Quality system regulations: ISO 13485 and ISO 14971 (risk management) MCQs With Answer

Quality system regulations: ISO 13485 and ISO 14971 (risk management) MCQs With Answer

by

Introduction: This quiz collection focuses on Quality System Regulations centered on ISO 13485 and risk management under ISO 14971, tailored for M.Pharm students studying Regulatory Aspects of Medical Devices (MRA203T). It covers core concepts such as the structure and requirements of a medical device quality management system, documentation and control of processes, validation, CAPA, and supplier controls (ISO 13485). It also explores risk management lifecycle elements — risk analysis, evaluation, control, benefit-risk analysis, and the risk management file required by ISO 14971. These MCQs are designed to strengthen understanding of regulatory expectations, practical implementation and the interaction between QMS and device risk management in real-world regulatory submissions.

Q1. Which of the following best describes the primary objective of ISO 13485 for medical device manufacturers?

  • To regulate pharmaceutical manufacturing processes under Good Manufacturing Practice
  • To establish a quality management system specific to medical devices ensuring consistent design, development, production and distribution
  • To define clinical trial protocols for medical devices
  • To provide labeling standards only for in-vitro diagnostics

Correct Answer: To establish a quality management system specific to medical devices ensuring consistent design, development, production and distribution

Q2. Under ISO 13485, which document is essential to describe the organization’s intended approach for the risk control and post-market activities?

  • Quality Manual only
  • Risk Management Plan
  • Supplier Audit Checklist
  • Design History File

Correct Answer: Risk Management Plan

Q3. ISO 14971 defines risk as which combination?

  • Probability of harm only
  • Severity of benefit and probability of occurrence
  • Combination of the probability of occurrence of harm and the severity of that harm
  • The cost of mitigation and probability of detection

Correct Answer: Combination of the probability of occurrence of harm and the severity of that harm

Q4. Which element is NOT explicitly required in ISO 13485:2016?

  • Documented procedure for control of nonconforming product
  • Requirement for a single management representative title
  • Control of monitoring and measurement equipment
  • Validation of processes where the resulting output cannot be fully verified

Correct Answer: Requirement for a single management representative title

Q5. What is the primary purpose of a Risk Management File as per ISO 14971?

  • To store supplier certificates only
  • To document the risk management process, decisions and evidence throughout the product lifecycle
  • To list marketing strategies for the device
  • To record employee training schedules

Correct Answer: To document the risk management process, decisions and evidence throughout the product lifecycle

Q6. In ISO 14971, after implementing risk control measures, what must be evaluated next?

  • Whether the risk control measures are profitable
  • The residual risk and overall acceptability including benefit-risk analysis
  • Supplier capability to produce the control measures
  • Whether the device still meets GMP for pharmaceuticals

Correct Answer: The residual risk and overall acceptability including benefit-risk analysis

Q7. Which ISO 13485 requirement primarily ensures traceability of medical devices in the supply chain?

  • Control of documents
  • Identification and traceability
  • Internal audit program
  • Management review

Correct Answer: Identification and traceability

Q8. Under ISO 14971, what is the correct order of the main steps in risk management?

  • Risk evaluation → Risk analysis → Risk control
  • Risk analysis → Risk evaluation → Risk control → Evaluation of overall residual risk
  • Risk control → Risk analysis → Risk evaluation
  • Risk identification → Benefit quantification → Market launch

Correct Answer: Risk analysis → Risk evaluation → Risk control → Evaluation of overall residual risk

Q9. Which activity required by ISO 13485 ensures that processes which cannot be fully verified are capable of producing conforming product?

  • Internal auditing
  • Process validation
  • Supplier qualification
  • Document control

Correct Answer: Process validation

Q10. Under ISO 14971, what is meant by “ALARP” or similar risk acceptance concepts in regulatory practice?

  • Risks are to be accepted without evaluation
  • Risks should be reduced to a level that is as low as reasonably practicable, considering costs and benefits
  • Only cosmetic risks should be reduced
  • All risks must be eliminated regardless of feasibility

Correct Answer: Risks should be reduced to a level that is as low as reasonably practicable, considering costs and benefits

Q11. Which ISO 13485 clause most directly addresses corrective and preventive action (CAPA)?

  • Design and development
  • Purchasing controls
  • Improvement
  • Control of production

Correct Answer: Improvement

Q12. According to ISO 14971, risk controls should be applied in which preferred order?

  • Reduce probability of occurrence → Reduce detectability → Reduce severity
  • Inherent safety by design → Protective measures → Information for safety
  • Protective measures → Information for safety → Design changes
  • Information for safety → Protective measures → Inherent safety by design

Correct Answer: Inherent safety by design → Protective measures → Information for safety

Q13. Which document required by ISO 13485 helps demonstrate that design outputs meet design inputs and regulatory requirements?

  • Design and Development File (Design Dossier/History File)
  • Supplier master list
  • Employee handbook
  • Packaging artwork only

Correct Answer: Design and Development File (Design Dossier/History File)

Q14. Which of the following is an expected component of a risk analysis under ISO 14971?

  • Listing of hazards, foreseeable sequences of events and hazardous situations, and estimated risks
  • Only a profit-and-loss statement for the product
  • Marketing channel identification
  • Training calendar for clinical staff

Correct Answer: Listing of hazards, foreseeable sequences of events and hazardous situations, and estimated risks

Q15. How does ISO 13485 interact with national regulations for medical devices?

  • ISO 13485 replaces all national regulations
  • ISO 13485 provides a harmonized QMS framework that supports compliance with many regulatory requirements, but national law may add additional obligations
  • ISO 13485 is only relevant to pharmaceuticals, not devices
  • ISO 13485 mandates specific clinical trial protocols required by regulators

Correct Answer: ISO 13485 provides a harmonized QMS framework that supports compliance with many regulatory requirements, but national law may add additional obligations

Q16. What is the purpose of a benefit-risk analysis in ISO 14971?

  • To ignore risks if benefits are large
  • To justify marketing strategies
  • To compare the medical benefits of the device with the residual risks to determine acceptability
  • To calculate return on investment for new features

Correct Answer: To compare the medical benefits of the device with the residual risks to determine acceptability

Q17. Which record is specifically emphasized by ISO 13485 to demonstrate product release consistency?

  • Release authorization records and records of monitoring and measurement
  • Minutes of all management meetings
  • All vendor meeting notes
  • Marketing approval letters

Correct Answer: Release authorization records and records of monitoring and measurement

Q18. Under ISO 14971, who should be involved in the risk management process?

  • Only the CEO
  • Only external auditors
  • Personnel with the necessary competence from relevant disciplines, including clinical, engineering, manufacturing, and regulatory
  • Only the marketing department

Correct Answer: Personnel with the necessary competence from relevant disciplines, including clinical, engineering, manufacturing, and regulatory

Q19. Which control is a typical output of ISO 14971 when a specific hazard cannot be eliminated by design?

  • Apply protective measures such as guards or alarms, and provide information for safety (warnings/IFU)
  • Ignore the hazard if it affects a small population
  • Outsource the problem to suppliers without verification
  • Reduce product testing frequency to save cost

Correct Answer: Apply protective measures such as guards or alarms, and provide information for safety (warnings/IFU)

Q20. Which statement correctly describes the relationship between ISO 13485 documentation and the ISO 14971 risk management process?

  • ISO 13485 prohibits inclusion of risk information in quality records
  • Risk management outputs from ISO 14971 should be integrated into ISO 13485 QMS documentation, such as design records, CAPA, and post-market surveillance
  • ISO 14971 only applies after product launch and is unrelated to design documentation
  • ISO 13485 requires no records related to risk control measures

Correct Answer: Risk management outputs from ISO 14971 should be integrated into ISO 13485 QMS documentation, such as design records, CAPA, and post-market surveillance

Print Friendly, PDF & EmailDownload

Leave a Comment

PRO
Ad-Free Access
$3.99 / month
  • No Interruptions
  • Faster Page Loads
  • Support Content Creators
Subscribe Now