ASPICE vs CMMI 2.0: Automotive standards deciphered

Małgorzata Kawałkowska

Business Researcher

There’s a huge market pressure nowadays on delivering high-quality products while decreasing the costs and improving efficiency. Also, the challenge is the lack of competencies and knowledge, which impedes innovation that is especially crucial in the automotive sector.  

Without the well-established and continuously improved processes, it’s impossible to achieve the right quality, cost- and work-efficiency levels demanded in the automotive sector. To always deliver expected results, it’s essential to base the processes on standards like ISO 26262, ASPICE or CMMI 2.0. 

In this article, we’re taking a closer look at ASPICE vs CMMI 2.0, comparing their scope and discussing the advantages of each model. 

What is ASPICE? 

ASPICE (Automotive Software Performance Improvement and Capability Determination) is a standard that provides a framework for software process assessment. It defines best practices and processes to ensure the high quality of embedded automotive software development. ASPICE is used to assess if an automotive software supplier meets the required level of quality and certain performance standards. The certification process is based on the audit conducted by external, independent ASPICE-certified assessors.  

ASPICE is based on a Verification and Validation model, also known as the V-model, which includes a testing phase alongside each stage of development. Thanks to this approach, potential problems can be spotted early on in the development process.  

It’s important to highlight that ASPICE focuses on the continuous improvement of the implemented processes to raise the supplier’s capability level. Improved standards lead to better quality products and push towards continual innovation.  

Recommended reading: What is ASPICE?

There are five ASPICE capability levels: 

Capability level 0 – Incomplete Process 

There’s no process implemented or it fails to deliver outcomes.

Capability level 1 – Performed Process 

The process allows achieving its purpose. 

Capability level 2 – Managed Process 

The process is managed – planned, monitored and adjusted.  

Capability level 3 – Established Process 

The process follows centralised standards set across your organisation.  

Capability level 4 – Predictable Process  

The established process allows achieving target outcomes predictively within the determined limits.  

Capability level 5 – Innovating Process  

The assessed process is regularly improved.  

Levels 2 and 3 are usually perceived by clients as the universal standards for excellence, while levels 4 and 5 are treated as somewhat aspirational.  

When is compliance with ASPICE required? 

Although compliance with ASPICE is not legally required, many leading OEMS, especially on the European and Japanese markets, make it necessary for their software or electronic suppliers to cooperate with them.  

What is CMMI 2.0? 

CMMI (Capability Maturity Model Integration) is a model for improving business performance and delivering better products or services. It can be used as a set of best practices and guidelines for process improvement, so the companies can consistently make their services or products better.  

It is also used as a model for assessing process maturity level as there are different practice areas associated with each level. The higher the level, the deeper the understanding of the processes within the organisation.  

CMMI maturity levels 

There are six CMMI maturity levels:  

Maturity Level 0 – Incomplete 

Level 0 characterises a company in which the processes are unknown or ad-hoc – they may or may not exist and be followed.  

Maturity Level 1 – Initial 

In a company with level 1 maturity, the processes are still unpredictable and reactive. Therefore, the work may not be completed on time or within the budget.  

Maturity Level 2 – Managed 

Level 2 maturity means that the processes are planned, performed, measured and controlled on a project level but not yet across the whole company.  

Maturity Level 3 – Defined 

Level 3 maturity characterises organisations with company-wide standards. Businesses at this stage understand what their goals for improvement are and have a plan to address them.  

Maturity Level 4 – Quantitatively Managed 

Level 4 means that there’s a data-driven approach to process improvement in an organisation and that the processes are predictable and aligned with all stakeholders’ needs. 

Maturity Level 5 – Optimising 

Organisations with level 5 maturity are focused on continuous process improvement to best adjust themselves to the changing environment. Level 5 maturity is also a sign that an organisation has a stable foundation for innovation.  

Organisations that achieve level 4 or 5 are considered high maturity. However, even when businesses reach that point, it doesn’t mean the work is done once and for all. The improvement process should be maintained regularly. 

When is compliance with CMMI 2.0 required? 

Similarly to ASPICE, compliance with CMMI 2.0 is not obligatory by law. However, in the US, it’s a crucial condition for Federal and State government organisations to contract with a supplier. 

Find out more about ASPICE in our guide

ASPICE vs CMMI 2.0: similarities and differences 

Since many organisations in the automotive sector already have one of the process improvement frameworks implemented (usually it’s CMMI in US and ASPICE in Europe and Asia/Japan), it’s important to understand the similarities and differences between ASPICE and CMMI.  

What are the similarities between ASPICE and CMMI? 

Both ASPICE and CMMI cover the four categories of Process Areas within automotive software development: process management, project management, engineering and support. However, the coverage of specific practices vs process outcomes aren’t at the same depth. 

What are the differences between ASPICE and CMMI? 

The approach 

Comparing to CMMI 2.0, ASPICE is a lot more focused on the engineering practices according to the V-model - not only software engineering, but also systems engineering (software + hardware, electronics, mechanical, etc.).  

On the contrary, CMMI is more oriented toward project management and other organisational practices. It describes standard processes that need to be implemented for the “ideal” software development.  

It’s also worth noting that ASPICE is more project-oriented (at least till level 2), while CMMI applies on more general, organisational level.  

The scope  

CMMI has a broader scope of application than ASPICE. CMMI covers certain process areas that ASPICE doesn’t, such as:  

  • Integrated Product and Process Development,  
  • Specific Process areas, including: Integrated Teaming, Integrated Supplier Management, Organisational Environment for Integration, Decision Analysis and Resolution,  
  • Organisational Training, Organisational  

There are also certain ASPICE processes that CMMI doesn’t fully cover, like: 

  • Supplier monitoring, 
  • Supply process group (SPL), 
  • Reuse Program Management. 

However, there are no areas that are exclusively covered only by ASPICE. 

There are also differences in training support and process appraisal. CMMI appraisal is conducted using the SCAMPI method, while ASPICE doesn’t have a standardised appraisal method.  

The market 

Companies active on the Germany/Europe require the ASPICE level from their suppliers, while businesses operating on the US market put more focus on whether their suppliers have CMMI qualifications. 

What business value do ASPICE and CMMI 2.0 bring? 

CMMI allows organisations to evaluate how their processes compare to CMMI best practices and identify areas for improvement to deliver better services and products to their clients.  

When an organisation reaches a high maturity level, it’s perceived as more reliable and stable to be a potential business partner. Being CMMI appraised is often a necessary contractual requirement for software development companies, especially on the U.S. market.  

ASPICE ensures mature, systematic and well-documented automotive software development. For suppliers, it gives guidelines for in-house process improvement. It also allows clients to measure process maturity within a supplier’s company and helps determine their potential technology partner’s capability. 

It’s worth noting that there’s a proven correlation between process maturity and product maturity. Low process maturity leads to late product maturity – product defects are identified late in the development process when fixing problems gets expensive. The more mature the processes, the higher product maturity – possible product faults are spotted early on in the development process.  High process maturity gives competitiveness with respect to cost and quality. It also opens the door for innovation despite limited resources.   

What is more, ASPICE assessment is an indicator of a supplier’s capability to deliver products that meet the quality, performance and safety standards demanded by all leading European and Japanese OEMs. 

Is it worth implementing both ASPICE and CMMI 2.0?  

Both SPICE and CMMI are said to improve software process development. Although there are some differences and similarities between the two models, both can be used in a combination to provide an excellent software development process.  

Both SPICE and CMMI can be used in different circumstances and/or can be combined according to the organisation’s needs. After evaluating the advantages and disadvantages of both the models/standards, it can be said that both SPICE and CMMI can be used in a combination to provide the most efficient models for software development.  

These combinations would depend on the specific requirements of an organisation. For an organisation with short time requirement, CMMI would be beneficial since it first maps the timings and then plans the modules of the software development phase. On the other hand, if an organisation seeks to achieve and maintain a high standard of implementation that can bring a competitive edge, then it might want to involve more SPICE processes. Therefore, the use of a particular model depends entirely on the needs and requirement analysis of the organisation.  

Check our offering page for more details >> ASPICE and FUSA