Automotive SPICE

Last updated October 07, 2024

Automotive SPICE is a maturity model adapted for the automotive industry. It assesses the maturity of development processes for electronic and software-based systems (e.g., ECUs). It is based on an initiative of the Special Interest Group Automotive and the Quality Management Center (QMC) in the German Association of the Automotive Industry (VDA).

Trademark

The name Automotive SPICE is protected by trademark law and is the property of the VDA.

Maturity levels

There are six maturity levels, referred to as Levels. Level 0 is the lowest maturity level; Level 5 is the highest maturity level. The maturity levels are named and characterized as follows:

Level 0 = "incomplete"; incomplete.
Level 1 = "performed"; the process purpose is fulfilled by executing the base practices and generating the output work products.
Level 2 = "managed"; the process performance is planned and monitored at the project level; the work products are managed and checked according to a project-specific standard.
Level 3 = "Established"; process performance follows an organization-wide defined standard process.
Level 4 = "Predictable"; process execution is controlled by metrics
Level 5 = "Innovating"; metrics obtained from process execution are used to optimize processes.

Automotive SPICE assessments

Automotive SPICE Assessment aim at objectively evaluating the development processes using the Process Assessment Model (PAM) for a defined organization. Each Automotive SPICE process part is assessed separately and assigned its maturity level. For example, the following process groups are considered: System Development (SYS), Software Development (SWE), Project Management (MAN), Support Processes (SUP), etc. which are mentioned in the current standard.

In the planning for an assessment, the client of the assessment (also called "sponsor") and the leader of the assessment (also called "lead assessor") define the processes of the process dimension that are relevant to the context of the organization, the maturity level to be assessed and the process instances (e.g., development sites).

According to Automotive SPICE, the requirements from the ISO/IEC 33020:2015 (formerly ISO/IEC 15504-2) standard apply to the performance of compliant Automotive SPICE assessments, e.g., about the competence of the lead assessor, the creation of input documents, the activities to be performed, the creation of output documents, and the comprehensive documentation of the entire assessment process.

Training and qualification

The participants of Automotive SPICE assessments, especially those responsible for performing an assessment, must have the necessary knowledge of Automotive SPICE. This is done by training, successful certification, and proof of the regularly performed activity as an assessor. Training providers and qualification bodies exist for this purpose, as listed below.

The following qualification bodies are known:

iNTACS (International Assessor Certification Scheme), and
ARCS (International Assessor Registration and Certification Scheme).

In this context, iNTACS e.V. is the cooperation partner of the VDA, which has developed a scheme of the same name for the training of assessors (examiners). The scheme fulfills the qualification requirements of the Manufacturer Initiative Software (HIS)[3][4] (see also AUTOSAR and ISO 26262) and those from ISO/IEC 15504-2. There are cooperation agreements between iNTACS e.V. and VDA to jointly ensure the training and certification of Automotive SPICE assessors at a high-quality standard and further develop the scheme.

As of 2023, there are approximately 6100 registered assessors.

The latest version of Automotive SPICE was released in November 2023 as Automotive SPICE 4.0.

History

Automotive SPICE was developed in 2001 by AUTOSIG (Automotive Special Interest Group), which includes the German car manufacturers Audi, BMW, Daimler, Porsche, and Volkswagen, as well as international car manufacturers and interest groups such as Fiat, Ford, Jaguar, Land Rover, Volvo, the SPICE User Group, and the Procurement Forum.

Starting around 2007, the German automotive manufacturers Audi, BMW, Daimler, Porsche, and Volkswagen agreed on a common scope of the minimum processes to be considered in an assessment as part of the Manufacturer Initiative Software (HIS) (formerly HIS Scope, subsequently: VDA Scope).

As of January 1, 2007, only Automotive SPICE assessments were accepted by the members of HIS in the context of joint project work with suppliers.

The current (as of 2023) valid edition is Automotive SPICE 4.0, published by VDA and QMC in December 2023. The following translations are available: English, Japanese, Korean, and Chinese.[7] This latest version replaces the Automotive SPICE 3.1.

The model is continuously being developed or improved by the working groups above.[9] Two extensions are shown below.

Extensions

Cybersecurity

Starting around 2021, information security will be specified and tested as part of Automotive SPICE.[10] Cybersecurity is not part of version 3.1. See also the SAE J3061 standard on the topic.

Mechanical engineering

SPICE for Mechanical Engineering (ME-SPICE for short) is an extension of Automotive SPICE according to the plug-in concept defined there. The purpose of ME-SPICE is to evaluate the performance of the development processes for mechanical systems or the mechanical parts of mechatronic systems.

Literature

Articles

Charles Murphy: Automotive SPICE: 0-60 in No Time Flat. In: IEEE Engineering Management Review. Vol. 47, No. 2, June 1, 2019, pp. 26–28, doi:10.1109/EMR.2019.2915217.
Georg Macher et al.: An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security. 2020, p. 2020-, doi:10.4271/2020-01-0145.
Christoph Stoiber et al.: Keeping Your Maturity Assessment Alive: A Method for the Continuous Tracking and Assessment of Organizational Capabilities and Maturity. In: Business & Information Systems Engineering. March 31, 2023, doi:10.1007/s12599-023-00805-y.

Reference books

Most books about Automotive SPICE are traditionally published in the German language. The following books are available in English:

Automotive SPICE in Practice: Surviving Implementation and Assessment (Rockynook Computing), ISBN 978-1-933952-29-1
Automotive SPICE Essentials: Automotive SPICE v3.1 – at a glance (E/E Engineering Essentials), Klaus Hoermann (Author), Peter Abowd (Author), Bhaskar Vanamali (Author), Dan Wall (Author), ISBN 978-3-945547-30-4

External links

Automotive SPICE: Official web pages (viewed on 19-Oct-2023)
- Download (English version 4.0)
Verband der Automobilindustrie e. V. - The German Association of the Automotive Industry (VDA), viewed on 19-Oct-2023
Intacs
A "Pocket Guide" is offered by UL Solutions (remark: KuglerMaag was acquired in 2022 by UL Solutions)

Related Research Articles

ISO/IEC/IEEE 12207Systems and software engineering – Software life cycle processes is an international standard for software lifecycle processes. First introduced in 1995, it aims to be a primary standard that defines all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability dEtermination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control IT services offered to customers.

ISO/IEC 9126Software engineering — Product quality was an international standard for the evaluation of software quality. It has been replaced by ISO/IEC 25010:2011.

Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control, and quality improvement. Quality management is focused both on product and service quality and the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of quality management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.

In functional safety, safety integrity level (SIL) is defined as the relative level of risk-reduction provided by a safety instrumented function (SIF), i.e. the measurement of the performance required of the SIF.

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Information security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

Software safety is an engineering discipline that aims to ensure that software, which is used in safety-related systems, does not contribute to any hazards such a system might pose. There are numerous standards that govern the way how safety-related software should be developed and assured in various domains. Most of them classify software according to their criticality and propose techniques and measures that should be employed during the development and assurance:

The ISO/IEC 15288Systems and software engineering — System life cycle processes is a technical standard in systems engineering which covers processes and lifecycle stages, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized.

A maturity model is a framework for measuring an organization's maturity, or that of a business function within an organization, with maturity being defined as a measurement of the ability of an organization for continuous improvement in a particular discipline. The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organization.

ISO/IEC 17024: Conformity assessment - General requirements for bodies operating certification of persons is an ISO/IEC standard which specifies criteria for the operation of a personnel certification body. The standard includes requirements for the development and maintenance of the certification scheme for persons upon which the certification is based.

In software engineering, a software development process or software development life cycle (SDLC) is a process of planning and managing software development. It typically involves dividing software development work into smaller, parallel, or sequential steps or sub-processes to improve design and/or product management. The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely systematic errors, hardware failures and operational/environmental stress.

IEC 62443 is a series of standards that address cybersecurity for operational technology in automation and control systems. The series is divided into different sections and describes both technical and process-related aspects of automation and control systems cybersecurity. The series is also known as ISA/IEC 62443 in recognition of the fact that much of the initial development was done by the ISA99 committee of the International Society for Automation.

Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.

Tudor IT Process Assessment (TIPA) is a methodological framework for process assessment. Its first version was published in 2003 by the Public Research Centre Henri Tudor based in Luxembourg. TIPA is now a registered trademark of the Luxembourg Institute of Science and Technology (LIST). TIPA offers a structured approach to determine process capability compared to recognized best practices. TIPA also supports process improvement by providing a gap analysis and proposing improvement recommendations.

ISO/IEC 33001Information technology - Process assessment - Concepts and terminology is a set of technical standards documents for the computer software development process and related business management functions.

Stuart Arnold (1945–2015) was a UK systems engineering professional, with a degree in electrical engineering from Leeds University.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.