The release of the ISPE Baseline® Guide Volume 5 (Second Edition) QRM Addendum- C&Q Delivery Process and ASTM E2500-2025 marks a significant step forward for our industry, reinforcing a truly science- and risk-based approach to verifying pharmaceutical and biopharmaceutical manufacturing systems.
What ISPE Baseline® Guide Volume 5 (Second Edition) QRM Addendum- C&Q Delivery Process and ASTM E2500 (2025) Mean for the Industry?
These represent a meaningful step forward for how the pharmaceutical and biopharmaceutical industries approach Commissioning, Qualification and Verification (CQV)- advancing modern CQV to where it needs to be! These updates consolidate years of regulatory evolution, operational learning and industry experience into a more practical, science‑based and risk‑focused framework.
For organizations responsible for delivering compliant, reliable manufacturing systems, the message is clear: CQV is no longer a discrete or document‑driven activity. It is a lifecycle discipline that begins with product and process understanding, is embedded in system design and is executed proportionately to risk. The updated guidance reflects how leading organizations already operate and provides clarity where historically there has been confusion or inefficiency.
From Prescriptive Qualification to Lifecycle Verification
ASTM E2500 was originally issued in 2007 to provide an alternative to traditional, prescriptive qualification approaches by enabling verification of manufacturing systems as fit for intended use through Quality Risk Management. While minor updates were made in 2013 and 2020, the pace of regulatory change and industry maturity ultimately required a more substantive revision. The 2025 revision brings E2500 firmly into alignment with current regulatory expectations, including ICH Q9 (R1), ICH Q10, EU GMP Annex 1 and 15 and established best practices captured in ISPE Baseline® Guide Volume 5 (2nd Edition)-addendum. The result is a clearer, more actionable lifecycle model that integrates specification, design, commissioning, qualification and continued improvement rather than treating them as separate compliance steps. This alignment matters because regulators increasingly expect that manufacturing systems demonstrate control by design, supported by documented scientific rationale, risk-based decision making and proportionate verification, not by excessive testing or redundant documentation.
Scope: Broader Recognition, Clearer Boundaries
The revised Guide reaffirms its applicability to GMP manufacturing systems that may impact product quality, patient safety, or system availability. The explicit inclusion of availability is an important evolution, acknowledging that reliability, uptime and supply continuity are integral to protecting patients and meeting business obligations. At the same time, the Guide provides clearer boundaries, reducing ambiguity and overlap with other standards. Laboratory instrument qualification remains within the scope of USP <1058>, while computerized systems and software are governed by ISPE GAMP® guidance. Risk management for medical device manufacturing systems is referenced to ISO 14971. Facility‑wide quality risk assessments—such as contamination control strategies—are recognized as out of scope, though their outputs may inform system‑level risk assessments. These clarifications support better integration across quality systems while avoiding duplication of effort.
Stronger Design Control- Clarity Through Clear Definitions
One of the most impactful changes in the revised guidance is the evolution of terminology used to drive design and verification decisions.
Critical Aspects (CAs) are refined to emphasize their role in ensuring consistent control of critical process parameters and meeting regulatory requirements. Importantly, CAs must be identified based on scientific understanding of the product, process and equipment, rather than generic classifications. The formal introduction of Critical Design Elements (CDEs) represents a significant step forward. CDEs translate process requirements into tangible design features such as materials of construction, instruments, automation functions, alarms and data management capabilities. They enable effective process control and directly link system design to Critical Quality Attributes.
By distinguishing between CAs and CDEs, the Guide clarifies where control is achieved, at the design level and how verification should be focused. CDEs emerge from the design development lifecycle, are identified through quality risk management and are verified through commissioning and qualification. This structure reinforces the principle that quality should be designed into systems rather than tested into them.
Alignment with ICH and Regulatory Expectations
The revised Guide explicitly incorporates CQAs and CPPs, as defined in ICH Q8 (R2), strengthening traceability from product development to system verification. It also clarifies the distinction between general risk management and Quality Risk Management. While similar tools may be used, QRM focuses specifically on risks to product quality and patient safety. System Risk Assessments, performed by experienced technical SMEs are positioned as the mechanism for identifying critical design controls and procedural mitigations for direct impact systems. This approach reflects regulatory expectations that risk decisions are supported by scientific knowledge and credible expertise, rather than checkbox assessments.
Design Review and Design Qualification: Clearer and More Practical
Design governance is significantly strengthened in the revised guidance. Design Reviews are positioned as structured, documented activities conducted at defined stages of project development, with explicit consideration of hazards and risks. Design Qualification is now clearly defined and aligned with EU GMP Annex 15 and FDA Process Validation guidance. DQ verifies that the proposed design is suitable for its intended purpose and that identified critical aspects and critical design elements have been appropriately incorporated. Importantly, DQ is subject to Quality Unit approval, reinforcing its role as a quality‑impacting decision point rather than a purely engineering deliverable. The inclusion of Product/Process User Requirements (PURs) alongside General User Requirements (GURs) improves traceability from product needs to system design and ultimately to verification strategy.
Key Concepts Reflect How CQV Is Delivered Today
The updated Key Concepts section aligns the Guide with how modern CQV programs are planned and executed. The science‑ and risk‑based approach remains foundational, with decisions informed by product and process knowledge, equipment understanding and lifecycle data. Risk management underpins every stage of specification, design and verification, with effort and documentation calibrated to risk, complexity and uncertainty.
Quality by Design principles are embedded throughout the lifecycle, ensuring that control strategies and the design elements that enable them, are defined early and verified appropriately. Good Engineering Practice continues to underpin all activities, with pragmatic clarification that commissioning and GEP test documentation does not require prior Quality approval. Quality oversight is focused where it adds value: on verification strategies and activities that impact product quality and patient safety.
Clear Roles, Effective Use of Vendor Leverage
The revised Guide strengthens expectations around system ownership and SME involvement. System Owners are accountable for the full lifecycle of the system, including specification, risk assessment, change management, availability and data integrity. SMEs play a central role in defining acceptance criteria, executing verification and evaluating results. Vendor documentation continues to be recognized as a legitimate and valuable component of verification when supported by vendor qualification, technical assessment and documented rationale. Depending on risk, regulated companies may actively participate in vendor testing, reinforcing confidence without unnecessary duplication.
Continued Process Improvement and Lifecycle Thinking
The Guide refines the concept of continuous improvement to continued process improvement, recognizing that improvement is often periodic and data driven. Operational experience, performance data and periodic risk reviews inform decisions over the system lifecycle. Notably, changes that do not impact identified critical aspects or critical design elements may be managed through engineering change processes rather than full GMP change control, supporting efficiency without compromising quality.
Practical Lifecycle Delivery
New figures included in the revised guidance visualize the CQV lifecycle and clarify Quality approval expectations across project stages. The process is intentionally non‑linear, reflecting real‑world delivery where design, risk assessment and specification evolve together. Verification activities are explicitly risk‑based and consider system complexity and novelty, reinforcing proportionate application.
The CAI Perspective
The evolution of ISPE Baseline® Guide Volume 5 and ASTM E2500 reflects how high‑performing organizations already deliver CQV, grounded in science, focused on risk and integrated across the lifecycle. CAI has been actively involved in the development and evolution of these industry standards, contributing practical experience and technical insight drawn from delivering complex projects across the global life sciences sector.
At CAI, we see these updates not as additional requirements, but as validation of a mature, efficient and sustainable approach to CQV, one that protects patients, drug supply, supports regulatory confidence and enables operational readiness and reliable manufacturing from day one and throughout the system lifecycle.