September 4, 2023 – Reading time: 7 minutes
Automotive SPICE® Version 3.991 was recently released, which represents the final preliminary draft of the planned Version 4.0. This brings some important changes compared to the currently used version 3.1:
- Revised process landscape: Incl. Machine Learning & Hardware Engineering
- New standard assessment scope (Basic Scope)
- New role of strategy documents
- New training concept
What are the effects of the new standard on your development projects, also with regard to safety & security? What should you do in your company to continue to meet the ASPICE requirements of the OEMs in order not to block the acquisition of new customer projects? How can we use the ASPICE framework to make your R&D more focused and efficient?
As a process consultancy in the R&D environment and partner of many leading automotive suppliers, INVENSITY is happy to advise you with ASPICE expertise and best practices to address the upcoming changes early on.
Automotive SPICE® (Automotive Software Process Improvement and Capability Determination) is published by the german Verband der Automobilindustrie (VDA) and is aimed in particular at automotive suppliers of complex products and components with software development. It is a widely used and established process-related framework in the automotive industry that provides support for the improvement and evaluation of processes. Therefore, ASPICE® is both a process reference model (PRM) and a process assessment model (PAM). In this context, it is important to understand that ASPICE® itself is not a process description. Instead, it provides expectations and indicators for reliable and proven work methods. ASPICE® follows the common V-model approach and emphasizes traceability and consistency across all disciplines. An ASPICE® implementation leads to quality improvements as well as risk and cost reductions, in addition to increased manageability of more complex development processes.
Version 4.0 of ASPICE® is expected to be released in the fall of 2023 and replaces the previous version until the end of the transition period Q2/2024. But what is the VDA’s motivation to publish a new variant?
Revised Process Landscape
New and modified process areas will better cover the essential development activities of today’s and tomorrow’s mechatronic systems. In addition, the evaluation model will be restructured to reflect the focus of today’s development activities and modern collaboration models more accurately. These collaborative models are a necessary response to the complexity and transformation of today’s business world brought about by increasing digitization, automation, and the integration of artificial intelligence. They enable companies to react more flexibly to changes, drive innovations faster and increase their competitiveness. This is exactly how the new process landscape in ASPICE® 4.0 shall enable companies to implement adequate development even in the face of increasing complexity.
Figure 1 – Preliminary Process Overview – Source: ASPICE v.3.991 (edited)
With the introduction of version 4.0, some processes are additionally included in the consideration horizon, mainly in order to take into account the increasingly relevant topic of “Machine Learning” with the processes MLE.1 – MLE.4 as well as to be able to deal separately with hardware development with the processes HWE.1 – HWE.4. In addition, process VAL.1 and SUP.11 add a validation process of the overall system and a support process created specifically for data management with respect to machine learning.
The processes ACQ.4, MAN.5, REU.2 and SPL.2 will be adapted according to the new concepts and the used measurement framework.
However, some process areas (specifically the processes ACQ.3, ACQ.11-15, SUP.2, SUP.4, SUP.7 and SPL.1) will no longer be part of version 4.0 of the PRM/PAM.
The VDA Scope, a selection of process areas identified by VDA members as particularly important, is replaced by the Basic Scope (see Figure 1). Despite the addition of the MAN.5 process (risk management), this contains significantly fewer processes than the VDA scope.
Within the V-cycle, the focus is therefore mainly on requirements and their verification. Supplier monitoring as well as the architecture, integration and detailed test levels are not included in the standard assessment horizon. Furthermore, the management and support processes are still part of the standard assessment scope.
Changing Role of “Strategy Documents” and other Changes
Another change relates to plans or strategy documents. These are currently required in some process areas for Capability Level (CL) 1, in some only for CL 2. In the future, all strategy documents will only be required from CL 2. The reason for this is, on the one hand, that level 2 is mainly characterized by managing the processes, whereas CL 1 is characterized by executing them, which means that the planning character of the strategy documents exceeds the horizon of CL 1. On the other hand, this should resolve the inconsistency that some strategies were needed from CL 1, while others were needed only from CL 2. It should be noted, however, that the relevant concepts and ways of working, which are normally recorded in a strategy, still need to be provided and applied to achieve a CL 1, but not recorded and managed in advance.
Figure 2 – Capability Level Change of Strategy Documents
In general, the focus is no longer on “Work Products” as such, but on “Information Items”. Thus, the focus is more on the main results of the processes, which can be used directly as indicators, rather than on a concrete document. For better clarity, tables were developed that relate the Base-Practices and the Information-Items to the respective Process-Outcomes. Additionally, the Base-Practices, which consider traceability and consistency, will be combined in one common Base-Practice instead of two different ones.
Figure 3 – Exemplary Mapping of Information Items and Base Practices – Source: ASPICE v.3.991
One motivation for the new version is the desire to be able to achieve maximum repeatability and reproducibility of the assessment results, since in the past it became increasingly apparent that the processes in ASPICE® assessments were evaluated very subjectively. Eliminating redundancies in content should also enable a more efficient assessment and avoid misinterpretations.
For this purpose, notes with implicit requirements or checklist-like enumerations were revised or newly formulated. Notes serve to explain terms used in the base practice texts or provide examples. However, in PAM Version 3.1, they imply mandatory content or appear as checklists. In version 4.0, the notes should contain fewer examples to avoid the impression of a checklist. The goal here is to motivate assessors to focus more on the actual context being assessed. In addition, definitions of various words, such as metrics or risks, have also been made more concrete in order to reduce potential misunderstandings.
Introduction of a Standardized Potential Analysis
Other planned change is the introduction of a separate PAM for potential analysis. The ever-growing number of suppliers requires a fast but trustworthy method to investigate the processes of potential suppliers before nomination. In fact, OEMs and Tier 1 companies have been working with “adapted” and proprietary derivatives of the ASPICE® model for years. The “ASPICE®-based potential analysis” aims to close this gap by providing a unified and harmonized solution for this assessment case. Although the potential analysis must be performed by certified assessors, it does not replace an official assessment. In the potential analysis, various processes are usually considered together in 2 days. Less attention is paid to details, but rather to the circumstances and the understanding of the supplier to work according to ASPICE®-compliant processes.
New Training Concept
With the introduction of ASPICE® 4.0, a two-part training concept is being rolled out. One path is for practitioners to become process experts in their respective area. The other path is intended for assessors. The basic knowledge is imparted in a common introductory course. Furthermore, depending on the targeted assessor level, the two courses “Provisional Assessor” and “Competent Assessor” are offered. For both assessors and practitioners, there will be optional extensions to their qualification in order to be able to cover further areas such as cybersecurity, hardware engineering, machine learning and Agile SPICE® in their assessments. However, the corresponding training modules will only be available successively in the course of 2024.
Figure 4 – New Training Concept
ASPICE® 4.0 brings some new changes with it and demands your readiness to adapt. We are already seeing more and more technical revisions with regard to cybersecurity in addition to the standardized VDA scope – nothing new for now.
With the new version, ASPICE® becomes even more of an organizational framework that addresses the interaction of all development processes. In order to secure the requirements of the various standards from system/software, hardware, safety, security and machine learning across the board and to coordinate interfaces, strategic process management, which is required for ASPICE Level 3, will become even more important. While ASPICE® Level 1 will initially be easier to achieve due to the reduced scope and will no longer be a problem for most system suppliers anyway, the focus must be placed on the conceptual work of the process architects in order to save enormous costs for potential rework. This will lay the foundation for efficiency improvements in the higher ASPICE® levels.
For more information or questions about ASPICE®, please feel free to contact us. Our experts Björn Engelhardt and Thomas Breuer will be happy to talk to you personally and address your individual questions and challenges.