I. Auditing Fundamentals (12 Questions)
|
A. Types of Audits |
1. Audits by purpose
- Identify and distinguish between audits by purpose: organizational effectiveness, system efficiency, business performance, process effectiveness, risk management, regulatory compliance, supplier qualification, compliance with standards (certification and surveillance), design history file compliance, and for-cause audit. (Analyze)
2. Audits by method
- Identify and distinguish between audits by method: product, process, system, first-party, second-party, third-party, internal, external, desk, management, department, and function. (Analyze)
3. Data privacy
- Demonstrate the importance of maintaining confidentiality of personal information reviewed during audits. (Apply)
|
B. Audit Roles and Responsibilities |
- Explain key functions and responsibilities of various audit participants including audit team members, lead auditor, client, auditee, etc. (Understand) |
C. Ethical, Legal, and Professional Issues |
1. Professional conduct and responsibilities
- Define and apply the ASQ Code of Ethics, concepts of due diligence and due care with respect to confidentiality and conflict of interest, and various factors that influence audit credibility, including auditor independence, objectivity, and qualifications. (Apply)
2. Legal consequences and liability
- Identify potential legal and financial ramifications of improper auditor actions (carelessness, negligence, etc.) in various situations, and anticipate the effect that certain audit results can have on an auditee’s liability. (Apply)
|
II. Auditing and Inspection Processes (28 Questions)
|
A. Audit Preparation and Planning |
1. Elements of the audit planning process
- Determine and implement steps in audit preparation and planning, such as verifying audit authority, establishing the purpose, scope, and type of audit, audit criteria, and the resources necessary, including the size and number of audit teams. (Evaluate)
2. Auditor selection
- Identify and examine various internal or outsourced auditor selection criteria, such as education, experience, industry background, and subject-matter expertise, and the characteristics that make auditors effective, such as interpersonal skills, problem-solving skills, attention to detail, cultural sensitivity, and ability to work independently as well as in a group or on a team. (Evaluate)
3. Audit-related documentation
- Identify sources of pre-audit information and examine audit-related documentation, such as reference materials and prior audits. (Evaluate)
4. Auditing tools
- Identify the sampling plan or method and procedural guidelines to be used for the specific audit. Select and prepare working papers (checklists, log sheets, etc.) to document the audit. (Create)
5. Auditing strategies
- Identify and use various tactical methods for conducting an audit, such as forward and backward tracing, discovery, etc. (Apply)
6. Logistics
- Identify and organize various audit-related logistics, such as travel, safety and security considerations, the need for escorts, translators, confidentiality agreements, and clear right of access. (Apply)
|
B. Audit Performance |
1. Opening meeting
- Manage the opening meeting of an audit, including identifying the audit’s purpose and scope, describing any scoring, rating, or classification criteria for potential audit findings, creating a record of the attendees, reviewing the audit schedule, and answering questions as needed. (Apply)
2. Data collection and analysis
- Select and apply various data collection methods, such as observing work activities, taking physical measurements, examining paper and electronic documents, etc. Evaluate the results to determine their importance for providing audit evidence. (Evaluate)
3. Data integrity principles
- Examine record-keeping requirements for data acquisition systems to ensure data integrity. Evaluate the data collected during an audit to ensure it is attributable, legible, contemporaneous, original, and accurate (ALCOA). (Evaluate)
4. Communication techniques
- Define and apply appropriate interviewing techniques (e.g., when to use various question types, the significance of pauses and their length, when and how to prompt a response), in various situations, including when supervisors are present, when conducting multiple interviews, and when using a translator. Identify typical conflict situations and use appropriate techniques to resolve them. (Apply)
5. Organization and analysis of objective evidence
- Identify and differentiate sources of objective evidence, such as observed, measured, confirmed, and documented. Classify evidence in terms of significance, severity, frequency, and level of risk. Evaluate the evidence for its potential impact on product, process, system, and cost of quality. Determine whether additional investigation is required to meet the scope of the audit. (Evaluate)
6. On-site audit management
- Interpret situations throughout audit performance to determine whether time is being managed well and when changes need to be made, such as revising planned audit team activities, reallocating resources, and adjusting the audit plan. Communicate with the auditee about any changes or other events related to the audit. (Analyze)
7. Exit/closing meeting
- Formally manage these meetings: reiterate the audit’s purpose, scope, scoring, rating, or classification criteria, and create a record of the attendees. Present the audit results and obtain concurrence on evidence that could lead to an adverse conclusion. Discuss the next steps in the process (follow-up audit, additional evidence-gathering, etc.), and clarify who is responsible for performing those steps. (Apply)
|
C. Audit Report |
1. Basic elements
- Define, plan, and apply the steps in generating an audit report, including reviewing and finalizing results, organizing details, obtaining necessary approvals, and distributing the report. (Create)
2. Effective audit reports
- Report observations and nonconformances accurately; cite objective evidence, procedures, and requirements; and develop and evaluate various components, such as executive summaries, prioritized data, graphic presentation, and the impact of nonconformances. (Create)
3. Record retention
- Identify and apply record retention requirements, including the type of documents and storage considerations. (Apply)
|
D. Audit Follow-Up and Closure |
1. Elements of corrective and preventive action (CAPA)
- Identify and apply the elements of these processes, including problem identification, prioritizing actions based on risk, assignment of responsibility, root cause analysis, and establishing a plan to verify effectiveness of corrective actions to prevent recurrence. (Analyze)
2. Review of corrective action plan
- Use various criteria to evaluate the acceptability of corrective action plans. Identify and apply strategies for negotiating changes to unacceptable plans. (Apply)
3. Conducting audit follow-up
- Use various methods to verify and evaluate the effectiveness of corrective actions taken, such as re-examining procedures, observing revised processes, and conducting follow-up audits or re-audits. Develop strategies when corrective actions are not implemented or are not effective, such as communicating to the next level of management, re-issuing the corrective action request, etc. (Evaluate)
4. Audit closure
- Identify and apply various elements of, and criteria for, audit closure. (Evaluate)
|
E. Audit Procedural References |
1. International guidelines for auditing quality systems
- Understand general auditing principles as described in ISO 19011 and the Medical Device Single Audit Program (MDSAP) audit model. (Understand)
2. Quality System Inspection Technique (QSIT) and FDA CPG 7382.845
- Understand QSIT auditing requirements and its various subsystems. Explain the purpose and scope of FDA criteria for taking regulatory action on the basis of quality system audit results. (Understand)
|
III. Medical Device Quality Management System Requirements (38 Questions)
|
A. Regulatory Laws and Requirements |
1. FDA - Code of Federal Regulations (CFR) Title 21
- Identify, define, and apply the following FDA requirement parts: 4 – Regulation of combination products, 7 – Enforcement policy, 11 – Electronic records; signatures, 58 – Good laboratory practice for nonclinical laboratory studies, 801 – Labeling, 803 – Medical device reporting, 806 – Medical devices; reports of corrections and removals, 807 – Establishment registration and device listing for manufacturers and initial importers of devices, 820 – Quality system regulation, 821 – Medical device tracking requirements, and 830 – Unique device identification. (Apply)
2. U.S. requirements (FD&C Act, 201, 301-304, 501-502, 510, 513, 518, 522, 704)
- Identify how the FD&C Act defines and differentiates between device classifications and pre-market requirements. Recognize the implications of misbranding and adulteration. (Apply)
3. EU MDR 2017/745
- Recognize requirements of the directive and the key differences between this and U.S. regulations. (Apply)
4. Health Canada
- Recognize current requirements of the Canadian Medical Device Regulation SOP/98-282 and the key differences between this and U.S. regulations. (Apply)
5. Other international agencies
- Recognize requirements enforced by international agencies such as Therapeutic Goods Administration (TGA) and Japanese Pharmaceutical and Medical Device Agency, etc. (Understand)
|
B. Requirements for In Vitro Diagnostic (IVD) Devices |
- Recognize the requirements of 21 CFR 809 and IVDR 2017/746 as they apply to in vitro diagnostic (IVD) devices. (Understand) |
C. International Standards for Quality Systems |
- Evaluate the selection and use of the following quality system standards: ISO 9001, ISO 13485, and ISO 17025. (Evaluate) |
D. Quality System Regulation (QSR) Requirements (21 CFR 820 – Parts as Shown) |
1. Management responsibility (Parts 20, 22, 25)
- Assess management’s responsibility in establishing and maintaining the quality system: organizational structure and management representative, quality planning/ objectives, resources, management reviews, quality audits, personnel training and education, and control of customer property. (Evaluate)
2. Design controls (Part 30)
- Evaluate the scope, purpose, and implementation of controls and their elements, including design and development planning, input, output, review, verification, validation, transfer, changes, and design history file. (Evaluate)
3. Document (Part 40) and record control (Parts 180-186)
- Describe and review elements of a document and change control system, including approval processes, retention policies, communication procedures and maintenance of device master records (DMRs), device history records (DHRs), and quality system records. (Analyze)
4. Purchasing controls and acceptance activities (Parts 50, 80, 86)
- Describe supplier qualification and purchasing control requirements for products, components, and services. Describe appropriate identification and acceptance activities, including inspection, test, and verification processes used for incoming products. (Apply)
5. Identification and traceability (Parts 60, 65)
- Use appropriate methods for identifying and tracing products during all stages of receipt, production, distribution, and installation. (Apply)
6. Production and process controls (Parts 70, 75)
- Assess production and process controls, including process validation, monitoring, control of materials, equipment, environment, contamination, and software validation for automated processes. (Evaluate)
7. Inspection, measuring, and test equipment (Part 72)
- Determine the suitability and calibration of inspection equipment. Ensure calibration is traceable to national or international standards. (Evaluate)
8. Nonconforming product (Part 90)
- Determine the adequacy of procedures, processes, and records established for the control and disposition of nonconforming product. (Evaluate)
9. Corrective and preventive action (CAPA) system (Part 100)
- Assess analysis of quality data sources to determine the need for CAPA. Define and distinguish between corrective action and preventive action. Review CAPA procedures, processes, and records to evaluate the effectiveness of the system. (Evaluate)
10. Product handling, storage, distribution, and installation (Parts 140-170)
- Determine the adequacy of procedures, processes, and records established for these aspects of product control to ensure product integrity. (Analyze)
11. Complaint files (Part 198)
- Determine adequacy of complaint handling procedures, including investigation and determination of Medical Device Reporting. (Evaluate)
12. Servicing (Part 200)
- Determine the adequacy of procedures, processes, and records established for products that require servicing activities such as troubleshooting and repair. Evaluate service reports for events that must be reported to the FDA to ensure that they are included in the complaint handling process. (Analyze)
13. Statistical techniques (Part 250)
- Determine the adequacy and validity of statistical techniques and sampling plans used to measure process capability and acceptability of product characteristics. Evaluate the rationale for statistical techniques used in quality systems, including design verification and validation, acceptance sampling, etc. (Analyze)
|
E. Post-Market Surveillance |
- Determine the appropriateness of the procedures, processes, and records established for the control of post-market surveillance activities. Define and describe vigilance, medical device reporting (MDR) and adverse event reporting (AER) requirements. Review the adequacy of requirements and processes for product recall, corrections, removals, and tracking. (Analyze) |
IV. Technical Medical Device Knowledge (42 Questions)
|
A. Risk Management |
1. ISO 14971
- Describe the principles of risk management, including risk analysis, evaluation, control, benefit-risk analysis, and the incorporation of production and post-production information. (Evaluate)
2. IEC 62366
- Determine whether the processes used for identification of known or foreseeable hazards are suitable in both normal and fault conditions, including hazards arising from device use. Verify that risk control measures have been implemented in design and production. (Evaluate)
3. ISO 13485
- Describe and assess the risk-based controls for appropriate processes needed for the quality management system. (Evaluate)
|
B. Design Control |
1. Human factors and usability engineering
- Evaluate human factors and usability studies performed during design and development. (Evaluate)
2. Biological evaluation
- Describe material characterization and the principles of biocompatibility test selection rationale as described in ISO 10993-1 and FDA-related guidance. Understand the differences between cytotoxicity, sensitization, and irritation. (Understand)
3. Packaging
- Interpret the appropriate standards for sterile and non-sterile product packaging per ISO 11607, and referenced standards including, ASTM D4169 (Distribution) and ASTM F1980 (Aging). (Understand)
4. Device shelf life
- Explain how a device’s useful life/shelf life is determined and discuss the various parameters that determine the length of time a device will remain within acceptable specifications (e.g. sterility or package integrity). (Understand)
5. General safety and performance requirements
- Identify the elements of General Safety and Performance Requirements, per EU MDR 2017/745. (Remember)
|
C. Software Development and Maintenance for Products |
- Identify principles of product software lifecycle in accordance with FDA General Principles of Software Validation Guidance and IEC 62304. Describe the software development lifecycle model, including V&V, cybersecurity considerations, change control methods, and the risk management process. (Understand) |
D. Labeling |
- Identify labeling requirements for devices, instructions for use (IFU), and promotional/marketing material (per 21 CFR 801). Understand the use of symbols (per ISO 15223) and UDI/GTIN/UPC (per 21 CFR 830). (Understand) |
E. Controlled Environments and Utility Systems |
1. Controlled environments
- Identify and interpret controlled environment specifications (per ISO 14644), qualifications, validations, and monitoring (bioburden and endotoxins). Review housekeeping, disinfection, and sanitization processes in terms of controlled environment specifications and classifications. Verify that appropriate training and personnel practices are used in controlled environments. (Analyze)
2. Utility systems
- Describe utility setups in medical device manufacturing facilities for water, compressed gas, heating, ventilation, and air conditioning (HVAC) systems, including whether they require qualification, validation, or maintenance. (Understand)
|
F. Sterile Medical Devices |
1. Definitions
- Describe and distinguish between aseptically processed products and terminally sterilized products. (Understand)
2. Methods
- Identify basic elements of sterilization for dry heat, steam, electron beam, ethylene oxide (EtO), and radiation. (Remember)
3. Process controls and validation for ethylene oxide (EtO) and radiation
- Determine appropriate validation, process controls and monitoring (e.g. dose audits, parametric release, process challenge device (PCD), residuals, etc.) are properly implemented to ensure Sterility Assurance Level (SAL). Ensure the process is documented in accordance with industry standards: ISO 11135, ISO 11137. (Apply)
|
G. Laboratory Testing and Failure Analysis |
- Assess procedures and records used for laboratory test methods and determine whether they are appropriate. (Evaluate) |
H. Validation |
- Define and evaluate elements of different types of validations such as process (IQ/OQ/PQ per GHTF/SG3/N99-10), cleanliness, test method, and rework. (Evaluate) |
I. Reprocessing/Reuse and Cleaning of Medical Devices |
- Identify elements of reprocessing and cleaning validations in accordance with the FDA Guidance on Reprocessing of Reusable Devices. (Understand) |
J. Common Medical Device Directives and Standards |
- Define and describe elements of various standards and directives as they relate to medical devices. (Understand)
-
IEC 60601-1
-
Restriction of Hazardous Substances (RoHS) directive
-
Registration, Evaluation, Authorization, and Restriction of Chemicals (REACH)
|
K. Sources for New and Evolving Standards |
- Describe the sources for standards and guidance documents that form the basis for industry norms and standards, such as the FDA Recognized Consensus Standards Database, the Harmonised Standards Listing, Medical Device Guidances (MEDDEV), Notified Body Operating Group (NBOG), and Europa. (Remember) |
V. Quality Tools and Techniques (15 Questions)
|
A. Quality Control and Problem-Solving Tools |
- Identify, interpret, analyze, and draw conclusions based upon: 1) Pareto charts, 2) cause and effect diagrams, 3) flowcharts, 4) statistical process control (SPC) charts, 5) check sheets, 6) scatter diagrams, 7) histograms, 8) root cause analysis, 9) plan-do-check-act (PDCA), 10) Setting Alert and Action Levels, 11) 5 Whys, 12) Is/Is Not (Kepner-Tregoe). (Analyze) |
B. Process Improvement Techniques |
1. Process capability
- Identify and interpret various process capability indices, such as Cp, Cpk, Pp, and Ppk. Recognize how these metrics are used in relation to established requirements and the effect on PPM. (Understand)
2. Six Sigma
- Identify and define the six sigma DMAIC phases: define, measure, analyze, improve, and control. (Understand)
3. Lean tools
- Identify and define various lean tools: 5S, standard operations, kanban (pull), error-proofing, value-stream mapping, etc. (Understand)
4. Measurement system analysis (MSA)
- Identify and define various MSA terms (bias, linearity, stability, accuracy, precision, repeatability, reproducibility, etc.) and describe how these elements affect measurement systems. (Understand)
5. Cost of quality (COQ)
- Define and describe the four basic COQ categories: prevention, appraisal, internal failure, and external failure. (Understand)
|
C. Data Types and Sampling |
1. Qualitative and quantitative analysis
- Describe qualitative data in terms of the nature, type, or other characteristics of an observation or condition. Describe how quantitative data is used to detect patterns or trends. Identify how such analyses can indicate whether a problem is systemic or isolated. (Analyze)
2. Attributes and variables data
- Determine whether to use an attributes sampling plan or variables sampling plan in various situations such as process monitoring and control, receiving inspection, auditing, etc. (Analyze)
3. Sampling
- Identify and interpret sampling plans. Determine if sampling plans are based on risk and statistically valid rationale. (Evaluate)
|