In college, a few friends and I got our first taste of embedded systems programming during our senior project. We made an “Internet of Things” (IoT) alarm clock that could wirelessly activate WiFi lightbulbs, a wireless coffee pot, and Bluetooth speakers. On presentation day all of our features worked, though often not at the same time. Fortunately, when our professor came to examine our project, we got lucky and everything worked perfectly. If he had come back again the next day, I’m not certain we would have been so fortunate.
As a software developer, you know that it requires countless debugging iterations to write a program that runs according to specification. It is important that you have a compiler that guarantees ongoing product support, can access the intended microprocessor’s hardware security module (HSM), and whose libraries are kept up to date. Automotive Software Process Improvement and Capability Determination (ASPICE or Automotive SPICE) certification demonstrates the depth of knowledge a designer has.
ASPICE is an internationally accepted process model that defines best practices for software and embedded systems development for the automotive industry. If you're an electronics engineer, then the term "ASPICE" might seem like a variant on SPICE, which is commonly used for circuit analysis. Similarly, many software developers are probably already familiar with SPICE as it is defined in the ISO/IEC 15504 standards. ASPICE is the same software process development certification tailored for the auto industry. The goal with ASPICE is to provides guidelines on how to organize a project, keep it manageable, and define the life cycle for automotive software.
ASPICE certifications come in 6 tiers or levels and demonstrate a supplier's capacity. Here is a quick refresher on what the different SPICE level certifications mean.
0 - Software development processes are not complete. This could mean that the software process assessment has not met all of its design goals, there is no documentation on the embedded software, or other elements are incomplete.
1 - Safety-critical software development processes are complete and have been documented. This means the company’s software works and is documented. A level 1 certification could mean that the company is a new start-up.
2 - Software development processes are fully managed. The jump from 1 to 2 is probably the largest in the certification levels. A level 2 certification means that the company has trained programmers and an established management process. They document their process assessment fully and are prepared to implement and support their products.
3 - The company’s processes are defined and established, i.e., the Level 2 certification processes have been implemented for some time.
4 - The level 3 processes can be predicted. This level means that the company has been performing its processes for long enough that they can predict how they will work.
5 - The company fully understands and controls its processes and can optimize them to a great degree.
To receive certification, an assessor must visit a company and examine its products. In order to get certification level 1, the assessor must be able to confirm that their products have achieved their design goals, and have been thoroughly documented. For levels 2-5, the assessor interviews employees and managers, and examines the company’s processes in action. The certification process assessment model is rigorous since it is integral to meet the functional safety compliance standards as ADAS systems are being developed.
Our IoT alarm clock did simple functions, like turning on a lightbulb, but your software will be processing and reacting to data from multiple sensors. ASPICE certifications can give you the certainty that the software works. However, as ADAS hardware and your software evolve, you’ll want your compiler to be kept up-to-date.
An ASPICE certification level 1 is like a provisional assessor rating. It will assure you that your developer toolset will work, at least at the beginning. My college team could have been certified at level one. The software in our alarm clock was guaranteed to work for the first alarm, but not necessarily after we added a snooze function requirement. ASPICE level 1 is enough for you to know that the developer toolset you’re buying is real, but it isn’t enough for you to build long-term programs using it that are within ASPICE compliance. When it comes to Auto Software Developer Certification, it ensures continual improvements are being made with every development process.
You want your developer toolset to work through your software’s lifetime, and be expandable for new future development. If bug reports come in, you will want gap analysis and patches for your developer toolset to keep it up-to-date. When new sensors come out, you will want a toolset developer who can integrate a new of functions for those sensors. A level 2 certification and above will guarantee that the developer can both make the developer toolset and support it. If your toolset’s developer only has a level 1 certification, they may not still be around when you need them. A level 2 certification is an absolute necessity when dealing with software that will control system critical functions to ensure product safety.
Certifications above level 2 are good, but they are more about how efficiently a company operates, rather than how well the software performs. Levels 1 and 2 are the certifications that matter the most. They guarantee that a company’s product will work, that the company is established, and that they will be around to support their product. TASKING® just received an ASPICE level 2 certification, proving what auto software developers have known all along, that Altium Designer makes, and supports, good software, and there is no exception when it comes to Auto Software Developer Certification.