Reducing Time for Performing ASPICE Assessments

Abstract

The development of embedded systems requires the use of development processes. These processes for development are defined in ASPICE for assessment of their capability. The processes ASPICE covers are about software, system, support, project management, supplier monitoring. It defines a scheme to assess the processes according to the rating scheme NPLF (Not, Partially, Largely, Fully). HW Spice is not part of the current version of ASPICE yet. In order to fulfill the requirements of cybersecurity HW Spice is considered as important part. VDA defines additional processes for cybersecurity to fulfill the requirements of standard ISO/SAE 21434. These additional processes are about Supplier Request and Selection, Risk Management and Engineering. They increase the effort performing an assessment. This paper finds common work products and dependencies to reduce the time for an assessment covering processes of both ASPICE and Cybersecurity.