ISO 26262 and Automotive SPICE
10 chapters Automotive SPICE asks whether your engineering is under control; ISO 26262 asks whether the product is safe. They are not two projects but one engineering flow, sharing a single V-model, a traceability backbone and one set of work products, with safety attributes riding on top.
How You Learn
Video and text stay in sync. As you scroll through the chapter, the video jumps to the matching explanation automatically.
Learning Objectives
Decode an OEM statement of work
Read a dual-standard requirement and know exactly which demands are ASPICE, which are ISO 26262, and where a single artifact satisfies both.
Overlay the two V-models node for node
Map each SYS and SWE process to its Part 4 or Part 6 clause and lay out one work-breakdown and verification plan that serves both.
Build one traceability backbone
Stand up a single trace graph with a safety-relevant flag and an ASIL on every node, so an assessor and a safety auditor walk the same evidence.
Merge work products without duplicating
Keep one safety-tagged documentation set instead of parallel specifications that drift, while holding safety-only artifacts distinct.
Chapters
Why Two Frameworks
Why an OEM statement of work asks for an ASPICE capability level and ISO 26262 compliance in one sentence, and what it costs to run them as two silos instead of one integrated flow.
What ASPICE Actually Is
Automotive SPICE as a yardstick for how you work: the PRM and PAM, the four-layer anatomy of a process, and the three things it is deliberately not.
The Process Landscape
The process groups ACQ, SPL, SYS, SWE, SUP, MAN and the version 4.0 additions, and the subset an OEM actually puts in scope for an assessment.
The Capability Dimension
The capability scale from level 0 to 5, the process attributes that unlock each level, and the N/P/L/F rating an assessor applies to real evidence.
The Two V-Models Are One
Lay the ASPICE V over the ISO 26262 V and the same shape appears, with each engineering process mapping to its safety clause node for node.
Traceability, the Shared Backbone
Both frameworks demand bidirectional traceability and consistency across the whole chain, so building one trace graph serves an assessor and a safety auditor alike.
Mapping the Work Products
One artifact, two homes: ASPICE information items (04-04, 13-51, 15-51) sitting next to their ISO 26262 work products, with safety attributes added on top rather than duplicated.
Where Safety Extends the Process
ASPICE says do it well; ISO 26262 says how strong, by ASIL. The Part 6 method tables tune rigor, and a body of safety-only work has no ASPICE process at all.
Supporting Processes and Joint Assessment
How SUP and MAN processes meet their Part 8 and Part 2 counterparts, and how a combined capability assessment and functional safety audit run on one evidence set.
Integration Blueprint and Pitfalls
Seven concrete building blocks for one integrated flow, a requirement walked down a worked V, and the myths that most damage a joint program.
Diagrams & Visuals
Braided Frameworks Schematic
Shows the ASPICE and ISO 26262 strands, one asking if the work is under control and the other if the product is safe, braiding into a single engineering flow.
Overlaid V-Model Map
Lays a single V-model annotated with ASPICE process IDs and matching ISO 26262 clauses, with dashed links joining each design activity to the verification that proves it.
Capability Staircase
Climbs the six capability levels, each unlocked by its process attributes, from an incomplete process at level 0 to an innovating one at level 5.
Traceability Backbone Graph
Walks the end-to-end chain from item definition and safety goal down through requirements, design and verification, with the ASIL flowing along every safety-relevant link.
ASIL Method-Rigor Heatmap
Illustrates how the Part 6 method tables strengthen from ASIL A to ASIL D, shifting emphasis from lighter reviews toward structural coverage and fault injection.
Integrated Safety Thread
Follows one E-Gas style ASIL D requirement down the integrated V, with a plausibility monitor in a freedom-from-interference partition validated at vehicle level.
One ASIL D Requirement Down the Integrated V
An E-Gas style safety goal, prevent unintended acceleration, is followed as a single thread through the integrated flow. At every node the same artifact answers an ASPICE process and an ISO 26262 clause, and the ASIL rides all the way down from safety goal to vehicle-level validation.
- Safety goal (Part 3): prevent unintended acceleration, assigned ASIL D
- SYS.2 / Part 4: two independent pedal sensors request torque limitation when implausible
- SWE.1 / Part 6-6: compare sensor A and B every 10 ms, set a fault flag after N deviating cycles
- SWE.2 / Part 6-7: plausibility monitor in an ASIL D partition, free from interference by the QM application
- SWE.4 / Part 6-9: unit tests with boundary and fault-injection cases, structural coverage measured
- SYS.4 / SYS.5 / Part 4: system integration then vehicle validation that unintended acceleration is prevented
Integrated V Thread: E-Gas Torque Limitation
Master ISO 26262 and Automotive SPICE as One Flow
Work through the shared V-model, the traceability backbone, the work-product map and a complete joint-assessment readiness checklist to build once and satisfy both.
Start Learning Now