ASTM E2500-25 Standard Guide: Approval and Updates

ASTM standards follow internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade Committee. Most worldwide drug regulatory organizations accept ASTM Standard Guides.

Guide Revisions

ASTM E2500-07: Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment was first issued in 2007 to define the process for applying a QRM approach for commissioning and qualification (C&Q) of facilities, systems, and equipment to be verified as fit-for-intended purpose in support of process validation and commercial manufacturing. There have been minor updates in subsequent years.

In 2024, a task team was formed to undertake a more comprehensive update to include best industry practices and incorporate any changes required to align with the most recent regulatory guidance. This includes updates to ICH Q9(R1) and ICH (Q10), European Medicines Agency Annexes 1 and 15, best practices from ISPE Baseline® Guide: Commissioning and Qualification (Second Edition), and PDA TR 54-5 on QRM. The revised Standard Guide for Specification, Design, and Verification of Pharmaceutical and Biopharmaceutical Manufacturing Systems and Equipment Science and Risk-Based Approach is a major revision and was issued 15 March 2025. This article will focus on changes and additions to the revised Standard Guide as they appear in the document.

Guide Scope Clarifications

The guide can be applied to all elements of pharmaceutical and biopharmaceutical manufacturing systems. This includes GMP utility equipment, process equipment, supporting utilities, associated process monitoring and control systems, and automation systems that have the potential to affect product quality and patient safety. It is noted that availability has been included in the scope. The guide can also be applied to laboratory systems, medical device manufacturing systems, and information systems.

However, the following are out of scope and the guide includes an associated reference for guidance on each:

• Laboratory instrument qualification, which is covered in USP <1058>
• Information software qualification, which is covered by ISPE GAMP^® series documents
• Risk management (RM) of medical device manufacturing, which is covered in ISO 14971

A clarification was provided that QRM application for an entire facility (such as contamination control strategy) is not in scope and is subject to separate assessments. But it was noted that data and observations from these exercises could identify process risks and/or risk mitigations for subsequent manufacturing systems risk assessments.

New and Revised Definitions

New Definitions

Critical design elements (CDEs)

CDEs are components, instruments, materials of construction, and features of an engineered system that are necessary to consistently achieve required process controls enabling manufacture of products meeting critical quality attributes (CQAs). The guide gives examples of automation CDE features, including the ability to alarm and manage data. CDEs are identified and documented based on technical understanding of the product CQAs, critical process parameters (CPPs), and equipment design and automation. CDEs are verified through C&Q. CDEs are the outputs of the design development life cycle.

System owner

The system owner is the person and/or function responsible for developing, procuring, integrating, modifying, operating, maintaining, and supporting a system and for ensuring the system’s data security.

Design qualification (DQ)

DQ was added as a documented process that verifies that the proposed design of the facilities, systems, utilities, and equipment suits the intended purpose. The definition is aligned with European Union (EU) GMP Annex 15 and US Food and Drug Administration Guidance for Industry Process Validation.

Direct-impact systems and non-direct-impact systems

These are systems that either directly impact or do not directly impact product CQAs or the quality of the product delivered by a critical utility system.

Product/process user requirements (PURs)

PURs are requirements that include the CQAs, CPPs, and other critical support systems, as well as any supporting technical design features or control functions that could impact the ability to clean, sterilize, sanitize, or manufacture properly the product to the extent these activities impact product quality and safety.

General user requirements (GURs)

GURs are requirements related to process capacity, equipment availability, environmental discharges, safety, and other typical non-GMP requirements.

CQA and CPP

CQA and CPP had definitions added from their usage and definitions in ICH Q8(R2).

Revised Definitions

Critical aspects (CAs)

CAs of manufacturing systems are typically the functions, features, abilities, and performance or characteristics necessary for the manufacturing process and systems to ensure that CPPs are consistently controlled and other requirements are met (e.g., regulatory requirements). CAs should be identified and documented based on scientific product and process understanding.

Design review (DR)

The design is reviewed at predefined stages and appropriately documented during development targeted to address specific issues, including hazards to be analyzed through QRM.

The guide describes a science- and risk-based life cycle approach for manufacturing systems impacting product quality and patient safety.

RM and QRM

RM refers to management of risk in general, including risks to product quality and patient safety, business risks, project risks, and environmental, health, and safety (EHS) risks. Both QRM and general RM can use the same process and tools to manage risk. The key difference is that QRM specifically addresses managing risks associated with process risks to product quality and patient safety. An assessment is the application of QRM to examine the product quality risk controls for direct-impact systems. This assessment identifies critical design (CAs/CDEs) and procedural controls required to acceptably mitigate system risks. The project team performing the system risk assessment includes technical subject matter experts (SMEs) that understand the science behind the process and the risks associated with the CQAs.

Summary of Updates

As stated previously, the guide describes a science- and risk-based life cycle approach (e.g., specification, design, verification, and qualification) for manufacturing systems impacting product quality and patient safety. The approach described is an effective methodology for qualifying pharmaceutical and biopharmaceutical equipment, systems, facilities, and automation.

The original guide focused on CAs; the revised guide includes focus on critical elements (CDEs) that affect CPPs for manufacturing systems and equipment. The guide also notes that the standard does not include other manufacturing program elements, such as manufacturing material/component controls, standard operating procedures, batch records, and in-process testing for process validation.

Source1

The main elements of the guide remain: The underlying key concepts that are applied; the description of the specification, design, and verification process and their relationship to qualification; and the description of the required supporting processes.

Significance and Use

The guide continues to satisfy international regulatory expectations that manufacturing systems and equipment fit their intended use and satisfy requirements for design, installation, operation, and performance. Appropriate references have been updated and include:

• FDA initiative, Pharmaceutical cGMPs for the 21st Century—A Risk-Based Approach
• ICH Q8(R2), ICH Q9(R1), ICH Q10, ICH Q11, ICH Q12, and ICH Q13
• FDA (Process Validation Guidance), EU (Annex 1 and Annex 15), and other international regulations for equipment and facility suitability

Key Concepts

Key concepts have been edited to align with revised guide sections. Changes are in bold:

• Science and Risk-Based Approach
• CAs and CDEs of Manufacturing Systems
• Quality by Design
• Good Engineering Practice
• Subject Matter Experts
• System Owner
• Use of Vendor Documentation
• Continued/Continuous Process Improvement

Science and Risk-Based Approach

The following are key concepts of a science- and risk-based approach. First: Product and process information, related to product quality and patient safety, informs science- and risk-based decisions that ensure that manufacturing systems are designed and verified to fit their intended use, as per ICH Q8(R2). Second: Equipment knowledge and its role in the process is used in the science- and risk-based approach to qualifying systems. Third: Product and process information includes CQAs, CPPs, process control strategy information, and prior production experience, as per ICH Q10.

Fourth: RM underpins each stage of specification, design, and verification. The primary principles for RM are defined in ICH Q9(R1): Evaluating the risk to quality should rely on scientific knowledge and link to patient protection; and the QRM process’s intensity, formality, and documentation should align with the level of risk, including the importance, complexity, and uncertainty targeted by QRM.

CAs and CDEs of Manufacturing Systems

Verification activities should specifically include, but not be limited to, CDEs of manufacturing systems. Commissioning is embraced in all verification activities. Qualification includes verification activities that center on items determined to be CAs/CDEs. CAs are enabled by CDEs. Figure 1 illustrates the relationship between CDEs, CAs, CPPs, and CQAs and shows an alignment with product quality and patient safety.

Quality by Design (QbD)

QbD concepts are applied to ensure that CAs and their associated CDEs are designed into systems during specification and design. The CAs of the design and associated acceptance criteria are documented, which will typically require that a risk assessment focused on process controls (CPPs) be performed as specifications are developed to identify risks to mitigate and CQA to achieve. Assuring that manufacturing systems remain fit throughout the life cycle requires structured verification. DQ verifies incorporation of identified control strategies developed using QbD.

Source1

Good Engineering Practice (GEP)

As previously stated, GEP underpins and supports specification, design, and verification (see Figure 2). It was added that commissioning verification testing documentation (e.g., GEP: factory acceptance testing [FAT], site acceptance testing [SAT], installation/operational verification [IOV], commissioning) does not require quality unit preapproval. The quality unit approves verification (C&Q) plans that contain all the quality-important elements that quality previously approved.

Subject Matter Experts (SMEs)

SMEs are people with specific expertise and responsibility in a given area or field. Their responsibilities, as defined in the guide, remain as follows: participating in RM; planning and defining verification strategies; defining acceptance criteria, selection of appropriate test methods, execution of verification tests; and reviewing results in manufacturing system verification.

System Owner

A system owner recognizes that the owner is accountable/responsible for delivering the overall system and is a key contact point for ensuring continuity and system delivery. This owner will participate in all aspects of system specifications, requirements, and risk assessments to provide continuity for decisions and system history.

Use of Vendor Documentation

Vendor documentation, including test documents, is used during verification documentation (e.g., FAT/SAT), provided that the regulated company has assessed the vendor and has evidence of:

• An acceptable vendor quality system in which vendor audit was added as an example
• Vendor technical capability
• Vendor application of GEP such that vendor-delivered information will be accurate and will meet verification

Deciding to use vendor documentation to verify CDEs/CAs should align with the manufacturing system’s intended use and the SME-approved rationale for the decision, including the quality unit (e.g., as part of the C&Q plan). The updated guide added that use of the vendor-generated testing and documentation may include participation of system owner and/or SMEs depending on identified risks.

Continued/Continuous Process Improvement

The term “continued” was added because the term “continuous” could be understood as 100% real-time monitoring as opposed to periodic monitoring. The third following bullet was an addition to the original text.

• Based on experience gained in commercial production, improvement opportunities should be sought based on periodic risk review and evaluation (ICH Q9(R1)), operational and performance data, and root-cause analysis of failures.
• As teams gain product knowledge and understanding, critical attributes may change as new risks or process needs arise.
• Changes to equipment/systems that do not affect items identified as CAs/CDEs may not need to follow GMP change management, but only GEP (e.g., engineering change management).

Source1

C&Q Delivery Process Flow

The C&Q process flow diagram (see Figure 3) was added to illustrate that the life cycle delivery process is not strictly sequential. Post-QRM feedback will still be necessary to determine control strategy. As can be seen, teams must identify quality-affecting user requirements to support initial user requirement specification (URS) generation and development. These quality-affecting user requirements also are the focus for QRM risk assessment application, leading to control strategy (CAs) identification and adding the identified controls to the URS to acceptably mitigate risk of CPP control failure.

ASTM E2500-25 added a new figure (see Figure 4) that outlines the C&Q process associated with the life cycle stage deliverable and provides a high-level description of the deliverable content. It also clarifies where quality unit approvals are required.

C&Q Process Key Points

Minor edits were added to the C&Q process step text to include CDEs along with the CQAs, CPPs, and CAs originally listed. It was noted that SMEs identified the CDEs by applying QRM and that system verification is based on risk, its complexity, and its novelty.

• Requirements: Product and process knowledge—including knowledge of sources of variability in the product and process, the identification of CQAs; CDEs that provide identify process control strategy information, and process control strategy information—should be based on scientific data gathered during experimental and development work and manufacturing experience.
• Specification and design: Design activities include a focus on aspects identified as critical to product quality and patient safety. SMEs applying QRM should identify and document these critical manufacturing system aspects and CDEs.
• Verification: Defined and documented. The extent of verification and the level of documentation detail should hinge on the risk, its novelty and the manufacturing system’s complexity.
• Commissioning: Commissioning includes verifying actions to confirm that the equipment and systems have been installed properly and are operating correctly. Commissioning should include CAs associated with product quality and patient safety, and should verify general engineering, EHS, and business requirements.

To support the process stages already listed, the following activities and their content were included. The qualification strategy is defined by the appropriate SME, with a focus on CAs and CDEs enabling the control strategy and approved by quality. The complexity of the verification effort should align with suitability for use of the equipment or system. Verification activities are overseen by appropriate SMEs and document verification results using good documentation practice applying the ALCOA (attributable, legible, contemporaneous, original, and accurate) standard. Excluded from this guide’s scope is that ALCOA+ is applied using the GAMP process to verify data integrity in software. Acceptance and release include conformation of CA/CDE testing results by an SME. A formal confirmation of fitness for use is prepared and approved by the quality unit.

C&Q Enablers

QRM

The guide notes that QRM is based on risk assessments, where appropriate controls and verification techniques are selected to mitigate risk to an acceptable level. The focus will be on risks that relate to the manufacturing system’s CAs and CDEs. It was added that when design can’t eliminate risks, organizations can apply risk control, such as internal procedures and in-process testing EU GMP Annex.

Source1

Design Review/DQ

The updated guide clarified that DR includes PUR and GUR, is performed by appropriate SMEs, and is documented with GEP practices. It also added that DQ includes CAs and CDEs and is approved by the quality unit.

Change Management

Before acceptance, change management should be applied based on SME-approved changes. The quality unit should be briefed on changes affecting manufacturing systems’ CAs and CDEs.

Conclusion

In an era in which precision, compliance, and agility define pharmaceutical success, the newly revised ASTM E2500-25 standard1 marks a pivotal shift in how manufacturing systems are specified, designed, and verified. This update introduces a science- and risk-based approach that directly aligns system design with process control strategies, ensuring that CQAs and patient safety are safeguarded from the ground up. For manufacturers, this is not just a technical revision—it’s a strategic imperative. Organizations should review and plan to integrate these principles into their C&Q frameworks, or risk falling behind in regulatory compliance, operational efficiency, and product quality assurance.2^, 3^, 4