Appendix E: ASPICE-Safety Standard Mapping
This appendix provides cross-reference tables between ASPICE processes and major safety standards. Use these mappings when planning how to satisfy both ASPICE capability requirements and safety-standard compliance simultaneously.
ISO 26262 (Automotive) Mapping
| ASPICE Process | ISO 26262 Clause | Section | Work Products | ASIL Impact |
|---|---|---|---|---|
| SYS.2 | Part 3 Clause 5 | 3-5.4.1 | Item Definition, HARA | All ASILs |
| SYS.3 | Part 4 Clause 6 | 4-6.4.1 | System Architecture, Safety Plan | ASIL-B/C/D |
| SWE.1 | Part 6 Clause 5 | 6-5.4.1 | Software Safety Requirements | ASIL-B/C/D |
| SWE.2 | Part 6 Clause 6 | 6-6.4.1 | SW Architectural Design | ASIL-B/C/D |
| SWE.3 | Part 6 Clause 7 | 6-7.4.1 | Source Code, Unit Design | All ASILs |
| SWE.4 | Part 6 Clause 8 | 6-8.4.1 | Unit Test Specification | 100% coverage ASIL-D |
| SWE.5 | Part 6 Clause 9 | 6-9.4.1 | Integration Test Report | ASIL-C/D |
| SWE.6 | Part 6 Clause 10 | 6-10.4.1 | SW Qualification Test Report | All ASILs |
| SUP.1 | Part 8 Clause 4.4 | 8-4.4.1 | QA Plan, Audit Reports | ASIL-C/D |
| SUP.2 | Part 8 Clause 4.6 | 8-4.6.1 | Review Reports | All ASILs |
| SUP.8 | Part 8 Clause 4.3 | 8-4.3.1 | Configuration Management | All ASILs |
| MAN.3 | Part 5 Clause 4 | 5-4.4.1 | Project Plan | All ASILs |
| MAN.5 | Part 7 Clause 4 | 7-4.4.1 | Safety Plan, Risk Register | ASIL-B/C/D |
Key Requirement: ASPICE CL2 and ISO 26262 compliance are required for automotive OEMs.
Cross-Certification Note: ISO 26262 certification can support IEC 61508 claims for automotive-derived industrial systems, as ISO 26262 is an adaptation of IEC 61508 for road vehicles.
IEC 61508 (Industrial) Mapping
| ASPICE Process | IEC 61508 Part | Section | Work Products | SIL Impact |
|---|---|---|---|---|
| SYS.2 | Part 7 Clause 5 | 7.5.2.1 | Safety Requirements Spec | SIL 2/3/4 |
| SYS.3 | Part 7 Clause 6 | 7.6.2.1 | Architecture Design, FTA/FMEA | SIL 3/4 |
| SWE.1 | Part 7 Clause 9.4 | 7.9.4.1 | SW Safety Requirements | SIL 2/3/4 |
| SWE.2 | Part 7 Clause 9.4 | 7.9.4.3 | SW Architecture Design | SIL 2/3/4 |
| SWE.3 | Part 7 Clause 9.4 | 7.9.4.5 | Source Code (IEC 61131-3) | All SILs |
| SWE.4 | Part 7 Clause 9.4 | 7.9.4.7 | Unit Tests, MC/DC coverage | SIL 3: 100% |
| SUP.1 | Part 7 Clause 13 | 7.13.2.1 | Assessment Reports | SIL 3/4 |
| SUP.2 | Part 7 Clause 9.4 | 7.9.4.8 | Verification Report | All SILs |
| SUP.8 | Part 7 Clause 10 | 7.10.2.1 | CM Plan, Baselines | All SILs |
| MAN.5 | Part 7 Clause 4 | 7.4.2.1 | Safety Management Plan | SIL 2/3/4 |
Key Requirement: TÜV/TÜV Rheinland certification is required for SIL 3/4 systems.
Related Standards: IEC 61511 (process industries) and IEC 62443 (industrial cybersecurity) share common SIL concepts and may require combined compliance for integrated systems.
IEC 62304 (Medical) Mapping
| ASPICE Process | IEC 62304 Clause | Section | Work Products | Class Impact |
|---|---|---|---|---|
| SWE.1 | Clause 5.2 | 5.2.1-5.2.6 | Software Requirements Spec | Class A/B/C |
| SWE.2 | Clause 5.3 | 5.3.1-5.3.6 | SW Architecture Document | Class B/C |
| SWE.3 | Clause 5.4 | 5.4.1-5.4.4 | Detailed Design, Source Code | Class C |
| SWE.4 | Clause 5.5 | 5.5.1-5.5.5 | Unit Test Reports | Class C: 100% |
| SWE.5 | Clause 5.6 | 5.6.1-5.6.8 | Integration Test Reports | Class B/C |
| SWE.6 | Clause 5.7 | 5.7.1-5.7.5 | System Test Reports | All Classes |
| SUP.8 | Clause 5.1.9 | 5.1.9a-5.1.9e | Configuration Items | Class B/C |
| SUP.9 | Clause 9 | 9.1-9.8 | Problem Reports, CAPA | All Classes |
| MAN.5 | Clause 7 | 7.1-7.4 | Risk Management File (per ISO 14971) | All Classes |
Additional Requirements:
- SOUP (Software of Unknown Provenance) management per Clause 8.1.2
- FDA 510(k) or PMA submission (USA)
- EU MDR 2017/745 compliance (European Union)
Cross-Certification Note: Organizations with ISO 26262 or IEC 61508 experience can leverage similar processes for IEC 62304 compliance, as those standards share common lifecycle and verification concepts.
DO-178C (Aerospace) Mapping
| ASPICE Process | DO-178C Objective | Work Products | DAL Impact |
|---|---|---|---|
| SWE.1 | A-3 (High-level requirements) | Software Requirements Data | DAL A/B/C |
| SWE.2 | A-4 (Software architecture) | Design Description | DAL A/B/C |
| SWE.3 | A-5 (Low-level requirements) | Source Code | All DALs |
| SWE.4 | A-7 (Testing) | Test Procedures, Results | MC/DC for DAL A |
| SUP.2 | A-6 (Reviews) | Review Records | DAL A/B |
| SUP.8 | A-10 (CM) | Configuration Index | All DALs |
| MAN.3 | A-1 (Planning) | Plan for SW Aspects of Certification | DAL A/B/C |
Key Requirement: FAA/EASA certification for airborne software.
Coverage Requirements by Safety Level
ISO 26262 (Automotive)
| ASIL | Statement | Branch | MC/DC | Rationale |
|---|---|---|---|---|
| ASIL-A | 100% | 100% | - | Recommended |
| ASIL-B | 100% | 100% | - | Highly recommended |
| ASIL-C | 100% | 100% | Recommended | Safety functions |
| ASIL-D | 100% | 100% | Required | All code |
IEC 61508 (Industrial)
| SIL | Statement | Branch | MC/DC | Path Coverage |
|---|---|---|---|---|
| SIL 1 | 100% | - | - | - |
| SIL 2 | 100% | 100% | - | - |
| SIL 3 | 100% | 100% | Required | Recommended |
| SIL 4 | 100% | 100% | Required | Required |
IEC 62304 (Medical)
| Class | Statement | Branch | Notes |
|---|---|---|---|
| Class A | - | - | No injury risk |
| Class B | 100% | - | Non-serious injury |
| Class C | 100% | 100% | Death or serious injury |
Tool Qualification Requirements
ISO 26262 Tool Confidence Levels
| TCL | Criteria | Example Tools | Qualification |
|---|---|---|---|
| TCL1 | Low impact on safety | Doxygen, Git | None required |
| TCL2 | Medium impact | cppcheck, Google Test | Validation required |
| TCL3 | High impact | Polyspace, VectorCAST | Full qualification |
Qualification Methods: 1a (Proven in use), 1b (Assessment), 1c (Development)
IEC 61508 Tool Classes
| Class | Description | Examples | Qualification |
|---|---|---|---|
| T1 | Generates outputs | Compiler, Code generator | Validated per 7-4.4.3 |
| T2 | No safety output | Editor, Version control | Validation not required |
| T3 | Automated test | Static analyzers | Validation recommended |
Coding Standards by Domain
| Domain | Primary Standard | Secondary | ASPICE Mapping |
|---|---|---|---|
| Automotive | MISRA C:2012 | AUTOSAR C++14 | SWE.3 BP3 |
| Industrial | MISRA C:2012 | IEC 61131-3 (PLC) | SWE.3 BP3 |
| Medical | MISRA C:2012 | FDA Guidance | SWE.3 BP3 |
| Aerospace | MISRA C:2012 | DO-178C objectives | SWE.3 BP3 |
Common Rules:
- All required MISRA C:2012 rules (143 rules)
- Selected advisory rules (project-specific)
- CERT C secure coding standard
Traceability Requirements
ISO 26262
| From | To | Method | ASPICE |
|---|---|---|---|
| Stakeholder needs | System requirements | Manual + AI (70%) | SYS.2 BP5 |
| System requirements | SW requirements | Automated (DOORS) | SWE.1 BP5 |
| SW requirements | Source code | @implements tag | SWE.3 BP5 |
| Source code | Unit tests | @verifies tag | SWE.4 BP4 |
| SW requirements | System tests | Test matrix | SWE.6 BP4 |
Bidirectional Traceability: Required for ASIL-B/C/D
IEC 62304
| From | To | Tool | Class |
|---|---|---|---|
| Risk controls | SW requirements | DOORS/Jama | B/C |
| SW requirements | Design | Manual/DOORS | C |
| Design | Source code | Doxygen tags | C |
| Source code | Tests | Google Test | C |
FDA Expectation: Complete traceability for Class C devices
Assessment/Certification Bodies
| Standard | Certifier | Scope | Cost Range |
|---|---|---|---|
| ISO 26262 | TÜV SÜD, TÜV Rheinland | Product assessment | €50k-200k |
| IEC 61508 | TÜV, Exida | Product certification | €80k-300k |
| IEC 62304 | FDA, Notified Bodies | Regulatory approval | $100k-500k |
| DO-178C | FAA, EASA | Software certification | $200k-1M+ |
Timeline: 6-18 months for initial certification