Training Outcomes Within Your Budget!
We ensure quality, budget-alignment, and timely delivery by our expert instructors.
Table of Content
- ISO 13485 Audit Questions Sample List & Preparation Guide
- What Is an ISO 13485 Audit?
- Understanding ISO 13485 Audit Requirements
- Documents Auditors Commonly Request
- ISO 13485 Sample Audit Questions by Audit Type
- How to Answer ISO 13485 Audit Questions Confidently
- Common ISO 13485 Audit Findings and Nonconformity Examples
- Preparing for an ISO 13485 Audit
- Common Mistakes During ISO 13485 Audits
- Conclusion
Recent Blogs
ISO 9001 Documentation Requirements
July 10th, 2026
Key Elements of Organisational Behaviour
July 10th, 2026
Cybersecurity Webinars That Help Build Career Clarity
July 10th, 2026
CISM Certification Cost and Roadmap for Career Success
July 9th, 2026
What Is CompTIA Security+ Certification Beginner Guide
July 9th, 2026
Start Strong with This AWS Solution Architect Exam Guide
July 9th, 2026
What to Know Before the Lean Six Sigma Green Belt Exam
July 9th, 2026
What is PMP Certification Complete Beginner Guide
July 9th, 2026
What Is Network Infrastructure? Explained for Beginners
July 9th, 2026
What is Effective Communication?
July 9th, 2026
Smart Path to CompTIA Security+ Certification Mastery
July 9th, 2026
What is CompTIA Network+ Certification Complete Guide
July 9th, 2026
What is CompTIA A+ Certification Complete Beginner Guide
July 9th, 2026
What Every Project Coordinator Should Know About Their Role
July 9th, 2026
What Does an IT Project Manager Do? Skills & Career Guide
July 9th, 2026
It's a formal review of your Quality Management System(QMS) to determine whether it meets the requirements of ISO 13485. An auditor, internal or external, reviews your documented procedures and compares them with what actually happens on the floor and in your records.
ISO 13485 Audit Questions Sample List & Preparation Guide
Introduction
Getting ready for a quality audit can feel stressful, especially if it's your first time in medical device manufacturing. One way to make it less worrying is to know what the auditor will ask. Learning common ISO 13485 audit questions helps you see what auditors look for, which records they want to check, and how to back up your answers with proof. Along with Understanding ISO Auditor Roles, this makes it easier to get ready. In this guide, you'll find common audit questions, simple tips, and real examples to help you go into your next audit ready instead of worried.
What Is an ISO 13485 Audit?
It's a formal review of your Quality Management System(QMS) to determine whether it meets the requirements of ISO 13485. An auditor, internal or external, reviews your documented procedures and compares them with what actually happens on the floor and in your records. This comparison between what's written and what's practiced is really the heart of the entire audit process.
A simple way: if your SOP says every finished device must be inspected under magnification before it is packaged, the auditor will want to see that this is really happening. They may observe the inspection, check the work area, and review the device history record for proof that the inspection was completed. If the records and the actual process don't match, the auditor will note it as a finding.
There are a few types of audits you'll come across:
|
Audit Type |
Conducted By |
Main Purpose |
|---|---|---|
|
Internal Audit |
Trained employees within the organization |
Identify gaps and improve processes before external audits |
|
Supplier Audit |
Purchasing or quality team |
Evaluate whether suppliers meet quality requirements |
|
Certification Audit |
Accredited certification body |
Determine whether the organization qualifies for ISO 13485 certification |
|
Surveillance Audit |
Certification body |
Verify continued compliance after certification |
|
Recertification Audit |
Certification body |
Renew ISO 13485 certification after the certification cycle |
Why Audits Matter
Audits are not just about checking paperwork. They help make sure an organization's processes are followed the right way and meet the required standards. Audits also show what the organization is doing well, point out areas that need improvement, and help fix small problems before they become bigger ones.
Example: A company that makes infusion pumps may have a clear process for approving design changes. But during an internal audit, the team finds that some change requests are skipping the usual approval steps. Finding this problem early gives the company time to fix it before an external audit and helps make sure the devices remain safe to use.
Understanding ISO 13485 Audit Requirements
Knowing the ISO 13485 requirements makes audit questions easier to answer. The auditor wants to see that your team follows the documented process and that records are available to prove it.
Here's the concept in plain language: each requirement in the standard exists to close a specific risk. Document control exists so nobody accidentally works from an outdated instruction. Training records exist so you can prove a person was qualified to do a task before they did it, not after something went wrong. Once you see the requirement as "what risk is this closing," the audit questions built around it start to make a lot more sense.
Generally, these requirements cover areas like:
- Document and record control
- Management responsibility and review
- Resource management, including training and competence
- Product realization design, purchasing, and production controls
- Measurement, analysis, and improvement, including CAPA and internal audits
What Auditors Look For
Auditors look for evidence to support what people say. If a process is being followed, there should be records that show it. Good audit preparation means doing your work as described in your procedures, not trying to memorize answers for the audit.
Documents Auditors Commonly Request
Auditors often ask for records that show how work is carried out under your quality management system. When these documents are complete and easy to locate, the audit is usually quicker and easier.
|
Document |
Why Auditors Request It |
|---|---|
|
Standard Operating Procedures (SOPs) |
Verify that documented processes are current and controlled |
|
Training Records |
Confirm employees are qualified for their assigned tasks |
|
CAPA Records |
Check how problems are investigated and corrected |
|
Calibration Certificates |
Ensure measuring equipment remains accurate |
|
Risk Management Files |
Verify that risks have been identified and controlled |
|
Supplier Evaluation Records |
Confirm suppliers are selected and monitored appropriately |
|
Internal Audit Reports |
Review previous audit findings and corrective actions |
|
Device History Records (DHR) |
Demonstrate traceability and production records |
Example: If your procedure says that new materials must be kept in a separate area until they are inspected, the auditor may ask to see that area. They might also check the records for a specific batch to make sure the dates match. If the records show a one-day delay between receiving and inspecting the materials with no explanation, the auditor may record it as an issue.
Typical ISO 13485 Audit Process
Although every organization is different, most ISO 13485 audits follow a similar sequence.
- Audit planning: The audit scope, schedule, and objectives are agreed upon.
- Opening meeting: Auditors explain the audit process and expectations.
- Document review: Procedures, records, and quality documents are examined.
- Process observation: Auditors observe how activities are carried out in practice.
- Employee interviews: Team members are asked questions related to their responsibilities.
- Review of findings: Any observations or nonconformities are discussed.
- Closing meeting: The audit concludes with a summary of findings and next steps.
ISO 13485 Sample Audit Questions by Audit Type
Different audits focus on different angles, so let's look at some ISO 13485 sample audit questions you might encounter depending on the audit type.
Internal Audit Questions
Here are a few typical ISO 13485 internal audit questions:
- How do you know this procedure is the current approved version?
- Can you show me your training record for this task?
- What happens if you find a defective product during production?
- How is customer feedback captured and reviewed?
These ISO 13485 internal audit questions are usually more exploratory, since internal auditors are trying to find weaknesses before an external body does.
Example of a strong answer: If an auditor asks, "How do you know this is the latest approved procedure?" a good answer could be, "Before I start my work, I check the document control system. It shows the latest version and the approval date, and I make sure it matches the copy at my workstation." This is a strong answer because it explains exactly what the employee checks instead of simply saying, "I know it's the latest version."
Supplier Audit Questions
When it comes to vendors, auditors ask ISO 13485 supplier audit questions such as:
- How was this supplier selected and approved?
- What criteria do you use to periodically re-evaluate suppliers?
- How do you handle a nonconforming component from a supplier?
Strong answers to ISO 13485 supplier audit questions always point to a documented approved supplier list and evaluation records.
Example: when asked how a supplier was approved, a good answer sounds like, "We reviewed their quality certifications, ran a sample evaluation on the first three lots, and added them to our approved supplier list only after all three passed incoming inspection." This shows a defined process rather than a one-off decision made informally.
External and Lead Auditor Questions
During a certification audit, the questions are usually more detailed. The auditor may start with a broad question like, "Can you explain your quality management system?" Then they'll ask more specific ISO 13485 audit checklist questions about records, employee training, and how products can be traced through the process.
Professionals who want to conduct certification or supplier audits themselves can deepen their auditing knowledge through ISO 13485 Lead Auditor Training, which covers audit planning, evidence gathering, reporting, and audit management.
How to Answer ISO 13485 Audit Questions Confidently
Knowing how to respond well during these conversations is really about staying calm, being honest, and pointing to evidence rather than guessing.
A few practical tips:
- Keep your answers clear and to the point.
- If you don't know the answer, be honest and say you'll find out.
- Have the right records ready to back up what you say.
ISO 13485 Audit Evidence Examples
Strong answers are backed by proof. Some helpful ISO 13485 audit evidence examples include:
- A signed training record matching the procedure in question
- A calibration certificate showing equipment is within tolerance
- A batch record showing traceability from raw material to finished device
This kind of proof shows auditors that your system isn't just written down on paper, it's actually working in practice, day after day.
A quick sample exchange to illustrate the concept:
Auditor: "How do you know this batch of surgical clamps meets the required standards?"
Employee: "I check the device history record for this batch, it shows the inspection checklist, the inspector's approval, and the measurement results. I compare the results with the required limits to confirm that the batch meets the standards."
Auditor: "What happens if one of the measurements is outside the allowed limit?"
Employee: "The batch is marked as nonconforming and cannot move to the next step. Our quality team reviews the issue and decides what action to take before the batch can continue."
Notice how each answer leads with a document or system, not just a verbal assurance that the pattern auditors are trained to listen for.
Common ISO 13485 Audit Findings and Nonconformity Examples
Even well-run organizations run into gaps. Looking back at how teams typically respond to ISO 13485 audit questions, here are some findings that show up again and again during real audits:
- Outdated procedures still in use on the shop floor
- Missing signatures or dates on training records
- Incomplete CAPA follow-up with no effectiveness check
Typical Nonconformity Examples
An auditor might find that a piece of equipment has an expired calibration, a supplier was approved without the required review, or a risk management file was not updated after a design change. These are usually simple oversights, checking records regularly helps catch them before the audit.
Understanding the concept: a nonconformity is simply a documented gap between what your procedure requires and what actually happened. Auditors typically classify these as either major, where a whole process is missing or broken, such as having no CAPA system at all, or minor, like a single missed signature on an otherwise complete record. Knowing this distinction helps you understand why two similar-looking issues can lead to very different timelines for corrective action.
Major vs Minor Nonconformities
Not every nonconformity has the same level of impact. Auditors generally classify findings based on how seriously they affect the quality management system.
Major nonconformities usually indicate a significant breakdown in the quality management system, while minor nonconformities are isolated issues that still require corrective action.
Preparing for an ISO 13485 Audit
Knowing what steps to take ahead of time takes away most of the stress. Start early and work through your system methodically rather than scrambling the week before your visit. Building a solid understanding of ISO requirements before an audit can also make preparation easier, which is why many professionals choose SterlingNext ISO Training Courses as part of their learning journey.
Example: A small medical device company getting ready for a certification audit might use the first week to check that its SOPs match the way work is actually done. In the second week, the team could run a practice audit on important processes, such as sterilization or design changes. In the final week, they would finish any open corrective actions and organize their records. Breaking the work into steps makes the audit much easier to manage.
ISO 13485 Audit Preparation Checklist
A simple preparation checklist should include:
- Check that daily work matches your written procedures.
- Verify that all training records are filled out and signed.
- Make sure calibration and maintenance records have been updated.
- Verify CAPA actions are closed with effectiveness checks
- Confirm supplier evaluations are up to date
Practical ISO 13485 Audit Tips
A few more useful iso 13485 audit tips, alongside general ISO 13485 audit preparation tips, worth remembering:
- Do a mock interview with staff before the real thing
- Keep an ISO 13485 audit checklist PDF / downloadable copy on hand for quick reference during self-checks
- Review previous audit findings so old issues don't resurface
- Organize your ISO 13485 audit checklist PDF / downloadable file by process area so records are easy to retrieve quickly
On Audit Day Remember
To help the audit run smoothly, keep these practical reminders in mind:
- Answer only the question that was asked.
- Be honest if you don't know the answer, and offer to find the correct information.
- Refer to documented procedures or records whenever possible.
- Avoid guessing or making assumptions.
- Stay calm and communicate clearly.
- Keep requested documents organized and easy to retrieve.
Common Mistakes During ISO 13485 Audits
Even experienced organizations can make avoidable mistakes during an audit. Being aware of these common issues can help your team prepare more effectively.
- Answering questions outside your area of responsibility.
- Referring to outdated procedures or forms.
- Guessing instead of checking documented records.
- Providing incomplete or inconsistent information.
- Struggling to locate requested documents quickly.
- Failing to close previous corrective actions before the audit.
Avoiding these mistakes helps create a smoother audit experience and demonstrates that your quality management system is well controlled.
Conclusion
You do not need to treat an ISO 13485 audit as a special event if your quality system is already part of the way your team works. Update records as work is completed, keep procedures in line with what employees actually do, and provide training whenever changes are made. That way, when an auditor asks ISO 13485 audit questions, you can point to real records instead of trying to remember prepared answers. The sample questions, checklists, and guidance in this guide can help you find missing information before the audit and give your team time to fix it. Good records and consistent work habits make the audit process much smoother than last-minute preparation.
Get Certified With Industry Level Projects & Fast Track Your Career
Checkout Top 10 Highest Paying Jobs
Frequently Asked Questions
During an audit, you can expect questions about document control, employee training, risk management, CAPA, equipment calibration, supplier management, and product traceability. Auditors also look through records to check that day-to-day activities match your written procedures and quality system requirements.
Employees should answer clearly and honestly, based on their actual responsibilities. They should explain what they do, refer to the relevant procedure or record when needed, and avoid making assumptions or giving information they are unsure about.
When a nonconformity is identified, the organization is expected to investigate its cause, take corrective action, and submit a plan within the required timeframe. Auditors may later verify that the issue has been resolved and preventive measures are effective.
The length of an ISO 13485 audit depends on factors such as company size, number of employees, business complexity, and the number of locations being audited. Most certification or surveillance audits are completed within one to three days.
After certification, surveillance audits are usually carried out once a year. These audits check that the organization is still following ISO 13485 requirements and continues to use its quality management system correctly between certification renewal audits.
No. Internal audits help organizations monitor their quality management system and identify areas for improvement. However, certification and surveillance audits must be completed to maintain ISO 13485 certification, certification and surveillance audits must be carried out by an independent accredited certification body.
Auditors may ask to examine SOPs, training records, calibration certificates, CAPA records, risk management files, supplier records, and document control logs. These documents show whether daily work is being carried out according to the company's procedures and quality requirements.
Yes, minor nonconformities are a normal part of many audits. They usually point to small gaps that do not have a major impact on the quality system. The company should fix the issue, keep a record of the correction, and take steps to stop it from happening again.
New employees should know what their job involves, understand the procedures they use, and be familiar with the records related to their work. During the interview, they should answer honestly and explain what they do in their own words instead of trying to memorize responses.
Maintain a record of previous ISO 13485 Audit Questions, audit findings, and corrective actions. Reviewing this information before future audits helps identify recurring issues, improve preparation, and strengthen the effectiveness of your quality management system.
Sachin Kumar