What is ASPICE? — The Standard for Automotive Software Quality

What is ASPICE?

ASPICE (Automotive SPICE) is an international standard framework for evaluating the maturity of automotive software development processes. Simply put, it measures whether a company develops software systematically.

Originally derived from ISO/IEC 330xx (SPICE) and adapted specifically for the automotive industry by the German VDA (Association of the Automotive Industry), ASPICE is now required by major OEMs across Europe and Asia for their suppliers.

Why Do OEMs Require ASPICE?

A modern vehicle contains dozens to over 100 ECUs, each running software that directly impacts vehicle safety. OEMs cannot individually verify every piece of software from their numerous Tier1 suppliers, so they evaluate the quality of the development process itself — systematic processes lead to systematic results.

Currently, major global OEMs require at least ASPICE CL2 (Managed) from Tier1 suppliers, with CL3 (Established) increasingly required for safety-related software.

Capability Levels

ASPICE defines six levels of process maturity.

CL0 — Incomplete: Process is not implemented or fails to achieve its purpose.

CL1 — Performed: Process achieves its purpose but is not systematically managed. Results are produced but consistency is not guaranteed.

CL2 — Managed: Process is planned and tracked. Work products are defined and traceability to requirements is established. This is the minimum level most OEMs require.

CL3 — Established: Standard processes are defined organization-wide and tailored per project. Systematic process improvement occurs. Required for safety-related software.

CL4 — Predictable: Process performance is quantitatively measured and predictable.

CL5 — Innovating: Continuous process innovation occurs.

In practice, CL2-CL3 are the focus. CL4 and above are theoretically defined but rarely required.

Key Process Areas

The most directly relevant process group for automotive software development is Software Engineering (SWE).

• SWE.1 — Software Requirements Analysis
• SWE.2 — Software Architectural Design
• SWE.3 — Software Detailed Design and Unit Construction
• SWE.4 — Software Unit Verification
• SWE.5 — Software Integration and Integration Test
• SWE.6 — Software Qualification Test

These six processes form the left side (development) and right side (verification) of the V-Model.

What Changed in ASPICE 4.0

ASPICE 4.0 was officially released in November 2023. Key changes include: Machine Learning processes (MLE.1-MLE.4), Hardware Engineering processes (HWE.1-HWE.4), enhanced Agile/DevOps support, strengthened cybersecurity alignment with ISO/SAE 21434, and terminology shift from Work Products to Information Items.

How to Start ASPICE Preparation

Organizations new to ASPICE should start with a Gap Analysis to determine their current level and define what processes and artifacts are needed to reach the target level (typically CL2).

The most time-consuming area is verification (SWE.4-SWE.6). Automating test case creation, traceability matrix construction, and coverage reporting can significantly reduce ASPICE preparation time.

PopcornSAR's PARVIS tackles this problem — analyzing requirements (PARVIS-Spec), applying coding rules (PARVIS-Coder), and auto-generating test cases (PARVIS-Verify). In real projects, teams have produced compliant artifacts 3-4x faster than manual work. ASPICE consulting and training are also available.

See the PARVIS product page for details, or get in touch if you'd like to discuss your situation.