Certification
Menu

We offer the following certifications / View All

 

Getting Certified

Resources

Body of Knowledge 2012 - Biomedical Auditor Certification - CBA

CERTIFIED BIOMEDICAL AUDITOR (CBA) BODY OF KNOWLEDGE - 2013

The topics in this body of knowledge (BOK) include additional detail in the form of subtext explanations and cognitive level. These details will be used by the Exam Development Committee as guidelines for writing test questions, and are designed to help candidates prepare for the exam by identifying specific content within each topic that may be tested. The subtext is not intended to limit the subject-matter or be all-inclusive of what might be covered in an exam, but is intended to clarify how the topics relate to a Biomedical Auditor's role. The descriptor in parentheses at the end of each entry refers to the maximum cognitive level at which the topic will be tested. A more comprehensive description of cognitive levels is provided at the end of this document.

  1. Auditing Fundamentals (10 Questions)
    1. Types of audits
      1. Audits by method
        Identify and distinguish between audits by method: product, process, system, compliance, first-party, second-party, third-party, internal, external, desk, management, department, function. (Analyze)
      2. Audits by purpose
        Identify and distinguish between audits by purpose: organizational effectiveness, system efficiency, process effectiveness, risk management, conformance to requirements, business performance. (Analyze)
    2. Audit roles and responsibilities
      Explain key functions and responsibilities of various audit participants including audit team members, lead auditor, client, auditee, etc. (Understand)
    3. Ethical, legal, and professional issues
      1. Professional conduct and responsibilities
        Define and apply the ASQ Code of Conduct, concepts of due diligence and due care with respect to confidentiality and conflict of interest, and various factors that influence audit credibility, including auditor independence, objectivity, and qualifications.(Apply)
      2. Legal consequences and liability
        Identify potential legal and financial ramifications of improper auditor actions (carelessness, negligence, etc.) in various situations, and anticipate the effect that certain audit results can have on an auditee's liability. (Apply)
  2. Auditing and Inspection Processes (24 Questions)
    1. Audit preparation and planning
      1. Elements of the audit planning process
        Determine and implement steps in audit preparation and planning, such as verifying audit authority, establishing the purpose, scope, and type of audit, the requirements to audit against, and the resources necessary, including the size and number of audit teams. (Evaluate)
      2. Auditor selection
        Identify and examine various auditor selection criteria, such as education, experience, industry background, and subject-matter expertise, and the characteristics that make auditors effective, such as interpersonal skills, problem-solving skills, attention to detail, cultural sensitivity, ability to work independently as well as in a group or on a team. (Analyze)
      3. Audit-related documentation
        Identify sources of pre-audit information and examine audit-related documentation, such as reference materials and prior audits. (Analyze)Auditing tools
        Identify the sampling plan or method and procedural guidelines to be used for the specific audit. Select and prepare working papers (checklists, log sheets, etc.) to document the audit.(Create)
      4. Auditing strategies
        Identify and use various tactical methods for conducting an audit, such as forward and backward tracing, discovery, etc. (Apply)
      5. Logistics
        Identify and organize various audit-related logistics, such as travel, safety and security considerations, the need for escorts, translators, confidentiality agreements, clear right of access, etc. (Apply)
    2. Audit performance
      1. Opening meeting
        Manage the opening meeting of an audit, including identifying the audit's purpose and scope, describing any scoring or rating criteria that will be used during the audit, creating a record of the attendees, reviewing the audit schedule, and answering questions as needed. (Apply)
      2. Data collection and analysis
        Select and apply various data collection methods, such as observing work activities, taking physical measurements, examining paper and electronic documents, etc. Evaluate the results to determine their importance for providing audit evidence (Evaluate)
      3. Communication techniques
        Define and apply appropriate interviewing techniques (e.g., when to use various question types, the significance of pauses and their length, when and how to prompt a response), in various situations, including when supervisors are present, when conducting multiple interviews, when using a translator, etc. Identify typical conflict situations and use appropriate techniques to resolve them. (Apply)
      4. Organization and analysis of objective evidence
        Identify and differentiate characteristics of objective evidence, such as observed, measured, confirmed or corroborated, and documented. Classify evidence in terms of significance, severity, frequency, and level of risk. Evaluate the evidence for its potential impact on product, process, system, cost of quality, etc., and determine whether additional investigation is required to meet the scope of the audit. (Evaluate)
      5. On-site audit management
        Interpret situations throughout the performance of the audit to determine whether time is being managed well and when changes need to be made, such as revising planned audit team activities, reallocating resources, adjusting the audit plan, etc., and communicate with the auditee about any changes or other events related to the audit. (Analyze)
      6. Exit meeting
        Formally manage these meetings: reiterate the audit's purpose, scope, and scoring or rating criteria, and create a record of the attendees. Present the audit results and obtain concurrence on evidence that could lead to an adverse conclusion. Discuss the next steps in the process (follow-up audit, additional evidence-gathering, etc.), and clarify who is responsible for performing those steps. (Apply)
    3. Audit reporting
      1. Basic elements
        Define, plan, and apply the steps in generating an audit report, including reviewing and finalizing results, organizing details, obtaining necessary approvals, and distributing the report. (Create)
      2. Effective audit reports
        Report observations and nonconformances accurately, cite objective evidence, procedures, and requirements, and develop and evaluate various components, such as executive summaries, prioritized data, graphic presentation, and the impact of conclusions. (Create)
      3. Record retention
        Identify and apply record retention requirements, including the type of documents and storage considerations, for various audits. (Apply)
    4. Audit follow-up and closure
      1. Elements of corrective and preventive action
        Identify and apply the elements of these processes, including problem identification, assignment of responsibility, verifying the performance of root cause analysis and recurrence prevention. (Analyze)
      2. Review of corrective action plan
        Use various criteria to evaluate the acceptability of corrective action plans, and identify and apply strategies for negotiating changes to unacceptable plans. (Evaluate)
      3. Conducting audit follow-up
        Use various methods to verify and evaluate the adequacy of corrective actions taken, such as re-examining procedures, observing revised processes, and conducting follow-up audits or re-audits. Develop strategies when corrective actions are not implemented or are not effective, such as communicating to the next level of management, re-issuing the corrective action request, etc. (Evaluate)
      4. Audit closure
        Identify and apply various elements of, and criteria for, audit closure. (Evaluate)
    5. Audit procedural references
      1. International guidelines for auditing quality systems
        Describe general auditing principles and approaches as described in ISO 19011 and GHTF SG4 guidance documents. (Analyze)
      2. Quality System Inspection Technique (QSIT) and FDA CPG 7382.845
        Describe QSIT auditing requirements and its various subsystems. Explain the purpose and scope of FDA criteria for taking action on the basis of quality system audit results. (Analyze)
  3. Biomedical Quality Management System Requirements (47 Questions)
    1. Regulatory laws and requirements
      1. FDA - Code of Federal Regulations (CFR) Title 21
        Identify, define, and apply the following FDA requirement parts: 11-Electronic records and signatures, 801-Labeling, 803-Medical device reporting, 806-Corrections and removals, 807-Establishment registration and device listing, 820-Quality system regulation (includes preamble-FR October 7, 1996) and 821-Medical device tracking. (Apply)
      2. U.S. requirements (FD&C Act, 201, 301-304, 501-502, 510, 513, 518, 704)
        Identify how the FD&C Act defines and differentiates between device classifications and pre-market requirements. Recognize the implications of misbranding and adulteration. (Apply)
      3. European directive: Medical Device Directive 93/42/EEC (MDD) 14 June 1993 (Article 1) as amended by Directive 2007/47/EC.
        Recognize requirements of the directive and the key differences between this and US regulations. (Understand)
      4. Health Canada
        Recognize requirements of the Canadian Medical Devices Conformity Assessment System ( CMDCAS) and (SOR/98-282) and the key differences between them and US regulations. (Understand)
      5. Japan
        Recognize the requirements of the Japanese Pharmaceutical Affairs Law (JPAL) for medical devices. (Understand)
      6. Other international agencies
        Recognize other international agencies such as Therapeutic Goods Administration (TGA), State Food and Drug Administration (SFDA) National Health Surveillance Agency Brazil (ANVISA), etc. (Understand)
    2. FDA guidance for the manufacture of (IVD) products
      Explain how FDA guidelines for in vitro diagnostic (IVD) devices are applied to the current good manufacturing practices (cGMPs). (Understand)
    3. International standards for quality systems
      1. ISO 9001, ISO 13485, ISO 17025
        Evaluate the selection and use of these various quality system standards. (Evaluate)
      2. GHTF.SG3.N99-10
        Explain the selection and use of this guidance for an auditee's quality system. (Understand)
    4. Quality system regulation (QSR) requirements (21 CFR 820 ? parts as shown)
      1. Management responsibility (Parts 20, 22, 25)
        Assess management's responsibility in establishing and maintaining the quality system: organizational structure, resources, management reviews, quality audits, personnel training and education, control of customer property, etc. (Evaluate)
      2. Design control system (Part 30)
        Evaluate the scope, purpose and implementation of these systems and their elements, including system requirements, design input, output, reviews, and validation. (Evaluate)
      3. Document (Part 40) and record control (Parts 180-186)
        Describe and review elements of a document and change control system, including approval processes, retention policies, communication procedures. and maintenance of device master records (DMRs), design history files (DHFs), device history records (DHRs), and quality system records. (Analyze)
      4. Purchasing controls and acceptance activities (Parts 50, 80, 86)
        Describe supplier qualification and purchasing control requirements for products, components, and services. Describe appropriate identification and acceptance activities, including inspection, test, and verification processes used for incoming products.(Apply)
      5. Identification and traceability (Parts 60, 65)
        Use appropriate methods for identifying and tracing products during all stages of receipt, production, distribution, and installation. (Apply)
      6. Production and process controls (Parts 70, 72, 75)
        Assess production and process controls using monitoring and validation procedures, control of materials, equipment, environment, and contamination, software validation for automated processes, etc. (Evaluate)
      7. Nonconforming product (Part 90)
        Determine the adequacy of procedures, processes, and records established for the control and disposition of nonconforming product. (Analyze)
      8. Corrective and preventive action (CAPA) system (Part 100)
        Define and distinguish between corrective action and preventive action. Review CAPA procedures, processes, and records to evaluate the effectiveness of the system. (Evaluate)
      9. Product handling, storage, distribution and installation (Parts 140-170)
        Determine the adequacy of procedures, processes, and records established for these aspects of product control to ensure product integrity, etc. (Analyze)
      10. Servicing (Part 200)
        Determine the adequacy of procedures, processes, and records established for products that require servicing activities such as troubleshooting and repair. Evaluate service reports for events that must be reported to the FDA to ensure that they are included in the complaint handling process. (Analyze)
      11. Statistical techniques (Part 250)
        Interpret commonly used statistical tools and methods (control charts, hypothesis tests, etc.) and evaluate the appropriateness of conclusions drawn. Determine the adequacy and validity of statistical techniques and sampling plans used to measure process capability and acceptability of product characteristics. Evaluate the rationale for statistical techniques used in quality systems, including design verification and validation, acceptance sampling, etc. (Analyze)
    5. Post-market surveillance (Guidance under section 522 of FD&C Act)
      Determine the appropriateness of the procedures, processes, and records established for the control of post-market surveillance activities such as the review and analysis of complaint handling and servicing data and feedback into the risk management and design processes. Define and describe vigilance, medical device reporting (MDR) and adverse event reporting (AER) requirements. Review the adequacy of requirements and processes for product recall, corrections, removals, and tracking. (Analyze)
  4. Technical Biomedical Knowledge (40 Questions)
    1. Risk management
      1. ISO 14971
        Describe the principles of risk management as defined in this standard, including risk analysis, evaluation, and control; the incorporation of production and post-production information, etc.). (Evaluate)
      2. IEC 62366
        In accordance with this standard, determine whether the processes used for identification of known or foreseeable hazards are suitable in both normal and fault conditions, including hazards arising from device use. Verify that risk control measures have been implemented in design and production. (Evaluate)
    2. Sterilization
      1. Definitions
        Describe and distinguish between aseptically processed products and terminally sterilized products. (Understand)
      2. Methods and process controls
        Identify elements of sterilization validations for dry heat, steam, ethyl oxide (EtO) and radiation. Determine whether appropriate process controls and monitors (dose audits, parametric release, process challenge device (PCD), residuals and limulus amebocyte lysate (LAL) testing, etc.) are properly implemented and documented in accordance with industry standards: ISO 17665-1, ISO 11135-1, ISO 11137-1, ISO 11138-1,
        ISO 11737-1. (Apply)
    3. Biocompatibility
      Describe the principles of biocompatibility test selection rationale as described in ISO 10993-1 and FDA Blue Book #G95-1. (Understand)
    4. Controlled environments and utility systems
      1. Controlled environments
        Identify and interpret controlled environment specifications, qualifications, validations, and monitoring as described in ISO 14644. Review cleaning, disinfection, and sanitization processes in terms of controlled environment specifications, classifications, and standards. Verify that appropriate training and personnel practices are used in controlled environments. (Analyze)
      2. Utility systems
        Describe utility setups in medical device manufacturing facilities for water, compressed gas, heating, ventilation, and air conditioning (HVAC) systems, including whether they require qualification, validation, or maintenance. (Understand)
    5. Software development and maintenance for products,
      Identify principles of product software lifecycle in accordance with FDA Pre-Market Submissions Software Guidance, ISO 80002, and IEC 62304. Describe the software development lifecycle model, including V&V, change control methods and the risk management process. (Understand)
    6. Laboratory testing and failure analysis
      Assess procedures and records used for laboratory test methods and determine whether they are appropriate. (Evaluate)
    7. Sources for new and evolving standards
      Describe the sources for standards and guidance documents that form the basis for industry norms and standards such as the FDA Recognized Consensus Standards Database, the Harmonised Standards Listing, such as Medical Devices Guidances (MEDDEV), Notified Body Operating Group ( NBOG), Europa, etc. (Remember)
    8. Common medical device directives and standards
      Define and describe elements of various standards and directives as they relate to medical devices. (Understand)
      1. IEC 60601-1 and IEC 80001
      2. Restriction of Hazardous Substances (RoHs) directive
      3. Registration, Evaluation, Authorization and Restriction of Chemicals (REACH)
      4. Waste Electrical and Electronic Equipment (WEEE)
    9. Packaging
      Interpret the appropriate standards for sterile and non-sterile product packaging per ISO 11607, and referenced standards including, ASTM D4169 (Distribution) and ASTM F1980 (Aging). (Understand)
    10. Reprocessing/reuse and cleaning of medical devices
      Identify elements of reprocessing and cleaning validations in accordance with the FDA Guidance on Reprocessing of Reusable Devices. (Understand)
  5. Quality Tools and Techniques (14 Questions)
    1. Quality control and problem-solving tools
      Identify, interpret, analyze, and draw conclusions based upon: 1) Pareto charts, 2) cause and effect diagrams, 3) flowcharts, 4) statistical process control (SPC) charts, 5) check sheets, 6) scatter diagrams, 7) histograms, 8) root cause analysis, 9) plan-do-check-act (PDCA). (Analyze)
    2. Process improvement techniques
      1. Process capability
        Identify and interpret various process capability indices, such as Cp, Cpk, Pp, and Ppk. Recognize how these metrics are used in relation to established requirements. (Understand)
      2. Six sigma
        Identify and define the six sigma DMAIC phases: define, measure, analyze, improve, and sustaining control. (Understand)
      3. Lean tools
        Identify and define various lean tools: 5S, standard operations, kanban (pull), error-proofing, value-stream mapping, etc. (Understand)
      4. Measurement system analysis (MSA)
        Identify and define various MSA terms (bias, linearity, stability, accuracy, precision, repeatability, reproducibility, etc.) and describe how these elements affect measurement systems. (Understand)
      5. Cost of quality (COQ)
        Define and describe the four basic cost of quality (COQ) categories: prevention, appraisal, internal failure, external failure. (Understand)
    3. Data types and sampling
      1. Qualitative and quantitative analysis
        Describe qualitative data in terms of the nature, type, or other characteristics of an observation or condition. Describe how quantitative data is used to detect patterns or trends. Identify how such analyses can indicate whether a problem is systemic or isolated. (Analyze)
      2. Attributes and variables data
        Determine whether to use an attributes sampling plan or variables sampling plan in various situations such as process monitoring and control, receiving inspection, auditing, etc. (Analyze)

Six Levels of Cognition
based on Bloom's Taxonomy (Revised)

In addition to content specifics, the subtext detail also indicates the intended complexity level of the test questions for that topic. These levels are based on the Revised "Levels of Cognition" (from Bloom's Taxonomy, 2001) and are presented below in rank order, from least complex to most complex.

Remember
(Also commonly referred to as recognition, recall, or rote knowledge.) Be able to remember or recognize terminology, definitions, facts, ideas, materials, patterns, sequences, methodologies, principles, etc.

Understand
Be able to read and understand descriptions, communications, reports, tables, diagrams, directions, regulations, etc.

Apply
Be able to apply ideas, procedures, methods, formulas, principles, theories, etc., in job-related situations.

Analyze
Be able to break down information into its constituent parts and recognize the parts' relationship to one another and how they are organized; identify sublevel factors or salient data from a complex scenario.

Evaluate
Be able to make judgments regarding the value of proposed ideas, solutions, methodologies, etc., by using appropriate criteria or standards to estimate accuracy, effectiveness, economic benefits, etc.

Create
Be able to put parts or elements together in such a way as to show a pattern or structure not clearly there before; be able to identify which data or information from a complex set is appropriate to examine further or from which supported conclusions can be drawn.

Biomedical Auditor