirement for effectiveness checks to verify that implemented corrective actions have been effective in addressing the root cause of the problem and preventing recurrence. However, the Lead Auditor discovers that the effectiveness checks consistently focus on confirming the immediate resolution of the problem, with limited consideration of the long-term sustainability and robustness of the implemented corrective action, or its potential unintended consequences. What is the MOST appropriate next step for the Lead Auditor to take?

A medical device company is undergoing an ISO 13485:2016 audit. The company utilizes a contract manufacturer for a critical component of their Class II medical device. The Lead Auditor reviews the company's process for controlling the outsourced process. The quality agreement with the contract manufacturer clearly defines the product specifications, quality requirements, and acceptance criteria. There is evidence of recent performance data trending showing sustained compliance, however, the quality agreement does not define how frequently the quality agreement itself is reviewed or updated. As a Lead Auditor, what is the MOST appropriate determination regarding the company's approach?