What is ASPICE?
Automotive Spice, or ASPICE, stands for Automotive Software Process Improvement and Capability Determination. It was created to assess the performance of the development processes of OEM suppliers in the automotive industry. It defines best practices and processes to ensure the highest quality of embedded automotive software development. The certification process is based on the audit conducted by external, independent ASPICE-certified assessors.
ASPICE was developed within the ISO/IEC 15504 standard – Software Process Improvement and Capability Determination, also known as SPICE. Where SPICE gives the framework for software process assessment, ASPICE applies this framework to the automotive industry.
Find out more about the evolution of SPICE to ASPICE in this article: SPICE to ASPICE – standards evolution and implementation.
ASPICE CAPABILITY LEVELS
Suppliers who undergo the ASPICE certification can be scored at one of five capability levels:
Levels 2 and 3 are usually perceived by clients as the universal standards for excellence, while levels 4 and 5 are treated as aspirations.
ASPICE Verification and Validation model
The verification and Validation model, also known as a V-model, is what Automotive SPICE builds on. The V-model is strict in its requirement for constant evaluation and development, so that potential issues can be eliminated at the first stage. The V-model consists of two stages. Each one of them includes different phases, as illustrated in the graphic below:
ASPICE focuses on continuous process improvement to raise the supplier’s capability level. In ISO 26262, the focus is on filling all the gaps in compliance identified by the audit. Also, ASPICE takes into consideration the cost and schedule of the development schedule. On the contrary, ISO 26262 primarily targets functional safety.
Find out more about the differences between ASPICE and ISO 26262.
To sum up, the best and most recommended approach is adhering to both ASPICE and ISO 26262 standards. This is the optimal way to keep the risks of potential failures at a minimum, especially for critical automotive systems.
ASPICE vs CMMI 2.0
CMMI 2.0 (Capability Maturity Model Integration) is a model for improving business performance and delivering better products or services. It is also used as a model for assessing process maturity level. It determines different practice areas associated with each level from 0 to 5: the higher the level, the deeper the understanding of the processes within the organisation. Organisations that achieve level 4 or 5 are considered high maturity.
Both ASPICE and CMMI cover the four categories of Process Areas within automotive software development (process management, project management, engineering and support), but at different depth. Also, CMMI has a broader scope of application than ASPICE. CMMI covers certain process areas that ASPICE doesn’t.
ASPICE is focused on the engineering practices according to the V-model at a project level- not only software engineering, but also systems engineering (software + hardware, electronics, mechanical, etc.). CMMI is oriented towards project management and other organisational practices at a company level.
To find out more about the differences between ASPICE and CMMI and whether it’s worth implementing both, read: ASPICE vs CMMI 2.0: Automotive standards deciphered.
Cybersecurity and ASPICE
In February 2021, the German Association of the Automotive Industry (VDA) has issued Automotive SPICE for Cybersecurity guidelines. This document ended a long period where the automotive sector was lagging behind almost any industry and not properly addressing cybersecurity threats. It adds an important layer to the existing ASPICE standard and the V-model itself. This new group is named Cybersecurity Engineering Process Group (SEC) with 4 elements included:
- SEC.1: Cybersecurity Requirements Elicitation,
- SEC.2: Cybersecurity Implementation,
- SEC.3: Risk Treatment Verification,
- SEC.4: Risk Treatment Validation.
Read more about how to merge cybersecurity guidelines with Automotive SPICE and the V-model in this article on our blog >>> Cybersecurity as a plugin into ASPICE and V-model
We’ll help you prepare for the ASPICE certification process
If you plan to go through the ASPICE certification process, our experts can provide your team with ASPICE training for any role and at any level. We can also conduct an audit and a gap analysis to identify areas for improvement and help you implement the necessary changes.
See our ASPICE and FUSA offering or contact us using the form below.