Hello- I am performing an internal audit for a client in preparation for their 13485 surveillance audit. The product listed on their ISO cert is registered with FDA as a Class 1 device, BUT the regulation involved is one of the 8 that were modified by the Software Provisions for the 21st Century Cures Act and subsequent Software Functions/MDDS guidance. This product is very clearly no longer considered a device, and meets the definition of Non-Device MDDS. I also reviewed the 13485 device definitions, and this software does not meet those either. I'm not sure how to proceed with this audit. With no DEVICE, it seems that 13485 is not applicable to any process, and would be overkill to maintain. Should I stop the audit and bring this to their attention? Should I recommend that they contact the Registrar/Notified Body about a change to 9001? If they elect to continue with 13485 because of their customer base, how to determine exemptions, or is that even a possibility with no device activities? Their 13485 audit is 2 weeks out and they do have gaps for both 13485 and 14971. Any advice as to the best approach here would be greatly appreciated.