2.0: ASPICE Process Groups Deep Dive
Key Terms
Key acronyms used in this chapter:
- ASPICE: Automotive SPICE (Software Process Improvement and Capability dEtermination)
- V-Model: Verification and validation lifecycle model
- BP: Base Practice — the specific activities that implement an ASPICE process
- WP: Work Product — a tangible output (document, specification, test result) produced by a process
- ASIL: Automotive Safety Integrity Level (A through D, where D is most stringent)
- QM: Quality Management (lowest safety designation — no specific ASIL required)
- SYS: System Engineering process group (SYS.1–5)
- SWE: Software Engineering process group (SWE.1–6)
- HWE: Hardware Engineering process group
- MLE: Machine Learning Engineering process group (new in ASPICE 4.0)
- SEC: Cybersecurity Engineering process group (from the CS-PAM supplement)
- SUP: Supporting processes (quality assurance, configuration management, etc.)
- MAN: Management process group
- ACQ: Acquisition process group (managing supplier relationships)
- SPL: Supply process group (managing product releases)
- TARA: Threat Analysis and Risk Assessment — the cybersecurity risk analysis method referenced in SEC processes
- OEM: Original Equipment Manufacturer (vehicle maker, e.g., BMW, Ford)
- ECU: Electronic Control Unit — embedded computer in a vehicle
- CI/CD: Continuous Integration/Continuous Deployment
- HITL: Human-in-the-Loop (human oversight pattern)
Learning Objectives
After reading this chapter, you will be able to:
- Describe the purpose and structure of each ASPICE process group
- Identify the processes within each group
- Understand process relationships and dependencies
- Map process groups to development activities
- Apply process groups to specific project contexts
Overview
ASPICE 4.0 core PAM organizes 29 processes into 10 process groups, with 3 additional SEC processes from the Cybersecurity PAM (CS-PAM) supplement. This chapter focuses on the 9 process groups most relevant to embedded systems development projects:
- Engineering: SYS, SWE, HWE, MLE
- Supporting: SUP, SEC
- Management: MAN
- Organizational: ACQ, SPL
Note: ASPICE 4.0 also includes VAL (Validation), PIM (Process Improvement), and REU (Reuse) groups. These are covered in Chapter 1.2; this chapter focuses on the process groups you will encounter in most development projects and assessments.
Engineering Process Groups
SYS - System Engineering (5 Processes)
Purpose: Define, develop, and verify the complete system
| Process | Name | Primary Purpose |
|---|---|---|
| SYS.1 | Requirements Elicitation | Gather stakeholder needs and constraints |
| SYS.2 | System Requirements Analysis | Establish complete, consistent system requirements |
| SYS.3 | System Architectural Design | Define system structure and element allocation |
| SYS.4 | System Integration and Integration Verification | Integrate elements and verify interfaces |
| SYS.5 | System Verification | Verify system against system requirements |
What This Means: The SYS process group covers the complete system lifecycle from stakeholder needs (SYS.1) to validation (SYS.5). Each process builds on the previous one, creating a traceable chain from requirements through to verification. This is the foundation for all other engineering disciplines (SWE, HWE, MLE).
V-Model Position: Top-level decomposition and verification
Key Work Products:
- Stakeholder requirements
- System requirements specification
- System architecture description
- System test specifications and results
SWE - Software Engineering (6 Processes)
Purpose: Develop and verify software components
| Process | Name | Primary Purpose |
|---|---|---|
| SWE.1 | Software Requirements Analysis | Establish software requirements from system allocation |
| SWE.2 | Software Architectural Design | Define software structure and interfaces |
| SWE.3 | Software Detailed Design and Unit Construction | Design and implement software units |
| SWE.4 | Software Unit Verification | Verify units against design |
| SWE.5 | Software Component Verification and Integration Verification | Verify component behavior and integration |
| SWE.6 | Software Verification | Verify integrated software against requirements |
What This Means: The SWE process group mirrors the V-model approach specifically for software development. It starts with requirements decomposition (SWE.1) and ends with qualification testing (SWE.6), with implementation (SWE.3) and verification (SWE.4-5) in the middle. This creates a complete software development lifecycle.
V-Model Position: Software decomposition and verification
Key Work Products:
- Software requirements specification
- Software architecture description
- Software detailed design
- Source code
- Test specifications and results
HWE - Hardware Engineering (1 Core + 3 Supplement Processes)
Purpose: Develop and verify hardware components
Note: The ASPICE 4.0 core PAM officially defines only HWE.1. HWE.2–HWE.4 are drawn from supplement documents and are widely used in practice but are not part of the core standard. For hardware-intensive projects, consider using domain-specific hardware lifecycle standards (e.g., ISO 26262-5 for automotive, DO-254 for aerospace). Chapter 1.2 covers this distinction in detail.
| Process | Name | Primary Purpose |
|---|---|---|
| HWE.1 | Hardware Requirements Analysis | Establish hardware requirements from system allocation |
| HWE.2 | Hardware Design | Design hardware elements |
| HWE.3 | Verification against Hardware Design | Verify hardware against design specifications |
| HWE.4 | Verification against Hardware Requirements | Verify hardware meets requirements |
Hardware release activities are covered by SPL.2 Product Release.
What This Means: The HWE process group parallels the SWE process group but for hardware development. It follows the same V-model approach, decomposing system requirements into hardware-specific requirements and then verifying through the hardware lifecycle. HWE runs in parallel to SWE in most projects.
V-Model Position: Hardware decomposition and verification (parallel to SWE)
Key Work Products:
- Hardware requirements specification
- Hardware design documentation
- Hardware test specifications and results
MLE - Machine Learning Engineering (4 Core Processes) - NEW in ASPICE 4.0
Note: The core ASPICE 4.0 PAM defines MLE.1–MLE.4. Some assessment scopes include MLE.5 (ML Model Deployment) for deploying trained models to target systems; confirm with your specific project scope. This chapter includes MLE.5 for completeness.
Purpose: Develop and verify machine learning components
| Process | Name | Primary Purpose |
|---|---|---|
| MLE.1 | ML Requirements Analysis | Establish ML-specific requirements |
| MLE.2 | ML Architecture | Define ML model architecture |
| MLE.3 | ML Training and Learning | Train and validate ML models |
| MLE.4 | ML Model Testing | Verify ML model behavior |
| MLE.5 | ML Model Deployment | Deploy ML models to target |
What This Means: The MLE process group is a new addition in ASPICE 4.0, specifically addressing machine learning components. Unlike traditional software, ML development involves training and validation phases (MLE.3-4) that are unique to ML workflows. This represents ASPICE's evolution to address modern development paradigms.
V-Model Position: Specialized branch for ML components
Key Work Products:
- ML requirements specification
- Model architecture description
- Training data specifications
- Model test results
- Deployment documentation
Supporting Process Groups
SUP - Supporting Processes (5 Processes)
Purpose: Provide quality, verification, and management support
| Process | Name | Primary Purpose |
|---|---|---|
| SUP.1 | Quality Assurance | Ensure work products and processes comply |
| SUP.8 | Configuration Management | Maintain work product integrity |
| SUP.9 | Problem Resolution Management | Analyze and resolve problems |
| SUP.10 | Change Request Management | Manage change requests |
| SUP.11 | Machine Learning Data Management | Manage ML training data and ensure data quality |
What This Means: The SUP processes are horizontal processes that support all engineering activities (SYS, SWE, HWE, MLE). They ensure quality, traceability, and proper change management throughout the development lifecycle. These processes are essential for maintaining consistency and compliance across all engineering disciplines.
Application: Horizontal across all engineering processes
Key Work Products:
- Quality records
- Verification reports
- Configuration baselines
- Problem reports
- Change requests
SEC - Cybersecurity Engineering (3 Processes) - NEW
Purpose: Address cybersecurity throughout development
| Process | Name | Primary Purpose |
|---|---|---|
| SEC.1 | Cybersecurity Requirements | Define cybersecurity requirements |
| SEC.2 | Cybersecurity Implementation | Implement cybersecurity measures |
| SEC.3 | Cybersecurity Verification | Verify cybersecurity implementation |
Alignment: ISO/SAE 21434 automotive cybersecurity
Key Work Products:
- Threat analysis and risk assessment (TARA)
- Cybersecurity requirements
- Security test results
- Vulnerability assessment
Management Process Group
MAN - Management Processes (3 Processes)
Purpose: Plan, control, and measure project execution
| Process | Name | Primary Purpose |
|---|---|---|
| MAN.3 | Project Management | Plan and control project activities |
| MAN.5 | Risk Management | Identify and manage project risks |
| MAN.6 | Measurement | Collect and analyze process data |
Application: Project-level management activities
Key Work Products:
- Project plans
- Risk register
- Measurement data
- Status reports
Organizational Process Groups
ACQ - Acquisition (1 Process)
| Process | Name | Primary Purpose |
|---|---|---|
| ACQ.4 | Supplier Monitoring | Monitor supplier performance |
SPL - Supply (1 Process)
| Process | Name | Primary Purpose |
|---|---|---|
| SPL.2 | Product Release | Control product release |
Process Relationships
Vertical Relationships (V-Model)
Engineering processes follow the V-Model's decomposition and integration pattern, flowing from system requirements down through software design and back up through verification levels.
Horizontal Relationships (Support)
Support and management processes cut across all engineering activities, providing configuration management, quality assurance, and change control throughout the lifecycle.
Process Group Selection Guide
Full System Development
Include: SYS, SWE, HWE (if applicable), SUP, MAN, SEC (if network-connected or cybersecurity-relevant)
Software-Only Project
Include: SWE, SUP, MAN, SYS.2 (for system requirements allocation)
ML-Enabled System
Include: SYS, SWE, MLE, SUP, MAN, SEC (if connected or processing sensitive data)
Cybersecurity-Critical
Include: Full project scope + SEC.1–SEC.3 (aligns with ISO/SAE 21434)
Summary
ASPICE 4.0 provides comprehensive process coverage:
- Engineering: SYS, SWE, HWE, MLE for complete product development
- Support: SUP for quality and configuration; SEC for cybersecurity
- Management: MAN for project control
- Organizational: ACQ, SPL for supplier and release management
Subsequent sections provide detailed coverage of the Process Reference Model, Process Assessment Model, and Capability Levels.