Scope of services
Automotive SPICE Services
Preparation, Introduction, and Optimization of Automotive SPICE:Analysis of existing processes, Work Products, Guidelines, Templates, and Checklists;
Creation of a Delta Analysis (target/actual state of existing processes and Work Products);
Agreement on an implementation strategy and an efficient task plan;
Preparation and accompanying ASPICE training for the affected employees;
ASPICE-specific instruction for individual roles in the project;
Implementation (hands-on) in defining process descriptions and creating and adapting the necessary Work Products;
Creation and optimization of the necessary Templates, Guidelines, Review-Checklists, and Process-Checklists;
Support in creating and adapting Work Products such as the Project Plan, QM/QA Plan, Test Plan, Configuration Management Plan, Change Management Plan, Lessons Learned Strategy Plan, etc.;
Creation and implementation of a REUSE strategy, so that existing Work Products can be reused for future projects by adapting the project-specific parts of the document;
Assistance through the assessment and role-specific preparation of ASPICE participants.
Duration of the Automotive SPICE Implementation, -Optimization, Training and Work Product and Template creation.. dependent on the Project scope, typically between 4-8 months.
SOTIF Services
Implementation of all project requirements according to ISO 21448;
Creation, analysis, detailing, and specification of relevant SOTIF requirements;
Description of SOTIF activities and processes;
Development of guidelines, checklists, templates, and review checklists necessary for project implementation according to ISO 21448;
Training, instruction, and support of employees;
Conducting SOTIF engineering and SOTIF management activities;
Creation of SOTIF analyses such as SOTIF FMEA, SOTIF FTA, SOTIF Hazard Analysis (HARA), and derivation of appropriate SOTIF measures;
Integration of processes of Functional Safety (ISO 26262) and SOTIF (ISO 21448).
Quality Function Deployment (QFD)
Creation and moderation of the 4 QFD (HOUSE OF QUALITY) phases (product planning, product development, production planning and test planning).
Analysis of customer requirements, interactions, quality characteristics, risks, competitors, characteristics, technical feasibility, technical significance, target variables and potential.
Quality Management
Quality Assurance (software/mechanics/hardware) in DEVELOPMENT:
Support of quality management, ensuring the work products of the SUP.1 process (Quality Assurance).
Ensuring the required quality of the work products created. Conducting independent reviews and assisting employees in correcting any discrepancies found. Ensuring that the expected requirements from functional safety and automotive/or mechanical SPICE are also included in the work products (WPs) created.
Support for quality assurance in production see: APQP.
CyberSecurity
Introduction and process management for cybersecurity. Development and documentation of a process framework for cybersecurity engineering for automotive systems.
Implementation of SAE 21434 requirements in conjunction with ISO 26262:2018, which are required for cyber security projects.
Creation of the required working documents, templates and checklists.
Project-related training and instruction for employees in the implementation of processes for cybersecurity automotive systems.
Carrying out CS-pre-assessments and CS-process audits. Accompaniment through the assessment and participation on the Cybersecurity Assessment.
SW-Analysis
These following activities are essential to ensuring the reliability and safety of automotive software systems, adhering to industry standards such as ISO 26262 for functional safety.
Review of Software Requirements:
Examination and validation of the software requirements to ensure alignment with functional safety needs and overall system goals.
Software Architecture Evaluation:
Assessment of the software architecture for potential weaknesses or failure points that could impact safety and performance.
Code Analysis:
Performance of static and dynamic analysis on the code to detect vulnerabilities, coding errors, and other potential issues that could lead to software failure.
Error Detection: Implementation of techniques such as runtime error detection, log file analysis, and automated testing to identify errors in the software.
Error Classification and Prioritization:
Classification and prioritization of detected errors based on their severity and potential impact on system functionality and safety.
Root Cause Analysis:
Conducting of thorough investigations to determine the underlying causes of identified errors to prevent recurrence.
Software FMEA (Failure Mode and Effects Analysis)
Identification of Potential Failure Modes:
Analysis of software components and interfaces to identify all possible ways in which they might fail.
Assessment of Failure Effects:
Evaluation of the consequences of each failure mode on the system's operation, safety, and performance.
Determination of Failure Causes:
Investigation and documentation of the potential causes for each failure mode identified during the analysis.
Risk Prioritization:
Use of a risk priority number (RPN) to prioritize the failure modes based on their severity, occurrence, and detectability.
Mitigation Strategies:
Development of strategies to mitigate or eliminate the high-priority risks, including redesigns, additional testing, or enhanced monitoring.
Automotive CSMS services
ACSMS = Automotive Cybersecurity Management System.
Since July 2024, the legislator require the proof that cybersecurity has been adequately taken into account in the development of vehicle type-approvals.
This means that both the OEM and each supplier in the product development chain must demonstrate that the development of the systems and components, as well as the requirements for cybersecurity standards (ISO 21434) has been taking into account.
This requires an Automotive Cybersecurity Management System (ACSMS).
ACSMS includes, among other things:
The preparation and training of employees for an ACSMs audit.
Defining the requirements, creating the necessary ACSMS processes and regulations.
Support in creating the necessary work products (Work Products), templates and checklists.
Conducting an internal ACSMS audit as well as accompanying the actual ACSMS audit.
Functional Safety Services
Implementation of all project requirements according to ISO 26262;
Creation, analysis, detailing, and specification of relevant safety requirements;
Description of safety activities and safety processes;
Creation of guidelines, checklists, templates, and review checklists needed for project implementation according to ISO 26262;
Training and instruction as well as support of employees;
Conducting safety engineering and safety management activities;
Creation of safety analyses such as FMEA, FTA, Hazard Analysis (HARA), and derivation of suitable safety measures;
Creation and coordination of the Safety Concept (FSC) and the Technical Safety Concept (TSC);
Support in creating and implementing ISO 26262 compliant verification and validation requirements, test specifications, and documentation;
Preparation, support, and accompaniment through the safety assessment;
Coordination of all safety activities required in Chapter 8 of ISO 26262;
Integration of processes from Functional Safety (ISO 26262) and SOTIF (ISO 21448).
Hazard analysis
Implementation of Hazard Analysis or Hazard and Risk Analysis (G+R) as well as the ITEM definition.
Description of the UseCase definition, determining the ASIL classification from the parameters "Severity", "Exposure" and "Controllability".
Application of HAZOP, Abbreviated Injury Scale (AIS), driving scenarios, environmental conditions, etc. as well as representations in dynamic Ishikawa diagrams and the analysis and assessment of the detected hazard.
Agile Transformation
Use of agile practices and methods in the implementation of Automotive SPICE and in the development of safety-critical systems.
By applying agile principles, lean processes, objectives of sustainability and transparency, adaptability through modularity, elimination of any kind of waste through consistent value creation thinking with a focus on the process results to be achieved (process outcomes according to ASPICE) as well as the planning and implementation of reusability (REUSE) through templates, guidelines, checklists and so on..
Project Management
Support of project management in estimating the effort that needs to be taken into account for the implementation according to the ISO 26262 requirements, Automotive SPICE requirements, Cybersecurity requirements, as well as additional specific requirements.
Support for as Safety- & SOTIF management, Automotive SPICE management as well as Cybersecurity management.
Extended Workbench
The "Extended Workbench" describes a business strategy in which a company delegates particular tasks and activities to external entities or subcontractors. This method is applicable when the company itself does not possess the required expertise, resources, or capacity to undertake these tasks on its own. By adopting the extended workbench model, businesses can achieve greater flexibility, effectively control costs, and utilize specialized skills that are absent internally.
Online-Training
The online training takes place via Teams or ZOOM by appointment.
The participants are provided with appropriate working materials and at the end of the training they receive proof of participation with the content of the course.
The training courses serve, for example, to preparing the decision-makers for the scope of the respective topic, the requirements for the development and implementation of the necessary processes and regulations, an overview of the required evidence and work products, as well as the knowledge required for preparation, implementation and participation to an Assessment or Audit.
Employees are trained on specific topics and content according to their areas of responsibilities e.g. in areas of FuSa, Cybersecurity, ACSMS Processes or in Topics of the FMEDA, FTA, DFA, SOTIF and Automotive SPICE.
In order to better reflect the scope of the 8-hour training units depending on the topics and to accommodate them in a flexible manner, the duration time can be split into, for example, 4 days of 2 hours in the afternoon/week from 4 p.m. to 6 p.m. or on two Saturday mornings of 4 hours each.
The Training takes place in German language.
FMEA Services
Preparations prior to the creation of an FMEA are as follows:
Product / System Analysis;
Derivation & Analysis of the Functions;
Definition of the Design Scope for the Design FMEA portion;
Incorporation of FMEA-relevant Requirements;
Consideration of the required Standards & Norms;
Definition of System Failure Modes (Failure Impact);
Consideration of Functional Safety (SG, FSR, SafeState, FTTI, ASIL);
Consideration of CCF, CF and dependent Failures in the FMEA;
Safety-relevant Components and Functions are additionally analyzed in an MSR-FMEA;
FMEA participants are adequately prepared through a brief training on the FMEA methodology;
The FMEA structure is fully set up, adjusted and completed by the team in advance;
Relevant Cybersecurity & SOTIF requirements can also be considered in the SFMEA;
The FMEA meets the requirements of AIAG & VDA 2022;
Required FMEA evaluations and statistics are provided;
For REUSE purposes & similar follow-up projects, a variant FMEA can be designed and provided;
FMEAs can be created using APIS, SCIO, Siemens (OQ), Relex or Medini Analyze;
Experience from over 100 FMEAs in Automotive, Aerospace, and Industry.
Duration of FMEA creation dependent on the Project scope, typically between 4-8 weeks.
FMEDA / FTA
Creation of the the FMEDA Analysis out of the Schematic in coordination with the HW-Team.
Creation of the the FTA Analysis out of the Architecture Design in coordination with the FTA-Team.
Quantitative calculation of the Single Point & Latent Fault Metrics (SPFm, LFm) and the Probabilistic Metric of random Hardware Faults (PMHF) as well as calculation of the DC. For the calculation of the base FIT rates which are based on standards such as: SN 29500, IEC TR 62380, RDF 2000, MIL-HDBK-217 F-plus, NPRD-95 or FIDES.
APQP
Planning and creation of the Process-FMEA, development of the Control Plan. Creation of the production process plan and management of the Special Characteristics (SC/CC).
Planning, organization and optimization, management of the suppliers, management of the project-specific requirements for the start of production, process development for production, the Production set-up process, systematic reviews of the application, implementation and completeness of the production requirements as well as the assembly instructions, implementation of Lessons Learned (LL).
Support in case of deviations and 8D management and reporting.
Test Management
Support in creating an appropriate Test Strategy and Test Plan, which covers the requirements of Automotive SPICE, Functional Safety as well as Cybersecurity if project relevant.
Training of the staff regarding ASIL-based test requirements, which are required according to ISO 26262:2018, as well as what test methods to be used in different test levels, how to derive test cases, how to deal with the different tests variants, what are the test goals, determination of the test coverage, what are the expectation regarding the Test Reports.
Cybersecurity Assessment
The main focus of a Cybersecurity Assessment according to ISO 21434 is to evaluate the effectiveness of a company's cybersecurity management system across the entire lifecycle of their automotive products and services.
Gap Analysis and Readiness Assessment
Review of current processes, policies, and technical controls against ISO 21434 requirements.
Identification of gaps and areas for improvement.
Development of a roadmap to address gaps and achieve compliance.
Threat Analysis and Risk Assessment (TARA)
Systematic conduct of TARA throughout the product lifecycle, from concept to decommissioning.
Identification of assets, threats, vulnerabilities, and estimation of cybersecurity risks.
Documentation of TARA results and derivation of cybersecurity goals and requirements.
Cybersecurity Management System (CSMS) Implementation
Establishment of cybersecurity policies, processes, and organizational structure.
Implementation of key processes such as vulnerability management and incident response.
Integration of cybersecurity into existing engineering and quality processes.
Evidence Collection and Management
Establishment of systems for collecting and managing evidence of ISO 21434 compliance.
Maintenance of cybersecurity case and work products required by the standard.
Assurance of traceability and consistency of cybersecurity information.
Training and Awareness
Provision of role-based training on ISO 21434 requirements and company-specific processes.
Building of general cybersecurity awareness across the organization.
Ensuring that teams possess the necessary skills and qualifications to perform their duties.
Additional Considerations:
Early engagement of key stakeholders, including engineering, IT, quality, legal, etc.
Adaptation of existing functional safety and quality processes to incorporate cybersecurity.
Establishment of channels for communicating and managing cybersecurity information across the supply chain.
Leveraging of automation for repeatable tasks such as TARA, testing, and evidence management.
Planning for continuous improvement of the CSMS based on lessons learned and evolving threats.