Extension for ASPICE and Cybersecurity Process Assessment Model

In order to build embedded systems at automotive suppliers and evaluate the efficiency of processes, ASPICE was introduced. Software, system, quality assurance, configuration management, issue resolution, change management, project management, supplier monitoring, and other procedures are all covered by ASPICE. It specifies a method for figuring out the process’s capacity using the PAM at its foundation. HW Spice is taken into account as well because it is essential for cybersecurity. However, Spice for mechanic is not used. When the ASPICE assessment is expanded by processes for cybersecurity to meet the requirements of standard ISO/SAE 21434, this involves more work for the assessors and the technical team. By extending the ER (entity relationship) model that ASPICE has already described and identifying WPs (work products) that are used by at least one process that is specified by ASPICE and cybersecurity, the notion for speeding up assessment time is introduced in this study.