ASPICE (Automotive SPICE)
Automotive SPICE (ASPICE) is the process-assessment model that automotive OEMs require their software and systems suppliers to meet. It rates how well your engineering process works — not just the product — across process areas such as requirements analysis, design, verification, project management and risk management. Its single most-audited theme is bidirectional traceability: every level of requirement linked, in both directions, down to tests.
NirmIQ ships ASPICE support built in and free (the Automotive SPICE PAM is a free download from the VDA QMC). You'll find it under Analytics → Compliance Reports.
ASPICE coverage is most relevant to automotive teams, but it's a good general health check for any project that values traceability and verification. If your organization works to a different standard (DO-178C, IEC 62304, …), see the Compliance overview — those are supported through our compliance team.
What NirmIQ assesses automatically
Rather than asking you to tag each requirement against a clause, NirmIQ infers base-practice coverage from data you already have:
| Project data | ASPICE process areas it evidences |
|---|---|
| Requirements captured | SWE.1, SYS.2 (requirements analysis) |
| Parent/child requirement links (traceability) | SWE.1.BP4, SWE.2/3 traceability, SYS.2.BP6, SYS.3 |
| Test cases — unit | SWE.4 (unit verification) |
| Test cases — integration | SWE.5 (integration test) |
| Test cases — system / acceptance | SWE.6 (qualification test) |
| FMEA failure modes (S/O/D + mitigations) | MAN.5 (risk management) |
| Work Items & Sprints | MAN.3 (project management) |
How to read your report
Open Analytics → Compliance Reports. The ASPICE panel has four parts:
1. "What NirmIQ read from this project"
A footprint of the data the assessment is based on — number of requirements, how many have traceability / tests / FMEA, failure modes, work items, sprints. Check this first: it confirms NirmIQ read your real project.
2. The coverage score
A single bar: "X / N covered." This is calculated over the base practices NirmIQ can evidence from your data (the "auto-assessable" set) — not all 61 practices — so it isn't unfairly dragged down by practices no tool can verify automatically.
3. Process-by-process breakdown
Expand any process (SWE.1, MAN.5, …) to see each base practice with one of three states:
- ✓ Covered (green) — with the evidence that backs it, e.g. "All 120 failure modes carry Severity/Occurrence/Detection ratings."
- Partial (yellow) — some evidence, not complete.
- → Gap (orange) — with a concrete next step, e.g. "Add integration-type test cases."
4. Self-declared practices
Some base practices — detailed interface definitions, architecture evaluations, dynamic-behaviour descriptions, and all of the ASPICE 4.0 Machine Learning Engineering (MLE) practices — can't be proven from structured data. For these, you set your own rating (N / P / L / F — the ISO/IEC 33020 scale) on each practice, exactly like grading ASIL on a requirement. These are clearly marked "self-declared" in the report and PDF, and are excluded from the automatic score so the auto figure stays honest.
NirmIQ covers ASPICE PAM v3.1 (core, auto-derived) plus ASPICE 4.0 Machine Learning Engineering (self-declared). It is a readiness view, not a formal assessment.
Closing gaps
Each gap names the exact action. The most common, highest-leverage moves:
- Build a requirement hierarchy. Parent/child links light up the traceability base practices across SWE.1, SWE.2, SWE.3, SYS.2 and SYS.3 — the practices auditors scrutinise most.
- Add and link test cases by type. Unit tests evidence SWE.4, integration tests SWE.5, system/acceptance tests SWE.6. Linking them to requirements adds the verification-traceability practices.
- Run an FMEA. Failure modes with S/O/D ratings and mitigations cover MAN.5 risk management.
- Use Work Items and Sprints. Estimated, assigned work items planned into sprints cover MAN.3 project management.
Coverage recalculates automatically — there's nothing to "submit." Refresh the tab after making changes.
Frequently asked questions
Is this an official ASPICE assessment? No. NirmIQ gives you a continuous, evidence-backed readiness view derived from your project data, so you walk into a formal assessment knowing where you stand. A formal ASPICE assessment is performed by a qualified (e.g. intacs™-certified) assessor.
Why are some practices grey / "self-declared"? Because they require evidence NirmIQ can't read from structured data (e.g. an architecture evaluation record). Rather than guess, NirmIQ flags them for a human review — and leaves them out of your score.
Why did my score not reach 100% even with lots of data? The score covers the auto-assessable practices. Architecture-design and detailed-design practices (SWE.2, SWE.3) generally need design artefacts NirmIQ doesn't hold, so they stay as gaps or manual until you add structure-tree elements or engage a review.
Can NirmIQ help with the gaps and the manual practices? Yes. Use "Talk to our compliance team" in the report. We help close tracked gaps and assess the manual practices with you.
Related
- Compliance overview — what NirmIQ offers across standards.
- Analytics Dashboard — where the Compliance Reports tab lives.
- Requirements and FMEA — the data ASPICE coverage is derived from.