What Is Automotive SPICE® (ASPICE)?
Automotive Software Process Improvement and Capability Determination (Automotive SPICE®, or ASPICE) is a process assessment model that helps OEMs and suppliers assess the current performance — and maturity level — of software development processes within an organization.
Complying with this standard helps automotive suppliers ensure the quality of their software meets key customer requirements.
Here, we give an overview of ASPICE and performance quality compliance tips for automotive software organizations.
Read along or jump ahead to the section that interests you most:
- What Is Automotive SPICE®?
- Why Is ASPICE Important for OEMs and Automotive Suppliers?
- The ASPICE Framework and Static Analysis
- ASPICE Standard Scoring Levels
- How Static Analysis Tools Support ASPICE Guidelines
Automotive SPICE® (ASPICE) is a process assessment framework that was developed within SPICE, or the ISO/IEC 15504 standard. It applies to automotive suppliers and manufacturers who want to prove their software development process capabilities to meet OEM requirements and incorporate best practices throughout the automotive software development lifecycle.
(Automotive SPICE® is a registered trademark of the Verband der Automobilindustrie e.V. (VDA) For further information about Automotive SPICE® visit www.automotivespice.com.)
Today's vehicles are evolving rapidly with smart, integrated technologies. They are equipped with sensors, infotainment, and advanced driver assistance systems (ADAS) that help improve the safety of the driver and passengers.
The manufacturing process for vehicles has also evolved, with complex technologies and parts developed across the globe. That means OEMs need assurance that their suppliers meet their requirements for overall product quality, if they are to effectively compete in today’s market.
🚗 Related Resource: Accelerating Market Entry for EV Start-Ups
The ASPICE standard addresses quality concerns by evaluating the software during each phase of development. It was developed under the Automotive SPICE initiative with car manufacturers within the Automotive Special Interest Group (AUTOSIG), a joint special interest group of Automotive OEM, the Procurement Forum, and the SPICE User Group. ASPICE keeps similar principles to SPICE but is industry-specific, defining best practices for embedded software development for the automotive industry.
Why Is ASPICE Important for OEMs and Automotive Suppliers?
ASPICE is a robust standard that evaluates company processes at the organizational, project, or system level so that automotive suppliers and OEMs can continuously monitor and improve how they work.
For OEMs, following ASPICE means that they can assess their supplier’s process quality capability and make more informed decisions when choosing suppliers for their needs. For suppliers, adopting ASPICE provides assurance that they can meet customer requirements while improving process quality. This leads to a better product overall, and potentially shortening the release time-to-market and reducing development costs.
The goal of the ASPICE standard is to help organizations define and incorporate best practices for vehicle software development at the design, review, development, testing, and verification stages. After you have specified best practices for each process according to the ASPICE guidance and can show how you are implementing them, you are ready for an ASPICE assessment.
ASPICE complements existing safety and quality management standards and guidelines, such as ISO 26262, which focuses on functional safety, and ISO 21434, which focuses on cybersecurity engineering. There is also a version of Automotive SPICE for Cybersecurity to further guide vehicle manufacturers in identifying and managing cybersecurity risks in the supply chain.
📕 Related Resource: Automotive Software Development Process Guide
The ASPICE Framework and Static Analysis
ASPICE is divided into process groups, including the Software Engineering Process Group (SWE), which is based on the V-model. The SWEs are further divided into the phases of the development lifecycle:
- SWE.1 - Software Requirements Analysis
- SWE.2 - Software Architectural Design
- SWE.3 - Software Detailed Design and Unit Construction
- SWE.4 - Software Unit Verification
- SWE.5 - Software Integration and Integration Test
- SWE.6 - Software Qualification Test
For example, SWE.4 - Software Unit Verification mentions both static analysis and MISRA C/MISRA C++® coding standards:
- SWE.4.BP2: Develop criteria for unit verification. Possible criteria for unit verification include unit test cases, static verification, coverage goals, and coding standards such as the MISRA® rules.
- SWE.4.BP3: Perform static verification of software units. Static verification may include static analysis, code reviews, and checks against coding standards and guidelines. Appendix D subsection D.6 "Evaluate," "Verification Criteria," and "Ensuring Compliance" gives MISRA as an example of coding standards and guidelines.
As ASPICE is a process standard, organizations can use static analysis tools to meet a process requirement. So for SWE.4, static verification can be achieved by using static code analyzers to enforce coding standards.
Once you have your processes in place, the ASPICE level is externally assessed and a capability level (CL), based on the process attributes (PA), will be assigned. Each process is assessed individually, and the maturity level as a whole is assessed at the lowest level.
ASPICE Standard Scoring Levels
The PAs consist of a 5-level scoring scale which determines the maturity level of the project:
- Level 0 - Basic/Incomplete. Somewhat meet ASPICE requirements.
- Level 1 - Performed. Almost or entirely achieve ASPICE requirements, but may have components missing in the process.
- Level 2 - Managed. Deliver the work products reliably and almost or entirely achieve ASPICE standards in addition to the work products.
- Level 3 - Established. Established and set the performance standards for the organization and continuously monitor them for improvements.
- Level 4 - Predictable. Beyond having established performance standards, analyze outcomes and produce predictable results.
- Level 5 - Innovating. Process is consistent, predictable, and continuously improved.
Generally, to meet client requirements, levels 2 and 3 are considered excellent, and levels 4 and 5 are aspirational.
Adopting the ASPICE framework offers many benefits to suppliers and OEMs. By using ASPICE guidelines to implement best practices, organizations can better identify problems before a vehicle goes to market, create greater transparency about the quality and security of increasingly complex embedded systems in vehicles, and spur product innovation under proper process evaluation.
How Static Analysis Tools Support ASPICE Guidelines
There are many benefits to ASPICE compliance. Once your organization has developed processes that meet ASPICE requirements, you have a framework in place that can help you attain certification for other standards. For example, although there are differences, following ASPICE can also help you implement the requirements for other safety standards such as ISO 26262.
Powerful static analysis tools — like Perforce’s Helix QAC —support SWE.4, which requires a process of static verification to a coding standard. Helix QAC also enables developers to accelerate compliance to coding standards in the automotive industry by:
- Detecting compliance issues earlier in development.
- Enforcing coding standards and detecting rule violations.
- Accelerating code reviews and manual testing efforts.
- Reporting on compliance issues over time and across product versions.
See how Helix QAC can help you accelerate standards compliance. Request a free trial.