ASPICE Level 2达成指南 — 实务路线图

What is ASPICE Level 2

ASPICE defines six levels of process maturity (CL0-CL5). Among these, the transition from CL1 to CL2 represents the biggest leap in practice. See the detailed explanation of ASPICE capability levels for the full framework.

CL1 (Performed) means "doing what needs to be done." Outputs are produced, but there is no guarantee of why decisions were made or whether the same quality can be replicated.

CL2 (Managed) means "planning, monitoring, and adjusting." Processes are systematically planned, progress is tracked, and work products are managed according to defined criteria. The key is establishing traceability from requirements through code to tests.

Today, major global OEMs have made it standard to require ASPICE CL2 or above in their SOW (Statement of Work) and RFI (Request for Information) documents. Requirements for CL3 are also increasing for safety-related software.

Key Process Areas for Assessment

Process areas covered in ASPICE assessments fall into four major groups.

SYS (System Engineering)

• System Requirements Analysis: Derive system requirements from customer/stakeholder requirements
• System Architectural Design: Define system structure and interfaces
• System Integration: Integrate and verify subsystems
• System Verification: Final confirmation that the system meets requirements

SWE (Software Engineering) — The V-Model core

• SWE.1: Software Requirements Analysis
• SWE.2: Software Architectural Design
• SWE.3: Software Detailed Design and Unit Construction
• SWE.4: Software Unit Verification
• SWE.5: Software Integration and Integration Test
• SWE.6: Software Qualification Test

SUP (Support Processes)

• Quality Assurance: Verify quality of work products and processes
• Configuration Management: Version control for code, documents, and builds
• Problem Resolution: Issue tracking and resolution
• Change Management: Systematic handling of change requests

MAN (Management Processes)

• Project Management: Schedule, resource, and risk management
• Risk Management: Project risk identification and mitigation

ASPICE 4.0 adds Hardware Engineering (HWE.1-HWE.4) and Machine Learning Engineering (MLE.1-MLE.4) processes.

12-Month Achievement Roadmap

Here is a realistic 12-month roadmap for achieving ASPICE CL2.

Months 1-2: Training and Awareness

Conduct ASPICE training for the entire team. Everyone must understand what ASPICE is, why it is needed, and what CL2 requires. Simultaneously secure executive support — ASPICE compliance is an organizational investment that cannot proceed without leadership commitment.

Months 2-3: Gap Analysis

Compare current development processes against ASPICE requirements to identify gaps. Quantitatively assess which processes are already in place and where deficiencies exist. Develop an improvement plan based on these findings.

Months 3-5: Process Definition

Develop process descriptions, templates, and checklists. Clearly define what needs to be done and what work products are required for each process area. The key is documenting activities that were previously performed implicitly.

Months 4-6: Tool Selection and Setup

Select and configure ALM (Application Lifecycle Management) tools, configuration management tools, and traceability matrix management tools. Tools support processes — they are means, not ends. Choose appropriate tools for your organization's size.

Months 5-8: Pilot Project

Select one project and fully apply the defined processes. Validate process effectiveness during real-world application and fix discovered issues. This is the most critical phase.

Months 8-10: Internal Audit

Conduct a pre-assessment to verify readiness for official evaluation. Identify and address non-conformities. Having an external consultant review your preparation is highly effective.

Months 10-11: Organization Rollout

Expand pilot-validated processes to other projects.

Months 11-12: External Assessment

Undergo official assessment by an intacs-certified ASPICE assessor.

The above timeline applies to new projects. For existing projects requiring reverse-engineering, 18-24 months is a more realistic timeline.

Three Key Success Factors

Organizations that successfully achieve ASPICE CL2 share a common pattern: balance across three elements.

Process: A traceable and consistent development system. You must be able to track who did what and why, from requirements to tests. However, excessive process overhead reduces productivity.

People: A culture where the team understands process value and participates voluntarily. ASPICE must be seen as "a method for building better software," not "bureaucratic documentation for passing an assessment."

Tools: Automation systems that efficiently support processes. Traceability matrices, configuration management, and test automation are practically impossible without proper tooling.

Balance is essential. Even the best tools are useless if people do not use them, and even elegant processes are inefficient without supporting tools.

Common Mistakes and Pitfalls

Many organizations repeat the same mistakes when preparing for ASPICE CL2.

Excessive documentation: CL2 requires "appropriate" documentation, not "voluminous" documentation. Focus on work products that deliver real value rather than producing thick documents for appearance.

Lack of executive support: The most dangerous situation is when field engineers are busy but executives are disengaged. ASPICE is an organizational change — leadership buy-in must be secured early.

Tool overload: Introducing too many tools creates confusion. Select tools appropriate for your organization's size and project complexity.

Short-term focus: The "just pass the assessment" approach fails long-term. Even if you achieve CL2 through superficial preparation, you cannot maintain the same level on the next project. Focus on genuine process improvement.

Poor traceability management: Traceability between requirements → design → code → tests is the absolute core of CL2. Without this, nothing else matters. Using AI test case generation can significantly streamline traceability in the verification phase.

Assessment Process

The official ASPICE assessment follows this procedure.

Preparation: Define the assessment scope (which process areas, which project) and select an intacs-certified assessor. Organize necessary documents and work products.

Execution: The assessor interviews project team members, reviews documents, and observes how processes are actually performed. This typically takes 3-5 days.

Scoring: A capability level (CL0-CL5) is assigned for each process area. Each BP (Base Practice) is rated as N (Not achieved), P (Partially achieved), L (Largely achieved), or F (Fully achieved).

Assessor qualification: Official ASPICE assessments can only be performed by assessors certified through intacs (International Assessor Certification Scheme). Internal pre-assessments have no qualification requirements.

Post-assessment: If non-conformities are found, develop an improvement plan and track progress. Schedule reassessment as needed.

Achieving CL2 with PopcornSAR

PopcornSAR's PARVIS supports the core CL2 requirements of traceability and verification efficiency.

• PARVIS-Spec: Automates requirements analysis and ensures bidirectional traceability between system and software requirements. Efficiently produces key work products for the SWE.1 process.
• PARVIS-Coder: Automatically applies coding rules such as MISRA C, ensuring coding standard compliance for SWE.3 (Detailed Design and Implementation).
• PARVIS-Verify: AI-powered test case auto-generation reduces verification effort (SWE.4-SWE.6) by 3-4x. Requirements-to-test traceability is also automatically established.

PopcornSAR also provides ASPICE consulting services covering the entire journey — from gap analysis and process definition to pre-assessment and external assessment preparation.

Visit the PARVIS product page for details, or get in touch to discuss your CL2 goals.